diff --git a/.cloudbuild/ci/doc-tests.yaml b/.cloudbuild/ci/doc-tests.yaml index b63204376c76a..efe979ff975dc 100644 --- a/.cloudbuild/ci/doc-tests.yaml +++ b/.cloudbuild/ci/doc-tests.yaml @@ -1,5 +1,5 @@ steps: - - name: quay.io/gravitational/next:main + - name: public.ecr.aws/gravitational/docs:latest id: docs-test entrypoint: /bin/bash dir: /src diff --git a/.cloudbuild/ci/integration-tests.yaml b/.cloudbuild/ci/integration-tests.yaml index 4ef85011140eb..41233baf64667 100644 --- a/.cloudbuild/ci/integration-tests.yaml +++ b/.cloudbuild/ci/integration-tests.yaml @@ -12,7 +12,7 @@ options: steps: # Run the integration tests. Actual content of this job depends on the changes # detected in the PR - - name: quay.io/gravitational/teleport-buildbox:teleport10 + - name: public.ecr.aws/gravitational/teleport-buildbox:teleport10 id: run-tests dir: /workspace/.cloudbuild/scripts entrypoint: bash diff --git a/.cloudbuild/ci/lint.yaml b/.cloudbuild/ci/lint.yaml index 2d30cadc263d6..c6fbf4a89dffd 100644 --- a/.cloudbuild/ci/lint.yaml +++ b/.cloudbuild/ci/lint.yaml @@ -1,6 +1,8 @@ steps: - - name: quay.io/gravitational/teleport-buildbox:teleport10 + - name: public.ecr.aws/gravitational/teleport-buildbox:teleport10 id: lint args: ['make', 'lint'] options: - machineType: 'E2_HIGHCPU_32' + pool: + name: projects/ci-account/locations/us-west1/workerPools/high-cpu-pool + diff --git a/.cloudbuild/ci/os-compatibility-test.yaml b/.cloudbuild/ci/os-compatibility-test.yaml new file mode 100644 index 0000000000000..d37afc05f2350 --- /dev/null +++ b/.cloudbuild/ci/os-compatibility-test.yaml @@ -0,0 +1,23 @@ +timeout: 25m + +options: + machineType: E2_HIGHCPU_32 + +steps: + - name: public.ecr.aws/gravitational/teleport-buildbox-centos7:teleport10 + id: build-teleport + dir: /workspace + entrypoint: "/bin/bash" + args: + - '-c' + - 'make build/tctl build/tsh build/tbot build/teleport' + timeout: 10m + env: + - GOCACHE=/tmp/gocache + + - name: gcr.io/cloud-builders/docker + id: compatibility-test + entrypoint: "/bin/bash" + args: + - './build.assets/build-test-compat.sh' + timeout: 10m diff --git a/.cloudbuild/ci/unit-tests.yaml b/.cloudbuild/ci/unit-tests.yaml index 86e840c64ccb9..4cdb6ce5045a3 100644 --- a/.cloudbuild/ci/unit-tests.yaml +++ b/.cloudbuild/ci/unit-tests.yaml @@ -1,4 +1,4 @@ -timeout: 25m +timeout: 30m options: machineType: E2_HIGHCPU_32 @@ -12,7 +12,7 @@ options: steps: # Run the unit tests. Actual content of this job depends on the changes # detected in the PR - - name: quay.io/gravitational/teleport-buildbox:teleport10 + - name: public.ecr.aws/gravitational/teleport-buildbox:teleport10 id: run-tests dir: /workspace/.cloudbuild/scripts entrypoint: bash diff --git a/.cloudbuild/scripts/cmd/unit-tests/main.go b/.cloudbuild/scripts/cmd/unit-tests/main.go index 773856e750178..3b0df49b3a677 100644 --- a/.cloudbuild/scripts/cmd/unit-tests/main.go +++ b/.cloudbuild/scripts/cmd/unit-tests/main.go @@ -1,3 +1,5 @@ +//go:build linux + /* Copyright 2021 Gravitational, Inc. @@ -23,10 +25,12 @@ import ( "os" "os/exec" "path/filepath" + "strings" "time" "github.com/gravitational/trace" log "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" "github.com/gravitational/teleport/.cloudbuild/scripts/internal/artifacts" "github.com/gravitational/teleport/.cloudbuild/scripts/internal/changes" @@ -36,8 +40,11 @@ import ( "github.com/gravitational/teleport/.cloudbuild/scripts/internal/secrets" ) +// debugFsPath is the path where debugfs should be mounted. +const debugFsPath = "/sys/kernel/debug" + // main is just a stub that prints out an error message and sets a nonzero exit -// code on failure. All of the work happens in `innerMain()`. +// code on failure. All the work happens in `innerMain()`. func main() { if err := run(); err != nil { log.Fatalf("FAILED: %s", err.Error()) @@ -165,8 +172,13 @@ func run() error { artifacts.FindAndUpload(timeoutCtx, args.bucket, prefix, args.artifactSearchPatterns) }() + log.Printf("Mounting debugfs") + if err := mountDebugFS(); err != nil { + return trace.Wrap(err) + } + log.Printf("Running unit tests...") - err = runUnitTests(args.workspace) + err = runUnitTests(args.workspace, ch) if err != nil { return trace.Wrap(err, "unit tests failed") } @@ -176,14 +188,65 @@ func run() error { return nil } -func runUnitTests(workspace string) error { - cmd := exec.Command("make", "test") +func runUnitTests(workspace string, ch changes.Changes) error { + enableTests := []string{ + "TELEPORT_ETCD_TEST=yes", + "TELEPORT_XAUTH_TEST=yes", + "TELEPORT_BPF_TEST=yes", + } + + targets := []string{"test-go", "test-sh", "test-api"} + if ch.Helm { + targets = append(targets, "test-helm") + } + if ch.CI { + targets = append(targets, "test-ci") + } + if ch.Rust { + targets = append(targets, "test-rust") + } + if ch.Operator { + targets = append(targets, "test-operator") + } + + log.Printf("Running test targets: %v", strings.Join(targets, " ")) + cmd := exec.Command("make", targets...) cmd.Dir = workspace cmd.Env = os.Environ() - cmd.Env = append(cmd.Env, "TELEPORT_ETCD_TEST=yes") - cmd.Env = append(cmd.Env, "TELEPORT_XAUTH_TEST=yes") + cmd.Env = append(cmd.Env, enableTests...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr return cmd.Run() } + +// mountDebugFS mounts debugfs at /sys/kernel/debug, so BPF test can run in GCB. +func mountDebugFS() error { + if isDebugFsMounted() { + return nil + } + // equivalent to: mount -t debugfs none /sys/kernel/debug/ + if err := unix.Mount("debugfs", debugFsPath, "debugfs", 0, ""); err != nil { + return trace.Wrap(err, "failed to mount debugfs") + } + + return nil +} + +// isDebugFsMounted returns true if debugfs is mounted, false otherwise. +func isDebugFsMounted() bool { + mounts, err := os.ReadFile("/proc/mounts") + if err != nil { + log.Warningf("Failed to read /proc/mounts: %v", err) + return false + } + + for _, line := range strings.Split(string(mounts), "\n") { + tokens := strings.Fields(line) + if len(tokens) == 6 && tokens[0] == "debugfs" && tokens[1] == debugFsPath { + return true + } + } + + return false +} diff --git a/.cloudbuild/scripts/go.mod b/.cloudbuild/scripts/go.mod index 49cf54361d31c..864532f36f2eb 100644 --- a/.cloudbuild/scripts/go.mod +++ b/.cloudbuild/scripts/go.mod @@ -1,6 +1,6 @@ module github.com/gravitational/teleport/.cloudbuild/scripts -go 1.17 +go 1.18 require ( cloud.google.com/go/secretmanager v1.2.0 @@ -11,6 +11,7 @@ require ( github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.0 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b + golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c ) @@ -42,7 +43,6 @@ require ( go.opencensus.io v0.23.0 // indirect golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect golang.org/x/text v0.3.6 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/.cloudbuild/scripts/internal/changes/changes.go b/.cloudbuild/scripts/internal/changes/changes.go index b618216a39ea7..ed7cba6bff09a 100644 --- a/.cloudbuild/scripts/internal/changes/changes.go +++ b/.cloudbuild/scripts/internal/changes/changes.go @@ -31,9 +31,13 @@ import ( // Changes describes the kind of changes found in the analysed workspace. type Changes struct { + CI bool Docs bool Code bool Enterprise bool + Helm bool + Operator bool + Rust bool } // Analyze examines the workspace for specific changes using its git history, @@ -64,6 +68,18 @@ func Analyze(workspaceDir string, targetBranch string, commitSHA string) (Change case isDocChange(path): report.Docs = true + case isHelmChange(path): + report.Helm = true + + case isRustChange(path): + report.Rust = true + + case isCIChange(path): + report.CI = true + + case isOperatorChange(path): + report.Operator = true + default: report.Code = true } @@ -78,6 +94,23 @@ func Analyze(workspaceDir string, targetBranch string, commitSHA string) (Change return report, nil } +func isCIChange(path string) bool { + path = strings.ToLower(path) + return strings.HasPrefix(path, ".cloudbuild/scripts") +} + +func isOperatorChange(path string) bool { + path = strings.ToLower(path) + // dependency updates can impact CRD generation, + // so ensure that operator tests are run when + // dependencies change + return path == "go.mod" || + path == "go.sum" || + strings.HasPrefix(path, "operator/") || + strings.HasPrefix(path, "api/types") || // the operator uses directly Teleport types + strings.HasPrefix(path, "lib/tbot") // the operator embeds a tbot instance +} + func isDocChange(path string) bool { path = strings.ToLower(path) return strings.HasPrefix(path, "docs/") || @@ -86,6 +119,18 @@ func isDocChange(path string) bool { strings.HasPrefix(path, "rfd/") } +func isRustChange(path string) bool { + path = strings.ToLower(path) + return strings.HasSuffix(path, ".rs") || + strings.HasSuffix(path, "Cargo.toml") || + strings.HasSuffix(path, "Cargo.lock") +} + +func isHelmChange(path string) bool { + path = strings.ToLower(path) + return strings.HasPrefix(path, "examples/chart/") +} + // getChanges resolves the head of target branch and compares the trees at the // the target branch and the supplied commit SHA. func getChanges(repo *git.Repository, targetBranch, commit string) (object.Changes, error) { diff --git a/.drone.yml b/.drone.yml index a60f60b556d8a..c24b8c1edd0c8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -30,7 +30,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -39,7 +39,7 @@ name: push-build-linux-amd64 environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -62,6 +62,7 @@ steps: - name: Check out code image: docker:git commands: + - mkdir -p /go/src/github.com/gravitational/webapps - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} @@ -73,6 +74,11 @@ steps: - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - cd /go/src/github.com/gravitational/webapps + - git clone https://github.com/gravitational/webapps.git . + - git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)" + - git submodule update --init packages/webapps.e + - cd - - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: @@ -90,7 +96,9 @@ steps: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - - make -C build.assets release-amd64 + - export VERSION=$(cat /go/.version.txt) + - make -C build.assets release-amd64-centos7 + - make -C build.assets teleterm environment: ARCH: amd64 GID: "1000" @@ -133,7 +141,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -142,7 +150,7 @@ name: push-build-linux-386 environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -236,7 +244,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -245,7 +253,7 @@ name: push-build-linux-amd64-fips environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -299,7 +307,7 @@ steps: - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - - make -C build.assets release-amd64-fips + - make -C build.assets release-amd64-centos7-fips environment: ARCH: amd64 FIPS: "yes" @@ -343,7 +351,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -352,7 +360,7 @@ name: push-build-windows-amd64 environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -446,7 +454,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/mac.go:39 +# Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline @@ -493,7 +501,7 @@ steps: - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - git clone https://github.com/gravitational/webapps.git . - - git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go) + - git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh) - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa @@ -517,7 +525,7 @@ steps: - tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz - rm -rf $RUNTIME.darwin-amd64.tar.gz environment: - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 - name: Install Rust Toolchain commands: - set -u @@ -548,33 +556,41 @@ steps: - echo Yarn reporting version $(yarn --version) environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 -- name: Build Mac artifacts +- name: Build Mac artifacts (binaries and Teleport Connect) commands: - set -u - - echo HOME=$${HOME} - export HOME=/Users/$(whoami) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - print-version) - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) + - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 + - export PATH=$NODE_HOME/bin:$PATH - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - - export PATH=$TOOLCHAIN_DIR/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$NODE_HOME/bin:$PATH + - export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH + - rustup override set $RUST_VERSION + - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - build.assets/build-fido2-macos.sh build - export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)" - - rustup override set $RUST_VERSION - - export BUILD_NUMBER=$DRONE_BUILD_NUMBER - make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes + - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport + print-version) + - export BUILD_NUMBER=$DRONE_BUILD_NUMBER + - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain + - security find-identity -v + - export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83 + - export DEBUG="electron-*" + - export CONNECT_TSH_BIN_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build/tsh - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION + - yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION environment: ARCH: amd64 + BUILDBOX_PASSWORD: + from_secret: BUILDBOX_PASSWORD GOCACHE: /tmp/push-build-darwin-amd64/go/cache GOPATH: /tmp/push-build-darwin-amd64/go OS: darwin @@ -626,7 +642,461 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/windows.go (main.newWindowsPipeline) +################################################ + +kind: pipeline +type: exec +name: push-build-native-windows-amd64 +trigger: + event: + include: + - push + exclude: + - pull_request + repo: + include: + - gravitational/* + branch: + include: + - master + - branch/* +workspace: + path: C:/Drone/Workspace/push-build-native-windows-amd64 +platform: + os: windows + arch: amd64 +clone: + disable: true +concurrency: + limit: 1 +steps: +- name: Check out Teleport + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps" + - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT + } + - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null + - cd $TeleportSrc + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout $TeleportRev + - New-Item -Path $WebappsSrc -ItemType Directory | Out-Null + - cd $WebappsSrc + - git clone https://github.com/gravitational/webapps.git . + - git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1) + environment: + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Checkout Submodules + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY + - cd $TeleportSrc + - git submodule update --init e + - git submodule update --init --recursive webassets + - Reset-Git -Workspace $Workspace + environment: + GITHUB_PRIVATE_KEY: + from_secret: GITHUB_PRIVATE_KEY + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Install Node Toolchain + commands: + - $ProgressPreference = 'SilentlyContinue' + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Push-Location "$TeleportSrc/build.assets" + - $NodeVersion = $(make print-node-version).Trim() + - Pop-Location + - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Install Go Toolchain + commands: + - $ProgressPreference = 'SilentlyContinue' + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Push-Location "$TeleportSrc/build.assets" + - $GoVersion = $(make print-go-version).TrimStart("go") + - Pop-Location + - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Build tsh + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $Env:GOCACHE = "$Workspace/gocache" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Go -ToolchainDir "$Workspace/toolchains" + - cd $TeleportSrc + - $Env:GCO_ENABLED=1 + - go build -o build/tsh.exe ./tool/tsh + environment: + WINDOWS_SIGNING_CERT: + from_secret: WINDOWS_SIGNING_CERT + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Build Teleport Connect + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Node -ToolchainDir "$Workspace/toolchains" + - Push-Location $TeleportSrc + - $TeleportVersion=$(make print-version).Trim() + - Pop-Location + - cd $WebappsSrc + - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" + - yarn install --frozen-lockfile + - yarn build-term + - yarn package-term "-c.extraMetadata.version=$TeleportVersion" + environment: + CSC_LINK: + from_secret: WINDOWS_SIGNING_CERT + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 +- name: Clean up workspace (post) + commands: + - $ErrorActionPreference = 'Continue' + - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 + when: + status: + - success + - failure + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/relcli.go (main.relcliPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: clean-up-previous-build +environment: + RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.70 +trigger: + event: + include: + - tag + ref: + include: + - refs/tags/v* + repo: + include: + - gravitational/* +clone: + disable: true +steps: +- name: Check if commit is tagged + image: alpine + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Pull relcli + image: docker:cli + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull $RELCLI_IMAGE + environment: + AWS_DEFAULT_REGION: us-west-2 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Clean up previously built artifacts + image: docker:git + commands: + - mkdir -p /tmpfs/creds + - echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT" + - echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY" + - trap "rm -rf /tmpfs/creds" EXIT + - |- + docker run -i -v /tmpfs/creds:/tmpfs/creds \ + -e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \ + $RELCLI_IMAGE relcli auto_destroy -f -v 6 + environment: + RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh + RELCLI_CERT: /tmpfs/creds/releases.crt + RELCLI_KEY: /tmpfs/creds/releases.key + RELEASES_CERT: + from_secret: RELEASES_CERT + RELEASES_KEY: + from_secret: RELEASES_KEY + volumes: + - name: dockersock + path: /var/run + - name: tmpfs + path: /tmpfs + - name: awsconfig + path: /root/.aws +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: tmpfs + path: /tmpfs + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} +- name: tmpfs + temp: + medium: memory +- name: awsconfig + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/windows.go (main.newWindowsPipeline) +################################################ + +kind: pipeline +type: exec +name: build-native-windows-amd64 +trigger: + event: + include: + - tag + ref: + include: + - refs/tags/v* + repo: + include: + - gravitational/* +workspace: + path: C:/Drone/Workspace/build-native-windows-amd64 +platform: + os: windows + arch: amd64 +clone: + disable: true +depends_on: +- clean-up-previous-build +concurrency: + limit: 1 +steps: +- name: Check out Teleport + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps" + - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT + } + - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null + - cd $TeleportSrc + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout $TeleportRev + - New-Item -Path $WebappsSrc -ItemType Directory | Out-Null + - cd $WebappsSrc + - git clone https://github.com/gravitational/webapps.git . + - git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1) + environment: + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Checkout Submodules + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY + - cd $TeleportSrc + - git submodule update --init e + - git submodule update --init --recursive webassets + - Reset-Git -Workspace $Workspace + environment: + GITHUB_PRIVATE_KEY: + from_secret: GITHUB_PRIVATE_KEY + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Install Node Toolchain + commands: + - $ProgressPreference = 'SilentlyContinue' + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Push-Location "$TeleportSrc/build.assets" + - $NodeVersion = $(make print-node-version).Trim() + - Pop-Location + - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Install Go Toolchain + commands: + - $ProgressPreference = 'SilentlyContinue' + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Push-Location "$TeleportSrc/build.assets" + - $GoVersion = $(make print-go-version).TrimStart("go") + - Pop-Location + - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Build tsh + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $Env:GOCACHE = "$Workspace/gocache" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Go -ToolchainDir "$Workspace/toolchains" + - cd $TeleportSrc + - $Env:GCO_ENABLED=1 + - go build -o build/tsh.exe ./tool/tsh + environment: + WINDOWS_SIGNING_CERT: + from_secret: WINDOWS_SIGNING_CERT + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Build Teleport Connect + commands: + - $ErrorActionPreference = 'Stop' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps" + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Enable-Node -ToolchainDir "$Workspace/toolchains" + - Push-Location $TeleportSrc + - $TeleportVersion=$(make print-version).Trim() + - Pop-Location + - cd $WebappsSrc + - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" + - yarn install --frozen-lockfile + - yarn build-term + - yarn package-term "-c.extraMetadata.version=$TeleportVersion" + environment: + CSC_LINK: + from_secret: WINDOWS_SIGNING_CERT + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Assume AWS Role + commands: + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $AwsSharedCredentialsFile = "$Workspace/credentials" + - $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-") + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Get-STSCallerIdentity + - Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile + - 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY") + -or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item' + - Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Upload Artifacts + commands: + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps" + - $TeleportVersion=$Env:DRONE_TAG.TrimStart('v') + - $AwsSharedCredentialsFile = "$Workspace/credentials" + - $OutputsDir="$Workspace/outputs" + - New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null + - Get-ChildItem "$WebappsSrc/packages/teleterm/build/release + - Copy-Item -Path "$WebappsSrc/packages/teleterm/build/release/Teleport Connect + Setup*.exe" -Destination $OutputsDir + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Format-FileHashes -PathGlob "$OutputsDir/*.exe" + - Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket + $Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion" + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 +- name: Register artifacts + commands: + - $ErrorActionPreference = 'Stop' + - $ProgressPreference = 'SilentlyContinue' + - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" + - $OutputsDir = "$Workspace/outputs" + - $relcliUrl = 'https://cdn.teleport.dev/relcli-v1.1.70-windows.exe' + - $relcliSha256 = '1cd0e4e2912ded6c6b61a82018ac3d76eac091f9719b5a80795d79ff194788a7' + - . "$TeleportSrc/build.assets/windows/build.ps1" + - Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace + - Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir + environment: + RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh + RELEASES_CERT: + from_secret: RELEASES_CERT + RELEASES_KEY: + from_secret: RELEASES_KEY + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 + failure: ignore +- name: Clean up workspace (post) + commands: + - $ErrorActionPreference = 'Continue' + - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" + environment: + WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 + when: + status: + - success + - failure + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -635,7 +1105,7 @@ name: push-build-linux-arm environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -729,7 +1199,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/push.go:104 +# Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline @@ -738,7 +1208,7 @@ name: push-build-linux-arm64 environment: BUILDBOX_VERSION: teleport10 GID: "1000" - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 UID: "1000" trigger: event: @@ -880,10 +1350,9 @@ steps: environment: OS: linux ARCH: amd64 - settings: - username: + QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - password: + QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock @@ -893,7 +1362,7 @@ steps: - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME @@ -909,10 +1378,9 @@ steps: environment: OS: linux ARCH: amd64 - settings: - username: + QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - password: + QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock @@ -922,7 +1390,7 @@ steps: - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME @@ -938,10 +1406,9 @@ steps: environment: OS: linux ARCH: amd64 - settings: - username: + QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - password: + QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock @@ -951,7 +1418,7 @@ steps: - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME @@ -962,33 +1429,6 @@ steps: - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_FIPS_IMAGE_NAME - - name: Build/push Teleport Lab Docker image - image: docker:git - environment: - OS: linux - ARCH: amd64 - settings: - username: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - password: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') - - export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - # Check out code - - mkdir -p /go/src/github.com/gravitational/teleport - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} - # Build and push Teleport lab image - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd - - docker push $TELEPORT_LAB_IMAGE_NAME - services: - name: Start Docker image: docker:dind @@ -1004,11 +1444,11 @@ volumes: --- kind: pipeline type: kubernetes -name: teleport-helm-cron +name: teleport-docker-cron-ecr trigger: cron: - - teleport-helm-cron + - teleport-docker-cron-ecr repo: include: - gravitational/teleport @@ -1017,28 +1457,333 @@ workspace: path: /go clone: - disable: true + disable: false steps: - - name: Check out code - image: alpine/git - commands: - - mkdir -p /go/src/github.com/gravitational/teleport - - cd /go/src/github.com/gravitational/teleport - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout ${DRONE_COMMIT} - - mkdir -p /go/chart - - cd /go/chart - - - name: Download chart repo contents - image: amazon/aws-cli + - name: Set up variables and Dockerfile + image: docker:git environment: - AWS_S3_BUCKET: - from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: + # increment these variables when a new major/minor version is released to bump the automatic builds + # this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for + # build major version images which are just teleport:x + CURRENT_VERSION_ROOT: v10 + PREVIOUS_VERSION_ONE_ROOT: v9 + PREVIOUS_VERSION_TWO_ROOT: v8 + commands: + - apk --update --no-cache add curl go + - mkdir -p /go/build && cd /go/build + # CURRENT_VERSION + - (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt) + - echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt + # PREVIOUS_VERSION_ONE + - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt) + - echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt + # PREVIOUS_VERSION_TWO + - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt) + - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt + # list versions + - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done + # get Dockerfiles + - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron + - curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8 + # wait for Docker to be ready + - sleep 3 + + - name: Configure Staging AWS Profile + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Configure Production AWS Profile + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Build and push Teleport containers (CURRENT_VERSION) + image: docker + environment: + OS: linux + ARCH: amd64 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws + commands: + - apk add --no-cache aws-cli + - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) + - export CURRENT_DATE=$(date '+%Y%m%d%H%M') + # Staging image names + - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips-$CURRENT_DATE" + # Production image names + - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" + - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" + - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" + # Authenticate to staging registry + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + # OSS + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $OSS_IMAGE_NAME_STAGE + # Enterprise + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $ENT_IMAGE_NAME_STAGE + # Enterprise FIPS + - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $ENT_FIPS_IMAGE_NAME_STAGE + # Authenticate to production registry + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + # Retag images + - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD + - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD + - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD + # Promote to production registry + - docker push $ENT_IMAGE_NAME_PROD + - docker push $OSS_IMAGE_NAME_PROD + - docker push $ENT_FIPS_IMAGE_NAME_PROD + + - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) + image: docker + environment: + OS: linux + ARCH: amd64 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws + commands: + - apk add --no-cache aws-cli + - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) + - export CURRENT_DATE=$(date '+%Y%m%d%H%M') + # Staging image names + - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips-$CURRENT_DATE" + # Production image names + - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" + - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" + - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" + # Authenticate to staging registry + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + # OSS + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $OSS_IMAGE_NAME_STAGE + # Enterprise + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $ENT_IMAGE_NAME_STAGE + # Enterprise FIPS + - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build + - docker push $ENT_FIPS_IMAGE_NAME_STAGE + # Authenticate to production registry + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + # Retag images + - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD + - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD + - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD + # Promote to production registry + - docker push $ENT_IMAGE_NAME_PROD + - docker push $OSS_IMAGE_NAME_PROD + - docker push $ENT_FIPS_IMAGE_NAME_PROD + + - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) + image: docker + environment: + OS: linux + ARCH: amd64 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws + commands: + - apk add --no-cache aws-cli + - export CURRENT_DATE=$(date '+%Y%m%d%H%M') + - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) + # Staging image names + - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" + - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips-$CURRENT_DATE" + # Production image names + - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" + - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" + - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" + # Authenticate to staging registry + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + # OSS + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build + - docker push $OSS_IMAGE_NAME_STAGE + # Enterprise + - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build + - docker push $ENT_IMAGE_NAME_STAGE + # Enterprise FIPS + - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build + - docker push $ENT_FIPS_IMAGE_NAME_STAGE + # Authenticate to production registry + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + # Retag images + - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD + - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD + - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD + # Promote to production registry + - docker push $ENT_IMAGE_NAME_PROD + - docker push $OSS_IMAGE_NAME_PROD + - docker push $ENT_FIPS_IMAGE_NAME_PROD + + - name: Build/push Teleport Lab Docker image + image: docker:git + environment: + OS: linux + ARCH: amd64 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws + commands: + - apk add --no-cache aws-cli + - export CURRENT_DATE=$(date '+%Y%m%d%H%M') + - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') + - export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" + - export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" + # Check out code + - mkdir -p /go/src/github.com/gravitational/teleport + - cd /go/src/github.com/gravitational/teleport + - git init && git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin + - git checkout -qf ${DRONE_COMMIT_SHA} + # Authenticate to staging registry + - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + # Build and push image + - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd + - docker push $TELEPORT_LAB_IMAGE_NAME_STAGING + # Authenticate to production registry + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + # Push to production registry + - docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD + - docker push $TELEPORT_LAB_IMAGE_NAME_PROD + +services: + - name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + +volumes: + - name: dockersock + temp: {} + - name: awsconfig + temp: {} + +--- +kind: pipeline +type: kubernetes +name: teleport-helm-cron + +trigger: + cron: + - teleport-helm-cron + repo: + include: + - gravitational/teleport + +workspace: + path: /go + +clone: + disable: true + +steps: + - name: Check out code + image: alpine/git + commands: + - mkdir -p /go/src/github.com/gravitational/teleport + - cd /go/src/github.com/gravitational/teleport + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout ${DRONE_COMMIT} + - mkdir -p /go/chart + - cd /go/chart + + - name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: PRODUCTION_CHARTS_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download chart repo contents + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws commands: - mkdir -p /go/chart # download all previously packaged chart versions from the S3 bucket @@ -1057,19 +1802,17 @@ steps: - helm repo index /go/chart - name: Upload to S3 - image: plugins/s3 - settings: - bucket: + image: amazon/aws-cli + commands: + - cd /go/chart + - aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/ + environment: + AWS_REGION: us-east-2 + AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET - access_key: - from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID - secret_key: - from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY - region: us-east-2 - acl: public-read - source: /go/chart/* - target: / - strip_prefix: /go/chart + volumes: + - name: awsconfig + path: /root/.aws - name: Send Slack notification image: plugins/slack @@ -1086,11 +1829,14 @@ steps: when: status: [failure] +volumes: + - name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -1098,7 +1844,7 @@ type: kubernetes name: build-linux-amd64-centos7 environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -1113,6 +1859,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -1175,25 +1923,48 @@ steps: - mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -1201,20 +1972,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit (RHEL/CentOS 7.x compatible)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -1223,15 +1997,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -1240,6 +2013,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -1247,7 +2022,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -1255,7 +2030,7 @@ type: kubernetes name: build-linux-amd64-centos7-fips environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -1270,6 +2045,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -1331,25 +2108,48 @@ steps: - mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -1357,20 +2157,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -1379,15 +2182,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -1396,6 +2198,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -1403,7 +2207,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -1411,7 +2215,7 @@ type: kubernetes name: build-linux-amd64 environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -1426,10 +2230,13 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git commands: + - mkdir -p /go/src/github.com/gravitational/webapps - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . @@ -1439,6 +2246,11 @@ steps: - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - cd /go/src/github.com/gravitational/webapps + - git clone https://github.com/gravitational/webapps.git . + - git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)" + - git submodule update --init packages/webapps.e + - cd - - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- @@ -1464,7 +2276,9 @@ steps: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - - make -C build.assets release-amd64 + - export VERSION=$(cat /go/.version.txt) + - make -C build.assets release-amd64-centos7 + - make -C build.assets teleterm environment: ARCH: amd64 GID: "1000" @@ -1483,27 +2297,57 @@ steps: \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; + - find /go/src/github.com/gravitational/webapps/packages/teleterm/build/release + -maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm" + -o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: + - |- + cd /go/artifacts && for FILE in teleport-connect*.deb teleport-connect*.rpm; do + sha256sum $FILE > $FILE.sha256; + done && ls -l +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -1511,20 +2355,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -1533,15 +2380,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -1550,6 +2396,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -1557,7 +2405,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -1565,7 +2413,7 @@ type: kubernetes name: build-linux-amd64-fips environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -1580,6 +2428,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -1619,7 +2469,7 @@ steps: - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - - make -C build.assets release-amd64-fips + - make -C build.assets release-amd64-centos7-fips environment: ARCH: amd64 FIPS: "yes" @@ -1639,25 +2489,48 @@ steps: \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -1665,20 +2538,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit (FedRAMP/FIPS)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -1687,15 +2563,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -1704,6 +2579,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -1711,7 +2588,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -1733,6 +2610,7 @@ clone: disable: true depends_on: - build-linux-amd64-centos7 +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -1765,6 +2643,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -1776,19 +2678,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR @@ -1803,10 +2731,12 @@ steps: OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - - name: tmpfs - path: /tmpfs - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws + - name: tmpfs + path: /tmpfs - name: Copy artifacts image: docker commands: @@ -1815,25 +2745,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -1841,20 +2794,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -1863,15 +2819,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -1882,17 +2837,19 @@ services: - name: dockersock path: /var/run volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} - name: tmpfs temp: medium: memory -- name: dockersock - temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -1914,6 +2871,7 @@ clone: disable: true depends_on: - build-linux-amd64-centos7-fips +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -1946,6 +2904,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -1955,19 +2937,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR @@ -1983,35 +2991,60 @@ steps: RUNTIME: fips TMPDIR: /go volumes: - - name: tmpfs - path: /tmpfs - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws + - name: tmpfs + path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2019,20 +3052,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2041,15 +3077,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2060,17 +3095,19 @@ services: - name: dockersock path: /var/run volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} - name: tmpfs temp: medium: memory -- name: dockersock - temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -2092,10 +3129,12 @@ clone: disable: true depends_on: - build-linux-amd64 +- clean-up-previous-build steps: - name: Check out code image: docker:git commands: + - mkdir -p /go/src/github.com/gravitational/webapps - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . @@ -2105,6 +3144,11 @@ steps: - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - cd /go/src/github.com/gravitational/webapps + - git clone https://github.com/gravitational/webapps.git . + - git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)" + - git submodule update --init packages/webapps.e + - cd - - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- @@ -2124,6 +3168,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -2135,19 +3203,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - make deb environment: ARCH: amd64 @@ -2157,6 +3251,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws - name: Copy artifacts image: docker commands: @@ -2165,25 +3261,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2191,20 +3310,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit DEB" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2213,15 +3335,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2232,12 +3353,14 @@ services: volumes: - name: dockersock temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -2259,6 +3382,7 @@ clone: disable: true depends_on: - build-linux-amd64-fips +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -2291,6 +3415,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -2300,19 +3448,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - make -C e deb environment: ARCH: amd64 @@ -2323,31 +3497,56 @@ steps: volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2355,20 +3554,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 64-bit DEB (FedRAMP/FIPS)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2377,15 +3579,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2396,12 +3597,14 @@ services: volumes: - name: dockersock temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -2409,7 +3612,7 @@ type: kubernetes name: build-linux-386 environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -2424,6 +3627,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -2483,25 +3688,48 @@ steps: \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2509,20 +3737,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 32-bit" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2531,15 +3762,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2548,6 +3778,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -2555,7 +3787,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -2577,6 +3809,7 @@ clone: disable: true depends_on: - build-linux-386 +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -2609,6 +3842,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -2620,19 +3877,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR @@ -2647,10 +3930,12 @@ steps: OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - - name: tmpfs - path: /tmpfs - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws + - name: tmpfs + path: /tmpfs - name: Copy artifacts image: docker commands: @@ -2659,25 +3944,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2685,20 +3993,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 32-bit RPM" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit RPM" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2707,15 +4018,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2726,17 +4036,19 @@ services: - name: dockersock path: /var/run volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} - name: tmpfs temp: medium: memory -- name: dockersock - temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -2758,6 +4070,7 @@ clone: disable: true depends_on: - build-linux-386 +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -2790,30 +4103,80 @@ steps: volumes: - name: dockersock path: /var/run -- name: Download artifacts from S3 +- name: Assume Download AWS Role image: amazon/aws-cli commands: - - export VERSION=$(cat /go/.version.txt) - - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else - export S3_PATH="tag/"; fi - - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz - /go/artifacts/ - - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz - /go/artifacts/ + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws +- name: Download artifacts from S3 + image: amazon/aws-cli + commands: + - export VERSION=$(cat /go/.version.txt) + - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else + export S3_PATH="tag/"; fi + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz + /go/artifacts/ + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz + /go/artifacts/ + environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - make deb environment: ARCH: "386" @@ -2823,6 +4186,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws - name: Copy artifacts image: docker commands: @@ -2831,25 +4196,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -2857,20 +4245,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux 32-bit DEB" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit DEB" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -2879,15 +4270,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -2898,12 +4288,14 @@ services: volumes: - name: dockersock temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/mac.go:39 +# Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline @@ -2926,6 +4318,8 @@ platform: arch: amd64 clone: disable: true +depends_on: +- clean-up-previous-build concurrency: limit: 1 steps: @@ -2944,11 +4338,6 @@ steps: - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - git clone https://github.com/gravitational/webapps.git . - - git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go) - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null @@ -2974,7 +4363,7 @@ steps: - tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz - rm -rf $RUNTIME.darwin-amd64.tar.gz environment: - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 - name: Install Rust Toolchain commands: - set -u @@ -2988,55 +4377,24 @@ steps: - rustup toolchain install $RUST_VERSION environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 -- name: Install Node Toolchain - commands: - - set -u - - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets - print-node-version) - - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - - export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - - mkdir -p $TOOLCHAIN_DIR - - curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz - - tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz - - rm -f node-v$NODE_VERSION-darwin-x64.tar.gz - - export PATH=$NODE_DIR/bin:$PATH - - corepack enable yarn - - echo Node reporting version $(node --version) - - echo Yarn reporting version $(yarn --version) - environment: - WORKSPACE_DIR: /tmp/build-darwin-amd64 -- name: Build Mac release artifacts +- name: Build Mac artifacts (binaries) commands: - set -u - - echo HOME=$${HOME} - export HOME=/Users/$(whoami) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - print-version) - - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets - print-node-version) - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - - export PATH=$TOOLCHAIN_DIR/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$NODE_HOME/bin:$PATH + - export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH + - rustup override set $RUST_VERSION + - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - build.assets/build-fido2-macos.sh build - export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)" - - rustup override set $RUST_VERSION - - export BUILD_NUMBER=$DRONE_BUILD_NUMBER - - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - - security find-identity -v - make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION environment: - APPLE_PASSWORD: - from_secret: APPLE_PASSWORD - APPLE_USERNAME: - from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD @@ -3050,33 +4408,47 @@ steps: - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts - cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release - - cp *.dmg $WORKSPACE_DIR/go/artifacts - cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l - - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE" - > "$FILE.sha256"; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 +- name: Assume AWS Role + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /tmp/build-darwin-amd64/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3084,20 +4456,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="MacOS Intel" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3106,16 +4481,15 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING + from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64 - failure: ignore - name: Clean up toolchains (post) commands: - set -u @@ -3147,7 +4521,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/mac.go:39 +# Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline @@ -3190,11 +4564,6 @@ steps: - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - git clone https://github.com/gravitational/webapps.git . - - git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go) - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null @@ -3212,6 +4581,27 @@ steps: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg +- name: Assume AWS Role + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /tmp/build-darwin-amd64-pkg/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials - name: Download built tarball artifacts from S3 commands: - set -u @@ -3222,13 +4612,10 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg @@ -3269,19 +4656,16 @@ steps: - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3289,20 +4673,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="MacOS Intel .pkg installer" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3311,16 +4698,15 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING + from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - failure: ignore - name: Clean up exec runner storage (post) commands: - set -u @@ -3333,7 +4719,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/mac.go:39 +# Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline @@ -3376,11 +4762,6 @@ steps: - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps - - git clone https://github.com/gravitational/webapps.git . - - git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go) - - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null @@ -3398,6 +4779,27 @@ steps: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh +- name: Assume AWS Role + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /tmp/build-darwin-amd64-pkg-tsh/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials - name: Download built tarball artifacts from S3 commands: - set -u @@ -3408,13 +4810,10 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh @@ -3455,19 +4854,16 @@ steps: - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3475,20 +4871,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="MacOS Intel .pkg installer (tsh client only)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer (tsh client only)" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3497,16 +4896,15 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING + from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - failure: ignore - name: Clean up exec runner storage (post) commands: - set -u @@ -3519,7 +4917,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -3527,7 +4925,7 @@ type: kubernetes name: build-linux-arm environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -3542,6 +4940,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -3601,25 +5001,48 @@ steps: \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3627,20 +5050,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARMv7 (32-bit)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit)" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3649,15 +5075,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -3666,6 +5091,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -3673,7 +5100,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -3681,7 +5108,7 @@ type: kubernetes name: build-linux-arm64 environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -3696,6 +5123,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -3755,25 +5184,48 @@ steps: \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3781,20 +5233,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARM64/ARMv8 (64-bit)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit)" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3803,15 +5258,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -3820,6 +5274,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -3827,7 +5283,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -3849,6 +5305,7 @@ clone: disable: true depends_on: - build-linux-arm64 +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -3881,6 +5338,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -3892,19 +5373,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - make deb environment: ARCH: arm64 @@ -3914,6 +5421,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws - name: Copy artifacts image: docker commands: @@ -3922,25 +5431,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -3948,20 +5480,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARM64/ARMv8 (64-bit) DEB" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) DEB" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -3970,15 +5505,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -3989,12 +5523,14 @@ services: volumes: - name: dockersock temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -4016,6 +5552,7 @@ clone: disable: true depends_on: - build-linux-arm +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -4048,6 +5585,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -4059,19 +5620,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - make deb environment: ARCH: arm @@ -4081,6 +5668,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws - name: Copy artifacts image: docker commands: @@ -4089,25 +5678,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} -- name: Register artifacts - image: docker + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli commands: - - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Register artifacts + image: docker + commands: + - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} + - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -4115,20 +5727,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARMv7 (32-bit) DEB" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) DEB" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -4137,15 +5752,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -4156,12 +5770,14 @@ services: volumes: - name: dockersock temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -4183,6 +5799,7 @@ clone: disable: true depends_on: - build-linux-arm64 +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -4215,6 +5832,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -4226,19 +5867,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR @@ -4253,10 +5920,12 @@ steps: OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - - name: tmpfs - path: /tmpfs - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws + - name: tmpfs + path: /tmpfs - name: Copy artifacts image: docker commands: @@ -4265,25 +5934,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -4291,20 +5983,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARM64/ARMv8 (64-bit) RPM" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) RPM" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -4313,15 +6008,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -4332,17 +6026,19 @@ services: - name: dockersock path: /var/run volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} - name: tmpfs temp: medium: memory -- name: dockersock - temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:461 +# Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline @@ -4364,6 +6060,7 @@ clone: disable: true depends_on: - build-linux-arm +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -4396,6 +6093,30 @@ steps: volumes: - name: dockersock path: /var/run +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: @@ -4407,19 +6128,45 @@ steps: - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Build AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go + - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) + - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR @@ -4434,10 +6181,12 @@ steps: OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - - name: tmpfs - path: /tmpfs - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws + - name: tmpfs + path: /tmpfs - name: Copy artifacts image: docker commands: @@ -4446,25 +6195,48 @@ steps: \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -4472,20 +6244,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Linux ARMv7 (32-bit) RPM" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) RPM" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -4494,15 +6269,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -4513,17 +6287,19 @@ services: - name: dockersock path: /var/run volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} - name: tmpfs temp: medium: memory -- name: dockersock - temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:250 +# Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline @@ -4531,7 +6307,7 @@ type: kubernetes name: build-windows-amd64 environment: BUILDBOX_VERSION: teleport10 - RUNTIME: go1.18.3 + RUNTIME: go1.18.6 trigger: event: include: @@ -4546,6 +6322,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Check out code image: docker:git @@ -4585,7 +6363,7 @@ steps: - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx - - make -C build.assets release-amd64 + - make -C build.assets release-windows - rm -f windows-signing-cert.pfx environment: ARCH: amd64 @@ -4608,25 +6386,48 @@ steps: - cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip - cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256; done && ls -l -- name: Upload to S3 - image: plugins/s3 - settings: - access_key: +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID - bucket: - from_secret: AWS_S3_BUCKET - region: us-west-2 - secret_key: + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - source: /go/artifacts/* - strip_prefix: /go/artifacts/ - target: teleport/tag/${DRONE_TAG##v} + volumes: + - name: awsconfig + path: /root/.aws +- name: Upload to S3 + image: amazon/aws-cli + commands: + - cd /go/artifacts/ + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-staging.platform.teleport.sh' + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT @@ -4634,20 +6435,23 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="Windows 64-bit (tsh client only)" + products="$name" if [ "$name" = "tsh" ]; then - products="teleport teleport-ent"; - else - products="$name" + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - curl $CREDENTIALS --fail -o /dev/null -F description="Windows 64-bit (tsh client only)" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") @@ -4656,15 +6460,14 @@ steps: cat $WORKSPACE_DIR/curl_out.txt exit 1 fi - curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" done done environment: RELEASES_CERT: - from_secret: RELEASES_CERT_STAGING + from_secret: RELEASES_CERT RELEASES_KEY: - from_secret: RELEASES_KEY_STAGING - failure: ignore + from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind @@ -4673,6 +6476,8 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} @@ -4725,6 +6530,31 @@ steps: # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + - name: Build/push OSS/Enterprise Docker images image: docker environment: @@ -4734,21 +6564,18 @@ steps: GOPATH: /go OS: linux ARCH: amd64 - settings: - username: - from_secret: QUAYIO_DOCKER_USERNAME - password: - from_secret: QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws commands: - - apk add --no-cache make + - apk add --no-cache make bash aws-cli - chown -R $UID:$GID /go - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - - docker pull quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION || true + - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - cd /go/src/github.com/gravitational/teleport - make image-ci publish-ci + - make publish-operator-ci - name: Build/push FIPS Docker image image: docker @@ -4759,19 +6586,17 @@ steps: GOPATH: /go OS: linux ARCH: amd64 - settings: - username: - from_secret: QUAYIO_DOCKER_USERNAME - password: - from_secret: QUAYIO_DOCKER_PASSWORD + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: dockersock path: /var/run commands: - - apk add --no-cache make + - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - - docker pull quay.io/gravitational/teleport-buildbox:BUILDBOX_VERSION || true + - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - cd /go/src/github.com/gravitational/teleport # VERSION needs to be set manually when running in the e directory. # Normally, the version is set and exported by the root Makefile and then inherited, @@ -4790,6 +6615,8 @@ services: volumes: - name: dockersock temp: {} + - name: awsconfig + temp: {} --- kind: pipeline @@ -4826,31 +6653,77 @@ steps: # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - - name: Download built tarball artifacts from S3 + - name: Assume Download AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download built tarball artifacts from S3 + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 + volumes: + - name: awsconfig + path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - - name: Build OSS AMIs - image: hashicorp/packer:1.7.6 + - name: Assume Packer AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_PACKER_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Build OSS AMIs + image: hashicorp/packer:1.7.6 volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws @@ -4866,16 +6739,40 @@ steps: make oss fi - - name: Sync OSS build timestamp to S3 + - name: Assume S3 Timestamp Sync AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Sync OSS build timestamp to S3 + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 + volumes: + - name: awsconfig + path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ @@ -4891,6 +6788,8 @@ services: volumes: - name: dockersock temp: {} + - name: awsconfig + temp: {} --- kind: pipeline @@ -4928,32 +6827,78 @@ steps: # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - - name: Download built tarball artifacts from S3 + - name: Assume Download AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download built tarball artifacts from S3 + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 + volumes: + - name: awsconfig + path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - - name: Build Enterprise AMIs - image: hashicorp/packer:1.7.6 + - name: Assume Packer AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_PACKER_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Build Enterprise AMIs + image: hashicorp/packer:1.7.6 volumes: - name: dockersock path: /var/run + - name: awsconfig + path: /root/.aws commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws @@ -4970,16 +6915,40 @@ steps: make ent fi - - name: Sync Enterprise build timestamp to S3 + - name: Assume S3 Timestamp Sync AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Sync Enterprise build timestamp to S3 + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 + volumes: + - name: awsconfig + path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ @@ -4995,12 +6964,14 @@ services: volumes: - name: dockersock temp: {} + - name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/buildbox.go:67 +# Generated at dronegen/buildbox.go (main.buildboxPipeline) ################################################ kind: pipeline @@ -5039,70 +7010,408 @@ steps: volumes: - name: dockersock path: /var/run -- name: buildbox +- name: Assume Staging buildbox AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Build buildbox and push to Staging image: docker commands: - - apk add --no-cache make + - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox - - docker push quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION - environment: - QUAYIO_DOCKER_PASSWORD: - from_secret: QUAYIO_DOCKER_PASSWORD - QUAYIO_DOCKER_USERNAME: - from_secret: QUAYIO_DOCKER_USERNAME + - docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA volumes: - name: dockersock path: /var/run -- name: buildbox-fips + - name: awsconfig + path: /root/.aws +- name: Assume Production buildbox AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Push buildbox to Production image: docker commands: - - apk add --no-cache make + - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - - make -C build.assets buildbox-fips - - docker push quay.io/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION - environment: - QUAYIO_DOCKER_PASSWORD: - from_secret: QUAYIO_DOCKER_PASSWORD - QUAYIO_DOCKER_USERNAME: - from_secret: QUAYIO_DOCKER_USERNAME + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run -- name: buildbox-arm + - name: awsconfig + path: /root/.aws +- name: Assume Staging buildbox-fips AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Build buildbox-fips and push to Staging image: docker commands: - - apk add --no-cache make + - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - - make -C build.assets buildbox-arm - - docker push quay.io/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION - environment: - QUAYIO_DOCKER_PASSWORD: - from_secret: QUAYIO_DOCKER_PASSWORD - QUAYIO_DOCKER_USERNAME: - from_secret: QUAYIO_DOCKER_USERNAME + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - make -C build.assets buildbox-fips + - docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA volumes: - name: dockersock path: /var/run -services: -- name: Start Docker - image: docker:dind - privileged: true + - name: awsconfig + path: /root/.aws +- name: Assume Production buildbox-fips AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Push buildbox-fips to Production + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION volumes: - name: dockersock path: /var/run -volumes: -- name: dockersock - temp: {} + - name: awsconfig + path: /root/.aws +- name: Assume Staging buildbox-arm AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Build buildbox-arm and push to Staging + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - make -C build.assets buildbox-arm + - docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Assume Production buildbox-arm AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Push buildbox-arm to Production + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Assume Staging buildbox-centos7 AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Build buildbox-centos7 and push to Staging + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - make -C build.assets buildbox-centos7 + - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Assume Production buildbox-centos7 AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Push buildbox-centos7 to Production + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Assume Staging buildbox-centos7-fips AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Build buildbox-centos7-fips and push to Staging + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - make -C build.assets buildbox-centos7-fips + - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Assume Production buildbox-centos7-fips AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Push buildbox-centos7-fips to Production + image: docker + commands: + - apk add --no-cache make aws-cli + - chown -R $UID:$GID /go + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/misc.go:145 +# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) ################################################ kind: pipeline @@ -5130,7 +7439,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/misc.go:169 +# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) ################################################ kind: pipeline @@ -5159,166 +7468,665 @@ steps: - name: Check out code image: alpine/git:latest commands: - - mkdir -p "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout "${DRONE_TAG}" + - git init && git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_TAG}" + depends_on: + - Verify build is tagged - name: Check if tag is prerelease - image: golang:1.17-alpine + image: golang:1.18-alpine commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is - a prerelease, not publishing ${DRONE_TAG} packages to APT repos' && exit 78) + a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) + depends_on: + - Check out code +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease - name: Download artifacts for "${DRONE_TAG}" image: amazon/aws-cli commands: - mkdir -pv "$ARTIFACT_PATH" + - rm -rf "${ARTIFACT_PATH}/*" - aws s3 sync --no-progress --delete --exclude "*" --include "*.deb*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ "$ARTIFACT_PATH" environment: ARTIFACT_PATH: /go/artifacts - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: APT_REPO_NEW_AWS_ROLE AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY + from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease - name: Publish debs to APT repos for "${DRONE_TAG}" - image: golang:1.18.1-bullseye + image: golang:1.18.4-bullseye commands: - - mkdir -pv -m0700 $GNUPGHOME - - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME - - chown -R root:root $GNUPGHOME - apt update - - apt install aptly tree -y + - apt install -y aptly + - mkdir -pv -m0700 "$GNUPGHOME" + - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME + - chown -R root:root "$GNUPGHOME" - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - export VERSION="${DRONE_TAG}" - export RELEASE_CHANNEL="stable" - - go run ./cmd/build-apt-repos -bucket "$APT_S3_BUCKET" -local-bucket-path "$BUCKET_CACHE_PATH" - -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL" -aptly-root-dir - "$APTLY_ROOT_DIR" -artifact-path "$ARTIFACT_PATH" -log-level 4 - - rm -rf "$BUCKET_CACHE_PATH" - - df -h "$APTLY_ROOT_DIR" + - go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path + "$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL" + -artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR" environment: - APT_S3_BUCKET: - from_secret: APT_REPO_NEW_AWS_S3_BUCKET APTLY_ROOT_DIR: /mnt/aptly ARTIFACT_PATH: /go/artifacts - AWS_ACCESS_KEY_ID: - from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 - AWS_SECRET_ACCESS_KEY: - from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY BUCKET_CACHE_PATH: /tmp/bucket + DEBIAN_FRONTEND: noninteractive GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE + REPO_S3_BUCKET: + from_secret: APT_REPO_NEW_AWS_S3_BUCKET volumes: - - name: aptrepo + - name: apt-persistence path: /mnt - name: tmpfs path: /tmpfs + - name: awsconfig + path: /root/.aws + depends_on: + - Download artifacts for "${DRONE_TAG}" + - Verify build is tagged + - Check out code + - Check if tag is prerelease volumes: -- name: aptrepo +- name: apt-persistence claim: name: drone-s3-aptrepo-pvc - name: tmpfs temp: medium: memory +- name: awsconfig + temp: {} --- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) +################################################ + kind: pipeline type: kubernetes -name: promote-build +name: migrate-yum-new-repos +trigger: + event: + include: + - custom + repo: + include: + - non-existent-repository + branch: + include: + - non-existent-branch +clone: + disable: true +steps: +- name: Placeholder + image: alpine:latest + commands: + - echo "This command, step, and pipeline never runs" + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) +################################################ +kind: pipeline +type: kubernetes +name: publish-yum-new-repos trigger: event: + include: - promote target: + include: - production repo: include: - - gravitational/* - + - gravitational/teleport workspace: path: /go - clone: disable: true - steps: - - name: Check if commit is tagged - image: alpine - commands: - - "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)" - - - name: Download artifacts from S3 - image: amazon/aws-cli - environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - AWS_REGION: us-west-2 - commands: - - mkdir -p /go/artifacts - - aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/ +- name: Verify build is tagged + image: alpine:latest + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init && git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_TAG}" + depends_on: + - Verify build is tagged +- name: Check if tag is prerelease + image: golang:1.18-alpine + commands: + - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is + a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) + depends_on: + - Check out code +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease +- name: Download artifacts for "${DRONE_TAG}" + image: amazon/aws-cli + commands: + - mkdir -pv "$ARTIFACT_PATH" + - rm -rf "${ARTIFACT_PATH}/*" + - aws s3 sync --no-progress --delete --exclude "*" --include "*.rpm*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ + "$ARTIFACT_PATH" + environment: + ARTIFACT_PATH: /go/artifacts + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: YUM_REPO_NEW_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check out code + - Check if tag is prerelease +- name: Publish rpms to YUM repos for "${DRONE_TAG}" + image: golang:1.18.4-bullseye + commands: + - apt update + - apt install -y createrepo-c + - mkdir -pv "$CACHE_DIR" + - mkdir -pv -m0700 "$GNUPGHOME" + - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME + - chown -R root:root "$GNUPGHOME" + - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - export VERSION="${DRONE_TAG}" + - export RELEASE_CHANNEL="stable" + - go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path + "$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL" + -artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR" + environment: + ARTIFACT_PATH: /go/artifacts + AWS_REGION: us-west-2 + BUCKET_CACHE_PATH: /mnt/bucket + CACHE_DIR: /mnt/createrepo_cache + DEBIAN_FRONTEND: noninteractive + GNUPGHOME: /tmpfs/gnupg + GPG_RPM_SIGNING_ARCHIVE: + from_secret: GPG_RPM_SIGNING_ARCHIVE + REPO_S3_BUCKET: + from_secret: YUM_REPO_NEW_AWS_S3_BUCKET + volumes: + - name: yum-persistence + path: /mnt + - name: tmpfs + path: /tmpfs + - name: awsconfig + path: /root/.aws + depends_on: + - Download artifacts for "${DRONE_TAG}" + - Verify build is tagged + - Check out code + - Check if tag is prerelease +volumes: +- name: yum-persistence + claim: + name: drone-s3-yumrepo-pvc +- name: tmpfs + temp: + medium: memory +- name: awsconfig + temp: {} - - name: Upload artifacts to production S3 - image: plugins/s3 - settings: - bucket: - from_secret: PRODUCTION_AWS_S3_BUCKET - access_key: - from_secret: PRODUCTION_AWS_ACCESS_KEY_ID - secret_key: - from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY - region: us-east-1 - acl: public-read - source: /go/artifacts/* - target: teleport/${DRONE_TAG##v}/ - strip_prefix: /go/artifacts/ +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineECR) +################################################ - - name: Pull/retag Docker images - image: docker - settings: - docker_staging_username: - from_secret: QUAYIO_DOCKER_USERNAME - docker_staging_password: - from_secret: QUAYIO_DOCKER_PASSWORD - docker_production_username: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - docker_production_password: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run +kind: pipeline +type: kubernetes +name: promote-docker-ecr +trigger: + event: + include: + - promote + target: + include: + - production + - promote-docker + - promote-docker-ecr + repo: + include: + - gravitational/* +workspace: + path: /go +clone: + disable: true +steps: +- name: Verify build is tagged + image: alpine:latest + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Pull/retag Docker images + image: docker + commands: + - apk add --no-cache aws-cli + - export VERSION=${DRONE_TAG##v} + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - echo "---> Pulling images for $${VERSION}" + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} + - echo "---> Tagging images for $${VERSION}" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} + public.ecr.aws/gravitational/teleport:$${VERSION} + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} + public.ecr.aws/gravitational/teleport-ent:$${VERSION} + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} + public.ecr.aws/gravitational/teleport-operator:$${VERSION} + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - echo "---> Pushing images for $${VERSION}" + - docker push public.ecr.aws/gravitational/teleport:$${VERSION} + - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION} + - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips + - docker push public.ecr.aws/gravitational/teleport-operator:$${VERSION} + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineQuay) +################################################ + +kind: pipeline +type: kubernetes +name: promote-docker-quay +trigger: + event: + include: + - promote + target: + include: + - production + - promote-docker + - promote-docker-quay + repo: + include: + - gravitational/* +workspace: + path: /go +clone: + disable: true +steps: +- name: Verify build is tagged + image: alpine:latest + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Pull/retag Docker images + image: docker + commands: + - apk add --no-cache aws-cli + - export VERSION=${DRONE_TAG##v} + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - echo "---> Pulling images for $${VERSION}" + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} + - echo "---> Tagging images for $${VERSION}" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} + quay.io/gravitational/teleport:$${VERSION} + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} + quay.io/gravitational/teleport-ent:$${VERSION} + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} + quay.io/gravitational/teleport-operator:$${VERSION} + - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io + - echo "---> Pushing images for $${VERSION}" + - docker push quay.io/gravitational/teleport:$${VERSION} + - docker push quay.io/gravitational/teleport-ent:$${VERSION} + - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker push quay.io/gravitational/teleport-operator:$${VERSION} + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} +- name: awsconfig + temp: {} + +--- +kind: pipeline +type: kubernetes +name: promote-build + +trigger: + event: + - promote + target: + - production + repo: + include: + - gravitational/* + +workspace: + path: /go + +clone: + disable: true + +steps: + - name: Check if commit is tagged + image: alpine commands: - # wait for docker to start - - sleep 3 - - export VERSION=${DRONE_TAG##v} - # authenticate with staging credentials - - docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io - # pull 'temporary' CI-built images - - echo "---> Pulling images for $${VERSION}" - - docker pull quay.io/gravitational/teleport-ci:$${VERSION} - - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION} - - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips - # retag images to production naming - - echo "---> Tagging images for $${VERSION}" - - docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION} - - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION} - - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips - # reauthenticate with production credentials - - docker logout quay.io - - docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io - # push production images - - echo "---> Pushing images for $${VERSION}" - - docker push quay.io/gravitational/teleport:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips + - "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)" + + - name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download artifacts from S3 + image: amazon/aws-cli + commands: + - mkdir -p /go/artifacts + - aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/ + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + AWS_REGION: us-west-2 + volumes: + - name: awsconfig + path: /root/.aws + + - name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: PRODUCTION_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Upload artifacts to production S3 + image: amazon/aws-cli + environment: + AWS_REGION: us-east-1 + AWS_S3_BUCKET: + from_secret: PRODUCTION_AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + commands: + - cd /go/artifacts/ + - aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/teleport/${DRONE_TAG##v} - name: Check out code image: docker:git @@ -5330,27 +8138,73 @@ steps: git fetch origin +refs/tags/${DRONE_TAG}: git checkout -qf FETCH_HEAD - - name: Download AMI timestamps - image: docker + - name: Assume AMI Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download AMI timestamps + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws commands: - - apk add --no-cache aws-cli - mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build - aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build - - name: Make AMIs public - image: docker + - name: Assume AMI Publish AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: PRODUCTION_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Make AMIs public + image: docker + volumes: + - name: awsconfig + path: /root/.aws commands: - apk add --no-cache aws-cli bash jq make - cd /go/src/github.com/gravitational/teleport/assets/aws @@ -5359,6 +8213,31 @@ steps: make change-amis-to-public-ent make change-amis-to-public-ent-fips + - name: "Helm: Assume Download AWS Role" + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: PRODUCTION_CHARTS_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + # Download all previously packaged charts. This is needed to rebuild the # index and re-publish the repository. - name: "Helm: Download chart repository" @@ -5366,10 +8245,9 @@ steps: environment: AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws commands: - mkdir -p /go/chart - aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart @@ -5387,20 +8265,43 @@ steps: - helm repo index /go/chart - ls /go/chart - - name: "Helm: Publish chart repository to S3" - image: plugins/s3 - settings: - bucket: - from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET - access_key: + - name: "Helm: Assume Upload AWS Role" + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID - secret_key: + AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY - region: us-east-2 - acl: public-read - source: /go/chart/* - target: / - strip_prefix: /go/chart + AWS_ROLE: + from_secret: PRODUCTION_CHARTS_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: "Helm: Publish chart repository to S3" + image: amazon/aws-cli + environment: + AWS_REGION: us-east-2 + AWS_S3_BUCKET: + from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + commands: + - cd /go/chart/ + - aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/ # NOTE: all mandatory steps for a release promotion need to go BEFORE this # step, as there is a chance that everything afterwards will be skipped. @@ -5419,18 +8320,41 @@ steps: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78) - - name: Download RPM repo contents + - name: Assume RPM Repo AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: RPMREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: RPMREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: RPMREPO_AWS_ROLE + volumes: + - name: awsconfig + path: /root/.aws + + - name: Download RPM repo contents + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: RPMREPO_AWS_S3_BUCKET volumes: - name: rpmrepo path: /rpmrepo + - name: awsconfig + path: /root/.aws commands: - mkdir -p /rpmrepo/teleport/cache # we explicitly want to delete anything present locally which has been deleted @@ -5480,13 +8404,11 @@ steps: environment: AWS_S3_BUCKET: from_secret: RPMREPO_AWS_S3_BUCKET - AWS_ACCESS_KEY_ID: - from_secret: RPMREPO_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: - from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY volumes: - name: rpmrepo path: /rpmrepo + - name: awsconfig + path: /root/.aws commands: - aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ @@ -5500,22 +8422,45 @@ steps: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78) - - name: Download DEB repo contents + - name: Assume Deb Repo AWS Role image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity environment: - AWS_S3_BUCKET: - from_secret: DEBREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: DEBREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY + AWS_ROLE: + from_secret: DEBREPO_AWS_ROLE volumes: - - name: debrepo - path: /debrepo - commands: - # we explicitly want to delete anything present locally which has been deleted - # from the upstream S3 bucket - - mkdir -p /debrepo/teleport + - name: awsconfig + path: /root/.aws + + - name: Download DEB repo contents + image: amazon/aws-cli + environment: + AWS_S3_BUCKET: + from_secret: DEBREPO_AWS_S3_BUCKET + volumes: + - name: debrepo + path: /debrepo + - name: awsconfig + path: /root/.aws + commands: + # we explicitly want to delete anything present locally which has been deleted + # from the upstream S3 bucket + - mkdir -p /debrepo/teleport - aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete - name: Build DEB repo @@ -5578,15 +8523,13 @@ steps: environment: AWS_S3_BUCKET: from_secret: DEBREPO_AWS_S3_BUCKET - AWS_ACCESS_KEY_ID: - from_secret: DEBREPO_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY: - from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY volumes: - name: debrepo path: /debrepo + - name: awsconfig + path: /root/.aws commands: - - aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ + - aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ services: - name: Start Docker @@ -5599,6 +8542,8 @@ services: path: /tmpfs volumes: + - name: awsconfig + temp: {} - name: dockersock temp: {} - name: tmpfs @@ -5613,7 +8558,362 @@ volumes: claim: name: drone-s3-debrepo-pvc --- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/relcli.go (main.relcliPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: publish-rlz +environment: + RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.70 +trigger: + event: + include: + - promote + target: + include: + - production + repo: + include: + - gravitational/* +clone: + disable: true +steps: +- name: Check if commit is tagged + image: alpine + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run +- name: Assume AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY + AWS_ROLE: + from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Pull relcli + image: docker:cli + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull $RELCLI_IMAGE + environment: + AWS_DEFAULT_REGION: us-west-2 + volumes: + - name: dockersock + path: /var/run + - name: awsconfig + path: /root/.aws +- name: Publish in Release API + image: docker:git + commands: + - mkdir -p /tmpfs/creds + - echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT" + - echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY" + - trap "rm -rf /tmpfs/creds" EXIT + - |- + docker run -i -v /tmpfs/creds:/tmpfs/creds \ + -e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \ + $RELCLI_IMAGE relcli auto_publish -f -v 6 + environment: + RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh + RELCLI_CERT: /tmpfs/creds/releases.crt + RELCLI_KEY: /tmpfs/creds/releases.key + RELEASES_CERT: + from_secret: RELEASES_CERT + RELEASES_KEY: + from_secret: RELEASES_KEY + volumes: + - name: dockersock + path: /var/run + - name: tmpfs + path: /tmpfs + - name: awsconfig + path: /root/.aws +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: tmpfs + path: /tmpfs + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} +- name: tmpfs + temp: + medium: memory +- name: awsconfig + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/mac.go (main.newDarwinPipeline) +################################################ + +kind: pipeline +type: exec +name: build-darwin-amd64-connect +trigger: + event: + include: + - tag + ref: + include: + - refs/tags/v* + repo: + include: + - gravitational/* +workspace: + path: /tmp/build-darwin-amd64-connect +platform: + os: darwin + arch: amd64 +clone: + disable: true +depends_on: +- build-darwin-amd64-pkg-tsh +concurrency: + limit: 1 +steps: +- name: Set up exec runner storage + commands: + - set -u + - mkdir -p $WORKSPACE_DIR + - chmod -R u+rw $WORKSPACE_DIR + - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh + environment: + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Check out code + commands: + - set -u + - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport + - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout ${DRONE_TAG:-$DRONE_COMMIT} + - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps + - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps + - git clone https://github.com/gravitational/webapps.git . + - git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh) + - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport + - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa + && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa + - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null + - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts + - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts + -F /dev/null' git submodule update --init e + - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts + -F /dev/null' git submodule update --init --recursive webassets || true + - rm -rf $WORKSPACE_DIR/.ssh + - mkdir -p $WORKSPACE_DIR/go/cache + - mkdir -p $WORKSPACE_DIR/go/artifacts + - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt + - cat $WORKSPACE_DIR/go/.version.txt + environment: + GITHUB_PRIVATE_KEY: + from_secret: GITHUB_PRIVATE_KEY + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Install Node Toolchain + commands: + - set -u + - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets + print-node-version) + - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains + - export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 + - mkdir -p $TOOLCHAIN_DIR + - curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz + - tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz + - rm -f node-v$NODE_VERSION-darwin-x64.tar.gz + - export PATH=$NODE_DIR/bin:$PATH + - corepack enable yarn + - echo Node reporting version $(node --version) + - echo Yarn reporting version $(yarn --version) + environment: + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Assume AWS Role + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /tmp/build-darwin-amd64-connect/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials +- name: Download tsh.pkg artifact from S3 + commands: + - set -u + - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) + - export S3_PATH="tag/$${DRONE_TAG##v}/" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}tsh-$${VERSION}.pkg $WORKSPACE_DIR/go/src/github.com/gravitational/ + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials + GITHUB_PRIVATE_KEY: + from_secret: GITHUB_PRIVATE_KEY + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Build Mac artifacts (Teleport Connect) + commands: + - set -u + - export HOME=/Users/$(whoami) + - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains + - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets + print-node-version) + - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 + - export PATH=$NODE_HOME/bin:$PATH + - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport + print-version) + - export BUILD_NUMBER=$DRONE_BUILD_NUMBER + - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain + - security find-identity -v + - export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83 + - export DEBUG="electron-*" + - cd $WORKSPACE_DIR/go/src/github.com/gravitational + - pkgutil --expand-full tsh-$${VERSION}.pkg tsh + - export CONNECT_TSH_APP_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/tsh/Payload/tsh.app + - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps + - yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION + environment: + APPLE_PASSWORD: + from_secret: APPLE_PASSWORD + APPLE_USERNAME: + from_secret: APPLE_USERNAME + ARCH: amd64 + BUILDBOX_PASSWORD: + from_secret: BUILDBOX_PASSWORD + GOCACHE: /tmp/build-darwin-amd64-connect/go/cache + GOPATH: /tmp/build-darwin-amd64-connect/go + OS: darwin + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Copy dmg artifact + commands: + - set -u + - cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release + - cp *.dmg $WORKSPACE_DIR/go/artifacts + - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE" + > "$FILE.sha256"; done && ls -l + environment: + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Upload to S3 + commands: + - set -u + - cd $WORKSPACE_DIR/go/artifacts + - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} + environment: + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Register artifact + commands: + - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} + - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") + - RELEASES_HOST='https://releases-prod.platform.teleport.sh' + - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" + - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" + - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT + - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" + - which curl || apk add --no-cache curl + - |- + cd "$WORKSPACE_DIR/go/artifacts" + find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do + # Skip files that are not results of this build + # (e.g. tarballs from which OS packages are made) + [ -f "$file.sha256" ] || continue + + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + description="MacOS Intel" + products="$name" + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent" + elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then + description="Teleport Connect" + products="teleport teleport-ent" + fi + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')" + done + done + environment: + RELEASES_CERT: + from_secret: RELEASES_CERT + RELEASES_KEY: + from_secret: RELEASES_KEY + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +- name: Clean up toolchains (post) + commands: + - set -u + - rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED + environment: + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect + when: + status: + - success + - failure +- name: Clean up exec runner storage (post) + commands: + - set -u + - chmod -R u+rw $WORKSPACE_DIR + - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh + environment: + WORKSPACE_DIR: /tmp/build-darwin-amd64-connect +--- kind: signature -hmac: 5acd82e991fc974378ec84b0265df412875f0c349000a6c92720b39287639ac8 +hmac: a43fcccda7cc19e01df427ca74e55420669ce0073124ab8366e5ed60fdd09172 ... diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md index 9d6601c9ce290..a1b0598954f61 100644 --- a/.github/ISSUE_TEMPLATE/testplan.md +++ b/.github/ISSUE_TEMPLATE/testplan.md @@ -1092,6 +1092,7 @@ With a default Teleport instance configured with a SSH node: - [ ] Verify you are able to connect to the SSH node using openssh with the generated `ssh_config` in the destination directory - [ ] Verify that after the renewal period (default 20m, but this can be reduced via configuration), that newly generated certificates are placed in the destination directory - [ ] Verify that sending both `SIGUSR1` and `SIGHUP` to a running tbot process causes a renewal and new certificates to be generated +- [ ] Verify that you are able to make a connection to the SSH node using the `ssh_config` provided by `tbot` after each phase of a manual CA rotation. Ensure the above tests are completed for both: diff --git a/.github/workflows/assign.yaml b/.github/workflows/assign.yaml index a4627db8c665e..7b09f2ca106e8 100644 --- a/.github/workflows/assign.yaml +++ b/.github/workflows/assign.yaml @@ -33,14 +33,18 @@ jobs: if: ${{ !github.event.pull_request.draft }} runs-on: ubuntu-latest steps: - # Checkout master branch of Teleport repository. This is to prevent an - # attacker from submitting their own review assignment logic. - - name: Checkout master branch - uses: actions/checkout@v2 + # Checkout main branch of shared-workflow repository. + - name: Checkout shared-workflow + uses: actions/checkout@v3 with: - ref: master - - name: Installing the latest version of Go. - uses: actions/setup-go@v2 - # Run "assign" subcommand on bot. + token: ${{ secrets.SHARED_WORKFLOWS_GITHUB_TOKEN }} + repository: gravitational/shared-workflows + path: .github/shared-workflows + ref: main + - name: Installing Go + uses: actions/setup-go@v3 + with: + go-version-file: .github/shared-workflows/bot/go.mod + # Run "check" subcommand on bot. - name: Assigning reviewers - run: cd .github/workflows/robot && go run main.go -workflow=assign -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" + run: cd .github/shared-workflows/bot && go run main.go -workflow=assign -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index 1feef09a91e1e..5d204a8c8a1a5 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -20,14 +20,18 @@ jobs: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - # Checkout master branch of Teleport repository. This is to prevent an - # attacker from submitting their own bot logic. - - name: Checkout master branch - uses: actions/checkout@v2 + # Checkout main branch of shared-workflow repository. + - name: Checkout shared-workflow + uses: actions/checkout@v3 with: - ref: master - - name: Installing the latest version of Go. - uses: actions/setup-go@v2 - # Run "backport" subcommand on bot. + token: ${{ secrets.SHARED_WORKFLOWS_GITHUB_TOKEN }} + repository: gravitational/shared-workflows + path: .github/shared-workflows + ref: main + - name: Installing Go + uses: actions/setup-go@v3 + with: + go-version-file: .github/shared-workflows/bot/go.mod + # Run "check" subcommand on bot. - name: Backport PR - run: cd .github/workflows/robot && go run main.go -workflow=backport -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" + run: cd .github/shared-workflows/bot && go run main.go -workflow=backport -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index cb8e88a780ddc..8951c70adf706 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -1,6 +1,6 @@ # Workflow will trigger on all pull request (except draft), pull request # review, and commit push to a pull request (synchronize) event types -# +# # NOTE: pull_request_target behaves the same as pull_request except it grants a # read/write token to workflows running on a pull request from a fork. While # this may seem unsafe, the permissions for the token are limited below and @@ -35,14 +35,18 @@ jobs: if: ${{ !github.event.pull_request.draft }} runs-on: ubuntu-latest steps: - # Checkout master branch of Teleport repository. This is to prevent an - # attacker from submitting their own review assignment logic. - - name: Checkout master branch - uses: actions/checkout@v2 + # Checkout main branch of shared-workflow repository. + - name: Checkout shared-workflow + uses: actions/checkout@v3 with: - ref: master - - name: Installing the latest version of Go. - uses: actions/setup-go@v2 + token: ${{ secrets.SHARED_WORKFLOWS_GITHUB_TOKEN }} + repository: gravitational/shared-workflows + path: .github/shared-workflows + ref: main + - name: Installing Go + uses: actions/setup-go@v3 + with: + go-version-file: .github/shared-workflows/bot/go.mod # Run "check" subcommand on bot. - name: Checking reviewers - run: cd .github/workflows/robot && go run main.go -workflow=check -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" + run: cd .github/shared-workflows/bot && go run main.go -workflow=check -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000000000..cb974a4177ee8 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,58 @@ +name: "CodeQL" + +on: + push: + branches: + - master + - branch/* + pull_request: + branches: + - master + - branch/* + paths-ignore: + - 'docs/**' + - 'rfd/**' + - '**.md' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-22.04-32core + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go', 'javascript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version-file: 'go.mod' + if: ${{ matrix.language == 'go' }} + + - name: Initialize the CodeQL tools for scanning + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + if: ${{ matrix.language != 'go' }} + + - name: Build Teleport OSS + run: | + make full + if: ${{ matrix.language == 'go' }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml new file mode 100644 index 0000000000000..5eb64ee3c73ad --- /dev/null +++ b/.github/workflows/dependency-review.yaml @@ -0,0 +1,10 @@ +name: Dependency Review + +on: + pull_request: + +jobs: + dependency-review: + uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main + permissions: + contents: read diff --git a/.github/workflows/dismiss.yaml b/.github/workflows/dismiss.yaml index 72bb7720f5f83..2979c43cf474f 100644 --- a/.github/workflows/dismiss.yaml +++ b/.github/workflows/dismiss.yaml @@ -1,7 +1,7 @@ # This workflow will run every 30 minutes and dismiss stale workflow runs on # open pull requests. Stale workflow runs on pull requests are runs that are # no longer up-to-date due to a new pull_request_target or pull_request_review -# event occurring. +# event occurring. # # This workflow is specifically in place to dismiss stale runs for external # contributors because the `Check` workflow token does not have write access @@ -11,6 +11,7 @@ # of the checks. name: Dismiss Stale Workflows Runs on: + workflow_dispatch: schedule: # Runs every 30 minutes - cron: '0,30 * * * *' @@ -36,12 +37,17 @@ jobs: name: Dismiss Stale Workflow Runs runs-on: ubuntu-latest steps: - - name: Checkout master branch - uses: actions/checkout@v2 + # Checkout main branch of shared-workflow repository. + - name: Checkout shared-workflow + uses: actions/checkout@v3 with: - ref: master - - name: Installing the latest version of Go. - uses: actions/setup-go@v2 + repository: gravitational/shared-workflows + path: .github/shared-workflows + ref: main + - name: Installing Go + uses: actions/setup-go@v3 + with: + go-version-file: .github/shared-workflows/bot/go.mod # Run "dismiss" subcommand on bot. - name: Dismiss - run: cd .github/workflows/robot && go run main.go -workflow=dismiss -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" + run: cd .github/shared-workflows/bot && go run main.go -workflow=dismiss -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" diff --git a/.github/workflows/label.yaml b/.github/workflows/label.yaml index 8a31f5664227f..03bd8cb9fa23f 100644 --- a/.github/workflows/label.yaml +++ b/.github/workflows/label.yaml @@ -1,5 +1,5 @@ # This workflow is run whenever a pull request is opened, re-opened, or taken -# out of draft (ready for review). +# out of draft (ready for review). # # NOTE: pull_request_target behaves the same as pull_request except it grants a # read/write token to workflows running on a pull request from a fork. While @@ -33,14 +33,18 @@ jobs: if: ${{ !github.event.pull_request.draft }} runs-on: ubuntu-latest steps: - # Checkout master branch of Teleport repository. This is to prevent an - # attacker from submitting their own bot logic. - - name: Checkout master branch - uses: actions/checkout@v2 + # Checkout main branch of shared-workflow repository. + - name: Checkout shared-workflow + uses: actions/checkout@v3 with: - ref: master - - name: Installing the latest version of Go. - uses: actions/setup-go@v2 - # Run "label" subcommand on bot. + token: ${{ secrets.SHARED_WORKFLOWS_GITHUB_TOKEN }} + repository: gravitational/shared-workflows + path: .github/shared-workflows + ref: main + - name: Installing Go + uses: actions/setup-go@v3 + with: + go-version-file: .github/shared-workflows/bot/go.mod + # Run "check" subcommand on bot. - name: Labeling PR - run: cd .github/workflows/robot && go run main.go -workflow=label -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" + run: cd .github/shared-workflows/bot && go run main.go -workflow=label -token="${{ secrets.GITHUB_TOKEN }}" -reviewers="${{ secrets.reviewers }}" diff --git a/.github/workflows/robot/go.mod b/.github/workflows/robot/go.mod deleted file mode 100644 index c09ef5f172649..0000000000000 --- a/.github/workflows/robot/go.mod +++ /dev/null @@ -1,26 +0,0 @@ -module github.com/gravitational/teleport/.github/workflows/robot - -go 1.17 - -require ( - github.com/google/go-github/v37 v37.0.0 - github.com/gravitational/trace v1.1.15 - github.com/stretchr/testify v1.7.0 - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 -) - -require ( - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/golang/protobuf v1.5.2 // indirect - github.com/google/go-querystring v1.1.0 // indirect - github.com/jonboulle/clockwork v0.2.2 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/sirupsen/logrus v1.8.1 // indirect - golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect - golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 // indirect - golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect -) diff --git a/.github/workflows/robot/go.sum b/.github/workflows/robot/go.sum deleted file mode 100644 index 870b193e976d8..0000000000000 --- a/.github/workflows/robot/go.sum +++ /dev/null @@ -1,407 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github/v37 v37.0.0 h1:rCspN8/6kB1BAJWZfuafvHhyfIo5fkAulaP/3bOQ/tM= -github.com/google/go-github/v37 v37.0.0/go.mod h1:LM7in3NmXDrX58GbEHy7FtNLbI2JijX93RnMKvWG3m4= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gravitational/trace v1.1.15 h1:dfaFcARt110nCX6RSvrcRUbvRawEYAasXyCqnhXo0Xg= -github.com/gravitational/trace v1.1.15/go.mod h1:RvdOUHE4SHqR3oXlFFKnGzms8a5dugHygGw1bqDstYI= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI= -golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 h1:0qxwC5n+ttVOINCBeRHO0nq9X7uy8SDsPoi5OaCdIEI= -golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 h1:TyHqChC80pFkXWraUUf6RuB5IqFdQieMLwwCJokV2pc= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/.github/workflows/robot/internal/bot/assign.go b/.github/workflows/robot/internal/bot/assign.go deleted file mode 100644 index 35fe61ac3a243..0000000000000 --- a/.github/workflows/robot/internal/bot/assign.go +++ /dev/null @@ -1,180 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "log" - "regexp" - "strconv" - "strings" - - "github.com/gravitational/trace" -) - -// Assign will assign reviewers for this PR. -// -// Assign works by parsing the PR, discovering the changes, and returning a -// set of reviewers determined by: content of the PR, if the author is internal -// or external, and team they are on. -func (b *Bot) Assign(ctx context.Context) error { - reviewers, err := b.getReviewers(ctx) - if err != nil { - return trace.Wrap(err) - } - - log.Printf("Assign: Requesting reviews from: %v.", reviewers) - - // Request GitHub assign reviewers to this PR. - err = b.c.GitHub.RequestReviewers(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number, - reviewers) - if err != nil { - return trace.Wrap(err) - } - - return nil -} - -func (b *Bot) getReviewers(ctx context.Context) ([]string, error) { - // If a backport PR was found, assign original reviewers. Otherwise fall - // through to normal assignment logic. - if isBackport(b.c.Environment.UnsafeBase) { - reviewers, err := b.backportReviewers(ctx) - if err == nil { - return reviewers, nil - } - log.Printf("Assign: Found backport PR, but failed to find original reviewers: %v. Falling through to normal assignment logic.", err) - } - - docs, code, err := b.parseChanges(ctx) - if err != nil { - return nil, trace.Wrap(err) - } - return b.c.Review.Get(b.c.Environment.Author, docs, code), nil -} - -func (b *Bot) backportReviewers(ctx context.Context) ([]string, error) { - // Search inside the PR to find a reference to the original PR. - original, err := b.findOriginal(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number) - if err != nil { - return nil, trace.Wrap(err) - } - - var originalReviewers []string - - // Append list of reviewers that have yet to submit a review. - reviewers, err := b.c.GitHub.ListReviewers(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - original) - if err != nil { - return nil, trace.Wrap(err) - } - originalReviewers = append(originalReviewers, reviewers...) - - // Append list of reviews that have submitted a review. - reviews, err := b.c.GitHub.ListReviews(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - original) - if err != nil { - return nil, trace.Wrap(err) - } - for _, review := range reviews { - originalReviewers = append(originalReviewers, review.Author) - } - - return dedup(b.c.Environment.Author, originalReviewers), nil -} - -func (b *Bot) findOriginal(ctx context.Context, organization string, repository string, number int) (int, error) { - pull, err := b.c.GitHub.GetPullRequest(ctx, - organization, - repository, - number) - if err != nil { - return 0, trace.Wrap(err) - } - - var original string - - // Search inside the title and body for the original PR number. - title := pattern.FindStringSubmatch(pull.UnsafeTitle) - body := pattern.FindStringSubmatch(pull.UnsafeBody) - switch { - case len(title) == 0 && len(body) == 0: - return 0, trace.NotFound("no PR referenced in title or body") - case len(title) == 0 && len(body) == 2: - original = body[1] - case len(title) == 2 && len(body) == 0: - original = title[1] - case len(title) == 2 && len(body) == 2: - if title[1] != body[1] { - return 0, trace.NotFound("different PRs referenced in title and body") - } - original = title[1] - default: - return 0, trace.NotFound("failed to find reference to PR") - } - - n, err := strconv.Atoi(original) - if err != nil { - return 0, trace.Wrap(err) - } - - // Verify the number found is a Pull Request and not an Issue. - _, err = b.c.GitHub.GetPullRequest(ctx, - organization, - repository, - n) - if err != nil { - return 0, trace.NotFound("found Issue %v, not Pull Request", original) - } - - log.Printf("Assign: Found original PR #%v.", original) - return n, nil -} - -func dedup(author string, reviewers []string) []string { - m := map[string]bool{} - - for _, reviewer := range reviewers { - if reviewer == author { - continue - } - m[reviewer] = true - } - - var filtered []string - for k := range m { - filtered = append(filtered, k) - } - - return filtered -} - -func isBackport(unsafeBase string) bool { - return strings.HasPrefix(unsafeBase, "branch/v") -} - -var pattern = regexp.MustCompile(`(?:https:\/\/github\.com\/gravitational\/teleport\/pull\/|#)([0-9]+)`) diff --git a/.github/workflows/robot/internal/bot/assign_test.go b/.github/workflows/robot/internal/bot/assign_test.go deleted file mode 100644 index 86e81e2b0c92d..0000000000000 --- a/.github/workflows/robot/internal/bot/assign_test.go +++ /dev/null @@ -1,155 +0,0 @@ -/* -Copyright 2022 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "testing" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/env" - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - "github.com/gravitational/teleport/.github/workflows/robot/internal/review" - - "github.com/stretchr/testify/require" -) - -// TestBackportReviewers checks if backport reviewers are correctly assigned. -func TestBackportReviewers(t *testing.T) { - r, err := review.New(&review.Config{ - CodeReviewers: map[string]review.Reviewer{}, - CodeReviewersOmit: map[string]bool{}, - DocsReviewers: map[string]review.Reviewer{}, - DocsReviewersOmit: map[string]bool{}, - Admins: []string{}, - }) - require.NoError(t, err) - - tests := []struct { - desc string - pull github.PullRequest - reviewers []string - reviews []github.Review - err bool - expected []string - }{ - { - desc: "backport-original-pr-number-approved", - pull: github.PullRequest{ - Author: "baz", - Repository: "bar", - UnsafeHead: github.Branch{ - Ref: "baz/fix", - }, - UnsafeTitle: "Backport #0 to branch/v8", - UnsafeBody: "", - Fork: false, - }, - reviewers: []string{"3"}, - reviews: []github.Review{ - {Author: "4", State: "APPROVED"}, - }, - err: false, - expected: []string{"3", "4"}, - }, - { - desc: "backport-original-url-approved", - pull: github.PullRequest{ - Author: "baz", - Repository: "bar", - UnsafeHead: github.Branch{ - Ref: "baz/fix", - }, - UnsafeTitle: "Fixed an issue", - UnsafeBody: "https://github.com/gravitational/teleport/pull/0", - Fork: false, - }, - reviewers: []string{"3"}, - reviews: []github.Review{ - {Author: "4", State: "APPROVED"}, - }, - err: false, - expected: []string{"3", "4"}, - }, - { - desc: "backport-multiple-reviews", - pull: github.PullRequest{ - Author: "baz", - Repository: "bar", - UnsafeHead: github.Branch{ - Ref: "baz/fix", - }, - - UnsafeTitle: "Fixed feature", - UnsafeBody: "", - Fork: false, - }, - reviewers: []string{"3"}, - reviews: []github.Review{ - {Author: "4", State: "COMMENTED"}, - {Author: "4", State: "CHANGES_REQUESTED"}, - {Author: "4", State: "APPROVED"}, - {Author: "9", State: "APPROVED"}, - }, - err: true, - expected: []string{}, - }, - { - desc: "backport-original-not-found", - pull: github.PullRequest{ - Author: "baz", - Repository: "bar", - UnsafeHead: github.Branch{ - Ref: "baz/fix", - }, - UnsafeTitle: "Fixed feature", - UnsafeBody: "", - Fork: false, - }, - reviewers: []string{"3"}, - reviews: []github.Review{ - {Author: "4", State: "APPROVED"}, - }, - err: true, - expected: []string{}, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - b := &Bot{ - c: &Config{ - Environment: &env.Environment{ - Organization: "foo", - Author: "9", - Repository: "bar", - Number: 0, - UnsafeBase: "branch/v8", - UnsafeHead: "fix", - }, - Review: r, - GitHub: &fakeGithub{ - pull: test.pull, - reviewers: test.reviewers, - reviews: test.reviews, - }, - }, - } - reviewers, err := b.backportReviewers(context.Background()) - require.Equal(t, err != nil, test.err) - require.ElementsMatch(t, reviewers, test.expected) - }) - } -} diff --git a/.github/workflows/robot/internal/bot/backport.go b/.github/workflows/robot/internal/bot/backport.go deleted file mode 100644 index 7d1dc4b5df2b4..0000000000000 --- a/.github/workflows/robot/internal/bot/backport.go +++ /dev/null @@ -1,282 +0,0 @@ -/* -Copyright 2022 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "bytes" - "context" - "fmt" - "log" - "net/url" - "os/exec" - "path" - "regexp" - "sort" - "strconv" - "strings" - "text/template" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - - "github.com/gravitational/trace" -) - -// Backport will create backport Pull Requests (if requested) when a Pull -// Request is merged. -func (b *Bot) Backport(ctx context.Context) error { - if !b.c.Review.IsInternal(b.c.Environment.Author) { - return trace.BadParameter("automatic backports are only supported for internal contributors") - } - - pull, err := b.c.GitHub.GetPullRequest(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number) - if err != nil { - return trace.Wrap(err) - } - - // Extract backport branches names from labels attached to the Pull - // Request. If no backports were requested, return right away. - branches := findBranches(pull.UnsafeLabels) - if len(branches) == 0 { - return nil - } - - // Get workflow logs URL, will be attached to any backport failure. - u, err := b.workflowLogsURL(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.RunID) - if err != nil { - return trace.Wrap(err) - } - - var rows []row - - // Loop over all requested backport branches and create backport branch and - // GitHub Pull Request. - for _, base := range branches { - head := fmt.Sprintf("bot/backport-%v-%v", b.c.Environment.Number, base) - - // Create and push git branch for backport to GitHub. - err := b.createBackportBranch(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number, - base, - pull, - head, - ) - if err != nil { - log.Printf("Failed to create backport branch: %v.", err) - rows = append(rows, row{ - Branch: base, - Failed: true, - Link: u, - }) - continue - } - - rows = append(rows, row{ - Branch: base, - Failed: false, - Link: url.URL{ - Scheme: "https", - Host: "github.com", - // Both base and head are safe to put into the URL: base has - // had the "branchPattern" regexp run against it and head is - // formed from base so an attacker can not control the path. - Path: path.Join(b.c.Environment.Organization, b.c.Environment.Repository, "compare", fmt.Sprintf("%v...%v", base, head)), - RawQuery: url.Values{ - "expand": []string{"1"}, - "title": []string{fmt.Sprintf("[%v] %v", strings.Trim(base, "branch/"), pull.UnsafeTitle)}, - "body": []string{fmt.Sprintf("Backport #%v to %v", b.c.Environment.Number, base)}, - }.Encode(), - }, - }) - } - - for _, r := range rows { - fmt.Printf("--> %v\n", r.Link.String()) - } - - // Leave a comment on the Pull Request with a table that outlines the - // requested backports and outcome. - err = b.updatePullRequest(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number, - data{ - Author: b.c.Environment.Author, - Rows: rows, - }) - return trace.Wrap(err) -} - -// findBranches looks through the labels attached to a Pull Request for all the -// backport branches the user requested. -func findBranches(labels []string) []string { - var branches []string - - for _, label := range labels { - if !strings.HasPrefix(label, "backport/") { - continue - } - - branch := strings.TrimPrefix(label, "backport/") - if !branchPattern.MatchString(branch) { - continue - } - - branches = append(branches, branch) - } - - sort.Strings(branches) - return branches -} - -// createBackportBranch will create and push a git branch with all the commits -// from a Pull Request on it. -// -// TODO(russjones): Refactor to use go-git (so similar git library) instead of -// executing git from disk. -func (b *Bot) createBackportBranch(ctx context.Context, organization string, repository string, number int, base string, pull github.PullRequest, newHead string) error { - if err := git("config", "--global", "user.name", "github-actions"); err != nil { - log.Printf("Failed to set user.name: %v.", err) - } - if err := git("config", "--global", "user.email", "github-actions@goteleport.com"); err != nil { - log.Printf("Failed to set user.email: %v.", err) - } - - // Download base and head from origin (GitHub). - if err := git("fetch", "origin", base, pull.UnsafeHead.Ref); err != nil { - return trace.Wrap(err) - } - - // Checkout the base branch then rebase commits from Pull Request ontop of - // it. See https://stackoverflow.com/a/29916361 for more details. - newParent := base - oldParent := pull.UnsafeBase.SHA - until := pull.UnsafeHead.SHA - if err := git("checkout", base); err != nil { - return trace.Wrap(err) - } - if err := git("rebase", "--onto", newParent, oldParent, until); err != nil { - if er := git("rebase", "--abort"); er != nil { - return trace.NewAggregate(err, er) - } - return trace.Wrap(err) - } - - // Checkout and push a branch to origin (GitHub). - if err := git("checkout", "-b", newHead); err != nil { - return trace.Wrap(err) - } - if err := git("push", "origin", newHead); err != nil { - return trace.Wrap(err) - } - - return nil -} - -// updatePullRequest will leave a comment on the Pull Request with the status -// of backports. -func (b *Bot) updatePullRequest(ctx context.Context, organization string, repository string, number int, d data) error { - var buf bytes.Buffer - - t := template.Must(template.New("table").Parse(table)) - if err := t.Execute(&buf, d); err != nil { - return trace.Wrap(err) - } - - err := b.c.GitHub.CreateComment(ctx, - organization, - repository, - number, - buf.String()) - return trace.Wrap(err) -} - -// workflowLogsURL returns the workflow logs URL. -func (b *Bot) workflowLogsURL(ctx context.Context, organization string, repository string, runID int64) (url.URL, error) { - jobs, err := b.c.GitHub.ListWorkflowJobs(ctx, - organization, - repository, - runID) - if err != nil { - return url.URL{}, trace.Wrap(err) - } - if len(jobs) != 1 { - return url.URL{}, trace.BadParameter("invalid number of jobs %v", len(jobs)) - } - - return url.URL{ - Scheme: "https", - Host: "github.com", - Path: path.Join(b.c.Environment.Organization, b.c.Environment.Repository, "runs", strconv.FormatInt(jobs[0].ID, 10)), - RawQuery: url.Values{"check_suite_focus": []string{"true"}}.Encode(), - }, nil -} - -// git will execute the "git" program on disk. -func git(args ...string) error { - cmd := exec.Command("git", args...) - out, err := cmd.CombinedOutput() - if err != nil { - return trace.BadParameter(string(bytes.TrimSpace(out))) - } - return nil -} - -// data is injected into the template to render outcome of all backport -// attempts. -type data struct { - // Author of the Pull Request. Used to @author on GitHub so they get a - // notification. - Author string - - // Rows represent backports. - Rows []row -} - -// row represents a single backport attempt. -type row struct { - // Failed is used to indicate if this backport failed. - Failed bool - - // Branch is the name of the backport branch. - Branch string - - // Link is a URL pointing to the created backport Pull Request. - Link url.URL -} - -// table is a template that is written to the origin GitHub Pull Request with -// the outcome of the backports. -const table = ` -@{{.Author}} See the table below for backport results. - -| Branch | Result | -|--------|--------| -{{- range .Rows}} -| {{.Branch}} | {{if .Failed}}[Failed]({{.Link}}){{else}}[Create PR]({{.Link}}){{end}} | -{{- end}} -` - -// branchPattern defines valid backport branch names. -var branchPattern = regexp.MustCompile(`(^branch\/v[0-9]+$)|(^master$)`) diff --git a/.github/workflows/robot/internal/bot/bot.go b/.github/workflows/robot/internal/bot/bot.go deleted file mode 100644 index 11a470f33345a..0000000000000 --- a/.github/workflows/robot/internal/bot/bot.go +++ /dev/null @@ -1,136 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "strings" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/env" - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - "github.com/gravitational/teleport/.github/workflows/robot/internal/review" - - "github.com/gravitational/trace" -) - -// Client implements the GitHub API. -type Client interface { - // RequestReviewers is used to assign reviewers to a Pull Request. - RequestReviewers(ctx context.Context, organization string, repository string, number int, reviewers []string) error - - // ListReviews is used to list all submitted reviews for a PR. - ListReviews(ctx context.Context, organization string, repository string, number int) ([]github.Review, error) - - // ListReviewers returns a list of reviewers that have yet to submit a review. - ListReviewers(ctx context.Context, organization string, repository string, number int) ([]string, error) - - // GetPullRequest returns a specific Pull Request. - GetPullRequest(ctx context.Context, organization string, repository string, number int) (github.PullRequest, error) - - // CreatePullRequest will create a Pull Request. - CreatePullRequest(ctx context.Context, organization string, repository string, title string, head string, base string, body string, draft bool) (int, error) - - // ListPullRequests returns a list of Pull Requests. - ListPullRequests(ctx context.Context, organization string, repository string, state string) ([]github.PullRequest, error) - - // ListFiles is used to list all the files within a Pull Request. - ListFiles(ctx context.Context, organization string, repository string, number int) ([]string, error) - - // AddLabels will add labels to an Issue or Pull Request. - AddLabels(ctx context.Context, organization string, repository string, number int, labels []string) error - - // CreateComment will leave a comment on an Issue or Pull Request. - CreateComment(ctx context.Context, organization string, repository string, number int, comment string) error - - // ListWorkflows lists all workflows within a repository. - ListWorkflows(ctx context.Context, organization string, repository string) ([]github.Workflow, error) - - // ListWorkflowRuns is used to list all workflow runs for an ID. - ListWorkflowRuns(ctx context.Context, organization string, repository string, branch string, workflowID int64) ([]github.Run, error) - - // ListWorkflowJobs lists all jobs for a workflow run. - ListWorkflowJobs(ctx context.Context, organization string, repository string, runID int64) ([]github.Job, error) - - // DeleteWorkflowRun is used to delete a workflow run. - DeleteWorkflowRun(ctx context.Context, organization string, repository string, runID int64) error -} - -// Config contains configuration for the bot. -type Config struct { - // GitHub is a GitHub client. - GitHub Client - - // Environment holds information about the workflow run event. - Environment *env.Environment - - // Review is used to get code and docs reviewers. - Review *review.Assignments -} - -// CheckAndSetDefaults checks and sets defaults. -func (c *Config) CheckAndSetDefaults() error { - if c.GitHub == nil { - return trace.BadParameter("missing parameter GitHub") - } - if c.Environment == nil { - return trace.BadParameter("missing parameter Environment") - } - if c.Review == nil { - return trace.BadParameter("missing parameter Review") - } - - return nil -} - -// Bot performs repository management. -type Bot struct { - c *Config -} - -// New returns a new repository management bot. -func New(c *Config) (*Bot, error) { - if err := c.CheckAndSetDefaults(); err != nil { - return nil, trace.Wrap(err) - } - - return &Bot{ - c: c, - }, nil -} - -func (b *Bot) parseChanges(ctx context.Context) (bool, bool, error) { - var docs bool - var code bool - - files, err := b.c.GitHub.ListFiles(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number) - if err != nil { - return false, true, trace.Wrap(err) - } - - for _, file := range files { - if strings.HasPrefix(file, "docs/") { - docs = true - } else { - code = true - } - - } - return docs, code, nil -} diff --git a/.github/workflows/robot/internal/bot/bot_test.go b/.github/workflows/robot/internal/bot/bot_test.go deleted file mode 100644 index 9b895b1a9caf5..0000000000000 --- a/.github/workflows/robot/internal/bot/bot_test.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "testing" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/env" - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - - "github.com/stretchr/testify/require" -) - -// TestParseChanges checks that PR contents are correctly parsed for docs and -// code changes. -func TestParseChanges(t *testing.T) { - tests := []struct { - desc string - files []string - docs bool - code bool - }{ - { - desc: "code-only", - files: []string{ - "file.go", - "examples/README.md", - }, - docs: false, - code: true, - }, - { - desc: "docs-only", - files: []string{ - "docs/docs.md", - }, - docs: true, - code: false, - }, - { - desc: "code-and-code", - files: []string{ - "file.go", - "docs/docs.md", - }, - docs: true, - code: true, - }, - { - desc: "no-docs-no-code", - files: []string{}, - docs: false, - code: false, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - b := &Bot{ - c: &Config{ - Environment: &env.Environment{ - Organization: "foo", - Repository: "bar", - Number: 0, - }, - GitHub: &fakeGithub{ - files: test.files, - }, - }, - } - docs, code, err := b.parseChanges(context.Background()) - require.NoError(t, err) - require.Equal(t, docs, test.docs) - require.Equal(t, code, test.code) - }) - } -} - -type fakeGithub struct { - files []string - pull github.PullRequest - reviewers []string - reviews []github.Review -} - -func (f *fakeGithub) RequestReviewers(ctx context.Context, organization string, repository string, number int, reviewers []string) error { - return nil -} - -func (f *fakeGithub) ListReviews(ctx context.Context, organization string, repository string, number int) ([]github.Review, error) { - return f.reviews, nil -} - -func (f *fakeGithub) ListReviewers(ctx context.Context, organization string, repository string, number int) ([]string, error) { - return f.reviewers, nil -} - -func (f *fakeGithub) GetPullRequest(ctx context.Context, organization string, repository string, number int) (github.PullRequest, error) { - return f.pull, nil -} - -func (f *fakeGithub) ListPullRequests(ctx context.Context, organization string, repository string, state string) ([]github.PullRequest, error) { - return nil, nil -} - -func (f *fakeGithub) ListFiles(ctx context.Context, organization string, repository string, number int) ([]string, error) { - return f.files, nil -} - -func (f *fakeGithub) AddLabels(ctx context.Context, organization string, repository string, number int, labels []string) error { - return nil -} - -func (f *fakeGithub) ListWorkflows(ctx context.Context, organization string, repository string) ([]github.Workflow, error) { - return nil, nil -} - -func (f *fakeGithub) ListWorkflowRuns(ctx context.Context, organization string, repository string, branch string, workflowID int64) ([]github.Run, error) { - return nil, nil -} - -func (f *fakeGithub) ListWorkflowJobs(ctx context.Context, organization string, repository string, runID int64) ([]github.Job, error) { - return nil, nil -} - -func (f *fakeGithub) DeleteWorkflowRun(ctx context.Context, organization string, repository string, runID int64) error { - return nil -} - -func (f *fakeGithub) CreateComment(ctx context.Context, organization string, repository string, number int, comment string) error { - return nil -} - -func (f *fakeGithub) CreatePullRequest(ctx context.Context, organization string, repository string, title string, head string, base string, body string, draft bool) (int, error) { - return 0, nil -} diff --git a/.github/workflows/robot/internal/bot/check.go b/.github/workflows/robot/internal/bot/check.go deleted file mode 100644 index 34fc5daf4341e..0000000000000 --- a/.github/workflows/robot/internal/bot/check.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - - "github.com/gravitational/trace" -) - -// Check checks if required reviewers have approved the PR. -// -// Team specific reviews require an approval from both sets of reviews. -// External reviews require approval from admins. -func (b *Bot) Check(ctx context.Context) error { - reviews, err := b.c.GitHub.ListReviews(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number) - if err != nil { - return trace.Wrap(err) - } - - if b.c.Review.IsInternal(b.c.Environment.Author) { - // Remove stale "Check" status badges inline for internal reviews. - err := b.dismiss(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.UnsafeHead) - if err != nil { - return trace.Wrap(err) - } - - docs, code, err := b.parseChanges(ctx) - if err != nil { - return trace.Wrap(err) - } - - if err := b.c.Review.CheckInternal(b.c.Environment.Author, reviews, docs, code); err != nil { - return trace.Wrap(err) - } - return nil - } - - if err := b.c.Review.CheckExternal(b.c.Environment.Author, reviews); err != nil { - return trace.Wrap(err) - } - return nil -} diff --git a/.github/workflows/robot/internal/bot/dismiss.go b/.github/workflows/robot/internal/bot/dismiss.go deleted file mode 100644 index 4a4e1bf76c794..0000000000000 --- a/.github/workflows/robot/internal/bot/dismiss.go +++ /dev/null @@ -1,143 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "log" - "sort" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - - "github.com/gravitational/trace" -) - -// Dimiss dismisses all stale workflow runs within a repository. This is done -// to dismiss stale workflow runs for external contributors whose workflows -// run without permissions to dismiss stale workflows inline. -// -// This is needed because GitHub appends each "Check" workflow run to the status -// of a PR instead of replacing the "Check" status of the previous run. -func (b *Bot) Dismiss(ctx context.Context) error { - pulls, err := b.c.GitHub.ListPullRequests(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - "open") - if err != nil { - return trace.Wrap(err) - } - - for _, pull := range pulls { - // Only dismiss stale runs from forks (external) as the workflow that triggers - // this method is intended for. Dismissing runs for internal contributors - // (non-fork) here could result in a race condition as runs are deleted upon - // trigger separately during the `Check` workflow. - if pull.Fork { - // HEAD could be controlled by an attacker, however, all this would allow is - // the attacker to dismiss a workflow run. - if err := b.dismiss(ctx, b.c.Environment.Organization, b.c.Environment.Repository, pull.UnsafeHead.Ref); err != nil { - log.Printf("Failed to dismiss workflow: %v %v %v: %v.", b.c.Environment.Organization, b.c.Environment.Repository, pull.UnsafeHead, err) - continue - } - } - } - - return nil -} - -// dismiss dismisses all but the most recent "Check" workflow run. -// -// This is needed because GitHub appends each "Check" workflow run to the status -// of a PR instead of replacing the status of an existing run. -func (b *Bot) dismiss(ctx context.Context, organization string, repository string, branch string) error { - check, err := b.findWorkflow(ctx, - organization, - repository, - ".github/workflows/check.yaml") - if err != nil { - return trace.Wrap(err) - } - - runs, err := b.c.GitHub.ListWorkflowRuns(ctx, - organization, - repository, - branch, - check.ID) - if err != nil { - return trace.Wrap(err) - } - - err = b.deleteRuns(ctx, - organization, - repository, - runs) - if err != nil { - return trace.Wrap(err) - } - - return nil -} - -func (b *Bot) findWorkflow(ctx context.Context, organization string, repository string, path string) (github.Workflow, error) { - workflows, err := b.c.GitHub.ListWorkflows(ctx, organization, repository) - if err != nil { - return github.Workflow{}, trace.Wrap(err) - } - - var matching []github.Workflow - for _, workflow := range workflows { - if workflow.Path == path { - matching = append(matching, workflow) - } - } - - if len(matching) == 0 { - return github.Workflow{}, trace.NotFound("workflow %v not found", path) - } - if len(matching) > 1 { - return github.Workflow{}, trace.BadParameter("found %v matching workflows", len(matching)) - } - return matching[0], nil -} - -// deleteRuns deletes all workflow runs except the most recent one because that is -// the run in the current context. -func (b *Bot) deleteRuns(ctx context.Context, organization string, repository string, runs []github.Run) error { - // Sort runs oldest to newest then pop off last item (newest). - sort.Slice(runs, func(i, j int) bool { - time1, time2 := runs[i].CreatedAt, runs[j].CreatedAt - return time1.Before(time2) - }) - if len(runs) > 0 { - runs = runs[:len(runs)-1] - } - - // Deleting all runs except the most recent one. - for _, run := range runs { - err := b.c.GitHub.DeleteWorkflowRun(ctx, - organization, - repository, - run.ID) - if err != nil { - log.Printf("Dismiss: Failed to dismiss workflow run %v: %v.", run.ID, err) - continue - } - - log.Printf("Dismiss: Successfully deleted workflow run: %v.", run.ID) - } - return nil -} diff --git a/.github/workflows/robot/internal/bot/label.go b/.github/workflows/robot/internal/bot/label.go deleted file mode 100644 index 5bb5154a6b67a..0000000000000 --- a/.github/workflows/robot/internal/bot/label.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "log" - "strings" - - "github.com/gravitational/trace" -) - -// Label parses the content of the PR (branch name, files, etc) and sets -// appropriate labels. -func (b *Bot) Label(ctx context.Context) error { - labels, err := b.labels(ctx) - if err != nil { - return trace.Wrap(err) - } - if len(labels) == 0 { - return nil - } - - err = b.c.GitHub.AddLabels(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number, - labels) - if err != nil { - return trace.Wrap(err) - } - - return nil -} - -func (b *Bot) labels(ctx context.Context) ([]string, error) { - var labels []string - - // The branch name is unsafe, but here we are simply adding a label. - if strings.HasPrefix(b.c.Environment.UnsafeHead, "branch/") { - log.Println("Label: Found backport branch.") - labels = append(labels, "backport") - } - - files, err := b.c.GitHub.ListFiles(ctx, - b.c.Environment.Organization, - b.c.Environment.Repository, - b.c.Environment.Number) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, file := range files { - if strings.HasPrefix(file, "vendor/") { - continue - } - - for k, v := range prefixes { - if strings.HasPrefix(file, k) { - log.Printf("Label: Found prefix %v, attaching labels: %v.", k, v) - labels = append(labels, v...) - } - } - } - - return deduplicate(labels), nil -} - -func deduplicate(s []string) []string { - m := map[string]bool{} - for _, v := range s { - m[v] = true - } - - var out []string - for k := range m { - out = append(out, k) - } - - return out -} - -var prefixes = map[string][]string{ - "bpf/": {"bpf"}, - "docs/": {"documentation"}, - "rfd/": {"rfd"}, - "examples/chart": {"helm"}, - "lib/bpf/": {"bpf"}, - "lib/events": {"audit-log"}, - "lib/kube": {"kubernetes"}, - "lib/srv/desktop": {"desktop-access"}, - "lib/srv/desktop/rdp": {"desktop-access", "rdp"}, - "lib/srv/app/": {"application-access"}, - "lib/srv/db": {"database-access"}, - "lib/web/desktop.go": {"desktop-access"}, - "tool/tctl/": {"tctl"}, - "tool/tsh/": {"tsh"}, -} diff --git a/.github/workflows/robot/internal/bot/label_test.go b/.github/workflows/robot/internal/bot/label_test.go deleted file mode 100644 index 3e1b1f71c343b..0000000000000 --- a/.github/workflows/robot/internal/bot/label_test.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bot - -import ( - "context" - "testing" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/env" - - "github.com/stretchr/testify/require" -) - -// TestLabel checks that labels are correctly applied to a Pull Request. -func TestLabel(t *testing.T) { - tests := []struct { - desc string - branch string - files []string - labels []string - }{ - { - desc: "code-only", - branch: "foo", - files: []string{ - "file.go", - "examples/README.md", - }, - labels: []string{}, - }, - { - desc: "docs", - branch: "foo", - files: []string{ - "docs/docs.md", - }, - labels: []string{"documentation"}, - }, - { - desc: "helm", - branch: "foo", - files: []string{ - "examples/chart/index.html", - }, - labels: []string{"helm"}, - }, - { - desc: "docs-and-helm", - branch: "foo", - files: []string{ - "docs/docs.md", - "examples/chart/index.html", - }, - labels: []string{"documentation", "helm"}, - }, - { - desc: "docs-and-backport", - branch: "branch/foo", - files: []string{ - "docs/docs.md", - }, - labels: []string{"backport", "documentation"}, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - b := &Bot{ - c: &Config{ - Environment: &env.Environment{ - Organization: "foo", - Repository: "bar", - Number: 0, - UnsafeHead: test.branch, - }, - GitHub: &fakeGithub{ - files: test.files, - }, - }, - } - labels, err := b.labels(context.Background()) - require.NoError(t, err) - require.ElementsMatch(t, labels, test.labels) - }) - } -} diff --git a/.github/workflows/robot/internal/env/env.go b/.github/workflows/robot/internal/env/env.go deleted file mode 100644 index 48936981533c9..0000000000000 --- a/.github/workflows/robot/internal/env/env.go +++ /dev/null @@ -1,144 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package env - -import ( - "encoding/json" - "os" - "strconv" - "strings" - - "github.com/gravitational/trace" -) - -// Environment is the execution environment the workflow is running in. -type Environment struct { - // Organization is the GitHub organization (gravitational). - Organization string - - // Repository is the GitHub repository (teleport). - Repository string - - // Number is the PR number. - Number int - - // RunID is the GitHub Actions workflow run ID. - RunID int64 - - // Author is the author of the PR. - Author string - - // UnsafeHead is the name of the branch the workflow is running in. - // - // UnsafeHead can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeHead string - - // UnsafeBase is the name of the base branch the user is trying to merge the - // PR into. For example: "master" or "branch/v8". - // - // UnsafeBase can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeBase string -} - -// New returns a new execution environment for the workflow. -func New() (*Environment, error) { - event, err := readEvent() - if err != nil { - return nil, trace.Wrap(err) - } - - // If the event does not have a action associated with it (for example a cron - // run), read in organization/repository from the environment. - if event.Action == "" { - organization, repository, err := readEnvironment() - if err != nil { - return nil, trace.Wrap(err) - } - return &Environment{ - Organization: organization, - Repository: repository, - }, nil - } - - runID, err := strconv.ParseInt(os.Getenv(githubRunID), 10, 64) - if err != nil { - return nil, trace.Wrap(err) - } - - return &Environment{ - Organization: event.Repository.Owner.Login, - Repository: event.Repository.Name, - Number: event.PullRequest.Number, - RunID: runID, - Author: event.PullRequest.User.Login, - UnsafeHead: event.PullRequest.UnsafeHead.UnsafeRef, - UnsafeBase: event.PullRequest.UnsafeBase.UnsafeRef, - }, nil -} - -func readEvent() (*Event, error) { - f, err := os.Open(os.Getenv(githubEventPath)) - if err != nil { - return nil, trace.Wrap(err) - } - defer f.Close() - - var event Event - if err := json.NewDecoder(f).Decode(&event); err != nil { - return nil, trace.Wrap(err) - } - - return &event, nil -} - -func readEnvironment() (string, string, error) { - repository := os.Getenv(githubRepository) - if repository == "" { - return "", "", trace.BadParameter("%v environment variable missing", githubRepository) - } - parts := strings.Split(repository, "/") - if len(parts) != 2 { - return "", "", trace.BadParameter("failed to parse organization and/or repository") - } - if parts[0] == "" || parts[1] == "" { - return "", "", trace.BadParameter("invalid organization and/or repository") - } - return parts[0], parts[1], nil -} - -const ( - // githubEventPath is an environment variable that contains a path to the - // GitHub event for a workflow run. - githubEventPath = "GITHUB_EVENT_PATH" - - // githubRepository is an environment variable that contains the organization - // and repository name. - githubRepository = "GITHUB_REPOSITORY" - - // githubRunID is an environment variable that contains the workflow run ID. - githubRunID = "GITHUB_RUN_ID" -) diff --git a/.github/workflows/robot/internal/env/env_test.go b/.github/workflows/robot/internal/env/env_test.go deleted file mode 100644 index 5e4267a191801..0000000000000 --- a/.github/workflows/robot/internal/env/env_test.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package env - -import ( - "os" - "testing" - - "github.com/stretchr/testify/require" -) - -// TestEnvironment makes sure the environment is correctly parsed. -func TestEnvironment(t *testing.T) { - tests := []struct { - desc string - path string - organization string - repository string - number int - author string - unsafeBranch string - err bool - }{ - { - desc: "opened-event", - path: "testdata/opened.json", - organization: "Codertocat", - repository: "Hello-World", - number: 2, - author: "Codertocat", - unsafeBranch: "changes", - }, - { - desc: "submitted-event", - path: "testdata/submitted.json", - organization: "Codertocat", - repository: "Hello-World", - number: 2, - author: "Codertocat", - unsafeBranch: "changes", - }, - { - desc: "synchronize-event", - path: "testdata/submitted.json", - organization: "Codertocat", - repository: "Hello-World", - number: 2, - author: "Codertocat", - unsafeBranch: "changes", - }, - { - desc: "schedule-event", - path: "testdata/schedule.json", - organization: "foo", - repository: "bar", - number: 0, - author: "", - unsafeBranch: "", - }, - { - desc: "no-event", - path: "", - organization: "foo", - repository: "bar", - err: true, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - err := os.Setenv(githubRepository, "foo/bar") - require.NoError(t, err) - err = os.Setenv(githubEventPath, test.path) - require.NoError(t, err) - err = os.Setenv(githubRunID, "1") - require.NoError(t, err) - - environment, err := New() - if test.err { - require.Error(t, err) - } else { - require.NoError(t, err) - require.Equal(t, environment.Organization, test.organization) - require.Equal(t, environment.Repository, test.repository) - require.Equal(t, environment.Number, test.number) - require.Equal(t, environment.Author, test.author) - require.Equal(t, environment.UnsafeHead, test.unsafeBranch) - } - }) - } - -} diff --git a/.github/workflows/robot/internal/env/structs.go b/.github/workflows/robot/internal/env/structs.go deleted file mode 100644 index d34de2e46f27f..0000000000000 --- a/.github/workflows/robot/internal/env/structs.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package env - -// Event is a GitHub event. See the following more more details: -// https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads -type Event struct { - Action string `json:"action"` - - Repository Repository `json:"repository"` - PullRequest PullRequest `json:"pull_request"` -} - -type Repository struct { - Name string `json:"name"` - Owner Owner `json:"owner"` -} - -type Owner struct { - Login string `json:"login"` -} - -type PullRequest struct { - User User `json:"user"` - Number int `json:"number"` - - // UnsafeHead can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeHead Branch `json:"head"` - - // UnsafeHead can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeBase Branch `json:"base"` -} - -type User struct { - Login string `json:"login"` -} - -type Branch struct { - // UnsafeSHA can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeSHA string `json:"sha"` - - // UnsafeRef can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeRef string `json:"ref"` -} diff --git a/.github/workflows/robot/internal/env/testdata/opened.json b/.github/workflows/robot/internal/env/testdata/opened.json deleted file mode 100644 index a8efb69cc697d..0000000000000 --- a/.github/workflows/robot/internal/env/testdata/opened.json +++ /dev/null @@ -1,454 +0,0 @@ -{ - "action": "opened", - "number": 2, - "pull_request": { - "url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2", - "id": 279147437, - "node_id": "MDExOlB1bGxSZXF1ZXN0Mjc5MTQ3NDM3", - "html_url": "https://github.com/Codertocat/Hello-World/pull/2", - "diff_url": "https://github.com/Codertocat/Hello-World/pull/2.diff", - "patch_url": "https://github.com/Codertocat/Hello-World/pull/2.patch", - "issue_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/2", - "number": 2, - "state": "open", - "locked": false, - "title": "Update the README with new information.", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "body": "This is a pretty simple change that we need to pull into master.", - "created_at": "2019-05-15T15:20:33Z", - "updated_at": "2019-05-15T15:20:33Z", - "closed_at": null, - "merged_at": null, - "merge_commit_sha": null, - "assignee": null, - "assignees": [], - "requested_reviewers": [], - "requested_teams": [], - "labels": [], - "milestone": null, - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/commits", - "review_comments_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/comments", - "review_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/comments{/number}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/2/comments", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/ec26c3e57ca3a959ca5aad62de7213c562f8c821", - "head": { - "label": "Codertocat:changes", - "ref": "changes", - "sha": "ec26c3e57ca3a959ca5aad62de7213c562f8c821", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "repo": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:19:27Z", - "pushed_at": "2019-05-15T15:20:32Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": null, - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master", - "allow_squash_merge": true, - "allow_merge_commit": true, - "allow_rebase_merge": true, - "delete_branch_on_merge": false - } - }, - "base": { - "label": "Codertocat:master", - "ref": "master", - "sha": "f95f852bd8fca8fcc58a9a2d6c842781e32a215e", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "repo": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:19:27Z", - "pushed_at": "2019-05-15T15:20:32Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": null, - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master", - "allow_squash_merge": true, - "allow_merge_commit": true, - "allow_rebase_merge": true, - "delete_branch_on_merge": false - } - }, - "_links": { - "self": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2" - }, - "html": { - "href": "https://github.com/Codertocat/Hello-World/pull/2" - }, - "issue": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/issues/2" - }, - "comments": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/issues/2/comments" - }, - "review_comments": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/comments" - }, - "review_comment": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/comments{/number}" - }, - "commits": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/commits" - }, - "statuses": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/statuses/ec26c3e57ca3a959ca5aad62de7213c562f8c821" - } - }, - "author_association": "OWNER", - "draft": false, - "merged": false, - "mergeable": null, - "rebaseable": null, - "mergeable_state": "unknown", - "merged_by": null, - "comments": 0, - "review_comments": 0, - "maintainer_can_modify": false, - "commits": 1, - "additions": 1, - "deletions": 1, - "changed_files": 1 - }, - "repository": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:19:27Z", - "pushed_at": "2019-05-15T15:20:32Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": null, - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master" - }, - "sender": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - } -} diff --git a/.github/workflows/robot/internal/env/testdata/schedule.json b/.github/workflows/robot/internal/env/testdata/schedule.json deleted file mode 100644 index deca2f55f97ec..0000000000000 --- a/.github/workflows/robot/internal/env/testdata/schedule.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "schedule": "* * * * *" -} diff --git a/.github/workflows/robot/internal/env/testdata/submitted.json b/.github/workflows/robot/internal/env/testdata/submitted.json deleted file mode 100644 index ea08c24777953..0000000000000 --- a/.github/workflows/robot/internal/env/testdata/submitted.json +++ /dev/null @@ -1,479 +0,0 @@ -{ - "action": "submitted", - "review": { - "id": 237895671, - "node_id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MjM3ODk1Njcx", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "body": null, - "commit_id": "ec26c3e57ca3a959ca5aad62de7213c562f8c821", - "submitted_at": "2019-05-15T15:20:38Z", - "state": "commented", - "html_url": "https://github.com/Codertocat/Hello-World/pull/2#pullrequestreview-237895671", - "pull_request_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2", - "author_association": "OWNER", - "_links": { - "html": { - "href": "https://github.com/Codertocat/Hello-World/pull/2#pullrequestreview-237895671" - }, - "pull_request": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2" - } - } - }, - "pull_request": { - "url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2", - "id": 279147437, - "node_id": "MDExOlB1bGxSZXF1ZXN0Mjc5MTQ3NDM3", - "html_url": "https://github.com/Codertocat/Hello-World/pull/2", - "diff_url": "https://github.com/Codertocat/Hello-World/pull/2.diff", - "patch_url": "https://github.com/Codertocat/Hello-World/pull/2.patch", - "issue_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/2", - "number": 2, - "state": "open", - "locked": false, - "title": "Update the README with new information.", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "body": "This is a pretty simple change that we need to pull into master.", - "created_at": "2019-05-15T15:20:33Z", - "updated_at": "2019-05-15T15:20:38Z", - "closed_at": null, - "merged_at": null, - "merge_commit_sha": "c4295bd74fb0f4fda03689c3df3f2803b658fd85", - "assignee": null, - "assignees": [], - "requested_reviewers": [], - "requested_teams": [], - "labels": [], - "milestone": null, - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/commits", - "review_comments_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/comments", - "review_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls/comments{/number}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/2/comments", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/ec26c3e57ca3a959ca5aad62de7213c562f8c821", - "head": { - "label": "Codertocat:changes", - "ref": "changes", - "sha": "ec26c3e57ca3a959ca5aad62de7213c562f8c821", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "repo": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:20:34Z", - "pushed_at": "2019-05-15T15:20:33Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": "Ruby", - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master", - "allow_squash_merge": true, - "allow_merge_commit": true, - "allow_rebase_merge": true, - "delete_branch_on_merge": false - } - }, - "base": { - "label": "Codertocat:master", - "ref": "master", - "sha": "f95f852bd8fca8fcc58a9a2d6c842781e32a215e", - "user": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "repo": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:20:34Z", - "pushed_at": "2019-05-15T15:20:33Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": "Ruby", - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master", - "allow_squash_merge": true, - "allow_merge_commit": true, - "allow_rebase_merge": true, - "delete_branch_on_merge": false - } - }, - "_links": { - "self": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2" - }, - "html": { - "href": "https://github.com/Codertocat/Hello-World/pull/2" - }, - "issue": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/issues/2" - }, - "comments": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/issues/2/comments" - }, - "review_comments": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/comments" - }, - "review_comment": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/comments{/number}" - }, - "commits": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/pulls/2/commits" - }, - "statuses": { - "href": "https://api.github.com/repos/Codertocat/Hello-World/statuses/ec26c3e57ca3a959ca5aad62de7213c562f8c821" - } - }, - "author_association": "OWNER" - }, - "repository": { - "id": 186853002, - "node_id": "MDEwOlJlcG9zaXRvcnkxODY4NTMwMDI=", - "name": "Hello-World", - "full_name": "Codertocat/Hello-World", - "private": false, - "owner": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - }, - "html_url": "https://github.com/Codertocat/Hello-World", - "description": null, - "fork": false, - "url": "https://api.github.com/repos/Codertocat/Hello-World", - "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks", - "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams", - "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks", - "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}", - "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events", - "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}", - "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}", - "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags", - "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}", - "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages", - "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers", - "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors", - "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers", - "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription", - "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}", - "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges", - "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads", - "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}", - "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}", - "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}", - "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}", - "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}", - "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments", - "created_at": "2019-05-15T15:19:25Z", - "updated_at": "2019-05-15T15:20:34Z", - "pushed_at": "2019-05-15T15:20:33Z", - "git_url": "git://github.com/Codertocat/Hello-World.git", - "ssh_url": "git@github.com:Codertocat/Hello-World.git", - "clone_url": "https://github.com/Codertocat/Hello-World.git", - "svn_url": "https://github.com/Codertocat/Hello-World", - "homepage": null, - "size": 0, - "stargazers_count": 0, - "watchers_count": 0, - "language": "Ruby", - "has_issues": true, - "has_projects": true, - "has_downloads": true, - "has_wiki": true, - "has_pages": true, - "forks_count": 0, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 2, - "license": null, - "forks": 0, - "open_issues": 2, - "watchers": 0, - "default_branch": "master" - }, - "sender": { - "login": "Codertocat", - "id": 21031067, - "node_id": "MDQ6VXNlcjIxMDMxMDY3", - "avatar_url": "https://avatars1.githubusercontent.com/u/21031067?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/Codertocat", - "html_url": "https://github.com/Codertocat", - "followers_url": "https://api.github.com/users/Codertocat/followers", - "following_url": "https://api.github.com/users/Codertocat/following{/other_user}", - "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}", - "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions", - "organizations_url": "https://api.github.com/users/Codertocat/orgs", - "repos_url": "https://api.github.com/users/Codertocat/repos", - "events_url": "https://api.github.com/users/Codertocat/events{/privacy}", - "received_events_url": "https://api.github.com/users/Codertocat/received_events", - "type": "User", - "site_admin": false - } -} diff --git a/.github/workflows/robot/internal/env/testdata/synchronize.json b/.github/workflows/robot/internal/env/testdata/synchronize.json deleted file mode 100644 index b327693a6ba5e..0000000000000 --- a/.github/workflows/robot/internal/env/testdata/synchronize.json +++ /dev/null @@ -1,472 +0,0 @@ -{ - "action": "synchronize", - "after": "ecabd9d97b218368ea47d17cd23815590b76e196", - "before": "cbb23161d4c33d70189430d07957d2d66d42fc30", - "number": 28, - "organization": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "description": "Unify access for SSH servers, Kubernetes clusters, web applications, and databases.", - "events_url": "https://api.github.com/orgs/gravitational/events", - "hooks_url": "https://api.github.com/orgs/gravitational/hooks", - "id": 10781132, - "issues_url": "https://api.github.com/orgs/gravitational/issues", - "login": "gravitational", - "members_url": "https://api.github.com/orgs/gravitational/members{/member}", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "public_members_url": "https://api.github.com/orgs/gravitational/public_members{/member}", - "repos_url": "https://api.github.com/orgs/gravitational/repos", - "url": "https://api.github.com/orgs/gravitational" - }, - "pull_request": { - "_links": { - "comments": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/28/comments" - }, - "commits": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28/commits" - }, - "html": { - "href": "https://github.com/gravitational/gh-actions-poc/pull/28" - }, - "issue": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/28" - }, - "review_comment": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/comments{/number}" - }, - "review_comments": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28/comments" - }, - "self": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28" - }, - "statuses": { - "href": "https://api.github.com/repos/gravitational/gh-actions-poc/statuses/ecabd9d97b218368ea47d17cd23815590b76e196" - } - }, - "active_lock_reason": null, - "additions": 314565, - "assignee": null, - "assignees": [], - "author_association": "COLLABORATOR", - "auto_merge": null, - "base": { - "label": "gravitational:master", - "ref": "master", - "repo": { - "allow_merge_commit": true, - "allow_rebase_merge": true, - "allow_squash_merge": true, - "archive_url": "https://api.github.com/repos/gravitational/gh-actions-poc/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/assignees{/user}", - "blobs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/gravitational/gh-actions-poc/branches{/branch}", - "clone_url": "https://github.com/gravitational/gh-actions-poc.git", - "collaborators_url": "https://api.github.com/repos/gravitational/gh-actions-poc/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/comments{/number}", - "commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/commits{/sha}", - "compare_url": "https://api.github.com/repos/gravitational/gh-actions-poc/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contents/{+path}", - "contributors_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contributors", - "created_at": "2021-05-06T16:56:44Z", - "default_branch": "master", - "delete_branch_on_merge": false, - "deployments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/deployments", - "description": null, - "disabled": false, - "downloads_url": "https://api.github.com/repos/gravitational/gh-actions-poc/downloads", - "events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/events", - "fork": false, - "forks": 1, - "forks_count": 1, - "forks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/forks", - "full_name": "gravitational/gh-actions-poc", - "git_commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/tags{/sha}", - "git_url": "git://github.com/gravitational/gh-actions-poc.git", - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": null, - "hooks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/hooks", - "html_url": "https://github.com/gravitational/gh-actions-poc", - "id": 364979824, - "issue_comment_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/events{/number}", - "issues_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues{/number}", - "keys_url": "https://api.github.com/repos/gravitational/gh-actions-poc/keys{/key_id}", - "labels_url": "https://api.github.com/repos/gravitational/gh-actions-poc/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/gravitational/gh-actions-poc/languages", - "license": null, - "merges_url": "https://api.github.com/repos/gravitational/gh-actions-poc/merges", - "milestones_url": "https://api.github.com/repos/gravitational/gh-actions-poc/milestones{/number}", - "mirror_url": null, - "name": "gh-actions-poc", - "node_id": "MDEwOlJlcG9zaXRvcnkzNjQ5Nzk4MjQ=", - "notifications_url": "https://api.github.com/repos/gravitational/gh-actions-poc/notifications{?since,all,participating}", - "open_issues": 9, - "open_issues_count": 9, - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "events_url": "https://api.github.com/users/gravitational/events{/privacy}", - "followers_url": "https://api.github.com/users/gravitational/followers", - "following_url": "https://api.github.com/users/gravitational/following{/other_user}", - "gists_url": "https://api.github.com/users/gravitational/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/gravitational", - "id": 10781132, - "login": "gravitational", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "organizations_url": "https://api.github.com/users/gravitational/orgs", - "received_events_url": "https://api.github.com/users/gravitational/received_events", - "repos_url": "https://api.github.com/users/gravitational/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/gravitational/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/gravitational/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/gravitational" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls{/number}", - "pushed_at": "2021-07-15T18:35:54Z", - "releases_url": "https://api.github.com/repos/gravitational/gh-actions-poc/releases{/id}", - "size": 3466, - "ssh_url": "git@github.com:gravitational/gh-actions-poc.git", - "stargazers_count": 1, - "stargazers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/stargazers", - "statuses_url": "https://api.github.com/repos/gravitational/gh-actions-poc/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscribers", - "subscription_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscription", - "svn_url": "https://github.com/gravitational/gh-actions-poc", - "tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/tags", - "teams_url": "https://api.github.com/repos/gravitational/gh-actions-poc/teams", - "trees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/trees{/sha}", - "updated_at": "2021-07-14T08:52:30Z", - "url": "https://api.github.com/repos/gravitational/gh-actions-poc", - "watchers": 1, - "watchers_count": 1 - }, - "sha": "385a4f19e99a35adeef42e8188036e3742ca0387", - "user": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "events_url": "https://api.github.com/users/gravitational/events{/privacy}", - "followers_url": "https://api.github.com/users/gravitational/followers", - "following_url": "https://api.github.com/users/gravitational/following{/other_user}", - "gists_url": "https://api.github.com/users/gravitational/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/gravitational", - "id": 10781132, - "login": "gravitational", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "organizations_url": "https://api.github.com/users/gravitational/orgs", - "received_events_url": "https://api.github.com/users/gravitational/received_events", - "repos_url": "https://api.github.com/users/gravitational/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/gravitational/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/gravitational/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/gravitational" - } - }, - "body": "", - "changed_files": 784, - "closed_at": null, - "comments": 0, - "comments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/28/comments", - "commits": 32, - "commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28/commits", - "created_at": "2021-07-15T18:06:04Z", - "deletions": 241, - "diff_url": "https://github.com/gravitational/gh-actions-poc/pull/28.diff", - "draft": false, - "head": { - "label": "gravitational:jane/ci", - "ref": "jane/ci", - "repo": { - "allow_merge_commit": true, - "allow_rebase_merge": true, - "allow_squash_merge": true, - "archive_url": "https://api.github.com/repos/gravitational/gh-actions-poc/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/assignees{/user}", - "blobs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/gravitational/gh-actions-poc/branches{/branch}", - "clone_url": "https://github.com/gravitational/gh-actions-poc.git", - "collaborators_url": "https://api.github.com/repos/gravitational/gh-actions-poc/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/comments{/number}", - "commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/commits{/sha}", - "compare_url": "https://api.github.com/repos/gravitational/gh-actions-poc/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contents/{+path}", - "contributors_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contributors", - "created_at": "2021-05-06T16:56:44Z", - "default_branch": "master", - "delete_branch_on_merge": false, - "deployments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/deployments", - "description": null, - "disabled": false, - "downloads_url": "https://api.github.com/repos/gravitational/gh-actions-poc/downloads", - "events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/events", - "fork": false, - "forks": 1, - "forks_count": 1, - "forks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/forks", - "full_name": "gravitational/gh-actions-poc", - "git_commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/tags{/sha}", - "git_url": "git://github.com/gravitational/gh-actions-poc.git", - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": null, - "hooks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/hooks", - "html_url": "https://github.com/gravitational/gh-actions-poc", - "id": 364979824, - "issue_comment_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/events{/number}", - "issues_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues{/number}", - "keys_url": "https://api.github.com/repos/gravitational/gh-actions-poc/keys{/key_id}", - "labels_url": "https://api.github.com/repos/gravitational/gh-actions-poc/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/gravitational/gh-actions-poc/languages", - "license": null, - "merges_url": "https://api.github.com/repos/gravitational/gh-actions-poc/merges", - "milestones_url": "https://api.github.com/repos/gravitational/gh-actions-poc/milestones{/number}", - "mirror_url": null, - "name": "gh-actions-poc", - "node_id": "MDEwOlJlcG9zaXRvcnkzNjQ5Nzk4MjQ=", - "notifications_url": "https://api.github.com/repos/gravitational/gh-actions-poc/notifications{?since,all,participating}", - "open_issues": 9, - "open_issues_count": 9, - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "events_url": "https://api.github.com/users/gravitational/events{/privacy}", - "followers_url": "https://api.github.com/users/gravitational/followers", - "following_url": "https://api.github.com/users/gravitational/following{/other_user}", - "gists_url": "https://api.github.com/users/gravitational/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/gravitational", - "id": 10781132, - "login": "gravitational", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "organizations_url": "https://api.github.com/users/gravitational/orgs", - "received_events_url": "https://api.github.com/users/gravitational/received_events", - "repos_url": "https://api.github.com/users/gravitational/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/gravitational/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/gravitational/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/gravitational" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls{/number}", - "pushed_at": "2021-07-15T18:35:54Z", - "releases_url": "https://api.github.com/repos/gravitational/gh-actions-poc/releases{/id}", - "size": 3466, - "ssh_url": "git@github.com:gravitational/gh-actions-poc.git", - "stargazers_count": 1, - "stargazers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/stargazers", - "statuses_url": "https://api.github.com/repos/gravitational/gh-actions-poc/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscribers", - "subscription_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscription", - "svn_url": "https://github.com/gravitational/gh-actions-poc", - "tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/tags", - "teams_url": "https://api.github.com/repos/gravitational/gh-actions-poc/teams", - "trees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/trees{/sha}", - "updated_at": "2021-07-14T08:52:30Z", - "url": "https://api.github.com/repos/gravitational/gh-actions-poc", - "watchers": 1, - "watchers_count": 1 - }, - "sha": "ecabd9d97b218368ea47d17cd23815590b76e196", - "user": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "events_url": "https://api.github.com/users/gravitational/events{/privacy}", - "followers_url": "https://api.github.com/users/gravitational/followers", - "following_url": "https://api.github.com/users/gravitational/following{/other_user}", - "gists_url": "https://api.github.com/users/gravitational/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/gravitational", - "id": 10781132, - "login": "gravitational", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "organizations_url": "https://api.github.com/users/gravitational/orgs", - "received_events_url": "https://api.github.com/users/gravitational/received_events", - "repos_url": "https://api.github.com/users/gravitational/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/gravitational/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/gravitational/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/gravitational" - } - }, - "html_url": "https://github.com/gravitational/gh-actions-poc/pull/28", - "id": 690933440, - "issue_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/28", - "labels": [], - "locked": false, - "maintainer_can_modify": false, - "merge_commit_sha": "8c8dcf9cf0ead8f4f77212f8b991675e122a6f29", - "mergeable": null, - "mergeable_state": "unknown", - "merged": false, - "merged_at": null, - "merged_by": null, - "milestone": null, - "node_id": "MDExOlB1bGxSZXF1ZXN0NjkwOTMzNDQw", - "number": 28, - "patch_url": "https://github.com/gravitational/gh-actions-poc/pull/28.patch", - "rebaseable": null, - "requested_reviewers": [], - "requested_teams": [], - "review_comment_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/comments{/number}", - "review_comments": 0, - "review_comments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28/comments", - "state": "open", - "statuses_url": "https://api.github.com/repos/gravitational/gh-actions-poc/statuses/ecabd9d97b218368ea47d17cd23815590b76e196", - "title": "Jane/ci", - "updated_at": "2021-07-15T18:35:56Z", - "url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls/28", - "user": { - "avatar_url": "https://avatars.githubusercontent.com/u/42625018?v=4", - "events_url": "https://api.github.com/users/quinqu/events{/privacy}", - "followers_url": "https://api.github.com/users/quinqu/followers", - "following_url": "https://api.github.com/users/quinqu/following{/other_user}", - "gists_url": "https://api.github.com/users/quinqu/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/quinqu", - "id": 42625018, - "login": "quinqu", - "node_id": "MDQ6VXNlcjQyNjI1MDE4", - "organizations_url": "https://api.github.com/users/quinqu/orgs", - "received_events_url": "https://api.github.com/users/quinqu/received_events", - "repos_url": "https://api.github.com/users/quinqu/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/quinqu/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/quinqu/subscriptions", - "type": "User", - "url": "https://api.github.com/users/quinqu" - } - }, - "repository": { - "archive_url": "https://api.github.com/repos/gravitational/gh-actions-poc/{archive_format}{/ref}", - "archived": false, - "assignees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/assignees{/user}", - "blobs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/blobs{/sha}", - "branches_url": "https://api.github.com/repos/gravitational/gh-actions-poc/branches{/branch}", - "clone_url": "https://github.com/gravitational/gh-actions-poc.git", - "collaborators_url": "https://api.github.com/repos/gravitational/gh-actions-poc/collaborators{/collaborator}", - "comments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/comments{/number}", - "commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/commits{/sha}", - "compare_url": "https://api.github.com/repos/gravitational/gh-actions-poc/compare/{base}...{head}", - "contents_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contents/{+path}", - "contributors_url": "https://api.github.com/repos/gravitational/gh-actions-poc/contributors", - "created_at": "2021-05-06T16:56:44Z", - "default_branch": "master", - "deployments_url": "https://api.github.com/repos/gravitational/gh-actions-poc/deployments", - "description": null, - "disabled": false, - "downloads_url": "https://api.github.com/repos/gravitational/gh-actions-poc/downloads", - "events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/events", - "fork": false, - "forks": 1, - "forks_count": 1, - "forks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/forks", - "full_name": "gravitational/gh-actions-poc", - "git_commits_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/commits{/sha}", - "git_refs_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/refs{/sha}", - "git_tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/tags{/sha}", - "git_url": "git://github.com/gravitational/gh-actions-poc.git", - "has_downloads": true, - "has_issues": true, - "has_pages": false, - "has_projects": true, - "has_wiki": true, - "homepage": null, - "hooks_url": "https://api.github.com/repos/gravitational/gh-actions-poc/hooks", - "html_url": "https://github.com/gravitational/gh-actions-poc", - "id": 364979824, - "issue_comment_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/comments{/number}", - "issue_events_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues/events{/number}", - "issues_url": "https://api.github.com/repos/gravitational/gh-actions-poc/issues{/number}", - "keys_url": "https://api.github.com/repos/gravitational/gh-actions-poc/keys{/key_id}", - "labels_url": "https://api.github.com/repos/gravitational/gh-actions-poc/labels{/name}", - "language": "Go", - "languages_url": "https://api.github.com/repos/gravitational/gh-actions-poc/languages", - "license": null, - "merges_url": "https://api.github.com/repos/gravitational/gh-actions-poc/merges", - "milestones_url": "https://api.github.com/repos/gravitational/gh-actions-poc/milestones{/number}", - "mirror_url": null, - "name": "gh-actions-poc", - "node_id": "MDEwOlJlcG9zaXRvcnkzNjQ5Nzk4MjQ=", - "notifications_url": "https://api.github.com/repos/gravitational/gh-actions-poc/notifications{?since,all,participating}", - "open_issues": 9, - "open_issues_count": 9, - "owner": { - "avatar_url": "https://avatars.githubusercontent.com/u/10781132?v=4", - "events_url": "https://api.github.com/users/gravitational/events{/privacy}", - "followers_url": "https://api.github.com/users/gravitational/followers", - "following_url": "https://api.github.com/users/gravitational/following{/other_user}", - "gists_url": "https://api.github.com/users/gravitational/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/gravitational", - "id": 10781132, - "login": "gravitational", - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwNzgxMTMy", - "organizations_url": "https://api.github.com/users/gravitational/orgs", - "received_events_url": "https://api.github.com/users/gravitational/received_events", - "repos_url": "https://api.github.com/users/gravitational/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/gravitational/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/gravitational/subscriptions", - "type": "Organization", - "url": "https://api.github.com/users/gravitational" - }, - "private": false, - "pulls_url": "https://api.github.com/repos/gravitational/gh-actions-poc/pulls{/number}", - "pushed_at": "2021-07-15T18:35:54Z", - "releases_url": "https://api.github.com/repos/gravitational/gh-actions-poc/releases{/id}", - "size": 3466, - "ssh_url": "git@github.com:gravitational/gh-actions-poc.git", - "stargazers_count": 1, - "stargazers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/stargazers", - "statuses_url": "https://api.github.com/repos/gravitational/gh-actions-poc/statuses/{sha}", - "subscribers_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscribers", - "subscription_url": "https://api.github.com/repos/gravitational/gh-actions-poc/subscription", - "svn_url": "https://github.com/gravitational/gh-actions-poc", - "tags_url": "https://api.github.com/repos/gravitational/gh-actions-poc/tags", - "teams_url": "https://api.github.com/repos/gravitational/gh-actions-poc/teams", - "trees_url": "https://api.github.com/repos/gravitational/gh-actions-poc/git/trees{/sha}", - "updated_at": "2021-07-14T08:52:30Z", - "url": "https://api.github.com/repos/gravitational/gh-actions-poc", - "watchers": 1, - "watchers_count": 1 - }, - "sender": { - "avatar_url": "https://avatars.githubusercontent.com/u/42625018?v=4", - "events_url": "https://api.github.com/users/quinqu/events{/privacy}", - "followers_url": "https://api.github.com/users/quinqu/followers", - "following_url": "https://api.github.com/users/quinqu/following{/other_user}", - "gists_url": "https://api.github.com/users/quinqu/gists{/gist_id}", - "gravatar_id": "", - "html_url": "https://github.com/quinqu", - "id": 42625018, - "login": "quinqu", - "node_id": "MDQ6VXNlcjQyNjI1MDE4", - "organizations_url": "https://api.github.com/users/quinqu/orgs", - "received_events_url": "https://api.github.com/users/quinqu/received_events", - "repos_url": "https://api.github.com/users/quinqu/repos", - "site_admin": false, - "starred_url": "https://api.github.com/users/quinqu/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/quinqu/subscriptions", - "type": "User", - "url": "https://api.github.com/users/quinqu" - } -} diff --git a/.github/workflows/robot/internal/github/github.go b/.github/workflows/robot/internal/github/github.go deleted file mode 100644 index 8158785e77618..0000000000000 --- a/.github/workflows/robot/internal/github/github.go +++ /dev/null @@ -1,544 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package github - -import ( - "context" - "log" - "net/http" - "net/url" - "path" - "sort" - "strconv" - "time" - - "github.com/gravitational/trace" - - go_github "github.com/google/go-github/v37/github" - "golang.org/x/oauth2" -) - -type Client struct { - client *go_github.Client -} - -// New returns a new GitHub Client. -func New(ctx context.Context, token string) (*Client, error) { - ts := oauth2.StaticTokenSource( - &oauth2.Token{AccessToken: token}, - ) - return &Client{ - client: go_github.NewClient(oauth2.NewClient(ctx, ts)), - }, nil -} - -// RequestReviewers is used to assign reviewers to a Pull Requests. -func (c *Client) RequestReviewers(ctx context.Context, organization string, repository string, number int, reviewers []string) error { - _, _, err := c.client.PullRequests.RequestReviewers(ctx, - organization, - repository, - number, - go_github.ReviewersRequest{ - Reviewers: reviewers, - }) - if err != nil { - return trace.Wrap(err) - } - return nil -} - -// Review is a GitHub PR review. -type Review struct { - // Author is the GitHub login of the user that created the PR. - Author string - // State is the state of the PR, for example APPROVED, COMMENTED, - // CHANGES_REQUESTED, or DISMISSED. - State string - // SubmittedAt is the time the PR was created. - SubmittedAt time.Time -} - -func (c *Client) ListReviews(ctx context.Context, organization string, repository string, number int) ([]Review, error) { - var reviews []Review - - opts := &go_github.ListOptions{ - Page: 0, - PerPage: perPage, - } - for { - page, resp, err := c.client.PullRequests.ListReviews(ctx, - organization, - repository, - number, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, r := range page { - reviews = append(reviews, Review{ - Author: r.GetUser().GetLogin(), - State: r.GetState(), - SubmittedAt: r.GetSubmittedAt(), - }) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - // Sort oldest review first. - sort.SliceStable(reviews, func(i, j int) bool { - return reviews[i].SubmittedAt.Before(reviews[j].SubmittedAt) - }) - - return reviews, nil -} - -// PullRequest is a Pull Requested submitted to the repository. -type PullRequest struct { - // Author is the GitHub login of the user that created the PR. - Author string - // Repository is the name of the repository. - Repository string - // Number is the Pull Request number. - Number int - // State is the state of the submitted review. - State string - // UnsafeBase is the base of the branch. - // - // UnsafeBase can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeBase Branch - // UnsafeHead is the name head of the branch. - // - // UnsafeHead can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeHead Branch - // UnsafeTitle is the title of the Pull Request. - // - // UnsafeTitle can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeTitle string - // UnsafeBody is the body of the Pull Request. - // - // UnsafeBody can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeBody string - // UnsafeLabels are the labels attached to the Pull Request. - // - // UnsafeLabels can be attacker controlled and should not be used in any - // security sensitive context. For example, don't use it when crafting a URL - // to send a request to or an access decision. See the following link for - // more details: - // - // https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections - UnsafeLabels []string - // Fork determines if the pull request is from a fork. - Fork bool -} - -// Branch is a git Branch. -type Branch struct { - // Ref is a human readable name branch name. - Ref string - // SHA is the SHA1 hash of the commit. - SHA string -} - -// ListReviewers returns a list of reviewers that have yet to submit a review. -func (c *Client) ListReviewers(ctx context.Context, organization string, repository string, number int) ([]string, error) { - var reviewers []string - - opts := &go_github.ListOptions{ - Page: 0, - PerPage: perPage, - } - for { - page, resp, err := c.client.PullRequests.ListReviewers(ctx, - organization, - repository, - number, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, r := range page.Users { - reviewers = append(reviewers, r.GetLogin()) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return reviewers, nil -} - -// GetPullRequest returns a specific Pull Request. -func (c *Client) GetPullRequest(ctx context.Context, organization string, repository string, number int) (PullRequest, error) { - pull, _, err := c.client.PullRequests.Get(ctx, - organization, - repository, - number) - if err != nil { - return PullRequest{}, trace.Wrap(err) - } - - var labels []string - for _, label := range pull.Labels { - labels = append(labels, label.GetName()) - } - - return PullRequest{ - Author: pull.GetUser().GetLogin(), - Repository: repository, - Number: pull.GetNumber(), - State: pull.GetState(), - UnsafeBase: Branch{ - Ref: pull.GetBase().GetRef(), - SHA: pull.GetBase().GetSHA(), - }, - UnsafeHead: Branch{ - Ref: pull.GetHead().GetRef(), - SHA: pull.GetHead().GetSHA(), - }, - UnsafeTitle: pull.GetTitle(), - UnsafeBody: pull.GetBody(), - UnsafeLabels: labels, - Fork: pull.GetHead().GetRepo().GetFork(), - }, nil -} - -// ListPullRequests returns a list of Pull Requests. -func (c *Client) ListPullRequests(ctx context.Context, organization string, repository string, state string) ([]PullRequest, error) { - var pulls []PullRequest - - opts := &go_github.PullRequestListOptions{ - State: state, - ListOptions: go_github.ListOptions{ - Page: 0, - PerPage: perPage, - }, - } - for { - page, resp, err := c.client.PullRequests.List(ctx, - organization, - repository, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, pull := range page { - var labels []string - for _, label := range pull.Labels { - labels = append(labels, label.GetName()) - } - - pulls = append(pulls, PullRequest{ - Author: pull.GetUser().GetLogin(), - Repository: repository, - Number: pull.GetNumber(), - State: pull.GetState(), - UnsafeBase: Branch{ - Ref: pull.GetBase().GetRef(), - SHA: pull.GetBase().GetSHA(), - }, - UnsafeHead: Branch{ - Ref: pull.GetHead().GetRef(), - SHA: pull.GetHead().GetSHA(), - }, - UnsafeTitle: pull.GetTitle(), - UnsafeBody: pull.GetBody(), - UnsafeLabels: labels, - Fork: pull.GetHead().GetRepo().GetFork(), - }) - } - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return pulls, nil -} - -// ListFiles is used to list all the files within a Pull Request. -func (c *Client) ListFiles(ctx context.Context, organization string, repository string, number int) ([]string, error) { - var files []string - - opts := &go_github.ListOptions{ - Page: 0, - PerPage: perPage, - } - for { - page, resp, err := c.client.PullRequests.ListFiles(ctx, - organization, - repository, - number, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, file := range page { - files = append(files, file.GetFilename()) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return files, nil -} - -// AddLabels will add labels to an Issue or Pull Request. -func (c *Client) AddLabels(ctx context.Context, organization string, repository string, number int, labels []string) error { - _, _, err := c.client.Issues.AddLabelsToIssue(ctx, - organization, - repository, - number, - labels) - if err != nil { - return trace.Wrap(err) - } - - return nil -} - -// Workflow contains information about a workflow. -type Workflow struct { - // ID of the workflow. - ID int64 - // Name of the workflow. - Name string - // Path of the workflow. - Path string -} - -// ListWorkflows lists all workflows within a repository. -func (c *Client) ListWorkflows(ctx context.Context, organization string, repository string) ([]Workflow, error) { - var workflows []Workflow - - opts := &go_github.ListOptions{ - Page: 0, - PerPage: perPage, - } - for { - page, resp, err := c.client.Actions.ListWorkflows(ctx, - organization, - repository, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - if page.Workflows == nil { - log.Printf("Got empty page of workflows for %v.", repository) - continue - } - - for _, workflow := range page.Workflows { - workflows = append(workflows, Workflow{ - Name: workflow.GetName(), - Path: workflow.GetPath(), - ID: workflow.GetID(), - }) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return workflows, nil -} - -// Run is a specific workflow run. -type Run struct { - // ID of the workflow run. - ID int64 - // CreatedAt time the workflow run was created. - CreatedAt time.Time -} - -// ListWorkflowRuns is used to list all workflow runs for an ID. -func (c *Client) ListWorkflowRuns(ctx context.Context, organization string, repository string, branch string, workflowID int64) ([]Run, error) { - var runs []Run - - opts := &go_github.ListWorkflowRunsOptions{ - Branch: branch, - ListOptions: go_github.ListOptions{ - Page: 0, - PerPage: perPage, - }, - } - for { - page, resp, err := c.client.Actions.ListWorkflowRunsByID(ctx, - organization, - repository, - workflowID, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - if page.WorkflowRuns == nil { - log.Printf("Got empty page of workflow runs for branch: %v, workflowID: %v.", branch, workflowID) - continue - } - - for _, run := range page.WorkflowRuns { - runs = append(runs, Run{ - ID: run.GetID(), - CreatedAt: run.GetCreatedAt().Time, - }) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return runs, nil -} - -// DeleteWorkflowRun is directly implemented because it is missing from go-github. -// -// https://docs.github.com/en/rest/reference/actions#delete-a-workflow-run -func (c *Client) DeleteWorkflowRun(ctx context.Context, organization string, repository string, runID int64) error { - url := url.URL{ - Scheme: "https", - Host: "api.github.com", - Path: path.Join("repos", organization, repository, "actions", "runs", strconv.FormatInt(runID, 10)), - } - req, err := c.client.NewRequest(http.MethodDelete, url.String(), nil) - if err != nil { - return trace.Wrap(err) - } - _, err = c.client.Do(ctx, req, nil) - if err != nil { - return trace.Wrap(err) - } - return nil -} - -// CreateComment will leave a comment on an Issue or Pull Request. -func (c *Client) CreateComment(ctx context.Context, organization string, repository string, number int, comment string) error { - _, _, err := c.client.Issues.CreateComment(ctx, - organization, - repository, - number, - &go_github.IssueComment{ - Body: &comment, - }) - if err != nil { - return trace.Wrap(err) - } - return nil -} - -// CreatePullRequest will create a Pull Request. -func (c *Client) CreatePullRequest(ctx context.Context, organization string, repository string, title string, head string, base string, body string, draft bool) (int, error) { - pull, _, err := c.client.PullRequests.Create(ctx, - organization, - repository, - &go_github.NewPullRequest{ - Title: &title, - Head: &head, - Base: &base, - Body: &body, - Draft: &draft, - }) - if err != nil { - return 0, trace.Wrap(err) - } - return pull.GetNumber(), nil -} - -// ListWorkflowJobs lists all jobs for a workflow run. -func (c *Client) ListWorkflowJobs(ctx context.Context, organization string, repository string, runID int64) ([]Job, error) { - var jobs []Job - - opts := &go_github.ListWorkflowJobsOptions{ - ListOptions: go_github.ListOptions{ - Page: 0, - PerPage: perPage, - }, - } - for { - page, resp, err := c.client.Actions.ListWorkflowJobs(ctx, - organization, - repository, - runID, - opts) - if err != nil { - return nil, trace.Wrap(err) - } - - for _, job := range page.Jobs { - jobs = append(jobs, Job{ - Name: job.GetName(), - ID: job.GetID(), - }) - } - - if resp.NextPage == 0 { - break - } - opts.Page = resp.NextPage - } - - return jobs, nil -} - -// Job is a job within a workflow run. -type Job struct { - // Name of the workflow job. - Name string - - // ID of the job. - ID int64 -} - -const ( - // perPage is the number of items per page to request. - perPage = 100 -) diff --git a/.github/workflows/robot/internal/review/review.go b/.github/workflows/robot/internal/review/review.go deleted file mode 100644 index 0d1072c2c5d08..0000000000000 --- a/.github/workflows/robot/internal/review/review.go +++ /dev/null @@ -1,357 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package review - -import ( - "encoding/json" - "log" - "math/rand" - "time" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - - "github.com/gravitational/trace" -) - -// Reviewer is a code reviewer. -type Reviewer struct { - // Team the reviewer belongs to. - Team string `json:"team"` - // Owner is true if the reviewer is a code or docs owner (required for all reviews). - Owner bool `json:"owner"` -} - -// Config holds code reviewer configuration. -type Config struct { - // Rand is a random number generator. It is not safe for cryptographic - // operations. - Rand *rand.Rand - - // CodeReviewers and CodeReviewersOmit is a map of code reviews and code - // reviewers to omit. - CodeReviewers map[string]Reviewer `json:"codeReviewers"` - CodeReviewersOmit map[string]bool `json:"codeReviewersOmit"` - - // DocsReviewers and DocsReviewersOmit is a map of docs reviews and docs - // reviewers to omit. - DocsReviewers map[string]Reviewer `json:"docsReviewers"` - DocsReviewersOmit map[string]bool `json:"docsReviewersOmit"` - - // Admins are assigned reviews when no others match. - Admins []string `json:"admins"` -} - -// CheckAndSetDefaults checks and sets defaults. -func (c *Config) CheckAndSetDefaults() error { - if c.Rand == nil { - c.Rand = rand.New(rand.NewSource(time.Now().UnixNano())) - } - - if c.CodeReviewers == nil { - return trace.BadParameter("missing parameter CodeReviewers") - } - if c.CodeReviewersOmit == nil { - return trace.BadParameter("missing parameter CodeReviewersOmit") - } - - if c.DocsReviewers == nil { - return trace.BadParameter("missing parameter DocsReviewers") - } - if c.DocsReviewersOmit == nil { - return trace.BadParameter("missing parameter DocsReviewersOmit") - } - - if c.Admins == nil { - return trace.BadParameter("missing parameter Admins") - } - - return nil -} - -// Assignments can be used to assign and check code reviewers. -type Assignments struct { - c *Config -} - -// FromString parses JSON formatted configuration and returns assignments. -func FromString(reviewers string) (*Assignments, error) { - var c Config - if err := json.Unmarshal([]byte(reviewers), &c); err != nil { - return nil, trace.Wrap(err) - } - - r, err := New(&c) - if err != nil { - return nil, trace.Wrap(err) - } - - return r, nil -} - -// New returns new code review assignments. -func New(c *Config) (*Assignments, error) { - if err := c.CheckAndSetDefaults(); err != nil { - return nil, trace.Wrap(err) - } - - return &Assignments{ - c: c, - }, nil -} - -// IsInternal returns if the author of a PR is internal. -func (r *Assignments) IsInternal(author string) bool { - _, code := r.c.CodeReviewers[author] - _, docs := r.c.DocsReviewers[author] - return code || docs -} - -// Get will return a list of code reviewers a given author. -func (r *Assignments) Get(author string, docs bool, code bool) []string { - var reviewers []string - - switch { - case docs && code: - log.Printf("Assign: Found docs and code changes.") - reviewers = append(reviewers, r.getDocsReviewers(author)...) - reviewers = append(reviewers, r.getCodeReviewers(author)...) - case !docs && code: - log.Printf("Assign: Found code changes.") - reviewers = append(reviewers, r.getCodeReviewers(author)...) - case docs && !code: - log.Printf("Assign: Found docs changes.") - reviewers = append(reviewers, r.getDocsReviewers(author)...) - // Strange state, an empty commit? Return admin reviewers. - case !docs && !code: - log.Printf("Assign: Found no docs or code changes.") - reviewers = append(reviewers, r.getAdminReviewers(author)...) - } - - return reviewers -} - -func (r *Assignments) getDocsReviewers(author string) []string { - setA, setB := getReviewerSets(author, "Core", r.c.DocsReviewers, r.c.DocsReviewersOmit) - reviewers := append(setA, setB...) - - // If no docs reviewers were assigned, assign admin reviews. - if len(reviewers) == 0 { - return r.getAdminReviewers(author) - } - return reviewers -} - -func (r *Assignments) getCodeReviewers(author string) []string { - setA, setB := r.getCodeReviewerSets(author) - - return []string{ - setA[r.c.Rand.Intn(len(setA))], - setB[r.c.Rand.Intn(len(setB))], - } -} - -func (r *Assignments) getAdminReviewers(author string) []string { - var reviewers []string - for _, v := range r.c.Admins { - if v == author { - continue - } - reviewers = append(reviewers, v) - } - return reviewers -} - -func (r *Assignments) getCodeReviewerSets(author string) ([]string, []string) { - // Internal non-Core contributors get assigned from the admin reviewer set. - // Admins will review, triage, and re-assign. - v, ok := r.c.CodeReviewers[author] - if !ok || v.Team == "Internal" { - reviewers := r.getAdminReviewers(author) - n := len(reviewers) / 2 - return reviewers[:n], reviewers[n:] - } - - // Cloud gets reviewers assigned from Core. - team := v.Team - if v.Team == "Cloud" { - team = "Core" - } - - return getReviewerSets(author, team, r.c.CodeReviewers, r.c.CodeReviewersOmit) -} - -// CheckExternal requires two admins have approved. -func (r *Assignments) CheckExternal(author string, reviews []github.Review) error { - log.Printf("Check: Found external author %v.", author) - - reviewers := r.getAdminReviewers(author) - - if checkN(reviewers, reviews) > 1 { - return nil - } - return trace.BadParameter("at least two approvals required from %v", reviewers) -} - -// CheckInternal will verify if required reviewers have approved. Checks if -// docs and if each set of code reviews have approved. Admin approvals bypass -// all checks. -func (r *Assignments) CheckInternal(author string, reviews []github.Review, docs bool, code bool) error { - log.Printf("Check: Found internal author %v.", author) - - // Skip checks if admins have approved. - if check(r.getAdminReviewers(author), reviews) { - return nil - } - - switch { - case docs && code: - log.Printf("Check: Found docs and code changes.") - if err := r.checkDocsReviews(author, reviews); err != nil { - return trace.Wrap(err) - } - if err := r.checkCodeReviews(author, reviews); err != nil { - return trace.Wrap(err) - } - case !docs && code: - log.Printf("Check: Found code changes.") - if err := r.checkCodeReviews(author, reviews); err != nil { - return trace.Wrap(err) - } - case docs && !code: - log.Printf("Check: Found docs changes.") - if err := r.checkDocsReviews(author, reviews); err != nil { - return trace.Wrap(err) - } - // Strange state, an empty commit? Check admins. - case !docs && !code: - log.Printf("Check: Found no docs or code changes.") - if checkN(r.getAdminReviewers(author), reviews) < 2 { - return trace.BadParameter("requires two admin approvals") - } - } - - return nil -} - -func (r *Assignments) checkDocsReviews(author string, reviews []github.Review) error { - reviewers := r.getDocsReviewers(author) - - if check(reviewers, reviews) { - return nil - } - - return trace.BadParameter("requires at least one approval from %v", reviewers) -} - -func (r *Assignments) checkCodeReviews(author string, reviews []github.Review) error { - // External code reviews should never hit this path, if they do, fail and - // return an error. - v, ok := r.c.CodeReviewers[author] - if !ok { - return trace.BadParameter("rejecting checking external review") - } - - // Cloud and Internal get reviews from the Core team. Other teams do own - // internal reviews. - team := v.Team - if team == "Internal" || team == "Cloud" { - team = "Core" - } - - setA, setB := getReviewerSets(author, team, r.c.CodeReviewers, r.c.CodeReviewersOmit) - - // PRs can be approved if you either have multiple code owners that approve - // or code owner and code reviewer. - if checkN(setA, reviews) >= 2 { - return nil - } - if check(setA, reviews) && check(setB, reviews) { - return nil - } - - return trace.BadParameter("at least one approval required from each set %v %v", setA, setB) -} - -func getReviewerSets(author string, team string, reviewers map[string]Reviewer, reviewersOmit map[string]bool) ([]string, []string) { - var setA []string - var setB []string - - for k, v := range reviewers { - // Only assign within a team. - if v.Team != team { - continue - } - // Skip over reviewers that are marked as omit. - if _, ok := reviewersOmit[k]; ok { - continue - } - // Skip author, can't assign/review own PR. - if k == author { - continue - } - - if v.Owner { - setA = append(setA, k) - } else { - setB = append(setB, k) - } - } - - return setA, setB -} - -func check(reviewers []string, reviews []github.Review) bool { - return checkN(reviewers, reviews) > 0 -} - -func checkN(reviewers []string, reviews []github.Review) int { - r := reviewsByAuthor(reviews) - - var n int - for _, reviewer := range reviewers { - if state, ok := r[reviewer]; ok && state == approved { - n++ - } - } - return n -} - -func reviewsByAuthor(reviews []github.Review) map[string]string { - m := map[string]string{} - - for _, review := range reviews { - // Always pick up the last submitted review from each reviewer. - if state, ok := m[review.Author]; ok { - // If the reviewer left comments after approval, skip this review. - if review.State == commented && state == approved { - continue - } - } - m[review.Author] = review.State - } - - return m -} - -const ( - // commented is a code review where the reviewer has left comments only. - commented = "COMMENTED" - // approved is a code review where the reviewer has approved changes. - approved = "APPROVED" - // changesRequested is a code review where the reviewer has requested changes. - changesRequested = "CHANGES_REQUESTED" -) diff --git a/.github/workflows/robot/internal/review/review_test.go b/.github/workflows/robot/internal/review/review_test.go deleted file mode 100644 index 3412e1d374f7a..0000000000000 --- a/.github/workflows/robot/internal/review/review_test.go +++ /dev/null @@ -1,762 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package review - -import ( - "testing" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - "github.com/stretchr/testify/require" -) - -// TestIsInternal checks if docs and code reviewers show up as internal. -func TestIsInternal(t *testing.T) { - tests := []struct { - desc string - assignments *Assignments - author string - expect bool - }{ - { - desc: "code-is-internal", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{}, - // Docs. - DocsReviewers: map[string]Reviewer{ - "5": {Team: "Core", Owner: true}, - "6": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "1", - expect: true, - }, - { - desc: "docs-is-internal", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{}, - // Docs. - DocsReviewers: map[string]Reviewer{ - "5": {Team: "Core", Owner: true}, - "6": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "5", - expect: true, - }, - { - desc: "other-is-not-internal", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{}, - // Docs. - DocsReviewers: map[string]Reviewer{ - "5": {Team: "Core", Owner: true}, - "6": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "7", - expect: false, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - expect := test.assignments.IsInternal(test.author) - require.Equal(t, expect, test.expect) - }) - } -} - -// TestGetCodeReviewers checks internal code review assignments. -func TestGetCodeReviewers(t *testing.T) { - tests := []struct { - desc string - assignments *Assignments - author string - setA []string - setB []string - }{ - { - desc: "skip-self-assign", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "1", - setA: []string{"2"}, - setB: []string{"3", "4"}, - }, - { - desc: "skip-omitted-user", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{ - "3": true, - }, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "5", - setA: []string{"1", "2"}, - setB: []string{"4"}, - }, - { - desc: "internal-gets-defaults", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: false}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Internal"}, - }, - CodeReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "5", - setA: []string{"1"}, - setB: []string{"2"}, - }, - { - desc: "cloud-gets-core-reviewers", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: true}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Core", Owner: false}, - "6": {Team: "Core", Owner: false}, - "7": {Team: "Internal", Owner: false}, - "8": {Team: "Cloud", Owner: false}, - "9": {Team: "Cloud", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{ - "6": true, - }, - // Docs. - DocsReviewers: map[string]Reviewer{}, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "8", - setA: []string{"1", "2", "3"}, - setB: []string{"4", "5"}, - }, - { - desc: "normal", - assignments: &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: true}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Core", Owner: false}, - "6": {Team: "Core", Owner: false}, - "7": {Team: "Internal", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{ - "6": true, - }, - // Docs. - DocsReviewers: map[string]Reviewer{}, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "1", - "2", - }, - }, - }, - author: "4", - setA: []string{"1", "2", "3"}, - setB: []string{"5"}, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - setA, setB := test.assignments.getCodeReviewerSets(test.author) - require.ElementsMatch(t, setA, test.setA) - require.ElementsMatch(t, setB, test.setB) - }) - } -} - -// TestGetDocsReviewers checks internal docs review assignments. -func TestGetDocsReviewers(t *testing.T) { - tests := []struct { - desc string - assignments *Assignments - author string - reviewers []string - }{ - { - desc: "skip-self-assign", - assignments: &Assignments{ - c: &Config{ - // Docs. - DocsReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "3", - "4", - }, - }, - }, - author: "1", - reviewers: []string{"2"}, - }, - { - desc: "skip-self-assign-with-omit", - assignments: &Assignments{ - c: &Config{ - // Docs. - DocsReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{ - "2": true, - }, - // Admins. - Admins: []string{ - "3", - "4", - }, - }, - }, - author: "1", - reviewers: []string{"3", "4"}, - }, - { - desc: "normal", - assignments: &Assignments{ - c: &Config{ - // Docs. - DocsReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - // Admins. - Admins: []string{ - "3", - "4", - }, - }, - }, - author: "3", - reviewers: []string{"1", "2"}, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - reviewers := test.assignments.getDocsReviewers(test.author) - require.ElementsMatch(t, reviewers, test.reviewers) - }) - } -} - -// TestCheckExternal checks external reviews. -func TestCheckExternal(t *testing.T) { - r := &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: true}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Core", Owner: false}, - "6": {Team: "Core", Owner: false}, - }, - CodeReviewersOmit: map[string]bool{}, - // Default. - Admins: []string{ - "1", - "2", - }, - }, - } - tests := []struct { - desc string - author string - reviews []github.Review - result bool - }{ - { - desc: "no-reviews-fail", - author: "5", - reviews: []github.Review{}, - result: false, - }, - { - desc: "two-non-admin-reviews-fail", - author: "5", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: approved}, - }, - result: false, - }, - { - desc: "one-admin-reviews-fail", - author: "5", - reviews: []github.Review{ - {Author: "1", State: approved}, - {Author: "4", State: approved}, - }, - result: false, - }, - { - desc: "two-admin-reviews-one-denied-success", - author: "5", - reviews: []github.Review{ - {Author: "1", State: changesRequested}, - {Author: "2", State: approved}, - }, - result: false, - }, - { - desc: "two-admin-reviews-success", - author: "5", - reviews: []github.Review{ - {Author: "1", State: approved}, - {Author: "2", State: approved}, - }, - result: true, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - err := r.CheckExternal(test.author, test.reviews) - if test.result { - require.NoError(t, err) - } else { - require.Error(t, err) - } - }) - } -} - -// TestCheckInternal checks internal reviews. -func TestCheckInternal(t *testing.T) { - r := &Assignments{ - c: &Config{ - // Code. - CodeReviewers: map[string]Reviewer{ - "1": {Team: "Core", Owner: true}, - "2": {Team: "Core", Owner: true}, - "3": {Team: "Core", Owner: true}, - "9": {Team: "Core", Owner: true}, - "4": {Team: "Core", Owner: false}, - "5": {Team: "Core", Owner: false}, - "6": {Team: "Core", Owner: false}, - "8": {Team: "Internal", Owner: false}, - "10": {Team: "Cloud", Owner: false}, - "11": {Team: "Cloud", Owner: false}, - "12": {Team: "Cloud", Owner: false}, - }, - // Docs. - DocsReviewers: map[string]Reviewer{ - "7": {Team: "Core", Owner: true}, - }, - DocsReviewersOmit: map[string]bool{}, - CodeReviewersOmit: map[string]bool{}, - // Default. - Admins: []string{ - "1", - "2", - }, - }, - } - tests := []struct { - desc string - author string - reviews []github.Review - docs bool - code bool - result bool - }{ - { - desc: "no-reviews-fail", - author: "4", - reviews: []github.Review{}, - result: false, - }, - { - desc: "docs-only-no-reviews-fail", - author: "4", - reviews: []github.Review{}, - docs: true, - code: false, - result: false, - }, - { - desc: "docs-only-non-docs-approval-fail", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - }, - docs: true, - code: false, - result: false, - }, - { - desc: "docs-only-docs-approval-success", - author: "4", - reviews: []github.Review{ - {Author: "7", State: approved}, - }, - docs: true, - code: false, - result: true, - }, - { - desc: "code-only-no-reviews-fail", - author: "4", - reviews: []github.Review{}, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-one-approval-fail", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-two-approval-setb-fail", - author: "4", - reviews: []github.Review{ - {Author: "5", State: approved}, - {Author: "6", State: approved}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-one-changes-fail", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: changesRequested}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-two-approvals-success", - author: "6", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: approved}, - }, - docs: false, - code: true, - result: true, - }, - { - desc: "docs-and-code-only-docs-approval-fail", - author: "6", - reviews: []github.Review{ - {Author: "7", State: approved}, - }, - docs: true, - code: true, - result: false, - }, - { - desc: "docs-and-code-only-code-approval-fail", - author: "6", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: approved}, - }, - docs: true, - code: true, - result: false, - }, - { - desc: "docs-and-code-docs-and-code-approval-success", - author: "6", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: approved}, - {Author: "7", State: approved}, - }, - docs: true, - code: true, - result: true, - }, - { - desc: "code-only-internal-on-approval-failure", - author: "8", - reviews: []github.Review{ - {Author: "3", State: approved}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-internal-code-approval-success", - author: "8", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "4", State: approved}, - }, - docs: false, - code: true, - result: true, - }, - { - desc: "code-only-internal-two-code-owner-approval-success", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "9", State: approved}, - }, - docs: false, - code: true, - result: true, - }, - { - desc: "code-only-changes-requested-after-approval-failure", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "9", State: approved}, - {Author: "9", State: changesRequested}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "code-only-comment-after-approval-success", - author: "4", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "9", State: approved}, - {Author: "9", State: commented}, - }, - docs: false, - code: true, - result: true, - }, - { - desc: "cloud-with-self-approval-failure", - author: "10", - reviews: []github.Review{ - {Author: "11", State: approved}, - {Author: "12", State: approved}, - }, - docs: false, - code: true, - result: false, - }, - { - desc: "cloud-with-core-approval-success", - author: "10", - reviews: []github.Review{ - {Author: "3", State: approved}, - {Author: "9", State: approved}, - }, - docs: false, - code: true, - result: true, - }, - } - for _, test := range tests { - t.Run(test.desc, func(t *testing.T) { - err := r.CheckInternal(test.author, test.reviews, test.docs, test.code) - if test.result { - require.NoError(t, err) - } else { - require.Error(t, err) - } - }) - } -} - -// TestFromString tests if configuration is correctly read in from a string. -func TestFromString(t *testing.T) { - r, err := FromString(reviewers) - require.NoError(t, err) - - require.EqualValues(t, r.c.CodeReviewers, map[string]Reviewer{ - "1": Reviewer{ - Team: "Core", - Owner: true, - }, - "2": Reviewer{ - Team: "Core", - Owner: false, - }, - }) - require.EqualValues(t, r.c.CodeReviewersOmit, map[string]bool{ - "3": true, - }) - require.EqualValues(t, r.c.DocsReviewers, map[string]Reviewer{ - "4": Reviewer{ - Team: "Core", - Owner: true, - }, - "5": Reviewer{ - Team: "Core", - Owner: false, - }, - }) - require.EqualValues(t, r.c.DocsReviewersOmit, map[string]bool{ - "6": true, - }) - require.EqualValues(t, r.c.Admins, []string{ - "7", - "8", - }) -} - -const reviewers = ` -{ - "codeReviewers": { - "1": { - "team": "Core", - "owner": true - }, - "2": { - "team": "Core", - "owner": false - } - }, - "codeReviewersOmit": { - "3": true - }, - "docsReviewers": { - "4": { - "team": "Core", - "owner": true - }, - "5": { - "team": "Core", - "owner": false - } - }, - "docsReviewersOmit": { - "6": true - }, - "admins": [ - "7", - "8" - ] -} -` diff --git a/.github/workflows/robot/main.go b/.github/workflows/robot/main.go deleted file mode 100644 index c8d0a335ae698..0000000000000 --- a/.github/workflows/robot/main.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2021 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "context" - "encoding/base64" - "flag" - "log" - "time" - - "github.com/gravitational/teleport/.github/workflows/robot/internal/bot" - "github.com/gravitational/teleport/.github/workflows/robot/internal/env" - "github.com/gravitational/teleport/.github/workflows/robot/internal/github" - "github.com/gravitational/teleport/.github/workflows/robot/internal/review" - - "github.com/gravitational/trace" -) - -func main() { - workflow, token, reviewers, err := parseFlags() - if err != nil { - log.Fatalf("Failed to parse flags: %v.", err) - } - - // Cancel run if it takes longer than 1 minute. - // - // To re-run a job go to the Actions tab in the Github repo, go to the run - // that failed, and click the "Re-run all jobs" button in the top right corner. - ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) - defer cancel() - - b, err := createBot(ctx, token, reviewers) - if err != nil { - log.Fatalf("Failed to create bot: %v.", err) - } - - log.Printf("Running %v.", workflow) - - switch workflow { - case "assign": - err = b.Assign(ctx) - case "check": - err = b.Check(ctx) - case "dismiss": - err = b.Dismiss(ctx) - case "label": - err = b.Label(ctx) - case "backport": - err = b.Backport(ctx) - default: - err = trace.BadParameter("unknown workflow: %v", workflow) - } - if err != nil { - log.Fatalf("Workflow %v failed: %v.", workflow, err) - } - - log.Printf("Workflow %v complete.", workflow) -} - -func parseFlags() (string, string, string, error) { - var ( - workflow = flag.String("workflow", "", "specific workflow to run [assign, check, dismiss]") - token = flag.String("token", "", "GitHub authentication token") - reviewers = flag.String("reviewers", "", "reviewer assignments") - ) - flag.Parse() - - if *workflow == "" { - return "", "", "", trace.BadParameter("workflow missing") - } - if *token == "" { - return "", "", "", trace.BadParameter("token missing") - } - if *reviewers == "" { - return "", "", "", trace.BadParameter("reviewers required for assign and check") - } - - data, err := base64.StdEncoding.DecodeString(*reviewers) - if err != nil { - return "", "", "", trace.Wrap(err) - } - - return *workflow, *token, string(data), nil -} - -func createBot(ctx context.Context, token string, reviewers string) (*bot.Bot, error) { - gh, err := github.New(ctx, token) - if err != nil { - return nil, trace.Wrap(err) - } - environment, err := env.New() - if err != nil { - return nil, trace.Wrap(err) - } - reviewer, err := review.FromString(reviewers) - if err != nil { - return nil, trace.Wrap(err) - } - b, err := bot.New(&bot.Config{ - GitHub: gh, - Environment: environment, - Review: reviewer, - }) - if err != nil { - return nil, trace.Wrap(err) - } - - return b, nil -} diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml new file mode 100644 index 0000000000000..b46d4bc3dfd15 --- /dev/null +++ b/.github/workflows/terraform-lint.yaml @@ -0,0 +1,26 @@ +name: Lint (Terraform) + +on: + push: + branches: + - master + - branch/* + paths: + - '**.tf' + - '**.tf.json' + - '**.hcl' + pull_request: + paths: + - '**.tf' + - '**.tf.json' + - '**.hcl' + workflow_dispatch: + +jobs: + terraform-lint: + uses: gravitational/shared-workflows/.github/workflows/terraform-lint.yaml@main + permissions: + actions: read + contents: read + pull-requests: write + security-events: write diff --git a/.gitignore b/.gitignore index b8f41bf0d10a5..1c5067dd65534 100644 --- a/.gitignore +++ b/.gitignore @@ -78,4 +78,7 @@ ssh.config # Go workspace files go.work -go.work.sum \ No newline at end of file +go.work.sum + +# Buf side-effects +/github.com diff --git a/.golangci.yml b/.golangci.yml index 8a1ce31ad43a1..49f62249027f1 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -34,9 +34,9 @@ linters-settings: include-go-root: true # check against stdlib packages-with-error-message: - io/ioutil: 'use "io" or "os" packages instead' - - github.com/siddontang/go/log: 'use "github.com/sirupsen/logrus" instead' + - github.com/golang/protobuf: 'use "google.golang.org/protobuf"' - github.com/siddontang/go-log/log: 'use "github.com/sirupsen/logrus" instead' - + - github.com/siddontang/go/log: 'use "github.com/sirupsen/logrus" instead' output: uniq-by-line: false diff --git a/CHANGELOG.md b/CHANGELOG.md index abd9bb95d9e74..58da77ba5f8fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,922 @@ # Changelog +## 10.3.1 + +This release of Teleport contains a security fix, as well as multiple improvements and bug fixes. + +### Audit log escape for non-interactive commands + +Fixed multiple issues with SSH commands escaping audit logs in certain scenarios. + +[#16813](https://github.com/gravitational/teleport/pull/16813) +[#16905](https://github.com/gravitational/teleport/pull/16905) + +### Other fixes and improvements + +* Fixed issue with RDS auto-discovery of a secondary cluster of a global Aurora database. [#16710](https://github.com/gravitational/teleport/pull/16710) +* Added Kubernetes Access support to Teleport Connect. [webapps#1201](https://github.com/gravitational/webapps/pull/1201) +* Added Elasticsearch support to Database Access. [#16873](https://github.com/gravitational/teleport/pull/16873) +* Added information about available security releases to `tsh status`. [#16850](https://github.com/gravitational/teleport/pull/16850) +* Improved error handling when registering MFA devices. [#16765](https://github.com/gravitational/teleport/pull/16765) +* Updated default AWS install script to use v2 metadata API. [#16664](https://github.com/gravitational/teleport/pull/16664) +* Updated `tsh db connect` hint to not display `--db-user` and `--db-name` flags unless needed. [#16747](https://github.com/gravitational/teleport/pull/16747) + +## 10.2.6 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with connecting to servers with some GUI clients e.g. PyCharm. [#16662](https://github.com/gravitational/teleport/pull/16662) +* Fixed issue with connecting to SQL Server in a leaf cluster through the local proxy. [#16616](https://github.com/gravitational/teleport/pull/16616) +* Fixed regression issue introduced in `10.2.3` with enterprise specific web UI pages returning errors. [webapps#1212](https://github.com/gravitational/webapps/pull/1212) +* Added support for simplified Active Directory configuration in Desktop Access. [#16623](https://github.com/gravitational/teleport/pull/16623) + +## 10.2.4 + +**Known issues:** Due to a regression enterprise features are not available via +the web UI in this release. Please upgrade to `10.2.6` or newer. + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `tsh login` sometimes hanging when using U2F devices. [#16657](https://github.com/gravitational/teleport/pull/16657) +* Fixed issue with large etcd backend size growth in clusters handling thousands of concurrent sessions. [#16659](https://github.com/gravitational/teleport/pull/16659) +* Fixed issue with etcd backend only using a single certificate from the configured CA bundle. [#16598](https://github.com/gravitational/teleport/pull/16598) +* Fixed issue with `tsh db env` returning errors when TLS routing is enabled. [#16468](https://github.com/gravitational/teleport/pull/16468) +* Fixed issue with intermittent failures when connecting to leaf cluster nodes. [#16685](https://github.com/gravitational/teleport/pull/16685) +* Fixed issue with missing timestamp in `session.end` events. [#16566](https://github.com/gravitational/teleport/pull/16566) +* Added `minReadySeconds` setting to `teleport-cluster` Helm chart. [#16675](https://github.com/gravitational/teleport/pull/16675) +* Added support for automatic EC2 instance discovery and enrollment. [#16006](https://github.com/gravitational/teleport/pull/16006), [#16588](https://github.com/gravitational/teleport/pull/16588) +* Added `allow_unverified_email` parameter to OIDC connectors allowing to opt out of email verification. [#16142](https://github.com/gravitational/teleport/pull/16142) +* Added support for TLS routing for Database Access when Teleport is deployed behind an ALB. [#16415](https://github.com/gravitational/teleport/pull/16415) +* Added support for providing custom CAs to `teleport-cluster` Helm chart. [#16325](https://github.com/gravitational/teleport/pull/16325) + +## 10.2.2 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `tsh` on Windows failing to lock `known_hosts` file. [#16441](https://github.com/gravitational/teleport/pull/16441) +* Fixed issue with `tsh` producing auditd errors on certain kernels. [#16448](https://github.com/gravitational/teleport/pull/16448) +* Fixed issue with upgraded clusters not being able to test connection in the new node joining wizard. [#16399](https://github.com/gravitational/teleport/pull/16399) +* Fixed issue with some Kubernetes clients failing when trying to use exec API through Kubernetes Access. [#16282](https://github.com/gravitational/teleport/pull/16282) +* Fixed issue with `tsh ssh` returning "access denied" when connecting to nodes by labels in some cases. [#16324](https://github.com/gravitational/teleport/pull/16324) +* Updated Helm charts to support Kubernetes v1.25. [#16343](https://github.com/gravitational/teleport/pull/16343) +* Updated IAM joining to use FIPS STS endpoints when running in FIPS mode. [#16374](https://github.com/gravitational/teleport/pull/16374) +* Added `tctl alerts create` command to allow administrators to set custom alerts. [#16290](https://github.com/gravitational/teleport/pull/16290) +* Added EC2 joining support for Windows Desktop Service. [#16438](https://github.com/gravitational/teleport/pull/16438) + +## 10.2.1 + +This release of Teleport contains a security fix as well as multiple bug fixes. + +### Upgraded Go to 1.18.6 + +Teleport build infrastructure has been upgraded to include security fixes from +the latest Go 1.18.6 release. + +See Go [security announcement](https://groups.google.com/g/golang-announce/c/x49AQzIVX-s) +for details. + +### Other fixes + +* Fixed issue with invalid `TeleportHostname` tag name breaking automatic AWS labels import. [#16015](https://github.com/gravitational/teleport/pull/16015) +* Fixed issue with corrupted `known_hosts` file when using `tsh` concurrently. [#16203](https://github.com/gravitational/teleport/pull/16203) +* Fixed potential panic in `tctl` commands. [#16255](https://github.com/gravitational/teleport/pull/16255) +* Fixed issue with a dot being appended to the token value generated with `tctl auth sign`. [#16238](https://github.com/gravitational/teleport/pull/16238) +* Fixed issue with executing SSH commands on multiple nodes when per-session MFA is enabled. [#16148](https://github.com/gravitational/teleport/pull/16148) +* Updated the new "Add server" wizard to gracefully treat lack of permissions. [webapps#1187](https://github.com/gravitational/webapps/pull/1187) +* Added SFTP events to audit log. [webapps#1188](https://github.com/gravitational/webapps/pull/1188) + +## 10.2.0 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `tsh` reporting "no suitable devices found" when using Yubikeys. [#16011](https://github.com/gravitational/teleport/pull/16011) +* Fixed potential panic when using unsupported Google application credentials file. [#16042](https://github.com/gravitational/teleport/pull/16042) +* Fixed issue with database connections getting terminated due to idle timeout when running long queries. [#16017](https://github.com/gravitational/teleport/pull/16017) +* Fixed issue with `tsh ssh` and `tsh aws` commands failing with "unknown flag" errors. [#16094](https://github.com/gravitational/teleport/pull/16094) +* Fixed issue with empty Github connector fields being always marshaled. [#16012](https://github.com/gravitational/teleport/pull/16012) +* Fixed issue with SSH sessions not properly terminating in some cases. [#16065](https://github.com/gravitational/teleport/pull/16065) +* Introduced a new web UI guided wizard for joining SSH nodes. [#16169](https://github.com/gravitational/teleport/pull/16169), [#16087](https://github.com/gravitational/teleport/pull/16087) +* Added support for Azure PostgreSQL and MySQL databases auto-discovery. [#15988](https://github.com/gravitational/teleport/pull/15988), [#15990](https://github.com/gravitational/teleport/pull/15990), [#15989](https://github.com/gravitational/teleport/pull/15989), [#15991](https://github.com/gravitational/teleport/pull/15991), [#15992](https://github.com/gravitational/teleport/pull/15992) +* Added support for directory sharing to Desktop Access. [#16054](https://github.com/gravitational/teleport/pull/16054) +* Added new Teleport version notifications to `tsh login` and `tsh status`. [#16180](https://github.com/gravitational/teleport/pull/16180) +* Added support for sending session events to Linux Audit System (`auditd`). [#16140](https://github.com/gravitational/teleport/pull/16140) +* Added `--browser=none` support to `tctl sso test` command that prints the URL in the console. [#16086](https://github.com/gravitational/teleport/pull/16086) +* Added retries to biometric key authentication when using unregistered fingerprint. [#15947](https://github.com/gravitational/teleport/pull/15947) +* Added support for IAM joining in AWS China regions. [#15915](https://github.com/gravitational/teleport/pull/15915) +* Added support for AWS Console Access in AWS GovCloud regions. [#16067](https://github.com/gravitational/teleport/pull/16067) +* Added the lock target to `lock.create` audit events. [#15981](https://github.com/gravitational/teleport/pull/15981) +* Updated `tctl bots add` to display correct proxy address. [#16089](https://github.com/gravitational/teleport/pull/16089) +* Updated Access Requests to include appropriate `--request-id` flag to generated `tsh login` command. [#15962](https://github.com/gravitational/teleport/pull/15962) +* Increased maximum backend range limit to account for clusters with a lot of node churn. [#16103](https://github.com/gravitational/teleport/pull/16103) + +## 10.1.9 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed log spam issues related to EC2 tags import. [#15179](https://github.com/gravitational/teleport/pull/15179) +* Fixed issue with `tctl auth sign` not including SNI in generated kubeconfig in TLS routing mode. [#15632](https://github.com/gravitational/teleport/pull/15632) +* Fixed issue with inability to set wildcard labels in Teleport Operator resources. [#15600](https://github.com/gravitational/teleport/pull/15600) +* Fixed issue with nodes not being displayed when user does not have valid principals. [#15797](https://github.com/gravitational/teleport/pull/15797) +* Fixed issue with JWT headers not being passed through on websocket requests in App Access. [#15738](https://github.com/gravitational/teleport/pull/15738) +* Fixed issue with `tsh aws s3` failing on paths with special characters. [#15819](https://github.com/gravitational/teleport/pull/15819) +* Fixed issue with `get-kubeconfig.sh` script not working with Kubernets 1.24+. [#15617](https://github.com/gravitational/teleport/pull/15617) +* Fixed issue with `tsh mfa rm` not deleting Touch ID credentials. [#15675](https://github.com/gravitational/teleport/pull/15675) +* Fixed issue with inability to add webauthn devices in Web UI when local auth is disabled. [#15776](https://github.com/gravitational/teleport/pull/15776) +* Fixed issue with SAML login failing in some scenarios. [#15886](https://github.com/gravitational/teleport/pull/15886) +* Fixed issue with Firestore backend pagination. [#13756](https://github.com/gravitational/teleport/pull/13756) +* Fixed issue with unescaped path parameter causing failure on initial direct access to proxied application. [#15908](https://github.com/gravitational/teleport/pull/15908) +* Fixed issue with Github connector's deprecated `teams_to_logins` field always being marshaled. [#15933](https://github.com/gravitational/teleport/pull/15933) +* Added ability for reverse tunnel agents to join over reverse tunnel port without exposing web UI. [#13598](https://github.com/gravitational/teleport/pull/13598) +* Added `ssh_file_copy` role option allowing to disable scp and SFTP file copying. [#15853](https://github.com/gravitational/teleport/pull/15853) +* Added ability to disable local auth in teleport-cluster Helm chart. [#15595](https://github.com/gravitational/teleport/pull/15595) +* Added support for `tsh` alias subcommands. [#14919](https://github.com/gravitational/teleport/pull/14919) +* Added support for AWS China and GovCloud regions to Database Access. [#15583](https://github.com/gravitational/teleport/pull/15583) +* Added `tctl alerts` command for managing cluster alerts. [#15694](https://github.com/gravitational/teleport/pull/15694) +* Added support for IdP initiated SAML logins. [#15733](https://github.com/gravitational/teleport/pull/15733) +* Updated `tsh db env/config` commands to not show erroneous information in unsupported scenarios. [#15734](https://github.com/gravitational/teleport/pull/15734) +* Improved connection reliability in proxy peering mode. [#15313](https://github.com/gravitational/teleport/pull/15313) +* Improved error messaging in joined Kubernetes sessions. [#15492](https://github.com/gravitational/teleport/pull/15492) +* Improved network utilization on proxies. [#15838](https://github.com/gravitational/teleport/pull/15838) +* Added RDP licensing negotiation [gravitational/rdp-rs#17](https://github.com/gravitational/rdp-rs/pull/17) + +## 10.1.4 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `--allow-passwordless` flag being ignored for `tsh mfa add`. [#15137](https://github.com/gravitational/teleport/pull/15137) +* Fixed issues with MFA registration via web UI. [#14984](https://github.com/gravitational/teleport/pull/14984) +* Fixed issue with LetsEncrypt state not being properly synced when Auth Servers are in an ASG. [#15214](https://github.com/gravitational/teleport/pull/15214) +* Fixed issue with node names not being populated in audit log in proxy session recording mode. [#14992](https://github.com/gravitational/teleport/pull/14992) +* Fixed issue with `--no-enable-escape-sequences` flag not being respected by `tsh`. [#14456](https://github.com/gravitational/teleport/pull/14456) +* Fixed issue with non-existent target directory when using `teleport configure`. [#15352](https://github.com/gravitational/teleport/pull/15352) +* Fixed issue with unknown audit log events when using TCP app access. [#15406](https://github.com/gravitational/teleport/pull/15406) +* Fixed issue with cluster name missing on `session.upload` events. [#15239](https://github.com/gravitational/teleport/pull/15239) +* Fixed issue with automatic node join script expecting `teleport` binary to be present in PATH. [#15473](https://github.com/gravitational/teleport/pull/15473) +* Fixed issue with Desktop Access always trying to use LDAP servers for DNS requests. [#15255](https://github.com/gravitational/teleport/pull/15255) +* Fixed potential panic in Auth Server during concurrent streams of the same session. [#15360](https://github.com/gravitational/teleport/pull/15360) +* Fixed issue with `kubectl` getting "malformed HTTP response" error during simultaneous use. [#15464](https://github.com/gravitational/teleport/pull/15464) +* Added ability to control session recording mode in `teleport-cluster` Helm chart. [#15003](https://github.com/gravitational/teleport/pull/15003) +* Added ability to control DynamoDB auto-scaling in `teleport-cluster` Helm chart. [#15122](https://github.com/gravitational/teleport/pull/15122) +* Added passwordless support to Teleport Connect. [#15265](https://github.com/gravitational/teleport/pull/15265) +* Added proxy protocol support to the SSH proxy endpoint. [#15086](https://github.com/gravitational/teleport/pull/15086) +* Added `teleport install systemd` command that installs Teleport as a systemd service. [#15270](https://github.com/gravitational/teleport/pull/15270) +* Added tracing to SSH sessions. [#15228](https://github.com/gravitational/teleport/pull/15228) +* Added `tsh recordings ls` command that displays available session recordings. [#15429](https://github.com/gravitational/teleport/pull/15429) +* Added variable playback speed to Desktop Access session recordings. [#15326](https://github.com/gravitational/teleport/pull/15326) +* Added support for login traits to Machine ID bots. [#15470](https://github.com/gravitational/teleport/pull/15470) +* Improved error handling when using Yubikeys. [#15395](https://github.com/gravitational/teleport/pull/15395) +* Updated `tctl users update` commmand to allow setting additional user traits. [#15108](https://github.com/gravitational/teleport/pull/15108) +* Updated Machine ID generated certificate names to be compatible with default OpenSSH configuration. [#15297](https://github.com/gravitational/teleport/pull/15297) +* Updated AWS CLI access to capture AWS requests in the audit log. [#15207](https://github.com/gravitational/teleport/pull/15207) + +## 10.1.2 + +Teleport 10.1 is a minor release that brings the following new features: + +* Machine ID support for Kubernetes Access (Preview). [#14550](https://github.com/gravitational/teleport/pull/14550) +* Machine ID support for Application Access (Preview). [#14723](https://github.com/gravitational/teleport/pull/14723) +* Machine ID support for CA rotation. [#14431](https://github.com/gravitational/teleport/pull/14431) +* Kubernetes Operator (Preview). [#14860](https://github.com/gravitational/teleport/pull/14860) +* Plain TCP applications support for Application Access (Preview). [#14896](https://github.com/gravitational/teleport/pull/14896) + +In addition, this release of Teleport contains a security fix, as well as multiple improvements and bug fixes. + +Security fix: + +* Fixed issue with token not being validated when generating a join script. [#14944](https://github.com/gravitational/teleport/pull/14944) + +Other improvements and bug fixes: + +* Fixed "no suitable devices found" libfido2 error. [#14795](https://github.com/gravitational/teleport/pull/14795) +* Fixed "access denied" error when joining a session. [#14770](https://github.com/gravitational/teleport/pull/14770) +* Fixed issue with `tsh status` not respecting `TELEPORT_HOME` environment variable. [#14335](https://github.com/gravitational/teleport/pull/14335) +* Fixed issue with Ctrl-C hanging for paused sessions. [#14511](https://github.com/gravitational/teleport/pull/14511) +* Fixed "access denied" error when creating tokens in web UI. [#14624](https://github.com/gravitational/teleport/pull/14624) +* Fixed issue with resource access request being lost when assuming a role access request. [#14711](https://github.com/gravitational/teleport/pull/14711) +* Fixed issue with `tbot` not exiting correctly in one-shot mode. [#14683](https://github.com/gravitational/teleport/pull/14683) +* Fixed issue with time not being correctly set on `session.upload` events. [#14559](https://github.com/gravitational/teleport/pull/14559) +* Fixed issue with Teleport components not becoming ready when desktop access is enabled. [#14839](https://github.com/gravitational/teleport/pull/14839) +* Fixed issue with `ssh-add` commands triggering "chan_read_shutdown" error in stdout when using OpenSSH client on Windows. [#15049](https://github.com/gravitational/teleport/pull/15049) +* Fixed issue with corrupted web UI file transfers. [#15044](https://github.com/gravitational/teleport/pull/15044) +* Improved error message for failed SSO authorization. [#14595](https://github.com/gravitational/teleport/pull/14595) +* Improved error when starting database service with invalid configuration. [#14515](https://github.com/gravitational/teleport/pull/14515) +* Updated `tsh proxy ssh` to automatically re-log user in. [#14814](https://github.com/gravitational/teleport/pull/14814) +* Added TouchID credential picker. [#14643](https://github.com/gravitational/teleport/pull/14643) +* Added ability to set public addresses in teleport-cluster Helm chart. [#14768](https://github.com/gravitational/teleport/pull/14768) +* Added support for application and database dynamic registration in Helm charts. [#14881](https://github.com/gravitational/teleport/pull/14881) +* Added ability to override AWS database name via `teleport.dev/database-name` tag. [#14799](https://github.com/gravitational/teleport/pull/14799) +* Added extra flags to `teleport db configure` command. [#14654](https://github.com/gravitational/teleport/pull/14654) +* Added `tsh request drop` command. [#14843](https://github.com/gravitational/teleport/pull/14843) +* Added ability to call `tsh proxy db` without calling `tsh db login` first. [#14798](https://github.com/gravitational/teleport/pull/14798) +* Added Prometheus metrics for S3 requests. [#14664](https://github.com/gravitational/teleport/pull/14664) +* Added Prometheus metrics for DynamoDB requests. [#14757](https://github.com/gravitational/teleport/pull/14757) +* Added support for exporting traces to a file. [#14746](https://github.com/gravitational/teleport/pull/14746) +* Added SFTP subsystem support. [#14209](https://github.com/gravitational/teleport/pull/14209) + +## 10.0.2 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `tsh proxy ssh` command shelling out to `ssh` in non TLS routing mode. [#14522](https://github.com/gravitational/teleport/pull/14522) +* Fixed issue with being able to create users with invalid roles via API. [#14459](https://github.com/gravitational/teleport/pull/14459) +* Fixed issue with `tsh login` erroring out on non-existent PuTTY key file on Windows. [#14572](https://github.com/gravitational/teleport/pull/14572) +* Fixed issue with application service not failing correctly with invalid configuration. [#14478](https://github.com/gravitational/teleport/pull/14478) +* Improved error message when joining with invalid host ID using EC2 join method. [#14494](https://github.com/gravitational/teleport/pull/14494) +* Include Machine ID's `tbot` binary in Docker images. [#14462](https://github.com/gravitational/teleport/pull/14462) + +## 10.0.1 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed "unsupported option" error when using passwordless with some hardware keys. [#14198](https://github.com/gravitational/teleport/pull/14198) +* Fixed issue with automatic user provisioning creading invalid sudoer files for some usernames. [#14364](https://github.com/gravitational/teleport/pull/14364) +* Fixed a number of issues with X11 forwarding on Mac and Windows. [#14437](https://github.com/gravitational/teleport/pull/14437) +* Fixed interoperability issues between newer OpenSSH clients and Teleport. [#14442](https://github.com/gravitational/teleport/pull/14442) +* Fixed issue causing Teleport instances running both Auth and Node services to emit `TeleportDegraded` events. [#14314](https://github.com/gravitational/teleport/pull/14314) +* Fixed issue with HTTP proxy basic auth not being respected. [#14322](https://github.com/gravitational/teleport/pull/14322) +* Fixed issue with blank `--ca-pin` flag overriding configuration. [#14361](https://github.com/gravitational/teleport/pull/14361) +* Fixed potential panic in Desktop Access. [#14445](https://github.com/gravitational/teleport/pull/14445) +* Fixed issue with App Access redirect to a URL containing "nil". [#14393](https://github.com/gravitational/teleport/pull/14393) +* Fixed issues with resource request approvals in Web UI. [#14444](https://github.com/gravitational/teleport/pull/14444) +* Fixed issue with resource request approvals for Windows Desktops. [#14452](https://github.com/gravitational/teleport/pull/14452) +* Fixed issue with Machine ID ignoring configured certificate TTL. [#14338](https://github.com/gravitational/teleport/pull/14338) +* Fixed issue with resource list results being different between Web UI and CLI. [#14472](https://github.com/gravitational/teleport/pull/14472) +* Added TouchID prompt message to `tsh`. [#14186](https://github.com/gravitational/teleport/pull/14186) +* Added hint about `--user` flag to `tsh login`. [#14253](https://github.com/gravitational/teleport/pull/14253) +* Added ability to update user principals using `tctl users update --set-logins` command. [#14390](https://github.com/gravitational/teleport/pull/14390) +* Added CA rotation support to Machine ID. [#14431](https://github.com/gravitational/teleport/pull/14431) +* Added `--format` flag to `tsh proxy aws` command. [#14447](https://github.com/gravitational/teleport/pull/14447) +* Improved `tsh login` error message when Proxy public address is not set. [#14338](https://github.com/gravitational/teleport/pull/14338) +* Improved `tsh db ls` performance for users with many roles. [#14284](https://github.com/gravitational/teleport/pull/14284) +* Start PostgreSQL listener when Proxy runs in `--insecure-no-tls` mode. [#14327](https://github.com/gravitational/teleport/pull/14327) +* Create PuTTY compatible key pair on `tsh login`. [#14383](https://github.com/gravitational/teleport/pull/14383) +* Display Kubernetes session in the list of active sessions in Web UI. [#14360](https://github.com/gravitational/teleport/pull/14360) +* Reduced the number of cache reads in healthy clusters. [#14304](https://github.com/gravitational/teleport/pull/14304) + ## 10.0.0 -Teleport 10.0 is a major release of Teleport that contains new features, improvements, and bug fixes. +Teleport 10 is a major release that brings the following new features. -### Breaking Changes +Platform: + +* Passwordless (Preview) +* Resource Access Requests (Preview) +* Proxy Peering (Preview) + +Server Access: + +* IP-Based Restrictions (Preview) +* Automatic User Provisioning (Preview) + +Database Access: + +* Audit Logging for Microsoft SQL Server Database Access +* Snowflake Database Access (Preview) +* ElastiCache/MemoryDB Database Access (Preview) + +Teleport Connect: + +* Teleport Connect for Server and Database Access (Preview) + +Machine ID: + +* Machine ID Database Access Support (Preview) + +### Passwordless (Preview) + +Teleport 10 introduces passwordless support to your clusters. To use passwordless +users may register a security key with resident credentials or use a built-in +authenticator, like Touch ID. + +See https://goteleport.com/docs/access-controls/guides/passwordless/. + +### Resource Access Requests (Preview) + +Teleport 10 expands just-in-time access requests to allow for requesting access +to specific resources. This lets you grant users the least privileged access +needed for their workflows. + +Just-in-time access requests are only available in Teleport Enterprise Edition. + +### Proxy Peering (Preview) + +Proxy peering enables Teleport deployments to scale without an increase in load +from the number of agent connections. This is accomplished by allowing Proxy +Services to tunnel client connections to the desired agent through a neighboring +proxy and decoupling the number of agent connections from the number of Proxies. + +Proxy peering can be enabled with the following configurations: + +```yaml +auth_service: + tunnel_strategy: + type: proxy_peering + agent_connection_count: 1 +``` + +```yaml +proxy_service: + peer_listen_addr: 0.0.0.0:3021 +``` + +Network connectivity between proxy servers to the `peer_listen_addr` is required +for this feature to work. + +Proxy peering is only available in Teleport Enterprise Edition. + +### IP-Based Restrictions (Preview) + +Teleport 10 introduces a new role option to pin the source IP in SSH +certificates. When enabled, the source IP that was used to request certificates +is embedded in the certificate, and SSH servers will reject connection attempts +from other IPs. This protects against attacks where valid credentials are +exfiltrated from disk and copied out into other environments. + +IP-based restrictions are only available in Teleport Enterprise Edition. + +### Automatic User Provisioning (Preview) + +Teleport 10 can be configured to automatically create Linux host users upon +login without having to use Teleport's PAM integration. Users can be added to specific +Linux groups and assigned appropriate “sudoer” privileges. + +To learn more about configuring automatic user provisioning read the guide: +https://goteleport.com/docs/server-access/guides/host-user-creation/. + +### Audit Logging for Microsoft SQL Server Database Access + +Teleport 9 introduced a preview of Database Access support for Microsoft SQL +Server which didn’t include audit logging of user queries. Teleport 10 captures +users' queries and prepared statements and sends them to the audit log, similarly +to other supported database protocols. + +Teleport Database Access for SQL Server remains in Preview mode with more UX +improvements coming in future releases. + +Refer to the guide to set up access to a SQL Server with Active Directory +authentication: https://goteleport.com/docs/database-access/guides/sql-server-ad/. + +### Snowflake Database Access (Preview) + +Teleport 10 brings support for Snowflake to Database Access. Administrators can +set up access to Snowflake databases through Teleport for their users with +standard Database Access features like role-based access control and audit +logging, including query activity. + +Connect your Snowflake database to Teleport following this guide: +https://goteleport.com/docs/database-access/guides/snowflake/. + +### Elasticache/MemoryDB Database Access (Preview) + +Teleport 9 added Redis protocol support to Database Access. Teleport 10 improves +this integration by adding native support for AWS-hosted Elasticache and +MemoryDB, including auto-discovery and automatic credential management in some +deployment configurations. + +Learn more about it in this guide: +https://goteleport.com/docs/database-access/guides/redis-aws/. + +### Teleport Connect for Server and Database Access (Preview) + +Teleport Connect is a graphical macOS application that simplifies access to your +Teleport resources. Teleport Connect 10 supports Server Access and Database Access. +Other protocols and Windows support are coming in a future release. + +Get Teleport Connect installer from the macOS tab on the downloads page: +https://goteleport.com/download/. + +### Machine ID Database Access Support (Preview) + +In Teleport 10 we’ve added Database Access support to Machine ID. Applications +can use Machine ID to access databases protected by Teleport. + +You can find Machine ID guide for database access in the documentation: +https://goteleport.com/docs/machine-id/guides/databases/. + +### Breaking changes + +Please familiarize yourself with the following potentially disruptive changes in +Teleport 10 before upgrading. + +#### Auth Service version check + +Teleport 10 agents will now refuse to start if they detect that the Auth Service +is more than one major version behind them. You can use the `--skip-version-check` flag to +bypass the version check. + +Take a look at component compatibility guarantees in the documentation: +https://goteleport.com/docs/setup/operations/upgrading/#component-compatibility. + +#### HTTP_PROXY for reverse tunnels + +Reverse tunnel connections will now respect `HTTP_PROXY` environment variables. +This may result in reverse tunnel agents not being able to re-establish +connections if the HTTP proxy is set in their environment and does not allow +connections to the Teleport Proxy Service. + +Refer to the following documentation section for more details: +https://goteleport.com/docs/setup/reference/networking/#http-connect-proxies. + +#### New APT repos + +With Teleport 10 we’ve migrated to new APT repositories that now support +multiple release channels, Teleport versions and OS distributions. The new +repositories have been backfilled with Teleport versions starting from 6.2.31 +and we recommend upgrading to them. The old repositories will be maintained for +the foreseeable future. + +See updated installation instructions: +https://goteleport.com/docs/server-access/getting-started/#step-14-install-teleport-on-your-linux-host. + +#### Removed “tctl access ls” + +The `tctl access ls` command that returned information about user server access +within the cluster was removed. Please use a previous `tctl` version if you’d like +to keep using it. #### Relaxed session join permissions -In previous versions of Teleport users need full access to the node/Kubernetes pod in order to join a session. With Teleport 10.0 we have relaxed this requirement. Joining sessions remains deny-by-default as of Teleport 9.0 but now only `join_policy` statements as described in the [Moderated Sessions Guide](https://goteleport.com/docs/access-controls/guides/moderated-sessions/) are checked for session join RBAC. +In previous versions of Teleport users needed full access to a Node/Kubernetes +pod in order to join a session. Teleport 10 relaxes this requirement. Joining +sessions remains deny-by-default but now only `join_sessions` statements are +checked for session join RBAC. + +See the Moderated Sessions guide for more details: +https://goteleport.com/docs/access-controls/guides/moderated-sessions/. + +#### GitHub connectors + +The GitHub authentication connector’s `teams_to_logins` field is deprecated in favor of the new +`teams_to_roles` field. The old field will be removed in a future release. + +#### Teleport FIPS AWS endpoints + +Teleport 10 will now automatically use FIPS endpoints for AWS S3 and DynamoDB +when started with the `--fips` flag. You can use the `use_fips_endpoint=false` +connection endpoint option to use regular endpoints for Teleport in FIPS mode, +for example: + +``` +s3://bucket/path?region=us-east-1&use_fips_endpoint=false +``` + +See the S3/DynamoDB backends documentation for more information: +https://goteleport.com/docs/setup/reference/backends/#s3. + +## 9.3.9 + +This release of Teleport contains a security fix, as well as multiple improvements and bug fixes. + +### Auth bypass in Moderated Sessions + +When checking a user’s roles prior to starting a session, Teleport may have +incorrectly allowed a session to proceed without moderation depending on the +order roles are received from the backend. + +### Other improvements and fixes + +* Fixed issue with per-session MFA swallowing keypresses. [#13822](https://github.com/gravitational/teleport/pull/13822) +* Fixed issue with `tsh db ls -R` now showing allowed users. [#13626](https://github.com/gravitational/teleport/pull/13626) +* Fixed vertical and horizontal scroll in desktop access. [#13905](https://github.com/gravitational/teleport/pull/13905) +* Fixed issue with invalid query filters forcing `tsh` relogin. [#13747](https://github.com/gravitational/teleport/pull/13747) +* Fixed issue with TLS routing and proxy jump. [#13928](https://github.com/gravitational/teleport/pull/13928) +* Fixed issue with MongoDB connections timing out in certain scenarios. [#13859](https://github.com/gravitational/teleport/pull/13859) +* Fixed issue with Machine ID certificate renewal with empty requested roles. [#13893](https://github.com/gravitational/teleport/pull/13893) +* Fixed issue with Windows desktops not being labeled with LDAP attribute labels. [#13681](https://github.com/gravitational/teleport/pull/13681) +* Fixed issue with desktop access streaming not being terminated properly. [#14024](https://github.com/gravitational/teleport/pull/14024) +* Added ability to use FIPS endpoints for S3 and DynamoDB using `use_fips_endpoint` connection option. [#13703](https://github.com/gravitational/teleport/pull/13703) +* Added ability to specify CA pin as a file path in the config. [#13089](https://github.com/gravitational/teleport/pull/13089) +* Improved reconnect reliability after root proxy restart. [#13967](https://github.com/gravitational/teleport/pull/13967) +* Improved error messages for failed auth client connections. [#13835](https://github.com/gravitational/teleport/pull/13835) + +## 9.3.7 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with startup delay caused by AWS EC2 check. [#13167](https://github.com/gravitational/teleport/pull/13167) +* Added `tsh ls -R` that displays resources across all clusters and profiles. [#13313](https://github.com/gravitational/teleport/pull/13313) +* Fixed issue with `tsh` not correctly reporting "address in use" error during port forwarding. [#13679](https://github.com/gravitational/teleport/pull/13679) +* Fixed two potential panics. [#13590](https://github.com/gravitational/teleport/pull/13590), [#13655](https://github.com/gravitational/teleport/pull/13655) +* Fixed issue with enhanced session recording not working on recent Ubuntu versions. [#13650](https://github.com/gravitational/teleport/pull/13650) +* Fixed issue with CA rotation when Database Service does not contain any databases. [#13517](https://github.com/gravitational/teleport/pull/13517) +* Fixed issue with Desktop Access connection failing with "invalid channel name rdpsnd" error. [#13450](https://github.com/gravitational/teleport/issues/13450) +* Fixed issue with invalid Teleport config when enabling IMDSv2 in Terraform config. [#13537](https://github.com/gravitational/teleport/pull/13537) + +## 9.3.6 + +This release of Teleport contains multiple improvements and bug fixes. + +* Added Unicode clipboard support to Desktop Access. [#13391](https://github.com/gravitational/teleport/pull/13391) +* Fixed backwards compatibility issue with fetch access requests from older servers. [#13490](https://github.com/gravitational/teleport/pull/13490) +* Fixed issue with Application Access requests periodically failing with 500 errors. [#13469](https://github.com/gravitational/teleport/pull/13469) +* Fixed issues with pagination when displaying applications. [#13451](https://github.com/gravitational/teleport/pull/13451) +* Fixed file descriptor leak in Machine ID. [#13386](https://github.com/gravitational/teleport/pull/13386) + +## 9.3.5 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed backwards compatibility issue with fetching access requests from older servers. [#13428](https://github.com/gravitational/teleport/pull/13428) +* Fixed issue with using Microsoft SQL Server Management Studio with Database Access. [#13337](https://github.com/gravitational/teleport/pull/13337) +* Added support for `tsh proxy ssh -J` to improve interoperability with OpenSSH clients. [#13311](https://github.com/gravitational/teleport/pull/13311) +* Added ability to provide security context in Helm charts. [#13286](https://github.com/gravitational/teleport/pull/13286) +* Added Application and Database Access support to reference AWS Terraform deployment. [#13383](https://github.com/gravitational/teleport/pull/13383) +* Improved reliability of dialing Auth Server through the Proxy. [#13399](https://github.com/gravitational/teleport/pull/13399) +* Improved `kubectl exec` auditing by logging access denied attempts. [#12831](https://github.com/gravitational/teleport/pull/12831), [#13400](https://github.com/gravitational/teleport/pull/13400) + +## 9.3.4 + +This release of Teleport contains multiple security, bug fixes and improvements. + +### Escalation attack in agent forwarding + +When setting up agent forwarding on the node, Teleport did not handle unix socket creation in a secure manner. + +This could have given a potential attacker an opportunity to get Teleport to change arbitrary file permissions to the attacker’s user. + +### Websockets CSRF + +When handling websocket requests, Teleport did not verify that the provided Bearer token was generated for the correct user. + +This could have allowed a malicious low privileged Teleport user to use a social engineering attack to gain higher privileged access on the same Teleport cluster. + +### Denial of service in access requests + +When accepting an access request, Teleport did not enforce the maximum request reason size. + +This could allow a malicious actor to mount a DoS attack by creating an access request with a very large request reason. + +### Auth bypass in moderated sessions + +When initializing a moderated session, Teleport did not discard participant’s input prior to the moderator joining. + +This could prevent a moderator from being able to interrupt a malicious command executed by a participant. + +### Other fixes + +* Fixed issue with stdin hijacking when per-session MFA is enabled. [#13212](https://github.com/gravitational/teleport/pull/13212) +* Added support for automatic tags import when running on AWS EC2. [#12593](https://github.com/gravitational/teleport/pull/12593) +* Added ability to use multiple redirect URLs in OIDC connectors. [#13046](https://github.com/gravitational/teleport/pull/13046) +* Fixed issue with ANSI escape sequences being broken when using `tsh` on Windows. [#13221](https://github.com/gravitational/teleport/pull/13221) +* Fixed issue with `tsh ssh` printing extra error upon exit if last command was unsuccessful. [#12903](https://github.com/gravitational/teleport/pull/12903) +* Added support for Proxy Protocol v2 in MySQL proxy. [#12993](https://github.com/gravitational/teleport/pull/12993) +* Upgraded to Go `v1.17.11`. [#13104](https://github.com/gravitational/teleport/pull/13104) +* Added Windows desktops labeling based on their LDAP attributes. [#13238](https://github.com/gravitational/teleport/pull/13238) +* Improved performance when listing resources for users with many roles. [#13263](https://github.com/gravitational/teleport/pull/13263) + +## 9.3.2 + +This release of Teleport contains two bug fixes. + +* Fixed issue with Machine ID's `tsh` version check. [#13037](https://github.com/gravitational/teleport/pull/13037) +* Fixed AWS related log spam in database agent when not running on AWS. [#12984](https://github.com/gravitational/teleport/pull/12984) + +## 9.3.0 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `tctl` not taking `TELEPORT_HOME` environment variable into account. [#12738](https://github.com/gravitational/teleport/pull/12738) +* Fixed issue with Redis `AUTH` command not always authenticating the user in database access. [#12754](https://github.com/gravitational/teleport/pull/12754) +* Fixed issue with Teleport not starting with deprecated U2F configuration. [#12826](https://github.com/gravitational/teleport/pull/12826) +* Fixed issue with `tsh db ls` not showing allowed users for leaf clusters. [#12853](https://github.com/gravitational/teleport/pull/12853) +* Fixed issue with `teleport configure` failing when given non-existent data directory. [#12806](https://github.com/gravitational/teleport/pull/12806) +* Fixed issue with `tctl` not outputting debug logs. [#12920](https://github.com/gravitational/teleport/pull/12920) +* Fixed issue with Kubernetes access not working when using default CA pool. [#12874](https://github.com/gravitational/teleport/pull/12874) +* Fixed issue with Machine ID not working in TLS routing mode. [#12990](https://github.com/gravitational/teleport/pull/12990) +* Improved connection performance in large clusters. [#12832](https://github.com/gravitational/teleport/pull/12832) +* Improved memory usage in large clusters. [#12724](https://github.com/gravitational/teleport/pull/12724) + +### Breaking Changes + +Teleport 9.3.0 reduces the minimum GLIBC requirement to 2.18 and enforces more +secure cipher suites for desktop access. + +As a result of these changes, desktop access users with desktops running Windows +Server 2012R2 will need to perform +[additional configuration](https://goteleport.com/docs/desktop-access/getting-started/#step-47-configure-a-certificate-for-rdp-connections) +to force Windows to use commpatible cipher suites. + +Windows desktops running Windows Server 2016 and newer will continue to operate +normally - no additional configuration is required. + +## 9.2.4 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed compatibility issue with agents connected to older auth servers. [#12728](https://github.com/gravitational/teleport/pull/12728) +* Fixed issue with TLS routing endpoint advertising preference for `http/1.1` over `h2`. [#12749](https://github.com/gravitational/teleport/pull/12749) +* Implemented multiple proxy restart stability improvements. [#12632](https://github.com/gravitational/teleport/pull/12632), [#12488](https://github.com/gravitational/teleport/pull/12488), [#12689](https://github.com/gravitational/teleport/pull/12689) +* Improved compatibility with PuTTY. [#12662](https://github.com/gravitational/teleport/pull/12662) +* Added support for global tsh config file `/etc/tsh.yaml`. [#12626](https://github.com/gravitational/teleport/pull/12626) +* Added `tbot configure` command. [#12576](https://github.com/gravitational/teleport/pull/12576) +* Fixed issue with Desktop Access not working in Teleport Cloud. [#12781](https://github.com/gravitational/teleport/pull/12781) +* Improved Web UI performance in large clusters. [#12637](https://github.com/gravitational/teleport/pull/12637) +* Fixed issue with running MySQL stored procedures via Database Access. [#12734](https://github.com/gravitational/teleport/pull/12734) + +## 9.2.3 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with `HTTP_PROXY` being inadvertently respected in reverse tunnel connections. [#12335](https://github.com/gravitational/teleport/pull/12335) +* Added `--format` flag to `tctl token add` command. [#12588](https://github.com/gravitational/teleport/pull/12588) +* Fixed backwards compatibility issues with session upload. [#12535](https://github.com/gravitational/teleport/pull/12535) +* Added support for persistency in custom mode in Helm charts. [#12218](https://github.com/gravitational/teleport/pull/12218) +* Fixed issue with PostgreSQL backend not respecting username from certificate. [#12553](https://github.com/gravitational/teleport/pull/12553) +* Fixed issues with `kubectl cp` and `kubectl exec` not working through Kubernetes Access. [#12541](https://github.com/gravitational/teleport/pull/12541) +* Fixed issues with dynamic registration logic for cloud databases. [#12451](https://github.com/gravitational/teleport/pull/12451) +* Fixed issue with automatic Add Application script failing to join the cluster. [#12539](https://github.com/gravitational/teleport/pull/12539) +* Fixed issue with `tctl` crashing when PAM is enabled. [#12572](https://github.com/gravitational/teleport/pull/12572) +* Added support for setting priority class and extra labels in Helm charts. [#12568](https://github.com/gravitational/teleport/pull/12568) +* Fixed issue with App Access JWT tokens not including `iat` claim. [#12589](https://github.com/gravitational/teleport/pull/12589) +* Added ability to inject App Access JWT tokens in rewritten headers. [#12589](https://github.com/gravitational/teleport/pull/12589) +* Desktop Access automatically adds a `teleport.dev/ou` label for desktops discovered via LDAP. [#12502](https://github.com/gravitational/teleport/pull/12502) +* Updated Machine ID to generates identity files compatible with `tctl` and `tsh`. [#12500](https://github.com/gravitational/teleport/pull/12500) +* Updated internal build infrastructure to Go 1.17.10. [#12607](https://github.com/gravitational/teleport/pull/12607) +* Improved proxy memory usage in clusters with large number of nodes. [#12573](https://github.com/gravitational/teleport/pull/12573) + +## 9.2.1 + +This release of Teleport contains an improvement and several bug fixes. + +* Updated `tctl rm` command to support removing tokens. [#12439](https://github.com/gravitational/teleport/pull/12439) +* Fixed issue with Teleport failing to start when using DynamoDB backend in pay-per-request mode. [#12461](https://github.com/gravitational/teleport/pull/12461) +* Fixed issue with Kubernetes port forwarding not working. [#12468](https://github.com/gravitational/teleport/pull/12468) +* Fixed issue with IAM policy limit when using database auto-discovery on Kubernetes. [#12457](https://github.com/gravitational/teleport/pull/12457) + +## 9.2.0 + +This release of Teleport contains multiple improvements, security and bug fixes. + +* Fixed issue with U2F facets not being properly validated. [#12208](https://github.com/gravitational/teleport/pull/12208) +* Hardened SQLite permissions. [#12360](https://github.com/gravitational/teleport/pull/12360) +* Fixed issue with OIDC callback not checking `email_verified` claim. [#12360](https://github.com/gravitational/teleport/pull/12360) +* Added `max_kubernetes_connections` role option for limiting simultaneous Kubernetes connections. [#12360](https://github.com/gravitational/teleport/pull/12360) +* Fixed issue with Teleport failing to start with pay-per-request DynamoDB mode. [#12360](https://github.com/gravitational/teleport/pull/12360) +* Reduced Machine ID verbosity in case of missing secure symlink kernel support. [#12423](https://github.com/gravitational/teleport/pull/12423) +* Fixed `tsh proxy db` tunnel mode not working for CockroachDB connections. [#12400](https://github.com/gravitational/teleport/pull/12400) +* Added support for database access certificates in Machine ID. [#12195](https://github.com/gravitational/teleport/pull/12195) +* Improved shutdown/restart stability in certain scenarios. [#12393](https://github.com/gravitational/teleport/pull/12393) +* Added support for clickable labels in web UI. [#12422](https://github.com/gravitational/teleport/pull/12422) + +## 9.1.3 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with some MySQL clients not being able to connect to MySQL 8.0 servers. [#12340](https://github.com/gravitational/teleport/pull/12340) +* Fixed multiple conditions that could lead to SSH sessions freezing. [#12286](https://github.com/gravitational/teleport/pull/12286) +* Fixed issue with `tsh db ls` failing for leaf clusters. [#12320](https://github.com/gravitational/teleport/pull/12320) +* Fixed a scenario in which Teleport's internal cache could potentially become unhealthy. [#12251](https://github.com/gravitational/teleport/pull/12251), [#12002](https://github.com/gravitational/teleport/pull/12002) +* Improved performance when opening new Application Access sessions. [#12300](https://github.com/gravitational/teleport/pull/12300) +* Added flags to the `teleport configure` command. [#12267](https://github.com/gravitational/teleport/pull/12267) +* Improved CA rotation stability. [#12333](https://github.com/gravitational/teleport/pull/12333) +* Fixed issue with `mongosh` certificate verification when using TLS routing. [#12363](https://github.com/gravitational/teleport/pull/12363) + +## 9.1.2 + +This release of Teleport contains two bug fixes. + +* Fixed issue with Teleport pods not becoming ready on Kubernetes. [#12243](https://github.com/gravitational/teleport/pull/12243) +* Fixed issue with Teleport processes crashing upon restart after failed host UUID generation. [#12222](https://github.com/gravitational/teleport/pull/12222) + +## 9.1.1 + +This release of Teleport contains multiple bug fixes and improvements. + +* Fixed regression issue where reverse tunnel connections inadvertently started respecting `HTTP_PROXY`. [#12035](https://github.com/gravitational/teleport/pull/12035) +* Fixed potential deadlock in SSH server. [#12122](https://github.com/gravitational/teleport/pull/12122) +* Fixed issue with Kubernetes service not reporting its readiness. [#12152](https://github.com/gravitational/teleport/pull/12152) +* Fixed issue with JumpCloud identity provider. [#11936](https://github.com/gravitational/teleport/pull/11936) +* Fixed issue with deleting many records from Firestore backend. [#12177](https://github.com/gravitational/teleport/pull/12177) + +## 9.1.0 + +Teleport 9.1 is a minor release that brings several new features, security and bug fixes. + +### Security + +Teleport build infrastructure was updated to use Go v1.17.9 to fix CVE-2022-24675, CVE-2022-28327 and CVE-2022-27536. + +### SQL backend (preview) + +Teleport users can now use PostgreSQL or CockroachDB for storing auth server data. + +See the documentation for more information: + +https://goteleport.com/docs/setup/reference/backends/#postgresqlcockroachdb-preview + +### Server-side filtering and pagination + +Searching and filtering resources is now handled on the server, improving the +efficiency of queries with `tsh`, `tctl`, or the web UI. + +The web UI loads resources faster by leveraging server-side pagination. +Additionally, the web UI supports bookmarking searches by including the query in +the URL. + +### Other improvements and fixes + +* Fixed issue with stdin being ignored after refreshing expired credentials. [#11847](https://github.com/gravitational/teleport/pull/11847) +* Fixed issue with `tsh` requiring host login when using identity files for some commands. [#11793](https://github.com/gravitational/teleport/pull/11793) +* Added support for calling proxy over plain HTTP in insecure mode. [#11403](https://github.com/gravitational/teleport/pull/11403) +* Fixed multiple issues that could lead to sessions output freezing. [#11853](https://github.com/gravitational/teleport/pull/11853) +* Added optional gRPC client/server latency metrics. [#11773](https://github.com/gravitational/teleport/pull/11773) +* Fixed issue with connecting to self-hosted databases in TLS insecure mode. [#11758](https://github.com/gravitational/teleport/pull/11758) +* Improved error message when incorrect auth connector name is used. [#11884](https://github.com/gravitational/teleport/pull/11884) +* Implemented multiple moderated session stability improvements. [#11803](https://github.com/gravitational/teleport/pull/11803), [#11890](https://github.com/gravitational/teleport/pull/11890) +* Added authenticated tunnel mode to `tsh proxy db` command. [#11808](https://github.com/gravitational/teleport/pull/11808) +* Fixed issue with application sessions not being deleted upon web logout. [#11956](https://github.com/gravitational/teleport/pull/11956) +* Improved MySQL audit logging to include support for additional commands. [#11949](https://github.com/gravitational/teleport/pull/11949) +* Improved reliability of Teleport services restart. [#11795](https://github.com/gravitational/teleport/pull/11795) +* Fixed issue with Okta OIDC auth connector not working. [#11718](https://github.com/gravitational/teleport/pull/11718) +* Added support for `json` and `yaml` formatting to all `tsh` commands. [#12050](https://github.com/gravitational/teleport/pull/12050) +* Added support for setting `kubernetes_users`, `kubernetes_groups`, `db_names`, `db_users` and `aws_role_arns` traits when creating users. [#12133](https://github.com/gravitational/teleport/pull/12133) +* Fixed potential CA rotation panic. [#12004](https://github.com/gravitational/teleport/pull/12004) +* Updated `tsh db ls` to display allowed database usernames. [#11942](https://github.com/gravitational/teleport/pull/11942) +* Fixed goroutine leak in OIDC client. [#12078](https://github.com/gravitational/teleport/pull/12078) + +## 9.0.4 + +This release of Teleport contains multiple improvements and fixes. + +* Fixed issue with `:` not being allowed in label keys. [#11563](https://github.com/gravitational/teleport/pull/11563) +* Fixed potential panic in Kubernetes Access. [#11614](https://github.com/gravitational/teleport/pull/11614) +* Added `teleport_connect_to_node_attempts_total` Prometheus metric. [#11629](https://github.com/gravitational/teleport/pull/11629) +* Multiple CA rotation stability improvements. [#11658](https://github.com/gravitational/teleport/pull/11658) +* Fixed console player Ctrl-C and Ctrl-D functionality. [#11559](https://github.com/gravitational/teleport/pull/11559) +* Improved logging in case of node with existing state joining an new cluster. [#11751](https://github.com/gravitational/teleport/pull/11751) +* Added preview of PostgreSQL/CockroachDB backend. [#11667](https://github.com/gravitational/teleport/pull/11667) +* Fixed compatibility issues with CA loading between old and new tsh versions. [#11663](https://github.com/gravitational/teleport/pull/11663) +* Fixed loggers not respecting JSON configuration. [#11655](https://github.com/gravitational/teleport/pull/11655) +* Added support for Proxy Protocol v2. [#11722](https://github.com/gravitational/teleport/pull/11722) +* Fixed a number of tsh player stability issues. [#11491](https://github.com/gravitational/teleport/pull/11491) +* Improved network utilization caused by session uploader. [#11698](https://github.com/gravitational/teleport/pull/11698) +* Improved remote clusters inventory bookkeeping. [#11707](https://github.com/gravitational/teleport/pull/11707) + +## 9.0.3 + +This release of Teleport contains multiple fixes. + +* Fixed issue with `tctl` ignoring `TELEPORT_HOME` environment variable. [#11561](https://github.com/gravitational/teleport/pull/11561) +* Fixed multiple moderated sessions stability issues. [#11494](https://github.com/gravitational/teleport/pull/11494) +* Fixed issue with `tsh version` exiting with error when tsh config file is not present. [#11571](https://github.com/gravitational/teleport/pull/11571) +* Fixed issue with `tsh` not respecting proxy hosts. [#11496](https://github.com/gravitational/teleport/pull/11496) +* Fixed issue with Kubernetes forwarder taking HTTP proxies into account. [#11462](https://github.com/gravitational/teleport/pull/11462) +* Fixed issue with stale DynamoDB Auth Services disrupting agent reconnect attempts. [#11598](https://github.com/gravitational/teleport/pull/11598) + +## 9.0.2 + +This release of Teleport contains multiple features, improvements and bug fixes. + +* Added support for per-user `tsh` configuration preferences. [#10336](https://github.com/gravitational/teleport/pull/10336) +* Added support for role bootstrapping in OSS. [#11175](https://github.com/gravitational/teleport/pull/11175) +* Added `HTTP_PROXY` support to tsh. [#10209](https://github.com/gravitational/teleport/pull/10209) +* Improved error messages `tsh` and `tctl` show to include usage information on invalid command line invocation. [#11174](https://github.com/gravitational/teleport/pull/11174) +* Improved `tctl ls` output to make it consistent across all resources. [#9519](https://github.com/gravitational/teleport/pull/9519) +* Fixed multiple issues with CA rotation, graceful restart, and stability. [#10706](https://github.com/gravitational/teleport/pull/10706) [#11074](https://github.com/gravitational/teleport/pull/11074) [#11283](https://github.com/gravitational/teleport/pull/11283) +* Fixed issue where MOTD was not always shown. [#10735](https://github.com/gravitational/teleport/pull/10735) +* Fixed an issue where certificate extension not being included in `tctl auth sign`. [#10949](https://github.com/gravitational/teleport/pull/10949) +* Fixed a panic that could occur in the Web UI. [#11389](https://github.com/gravitational/teleport/pull/11389) + +## 9.0.1 + +This release of Teleport contains multiple improvements and bug fixes. + +* Fixed issue with Ctrl-C freezing sessions. [#11188](https://github.com/gravitational/teleport/pull/11188) +* Improved handling of unknown audit events. [#11064](https://github.com/gravitational/teleport/pull/11064) +* Improved calculation of public addresses for dynamically registered apps. [#11139](https://github.com/gravitational/teleport/pull/11139) +* Fixed `tsh aws ecr` returning 500 errors. [#11108](https://github.com/gravitational/teleport/pull/11108) +* Fixed issue with deleting certain users. [#11131](https://github.com/gravitational/teleport/pull/11131) +* Fixed issue with Machine ID not detecting token in file config. [#11206](https://github.com/gravitational/teleport/pull/11206) + +## 9.0.0 + +Teleport 9.0 is a major release that brings: + +- Teleport Desktop Access GA +- Teleport Machine ID Preview +- Various additions to Teleport Database Access +- Moderated Sessions for Server and Kubernetes Access + +Desktop Access adds support for clipboard sharing, session recording, and +per-session MFA. + +Teleport Machine ID Preview extends identity-based access to machines. It's the +easiest way to issue, renew, and manage SSH and X.509 certificates for service +accounts, microservices, CI/CD automation and all other forms of +machine-to-machine access. + +Database Access brings self-hosted Redis support, RDS MariaDB (10.6 and higher) +support, auto-discovery for Redshift clusters, and auto-IAM configuration +improvements to GA. Additionally, this release also brings Microsoft SQL Server +with AD authentication to Preview. + +Moderated Sessions enables the creation of sessions where a moderator has to +be present. This feature can be selectively enabled for specific sessions via +RBAC and can be used in conjunction with per-session MFA. + +### Desktop Access + +#### Clipboard Support + +Desktop Access now supports copying and pasting text between your local +workstation and a remote Windows Desktop. This feature requires a Chromium-based +browser and can be disabled via RBAC. + +#### Session Recording + +Desktop sessions are now recorded and stored alongside SSH sessions, and can be +viewed in Teleport's web interface. Desktop session recordings are fully +compatible with the RBAC for sessions feature introduced in Teleport 8.1. + +#### Per-session MFA + +Per-session MFA settings now apply to desktop sessions. This allows cluster +administrators to require an additional MFA "tap" prior to opening a desktop +session. This feature requires a WebAuthn device. + +### Machine ID (Preview) + +Machine ID allows the creation of machine / bot / service account users who can +automatically issue, renew, and manage SSH and X.509 certificates to facilitate +machine-to-machine access. + +Machine ID is a service that programmatically issues and renews short-lived +certificates to any service account (e.g., a CI/CD server) by retrieving +credentials from the Teleport Auth Service. This enables fine-grained role-based +access controls and audit. + +Some of the things you can do with Machine ID: + +- Machines can retrieve short-lived SSH certificates for CI/CD pipelines. +- Machines can retrieve short-lived X.509 certificates for use with databases or + applications. +- Configure role-based access controls and locking for machines. +- Capture access events in the audit log. + +Machine ID getting started guide: +https://goteleport.com/docs/ver/9.0/machine-id/getting-started/. + +### Database Access + +#### Redis + +You can now use Database Access to connect to a self-hosted Redis instance or +Redis cluster and view Redis commands in the Teleport audit log. We will be +adding support for AWS Elasticache in the coming weeks. + +Self-hosted Redis guide: +https://goteleport.com/docs/ver/9.0/database-access/guides/redis/. + +#### SQL Server (Preview) + +Teleport 9 includes a preview release of Microsoft SQL Server with Active +Directory authentication support for Database Access. Audit logging of query +activity is not included in the preview release and will be implemented in a +later 9.x release. + +SQL Server guide: +https://goteleport.com/docs/ver/9.0/database-access/guides/sql-server-ad/. + +#### RDS MariaDB + +Teleport 9 updates MariaDB support with auto-discovery and connection to AWS RDS +MariaDB databases using IAM authentication. The minimum MariaDB version that +supports IAM authentication is 10.6. + +Updated RDS guide: +https://goteleport.com/docs/ver/9.0/database-access/guides/rds/. + +#### Other Improvements + +In addition, Teleport 9 expands auto-discovery to support Redshift databases and +2 new commands which simplify the Database Access getting started experience: +"teleport db configure create", which generates Database Service configuration, +and "teleport db configure bootstrap", which configures IAM permissions for the +Database Service when running on AWS. + +CLI commands reference: +https://goteleport.com/docs/ver/9.0/database-access/reference/cli/#teleport-db-configure-create +https://goteleport.com/docs/ver/9.0/database-access/reference/cli/#teleport-db-configure-bootstrap + +### Moderated Sessions + +With Moderated Sessions, Teleport administrators can define policies that allow +users to invite other users to participate in SSH or Kubernetes sessions as +observers, moderators or peers. + +Moderated Sessions guide: +https://goteleport.com/docs/ver/9.0/access-controls/guides/moderated-sessions/. + +### Breaking Changes + +#### CentOS 6 + +CentOS 6 support was deprecated in Teleport 8 and has now been removed. + +#### Desktop Access + +Desktop Access now authenticates to LDAP using X.509 client certificates. +Support for the `password_file` configuration option has been removed. ## 8.0.0 @@ -242,11 +1150,11 @@ Kubernetes Access will no longer automatically register a cluster named after th Teleport 6.2 contains new features, improvements, and bug fixes. -**Note:** the DynamoDB migration described [below](#dynamodb-indexing-change) -may cause rate-limiting errors from AWS APIs and is slow on large deployments -(1000+ existing audit events). The next patch release, v6.2.1, will improve the -migration performance. If you run a large DynamoDB-based cluster, we advise you -to wait for v6.2.1 before upgrading. +**Note:** the DynamoDB indexing change described below may cause rate-limiting +errors from AWS APIs and is slow on large deployments (1000+ existing audit +events). The next patch release, v6.2.1, will improve the migration performance. +If you run a large DynamoDB-based cluster, we advise you to wait for v6.2.1 +before upgrading. ### New Features @@ -407,7 +1315,7 @@ Configure Database Access following the [Getting Started](https://goteleport.com * [AWS RDS/Aurora MySQL](https://goteleport.com/teleport/docs/database-access/guides/mysql-aws/) * [Self-hosted PostgreSQL](https://goteleport.com/teleport/docs/database-access/guides/postgres-self-hosted/) * [Self-hosted MySQL](https://goteleport.com/teleport/docs/database-access/guides/mysql-self-hosted/) -* [GUI clients](https://goteleport.com/teleport/docs/database-access/guides/gui-clients/) +* [GUI clients](https://goteleport.com/docs/connect-your-client/gui-clients/) ##### Resources @@ -417,7 +1325,7 @@ To learn more about configuring role-based access control for Database Access, c See [Reference](https://goteleport.com/teleport/docs/database-access/reference/) for an overview of Database Access related configuration and CLI commands. -Finally, check out [Frequently Asked Questions](./database-access/faq.mdx). +Finally, check out [Frequently Asked Questions](docs/pages/database-access/faq.mdx). #### OSS RBAC @@ -732,7 +1640,7 @@ Other updates: * We now provide local user management via `https://[cluster-url]/web/users`, providing the ability to easily edit, reset and delete local users. * Teleport Node & App Install scripts. This is currently an Enterprise-only feature that provides customers with an easy 'auto-magic' installer script. Enterprise customers can enable this feature by modifying the 'token' resource. See note above. -* We've added a Waiting Room for customers using Access Workflows. [Docs](https://goteleport.com/teleport/docs/enterprise/workflow/#adding-a-reason-to-access-workflows) +* We've added a Waiting Room for customers using Access Workflows. [Docs](./docs/pages/access-controls/access-request-plugins/index.mdx) ##### Signed RPM and Releases @@ -994,12 +1902,12 @@ Teleport's Web UI now exposes Teleport’s Audit log, letting auditors and admin ##### Teleport Plugins -Teleport 4.3 introduces four new plugins that work out of the box with [Approval Workflow](https://gravitational.com/teleport/docs/enterprise/workflow/?utm_source=github&utm_medium=changelog&utm_campaign=4_3). These plugins allow you to automatically support role escalation with commonly used third party services. The built-in plugins are listed below. +Teleport 4.3 introduces four new plugins that work out of the box with [Approval Workflow](./docs/pages/access-controls/access-request-plugins/index.mdx). These plugins allow you to automatically support role escalation with commonly used third party services. The built-in plugins are listed below. -* [PagerDuty](https://gravitational.com/teleport/docs/enterprise/workflow/ssh_approval_pagerduty/?utm_source=github&utm_medium=changelog&utm_campaign=4_3) -* [Jira Server](https://gravitational.com/teleport/docs/enterprise/workflow/ssh_approval_jira_server/?utm_source=github&utm_medium=changelog&utm_campaign=4_3) and [Jira Cloud](https://gravitational.com/teleport/docs/enterprise/workflow/ssh_approval_jira_cloud/?utm_source=github&utm_medium=changelog&utm_campaign=4_3) -* [Slack](https://gravitational.com/teleport/docs/enterprise/workflow/ssh_approval_slack/?utm_source=github&utm_medium=changelog&utm_campaign=4_3) -* [Mattermost](https://gravitational.com/teleport/docs/enterprise/workflow/ssh_approval_mattermost/?utm_source=github&utm_medium=changelog&utm_campaign=4_3) +* [PagerDuty](./docs/pages/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx) +* [Jira Server](./docs/pages/access-controls/access-request-plugins/ssh-approval-jira-server.mdx) and [Jira Cloud](./docs/pages/access-controls/access-request-plugins/ssh-approval-jira-cloud.mdx) +* [Slack](./docs/pages/access-controls/access-request-plugins/ssh-approval-slack.mdx) +* [Mattermost](./docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx) #### Improvements @@ -1030,7 +1938,7 @@ Teleport 4.3 introduces four new plugins that work out of the box with [Approval #### Documentation * [Moved SSO under Enterprise Section](https://gravitational.com/teleport/docs/enterprise/sso/ssh_sso/) -* [Documented Teleport Plugins](https://gravitational.com/teleport/docs/enterprise/workflow/) +* [Documented Teleport Plugins](./docs/pages/access-controls/access-request-plugins/index.mdx) * [Documented Kubernetes Role Mapping](https://gravitational.com/teleport/docs/kubernetes_ssh/#kubernetes-groups-and-users) #### Upgrade Notes @@ -1192,9 +2100,9 @@ This is a minor Teleport release with a focus on new features and bug fixes. ### Improvements * Alpha: Enhanced Session Recording lets you know what's really happening during a Teleport Session. [#2948](https://github.com/gravitational/teleport/issues/2948) -* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](./enterprise/workflow). [#3006](https://github.com/gravitational/teleport/issues/3006) -* Beta: Teleport provides HA Support using Firestore and Google Cloud Storage using Google Cloud Platform. [Read the docs](./setup/deployments/gcp.mdx). [#2821](https://github.com/gravitational/teleport/pull/2821) -* Remote tctl execution is now possible. [Read the docs](./setup/reference/cli.mdx#tctl). [#1525](https://github.com/gravitational/teleport/issues/1525) [#2991](https://github.com/gravitational/teleport/issues/2991) +* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](./docs/pages/access-controls/access-requests.mdx). [#3006](https://github.com/gravitational/teleport/issues/3006) +* Beta: Teleport provides HA Support using Firestore and Google Cloud Storage using Google Cloud Platform. [Read the docs](./docs/pages/deploy-a-cluster/deployments/gcp.mdx). [#2821](https://github.com/gravitational/teleport/pull/2821) +* Remote tctl execution is now possible. [Read the docs](./docs/pages/reference/cli.mdx#tctl). [#1525](https://github.com/gravitational/teleport/issues/1525) [#2991](https://github.com/gravitational/teleport/issues/2991) ### Fixes @@ -1202,8 +2110,8 @@ This is a minor Teleport release with a focus on new features and bug fixes. ### Documentation -* Adopting root/leaf terminology for trusted clusters. [Trusted cluster documentation](./setup/admin/trustedclusters.mdx). -* Documented Teleport FedRAMP & FIPS Support. [FedRAMP & FIPS documentation](./enterprise/fedramp.mdx). +* Adopting root/leaf terminology for trusted clusters. [Trusted cluster documentation](./docs/pages/management/admin/trustedclusters.mdx). +* Documented Teleport FedRAMP & FIPS Support. [FedRAMP & FIPS documentation](./docs/pages/access-controls/compliance-frameworks/fedramp.mdx). ## 4.1.11 @@ -1434,7 +2342,7 @@ With this release of Teleport, we have built out the foundation to help Teleport ### Improvements -* Teleport now support 10,000 remote connections to a single Teleport cluster. [Using our recommend hardware setup.](./setup/operations/scaling.mdx#hardware-recommendations) +* Teleport now support 10,000 remote connections to a single Teleport cluster. [Using our recommend hardware setup.](./docs/pages/management/operations/scaling.mdx#hardware-recommendations) * Added ability to delete node using `tctl rm`. [#2685](https://github.com/gravitational/teleport/pull/2685) * Output of `tsh ls` is now sorted by node name. [#2534](https://github.com/gravitational/teleport/pull/2534) @@ -1918,7 +2826,7 @@ available Teleport clusters with ease. #### Configuration Changes * Role templates (depreciated in Teleport 2.3) were fully removed. We recommend - migrating to role variables which are documented [here](./access-controls/guides/role-templates.mdx) + migrating to role variables which are documented [here](./docs/pages/access-controls/guides/role-templates.mdx) * Resource names (like roles, connectors, trusted clusters) can no longer contain unicode or other special characters. Update the names of all user diff --git a/Cargo.lock b/Cargo.lock index 61d5f7d430603..7d8b4e304785b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,30 +4,57 @@ version = 3 [[package]] name = "aho-corasick" -version = "0.7.18" +version = "0.7.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e" dependencies = [ "memchr", ] [[package]] -name = "anyhow" -version = "1.0.57" +name = "asn1-rs" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08f9b8508dccb7687a1d6c4ce66b2b0ecef467c94667de27d8d7fe1f8d2a9cdc" +checksum = "cf6690c370453db30743b373a60ba498fc0d6d83b11f4abfd87a84a075db5dd4" +dependencies = [ + "asn1-rs-derive", + "asn1-rs-impl", + "displaydoc", + "nom", + "num-traits", + "rusticata-macros", + "thiserror", + "time", +] [[package]] -name = "arrayvec" -version = "0.5.2" +name = "asn1-rs-derive" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" +checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "asn1-rs-impl" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "atomic-polyfill" -version = "0.1.8" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e14bf7b4f565e5e717d7a7a65b2a05c0b8c96e4db636d6f780f03b15108cdd1b" +checksum = "9c041a8d9751a520ee19656232a18971f18946a7900f1520ee4400002244dd89" dependencies = [ "critical-section", ] @@ -66,15 +93,15 @@ checksum = "f8fe8f5a8a398345e52358e18ff07cc17a568fbca5c6f73873d3a62056309603" [[package]] name = "base64" -version = "0.11.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b41b7ea54a0c9d92199de89e20e58d49f02f8e699814ef3fdf266f6f748d15c7" +checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" [[package]] name = "base64ct" -version = "1.5.0" +version = "1.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dea908e7347a8c64e378c17e30ef880ad73e3b4498346b055c2c00ea342f3179" +checksum = "ea2b2456fd614d856680dcd9fcc660a51a820fa09daef2e49772b56a193c8474" [[package]] name = "bit_field" @@ -123,9 +150,9 @@ checksum = "40e38929add23cdf8a366df9b0e088953150724bcbe5fc330b0d8eb3b328eec8" [[package]] name = "bumpalo" -version = "3.10.0" +version = "3.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3" +checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d" [[package]] name = "byte-tools" @@ -140,10 +167,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] -name = "bytes" -version = "1.1.0" +name = "cbindgen" +version = "0.24.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +checksum = "a6358dedf60f4d9b8db43ad187391afe959746101346fe51bb978126bec61dfb" +dependencies = [ + "clap", + "heck", + "indexmap", + "log", + "proc-macro2", + "quote", + "serde", + "serde_json", + "syn", + "tempfile", + "toml", +] [[package]] name = "cc" @@ -158,12 +198,37 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] -name = "cmake" -version = "0.1.48" +name = "cipher" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8ad8cef104ac57b68b89df3208164d228503abbdce70f6880ffa3d970e7443a" +checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" dependencies = [ - "cc", + "crypto-common", + "inout", +] + +[[package]] +name = "clap" +version = "3.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd" +dependencies = [ + "atty", + "bitflags", + "clap_lex", + "indexmap", + "strsim", + "termcolor", + "textwrap", +] + +[[package]] +name = "clap_lex" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" +dependencies = [ + "os_str_bytes", ] [[package]] @@ -174,9 +239,9 @@ checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" [[package]] name = "cortex-m" -version = "0.7.5" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd20d4ac4aa86f4f75f239d59e542ef67de87cce2c282818dc6e84155d3ea126" +checksum = "70858629a458fdfd39f9675c4dc309411f2a3f83bede76988d81bf1a0ecee9e0" dependencies = [ "bare-metal 0.2.5", "bitfield", @@ -184,19 +249,6 @@ dependencies = [ "volatile-register", ] -[[package]] -name = "crepe" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d0c81f0055a7c877a9a69ec9d667a0b14c2b38394c712f54b9a400d035f49a9" -dependencies = [ - "petgraph 0.5.1", - "proc-macro-error", - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "critical-section" version = "0.2.7" @@ -215,17 +267,17 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" dependencies = [ - "generic-array 0.14.5", + "generic-array 0.14.6", "subtle 2.4.1", ] [[package]] name = "crypto-common" -version = "0.1.3" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57952ca27b5e3606ff4dd79b0020231aaf9d6aa76dc05fd30137538c50bd3ce8" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ - "generic-array 0.14.5", + "generic-array 0.14.6", "typenum", ] @@ -239,11 +291,17 @@ dependencies = [ "subtle 1.0.0", ] +[[package]] +name = "data-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" + [[package]] name = "delog" -version = "0.1.4" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb73cae03ad02cd38353f93fe84b288daffcb6371212226e09b9a4c7fc93b03f" +checksum = "4cd67f90cc14e0a91cf693141453cccf2b74db9d59c40f6be18b79169fe77dfd" dependencies = [ "log", ] @@ -261,12 +319,15 @@ dependencies = [ [[package]] name = "der-parser" -version = "3.0.4" +version = "8.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f51f64dcdf1cdc550d21d73dc959726c7dbeeab4a01481d08084a7736956464e" +checksum = "42d4bc9b0db0a0df9ae64634ac5bdefb7afcb534e182275ca0beadbe486701c1" dependencies = [ + "asn1-rs", + "displaydoc", "nom", - "num-bigint", + "num-bigint 0.4.3", + "num-traits", "rusticata-macros", ] @@ -300,10 +361,15 @@ dependencies = [ ] [[package]] -name = "either" -version = "1.6.1" +name = "displaydoc" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "embedded-hal" @@ -336,25 +402,13 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" [[package]] name = "fastrand" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3fcf0cee53519c866c09b5de1f6c56ff9d647101f81c1964fa632e148896cdf" +checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" dependencies = [ "instant", ] -[[package]] -name = "fixedbitset" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37ab347416e802de484e4d03c7316c48f1ecb56574dfd4a46a80f173ce1de04d" - -[[package]] -name = "fixedbitset" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "279fb028e20b3c4c320317955b77c5e0c9701f05a1d309905d6fc702cdc5053e" - [[package]] name = "generic-array" version = "0.12.4" @@ -366,14 +420,24 @@ dependencies = [ [[package]] name = "generic-array" -version = "0.14.5" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" +checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ "typenum", "version_check", ] +[[package]] +name = "gethostname" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1ebd34e35c46e00bb73e81363248d627782724609fe1b6396f553f68fe3862e" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "getrandom" version = "0.1.16" @@ -387,13 +451,13 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" dependencies = [ "cfg-if", "libc", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi 0.11.0+wasi-snapshot-preview1", ] [[package]] @@ -407,20 +471,20 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.11.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "heapless" -version = "0.7.13" +version = "0.7.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a08e755adbc0ad283725b29f4a4883deee15336f372d5f61fae59efec40f983" +checksum = "db04bc24a18b9ea980628ecf00e6c0264f3c1426dac36c00cb49b6fbad8b0743" dependencies = [ "atomic-polyfill", "hash32", "rustc_version 0.4.0", - "spin 0.9.3", + "spin 0.9.4", "stable_deref_trait", ] @@ -457,14 +521,23 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "indexmap" -version = "1.8.2" +version = "1.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6012d540c5baa3589337a98ce73408de9b5a25ec9fc2c6fd6be8f0d39e0ca5a" +checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" dependencies = [ "autocfg", "hashbrown", ] +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array 0.14.6", +] + [[package]] name = "instant" version = "0.1.12" @@ -476,9 +549,9 @@ dependencies = [ [[package]] name = "iso7816" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a921942ff6163b5dc8be6996deed8193064db1f57ae3c327ac29a7c3cfffc71d" +checksum = "e7e6ac743d509349b7865595ce90bbfcfbe59f42b8ec0db9e76ec361ace3f652" dependencies = [ "delog", "heapless", @@ -494,19 +567,16 @@ dependencies = [ ] [[package]] -name = "itertools" -version = "0.10.3" +name = "itoa" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9a9d19fa1e79b6215ff29b9d6880b706147f16e9b1dbb1e4e5947b5b02bc5e3" -dependencies = [ - "either", -] +checksum = "6c8af84674fe1f223a982c933a0ee1086ac4d4052aa0fb8060c12c6ad838e754" [[package]] name = "js-sys" -version = "0.3.57" +version = "0.3.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "671a26f820db17c2a2750743f1dd03bafd15b98c9f30c7c2628c024c05d73397" +checksum = "258451ab10b34f8af53416d1fdab72c22e805f0c92a1136d59470ec0b11138b2" dependencies = [ "wasm-bindgen", ] @@ -520,36 +590,23 @@ dependencies = [ "spin 0.5.2", ] -[[package]] -name = "lexical-core" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe" -dependencies = [ - "arrayvec", - "bitflags", - "cfg-if", - "ryu", - "static_assertions", -] - [[package]] name = "libc" -version = "0.2.126" +version = "0.2.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349d5a591cd28b49e1d1037471617a32ddcda5731b99419008085f72d5a53836" +checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" [[package]] name = "libm" -version = "0.2.2" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33a33a362ce288760ec6a508b94caaec573ae7d3bbbd91b87aa0bad4456839db" +checksum = "292a948cd991e376cf75541fe5b97a1081d713c618b4f1b9500f8844e49eb565" [[package]] name = "lock_api" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53" +checksum = "9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390" dependencies = [ "autocfg", "scopeguard", @@ -594,10 +651,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] -name = "multimap" -version = "0.8.3" +name = "minimal-lexical" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "nb" @@ -616,13 +673,12 @@ checksum = "546c37ac5d9e56f55e73b677106873d9d9f5190605e41a856503623648488cae" [[package]] name = "nom" -version = "5.1.2" +version = "7.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af" +checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36" dependencies = [ - "lexical-core", "memchr", - "version_check", + "minimal-lexical", ] [[package]] @@ -636,6 +692,17 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-bigint" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-bigint-dig" version = "0.8.1" @@ -717,11 +784,29 @@ dependencies = [ "syn", ] +[[package]] +name = "num_threads" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44" +dependencies = [ + "libc", +] + +[[package]] +name = "oid-registry" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d4bda43fd1b844cbc6e6e54b5444e2b1bc7838bce59ad205902cccbb26d6761" +dependencies = [ + "asn1-rs", +] + [[package]] name = "once_cell" -version = "1.12.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225" +checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" [[package]] name = "opaque-debug" @@ -729,6 +814,12 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" +[[package]] +name = "os_str_bytes" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ff7415e9ae3fff1225851df9e0d9e4e5479f947619774677a63572e55e80eff" + [[package]] name = "pem-rfc7468" version = "0.3.1" @@ -738,26 +829,6 @@ dependencies = [ "base64ct", ] -[[package]] -name = "petgraph" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "467d164a6de56270bd7c4d070df81d07beace25012d5103ced4e9ff08d6afdb7" -dependencies = [ - "fixedbitset 0.2.0", - "indexmap", -] - -[[package]] -name = "petgraph" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6d5014253a1331579ce62aa67443b4a658c5e7dd03d4bc6d302b94474888143" -dependencies = [ - "fixedbitset 0.4.1", - "indexmap", -] - [[package]] name = "pkcs1" version = "0.3.3" @@ -795,99 +866,20 @@ dependencies = [ "toml", ] -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - [[package]] name = "proc-macro2" -version = "1.0.39" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c54b25569025b7fc9651de43004ae593a75ad88543b17178aa5e1b9c4f15f56f" +checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab" dependencies = [ "unicode-ident", ] -[[package]] -name = "prost" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71adf41db68aa0daaefc69bb30bcd68ded9b9abaad5d1fbb6304c4fb390e083e" -dependencies = [ - "bytes", - "prost-derive", -] - -[[package]] -name = "prost-build" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ae5a4388762d5815a9fc0dea33c56b021cdc8dde0c55e0c9ca57197254b0cab" -dependencies = [ - "bytes", - "cfg-if", - "cmake", - "heck", - "itertools", - "lazy_static", - "log", - "multimap", - "petgraph 0.6.2", - "prost", - "prost-types", - "regex", - "tempfile", - "which", -] - -[[package]] -name = "prost-derive" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b670f45da57fb8542ebdbb6105a925fe571b67f9e7ed9f47a06a84e72b4e7cc" -dependencies = [ - "anyhow", - "itertools", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "prost-types" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d0a014229361011dc8e69c8a1ec6c2e8d0f2af7c91e3ea3f5b2170298461e68" -dependencies = [ - "bytes", - "prost", -] - [[package]] name = "quote" -version = "1.0.18" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1feb54ed693b93a84e14094943b84b7c4eae204c512b7ccb95ab0c66d278ad1" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" dependencies = [ "proc-macro2", ] @@ -951,7 +943,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.6", + "getrandom 0.2.7", ] [[package]] @@ -963,12 +955,22 @@ dependencies = [ "rand_core 0.5.1", ] +[[package]] +name = "rc4" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f1256e23efe6097f27aa82d6ca6889361c001586ae0f6917cbad072f05eb275" +dependencies = [ + "cipher", +] + [[package]] name = "rdp-client" version = "0.1.0" dependencies = [ "bitflags", "byteorder", + "cbindgen", "env_logger", "iso7816", "iso7816-tlv", @@ -980,23 +982,30 @@ dependencies = [ "rand_chacha 0.3.1", "rdp-rs", "rsa", + "tempfile", + "utf16string", "uuid", ] [[package]] name = "rdp-rs" version = "0.1.0" -source = "git+https://github.com/gravitational/rdp-rs?rev=17ec446ecb73c58b77ac47c6fc8598153f673076#17ec446ecb73c58b77ac47c6fc8598153f673076" +source = "git+https://github.com/gravitational/rdp-rs?rev=e4bff82a94252050115d75c2f8b0ae84c5d73d62#e4bff82a94252050115d75c2f8b0ae84c5d73d62" dependencies = [ "bufstream", "byteorder", + "gethostname", "hmac", "indexmap", "md-5", "md4", - "num-bigint", + "num-bigint 0.2.6", "num_enum", + "oid-registry", "rand 0.7.3", + "rc4", + "ring", + "rsa", "rustls", "x509-parser", "yasna", @@ -1004,18 +1013,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.2.13" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62f25bc4c7e55e0b0b7a1d43fb893f4fa1361d0abe38b9ce4f323c2adfe6ef42" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ "bitflags", ] [[package]] name = "regex" -version = "1.5.6" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1" +checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b" dependencies = [ "aho-corasick", "memchr", @@ -1024,9 +1033,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.26" +version = "0.6.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64" +checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" [[package]] name = "remove_dir_all" @@ -1073,17 +1082,6 @@ dependencies = [ "regex", ] -[[package]] -name = "role_tester" -version = "0.1.0" -dependencies = [ - "bytes", - "crepe", - "libc", - "prost", - "prost-build", -] - [[package]] name = "rsa" version = "0.6.1" @@ -1119,14 +1117,14 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.10", + "semver 1.0.13", ] [[package]] name = "rusticata-macros" -version = "2.1.0" +version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8a9050636e8a1b487ba1fbe99114021cd7594dde3ce6ed95bfc1691e5b5367b" +checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" dependencies = [ "nom", ] @@ -1145,9 +1143,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3f6f92acf49d1b98f7a81226834412ada05458b7364277387724a237f062695" +checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" [[package]] name = "scopeguard" @@ -1176,9 +1174,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.10" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a41d061efea015927ac527063765e73601444cdc344ba855bc7bd44578b25e1c" +checksum = "93f6841e709003d68bb2deee8c343572bf446003ec20a583e76f7b15cebf3711" [[package]] name = "semver-parser" @@ -1188,15 +1186,40 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.137" +version = "1.0.144" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.144" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61ea8d54c77f8315140a05f4c7237403bf38b72704d031543aa1d16abbf517d1" +checksum = "e55a28e3aaef9d5ce0506d0a14dbba8054ddc7e499ef522dd8b26859ec9d4a44" +dependencies = [ + "itoa", + "ryu", + "serde", +] [[package]] name = "smallvec" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2dd574626839106c320a323308629dcb1acfc96e32a8cba364ddc61ac23ee83" +checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" [[package]] name = "spin" @@ -1206,9 +1229,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spin" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c530c2b0d0bf8b69304b39fe2001993e267461948b890cd037d8ad4293fa1a0d" +checksum = "7f6002a767bff9e83f8eeecf883ecb8011875a21ae8da43bffb817a57e78cc09" dependencies = [ "lock_api", ] @@ -1230,10 +1253,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] -name = "static_assertions" -version = "1.1.0" +name = "strsim" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" +checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" @@ -1249,15 +1272,27 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.96" +version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0748dd251e24453cb8717f0354206b91557e4ec8703673a4b30208f2abaf1ebf" +checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "unicode-xid", +] + [[package]] name = "tempfile" version = "3.3.0" @@ -1281,16 +1316,50 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "textwrap" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb" + +[[package]] +name = "thiserror" +version = "1.0.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c1b05ca9d106ba7d2e31a9dab4a64e7be2cce415321966ea3132c49a656e252" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8f2591983642de85c921015f3f070c665a197ed69e417af436115e3a1407487" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "time" -version = "0.1.43" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" +checksum = "3c3f9a28b618c3a6b9251b6908e9c99e04b9e5c02e6581ccbb67d59c34ef7f9b" dependencies = [ + "itoa", "libc", - "winapi", + "num_threads", + "time-macros", ] +[[package]] +name = "time-macros" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42657b1a6f4d817cda8e7a0ace261fe0cc946cf3a80314390b22cc61ae080792" + [[package]] name = "toml" version = "0.5.9" @@ -1308,9 +1377,15 @@ checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" [[package]] name = "unicode-ident" -version = "1.0.0" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf" + +[[package]] +name = "unicode-xid" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d22af068fba1eb5edcb4aea19d382b2a3deb4c8f9d475c589b6ada9e0fd493ee" +checksum = "957e51f3646910546462e67d5f7599b9e4fb8acdd304b087a6494730f9eebf04" [[package]] name = "untrusted" @@ -1324,13 +1399,22 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "utf16string" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b62a1e85e12d5d712bf47a85f426b73d303e2d00a90de5f3004df3596e9d216" +dependencies = [ + "byteorder", +] + [[package]] name = "uuid" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f" dependencies = [ - "getrandom 0.2.6", + "getrandom 0.2.7", ] [[package]] @@ -1368,15 +1452,15 @@ checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" [[package]] name = "wasi" -version = "0.10.2+wasi-snapshot-preview1" +version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.80" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27370197c907c55e3f1a9fbe26f44e937fe6451368324e009cba39e139dc08ad" +checksum = "fc7652e3f6c4706c8d9cd54832c4a4ccb9b5336e2c3bd154d5cccfbf1c1f5f7d" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -1384,13 +1468,13 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.80" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53e04185bfa3a779273da532f5025e33398409573f348985af9a1cbf3774d3f4" +checksum = "662cd44805586bd52971b9586b1df85cdbbd9112e4ef4d8f41559c334dc6ac3f" dependencies = [ "bumpalo", - "lazy_static", "log", + "once_cell", "proc-macro2", "quote", "syn", @@ -1399,9 +1483,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.80" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17cae7ff784d7e83a2fe7611cfe766ecf034111b49deb850a3dc7699c08251f5" +checksum = "b260f13d3012071dfb1512849c033b1925038373aea48ced3012c09df952c602" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1409,9 +1493,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.80" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99ec0dc7a4756fffc231aab1b9f2f578d23cd391390ab27f952ae0c9b3ece20b" +checksum = "5be8e654bdd9b79216c2929ab90721aa82faf65c48cdf08bdc4e7f51357b80da" dependencies = [ "proc-macro2", "quote", @@ -1422,15 +1506,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.80" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d554b7f530dee5964d9a9468d95c1f8b8acae4f282807e7d27d4b03099a46744" +checksum = "6598dd0bd3c7d51095ff6531a5b23e02acdc81804e30d8f07afb77b7215a140a" [[package]] name = "web-sys" -version = "0.3.57" +version = "0.3.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b17e741662c70c8bd24ac5c5b18de314a2c26c32bf8346ee1e6f53de919c283" +checksum = "ed055ab27f941423197eb86b2035720b1a3ce40504df082cac2ecc6ed73335a1" dependencies = [ "js-sys", "wasm-bindgen", @@ -1446,17 +1530,6 @@ dependencies = [ "untrusted 0.7.1", ] -[[package]] -name = "which" -version = "4.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" -dependencies = [ - "either", - "lazy_static", - "libc", -] - [[package]] name = "winapi" version = "0.3.9" @@ -1490,15 +1563,19 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "x509-parser" -version = "0.6.5" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99bbe736dd2b422d66e4830f4a06f34387c9814c027efcbda5c2f86463e8e5b0" +checksum = "e0ecbeb7b67ce215e40e3cc7f2ff902f94a223acf44995934763467e7b1febc8" dependencies = [ + "asn1-rs", "base64", + "data-encoding", "der-parser", + "lazy_static", "nom", - "num-bigint", + "oid-registry", "rusticata-macros", + "thiserror", "time", ] @@ -1510,6 +1587,6 @@ checksum = "0de7bff972b4f2a06c85f6d8454b09df153af7e3a4ec2aac81db1b105b684ddb" [[package]] name = "zeroize" -version = "1.5.5" +version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94693807d016b2f2d2e14420eb3bfcca689311ff775dcf113d74ea624b7cdf07" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" diff --git a/Cargo.toml b/Cargo.toml index dff20dd5db678..12ff7b0b8316e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,8 +1,7 @@ [workspace] members = [ - "lib/srv/desktop/rdp/rdpclient", - "lib/datalog/roletester" + "lib/srv/desktop/rdp/rdpclient" ] [profile.dev] diff --git a/Makefile b/Makefile index 5f9ed43478212..90ff4bfd92aea 100644 --- a/Makefile +++ b/Makefile @@ -11,10 +11,13 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=10.0.0-dev +VERSION=10.3.1 + +DOCKER_IMAGE_QUAY ?= quay.io/gravitational/teleport +DOCKER_IMAGE_ECR ?= public.ecr.aws/gravitational/teleport +DOCKER_IMAGE_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport +DOCKER_IMAGE_OPERATOR_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator -DOCKER_IMAGE ?= quay.io/gravitational/teleport -DOCKER_IMAGE_CI ?= quay.io/gravitational/teleport-ci GOPATH ?= $(shell go env GOPATH) @@ -28,7 +31,7 @@ BINDIR ?= /usr/local/bin DATADIR ?= /usr/local/share/teleport ADDFLAGS ?= PWD ?= `pwd` -TELEPORT_DEBUG ?= no +TELEPORT_DEBUG ?= false GITTAG=v$(VERSION) BUILDFLAGS ?= $(ADDFLAGS) -ldflags '-w -s' CGOFLAG ?= CGO_ENABLED=1 @@ -45,6 +48,9 @@ CGOFLAG_TSH = $(CGOFLAG) endif ifeq ("$(OS)","linux") +# Link static version of libgcc to reduce system dependencies. +CGOFLAG ?= CGO_ENABLED=1 CGO_LDFLAGS="-Wl,--as-needed" +CGOFLAG_TSH ?= CGO_ENABLED=1 CGO_LDFLAGS="-Wl,--as-needed" # ARM builds need to specify the correct C compiler ifeq ("$(ARCH)","arm") CGOFLAG = CGO_ENABLED=1 CC=arm-linux-gnueabihf-gcc @@ -115,8 +121,8 @@ RS_BPF_BUILDDIR := lib/restrictedsession/bytecode CLANG_BPF_SYS_INCLUDES = $(shell $(CLANG) -v -E - &1 \ | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }') -CGOFLAG = CGO_ENABLED=1 CGO_LDFLAGS="-Wl,-Bstatic -lbpf -lelf -lz -Wl,-Bdynamic" -CGOFLAG_TSH = CGO_ENABLED=1 CGO_LDFLAGS="-Wl,-Bstatic -lelf -lz -Wl,-Bdynamic" +CGOFLAG = CGO_ENABLED=1 CGO_LDFLAGS="-Wl,-Bstatic -lbpf -lelf -lz -Wl,-Bdynamic -Wl,--as-needed" +CGOFLAG_TSH = CGO_ENABLED=1 endif endif endif @@ -125,9 +131,6 @@ endif CHECK_CARGO := $(shell cargo --version 2>/dev/null) CHECK_RUST := $(shell rustc --version 2>/dev/null) -with_roletester := no -ROLETESTER_MESSAGE := "without access tester" - with_rdpclient := no RDPCLIENT_MESSAGE := "without Windows RDP client" @@ -142,12 +145,9 @@ CARGO_TARGET := --target=${CARGO_TARGET_${OS}_${ARCH}} ifneq ($(CHECK_RUST),) ifneq ($(CHECK_CARGO),) -with_roletester := yes -ROLETESTER_MESSAGE := "with access tester" -ROLETESTER_TAG := roletester ifneq ("$(ARCH)","arm") -# Do not build RDP client on ARM. The client includes OpenSSL which requires libatomic on ARM 32bit. +# Do not build RDP client on ARM. with_rdpclient := yes RDPCLIENT_MESSAGE := "with Windows RDP client" RDPCLIENT_TAG := desktop_access_rdp @@ -162,12 +162,15 @@ LIBFIDO2_TEST_TAG := libfido2 endif # Build tsh against libfido2? -# Only build if FIDO2=yes, each platform we support must make this decision -# explicitly. +# FIDO2=yes and FIDO2=static enable static libfido2 builds. +# FIDO2=dynamic enables dynamic libfido2 builds. LIBFIDO2_MESSAGE := without libfido2 -ifeq ("$(FIDO2)", "yes") +ifneq (, $(filter $(FIDO2), yes static)) LIBFIDO2_MESSAGE := with libfido2 LIBFIDO2_BUILD_TAG := libfido2 libfido2static +else ifeq ("$(FIDO2)", "dynamic") +LIBFIDO2_MESSAGE := with libfido2 +LIBFIDO2_BUILD_TAG := libfido2 endif # Enable Touch ID builds? @@ -188,7 +191,7 @@ endif # On Windows only build tsh. On all other platforms build teleport, tctl, # and tsh. BINARIES=$(BUILDDIR)/teleport $(BUILDDIR)/tctl $(BUILDDIR)/tsh $(BUILDDIR)/tbot -RELEASE_MESSAGE := "Building with GOOS=$(OS) GOARCH=$(ARCH) REPRODUCIBLE=$(REPRODUCIBLE) and $(PAM_MESSAGE) and $(FIPS_MESSAGE) and $(BPF_MESSAGE) and $(ROLETESTER_MESSAGE) and $(RDPCLIENT_MESSAGE) and $(LIBFIDO2_MESSAGE) and $(TOUCHID_MESSAGE)." +RELEASE_MESSAGE := "Building with GOOS=$(OS) GOARCH=$(ARCH) REPRODUCIBLE=$(REPRODUCIBLE) and $(PAM_MESSAGE) and $(FIPS_MESSAGE) and $(BPF_MESSAGE) and $(RDPCLIENT_MESSAGE) and $(LIBFIDO2_MESSAGE) and $(TOUCHID_MESSAGE)." ifeq ("$(OS)","windows") BINARIES=$(BUILDDIR)/tsh endif @@ -227,13 +230,15 @@ all: version # * Manual change detection was broken on a large dependency tree # If you are considering changing this behavior, please consult with dev team first .PHONY: $(BUILDDIR)/tctl -$(BUILDDIR)/tctl: roletester - GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(ROLETESTER_TAG)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) ./tool/tctl +$(BUILDDIR)/tctl: + GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) ./tool/tctl .PHONY: $(BUILDDIR)/teleport $(BUILDDIR)/teleport: ensure-webassets bpf-bytecode rdpclient GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(WEBASSETS_TAG) $(RDPCLIENT_TAG)" -o $(BUILDDIR)/teleport $(BUILDFLAGS) ./tool/teleport +# NOTE: Any changes to the `tsh` build here must be copied to `windows.go` in Dronegen until +# we can use this Makefile for native Windows builds. .PHONY: $(BUILDDIR)/tsh $(BUILDDIR)/tsh: GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG_TSH) go build -tags "$(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(TOUCHID_TAG)" -o $(BUILDDIR)/tsh $(BUILDFLAGS) ./tool/tsh @@ -282,25 +287,10 @@ else bpf-bytecode: endif -# -# tctl role tester -# Requires a recent version of Rust and Cargo installed (tested rustc >= 1.52.1 and cargo >= 1.52.0) -# -ifeq ("$(with_roletester)", "yes") -.PHONY: roletester -roletester: - cargo build -p role_tester --release $(CARGO_TARGET) -else -.PHONY: roletester -roletester: -endif - ifeq ("$(with_rdpclient)", "yes") .PHONY: rdpclient rdpclient: cargo build -p rdp-client --release $(CARGO_TARGET) - cargo install cbindgen - cbindgen --quiet --crate rdp-client --output lib/srv/desktop/rdp/rdpclient/librdprs.h --lang c lib/srv/desktop/rdp/rdpclient/ else .PHONY: rdpclient rdpclient: @@ -489,15 +479,7 @@ $(RENDER_TESTS): $(wildcard $(TOOLINGDIR)/cmd/render-tests/*.go) # Runs all Go/shell tests, called by CI/CD. # .PHONY: test -test: test-helm test-sh test-ci test-api test-go test-rust - -# Runs bot Go tests. -# -.PHONY: test-bot -test-bot: -test-bot: FLAGS ?= -race -shuffle on -test-bot: - cd .github/workflows/robot && go test $(FLAGS) ./... +test: test-helm test-sh test-ci test-api test-go test-rust test-operator $(TEST_LOG_DIR): mkdir $(TEST_LOG_DIR) @@ -520,12 +502,12 @@ test-helm-update-snapshots: # Chaos tests have high concurrency, run without race detector and have TestChaos prefix. # .PHONY: test-go -test-go: ensure-webassets bpf-bytecode roletester rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS) +test-go: ensure-webassets bpf-bytecode rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS) test-go: FLAGS ?= -race -shuffle on -test-go: PACKAGES = $(shell go list ./... | grep -v integration | grep -v tool/tsh) +test-go: PACKAGES = $(shell go list ./... | grep -v -e integration -e tool/tsh -e operator ) test-go: CHAOS_FOLDERS = $(shell find . -type f -name '*chaos*.go' | xargs dirname | uniq) test-go: $(VERSRC) $(TEST_LOG_DIR) - $(CGOFLAG) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(ROLETESTER_TAG) $(RDPCLIENT_TAG) $(TOUCHID_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) \ + $(CGOFLAG) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG) $(TOUCHID_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) \ | tee $(TEST_LOG_DIR)/unit.json \ | ${RENDER_TESTS} # rdpclient and libfido2 don't play well together, so we run libfido2 tests @@ -546,7 +528,7 @@ endif $(CGOFLAG_TSH) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(LIBFIDO2_TEST_TAG) $(TOUCHID_TAG)" github.com/gravitational/teleport/tool/tsh $(FLAGS) $(ADDFLAGS) \ | tee $(TEST_LOG_DIR)/unit.json \ | ${RENDER_TESTS} - $(CGOFLAG) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(ROLETESTER_TAG) $(RDPCLIENT_TAG)" -test.run=TestChaos $(CHAOS_FOLDERS) \ + $(CGOFLAG) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG)" -test.run=TestChaos $(CHAOS_FOLDERS) \ | tee $(TEST_LOG_DIR)/chaos.json \ | ${RENDER_TESTS} @@ -562,11 +544,11 @@ test-ci: $(TEST_LOG_DIR) $(RENDER_TESTS) # UNIT_ROOT_REGEX := ^TestRoot .PHONY: test-go-root -test-go-root: ensure-webassets bpf-bytecode roletester rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS) +test-go-root: ensure-webassets bpf-bytecode rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS) test-go-root: FLAGS ?= -race -shuffle on -test-go-root: PACKAGES = $(shell go list $(ADDFLAGS) ./... | grep -v integration) +test-go-root: PACKAGES = $(shell go list $(ADDFLAGS) ./... | grep -v -e integration -e operator) test-go-root: $(VERSRC) - $(CGOFLAG) go test -json -run "$(UNIT_ROOT_REGEX)" -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(ROLETESTER_TAG) $(RDPCLIENT_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) + $(CGOFLAG) go test -json -run "$(UNIT_ROOT_REGEX)" -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) | tee $(TEST_LOG_DIR)/unit-root.json \ | ${RENDER_TESTS} @@ -578,10 +560,18 @@ test-api: test-api: FLAGS ?= -race -shuffle on test-api: PACKAGES = $(shell cd api && go list ./...) test-api: $(VERSRC) $(TEST_LOG_DIR) $(RENDER_TESTS) - $(CGOFLAG) go test -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(ROLETESTER_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) \ + $(CGOFLAG) go test -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) \ | tee $(TEST_LOG_DIR)/api.json \ | ${RENDER_TESTS} +# +# Runs Teleport Operator tests. +# We have to run them using the makefile to ensure the installation of the k8s test tools (envtest) +# +.PHONY: test-operator +test-operator: + make -C operator test + # # Runs cargo test on our Rust modules. # (a no-op if cargo and rustc are not installed) @@ -620,7 +610,7 @@ integration: FLAGS ?= -v -race integration: PACKAGES = $(shell go list ./... | grep integration) integration: $(TEST_LOG_DIR) $(RENDER_TESTS) @echo KUBECONFIG is: $(KUBECONFIG), TEST_KUBE: $(TEST_KUBE) - $(CGOFLAG) go test -timeout 30m -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(ROLETESTER_TAG) $(RDPCLIENT_TAG)" $(PACKAGES) $(FLAGS) \ + $(CGOFLAG) go test -timeout 30m -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG)" $(PACKAGES) $(FLAGS) \ | tee $(TEST_LOG_DIR)/integration.json \ | $(RENDER_TESTS) -report-by test @@ -643,10 +633,10 @@ integration-root: $(TEST_LOG_DIR) $(RENDER_TESTS) # changes (or last commit). # .PHONY: lint -lint: lint-sh lint-helm lint-api lint-go lint-license lint-rust lint-tools +lint: lint-sh lint-helm lint-api lint-go lint-license lint-rust lint-tools lint-protos .PHONY: lint-tools -lint-tools: lint-build-tooling lint-bot lint-ci-scripts lint-backport +lint-tools: lint-build-tooling lint-ci-scripts lint-backport # # Runs the clippy linter on our rust modules @@ -679,11 +669,6 @@ lint-backport: GO_LINT_FLAGS ?= lint-backport: cd assets/backport && golangci-lint run -c ../../.golangci.yml $(GO_LINT_FLAGS) -.PHONY: lint-bot -lint-bot: GO_LINT_FLAGS ?= -lint-bot: - cd .github/workflows/robot && golangci-lint run -c ../../../.golangci.yml $(GO_LINT_FLAGS) - .PHONY: lint-ci-scripts lint-ci-scripts: GO_LINT_FLAGS ?= lint-ci-scripts: @@ -756,15 +741,15 @@ ADDLICENSE_ARGS := -c 'Gravitational, Inc' -l apache \ -ignore '**/*.yml' \ -ignore '**/Dockerfile' \ -ignore 'api/version.go' \ + -ignore 'docs/pages/includes/**/*.go' \ -ignore 'e/**' \ -ignore 'gitref.go' \ - -ignore 'lib/web/build/**' \ + -ignore 'lib/srv/desktop/rdp/rdpclient/target/**' \ -ignore 'lib/teleterm/api/protogen/**' \ + -ignore 'lib/web/build/**' \ -ignore 'version.go' \ -ignore 'webassets/**' \ - -ignore 'ignoreme' \ - -ignore 'lib/srv/desktop/rdp/rdpclient/target/**' \ - -ignore 'lib/datalog/roletester/target/**' + -ignore 'ignoreme' .PHONY: lint-license lint-license: $(ADDLICENSE) @@ -777,6 +762,14 @@ fix-license: $(ADDLICENSE) $(ADDLICENSE): cd && go install github.com/google/addlicense@v1.0.0 +# This rule updates version files and Helm snapshots based on the Makefile +# VERSION variable. +# +# Used prior to a release by bumping VERSION in this Makefile and then +# running "make update-version". +.PHONY: update-version +update-version: version test-helm-update-snapshots + # This rule triggers re-generation of version files if Makefile changes. .PHONY: version version: $(VERSRC) @@ -784,8 +777,7 @@ version: $(VERSRC) # This rule triggers re-generation of version files specified if Makefile changes. $(VERSRC): Makefile VERSION=$(VERSION) $(MAKE) -f version.mk setver - # Update api module path, but don't fail on error. - $(MAKE) update-api-import-path || true + # "TODO: Enable automatic updating of API import paths using update-api-import-path target once agreed upon the solution". # This rule updates the api module path to be in sync with the current api release version. # e.g. github.com/gravitational/teleport/api/vX -> github.com/gravitational/teleport/api/vY @@ -799,7 +791,7 @@ $(VERSRC): Makefile # Note: any build flags needed to compile go files (such as build tags) should be provided below. .PHONY: update-api-import-path update-api-import-path: - go run build.assets/gomod/update-api-import-path/main.go -tags "bpf fips pam roletester desktop_access_rdp linux" + go run build.assets/gomod/update-api-import-path/main.go -tags "bpf fips pam desktop_access_rdp linux" $(MAKE) grpc # make tag - prints a tag to use with git for the current version @@ -881,75 +873,61 @@ enter-root: enter/centos7: make -C build.assets enter/centos7 +# Interactively enters a Docker container (which you can build and run Teleport Connect inside of). +# Similar to `enter`, but uses the teleterm container. +.PHONY:enter/teleterm +enter/teleterm: + make -C build.assets enter/teleterm + + +BUF := buf + +# protos/all runs build, lint and format on all protos. +# Use `make grpc` to regenerate protos inside buildbox. +.PHONY: protos/all +protos/all: protos/build protos/lint protos/format + +.PHONY: protos/build +protos/build: buf/installed + $(BUF) build + cd lib/teleterm && $(BUF) build + +.PHONY: protos/format +protos/format: buf/installed + $(BUF) format -w + cd lib/teleterm && $(BUF) format -w + +.PHONY: protos/lint +protos/lint: buf/installed + $(BUF) lint + cd api/proto && $(BUF) lint --config=buf-legacy.yaml + cd lib/teleterm && $(BUF) lint + +.PHONY: lint-protos +lint-protos: protos/lint + +.PHONY: buf/installed +buf/installed: + @if ! type -p $(BUF) >/dev/null; then \ + echo 'Buf is required to build/format/lint protos. Follow https://docs.buf.build/installation.'; \ + exit 1; \ + fi + # grpc generates GRPC stubs from service definitions. # This target runs in the buildbox container. .PHONY: grpc grpc: $(MAKE) -C build.assets grpc +# grpc/host generates GRPC stubs. +# Unlike grpc, this target runs locally. +.PHONY: grpc/host +grpc/host: protos/all + @build.assets/genproto.sh + print/env: env -# buildbox-grpc generates GRPC stubs -.PHONY: buildbox-grpc -buildbox-grpc: API_IMPORT_PATH := $(shell head -1 api/go.mod | awk '{print $$2}') -# Proto file dependencies within the api module must be passed with the 'M' -# flag. This way protoc generated files will use the correct api module import -# path in the case where the import path has a version suffix, e.g. -# "github.com/gravitational/teleport/api/v8". -buildbox-grpc: GOGOPROTO_IMPORTMAP := $\ - Mgithub.com/gravitational/teleport/api/types/events/events.proto=$(API_IMPORT_PATH)/types/events,$\ - Mgithub.com/gravitational/teleport/api/types/types.proto=$(API_IMPORT_PATH)/types,$\ - Mgithub.com/gravitational/teleport/api/types/webauthn/webauthn.proto=$(API_IMPORT_PATH)/types/webauthn,$\ - Mgithub.com/gravitational/teleport/api/types/wrappers/wrappers.proto=$(API_IMPORT_PATH)/types/wrappers,$\ - Mignoreme=ignoreme -buildbox-grpc: - @echo "PROTO_INCLUDE = $$PROTO_INCLUDE" - $(CLANG_FORMAT) -i -style=$(CLANG_FORMAT_STYLE) \ - api/client/proto/authservice.proto \ - api/client/proto/certs.proto \ - api/client/proto/joinservice.proto \ - api/client/proto/proxyservice.proto \ - api/types/events/events.proto \ - api/types/types.proto \ - api/types/webauthn/webauthn.proto \ - api/types/wrappers/wrappers.proto \ - lib/datalog/types.proto \ - lib/multiplexer/test/ping.proto \ - lib/web/envelope.proto - - cd api/client/proto && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - authservice.proto certs.proto joinservice.proto proxyservice.proto - - cd api/types/events && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - events.proto - - cd api/types && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - types.proto - - cd api/types/webauthn && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - webauthn.proto - - cd api/types/wrappers && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - wrappers.proto - - cd lib/datalog && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - types.proto - - cd lib/multiplexer/test && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - ping.proto - - cd lib/web && protoc -I=.:$$PROTO_INCLUDE \ - --gogofast_out=plugins=grpc,$(GOGOPROTO_IMPORTMAP):. \ - envelope.proto - # grpc-teleterm generates Go, TypeScript and JavaScript gRPC stubs from definitions for Teleport # Terminal. This target runs in the buildbox-teleterm container. # @@ -963,13 +941,11 @@ buildbox-grpc: grpc-teleterm: $(MAKE) -C build.assets grpc-teleterm -# buildbox-grpc generates GRPC stubs -.PHONY: buildbox-grpc-teleterm -buildbox-grpc-teleterm: - $(CLANG_FORMAT) -i -style=$(CLANG_FORMAT_STYLE) \ - lib/teleterm/api/proto/**/*.proto - - cd lib/teleterm && buf generate +# grpc-teleterm/host generates GRPC stubs. +# Unlike grpc-teleterm, this target runs locally. +.PHONY: grpc-teleterm/host +grpc-teleterm/host: protos/all + cd lib/teleterm && $(BUF) generate .PHONY: goinstall goinstall: @@ -993,14 +969,20 @@ install: build .PHONY: image image: clean docker-binaries cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE):$(VERSION) + cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_QUAY):$(VERSION) if [ -f e/Makefile ]; then $(MAKE) -C e image; fi .PHONY: publish publish: image - docker push $(DOCKER_IMAGE):$(VERSION) + docker push $(DOCKER_IMAGE_QUAY):$(VERSION) if [ -f e/Makefile ]; then $(MAKE) -C e publish; fi +.PHONY: publish-ecr +publish-ecr: image + docker tag $(DOCKER_IMAGE_QUAY) $(DOCKER_IMAGE_ECR) + docker push $(DOCKER_IMAGE_ECR):$(VERSION) + if [ -f e/Makefile ]; then $(MAKE) -C e publish-ecr; fi + # Docker image build in CI. # This is run to build and push Docker images to a private repository as part of the build process. # When we are ready to make the images public after testing (i.e. when publishing a release), we pull these @@ -1009,14 +991,42 @@ publish: image .PHONY: image-ci image-ci: clean docker-binaries cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_CI):$(VERSION) + cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_STAGING):$(VERSION) if [ -f e/Makefile ]; then $(MAKE) -C e image-ci; fi + +# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images. +# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features +# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently. +# This can cause issues when drone tagging pipelines must be re-run due to failures. +# Currently the work around for this is to not attempt to push to the image when it already exists. .PHONY: publish-ci publish-ci: image-ci - docker push $(DOCKER_IMAGE_CI):$(VERSION) + @if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_STAGING):$(VERSION)" >/dev/null 2>&1; then\ + echo "$(DOCKER_IMAGE_STAGING):$(VERSION) already exists. "; \ + else \ + docker push "$(DOCKER_IMAGE_STAGING):$(VERSION)"; \ + fi if [ -f e/Makefile ]; then $(MAKE) -C e publish-ci; fi +# Docker image build for Teleport Operator +.PHONY: image-operator-ci +image-operator-ci: + make -C operator docker-build IMG="$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)" + +# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images. +# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features +# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently. +# This can cause issues when drone tagging pipelines must be re-run due to failures. +# Currently the work around for this is to not attempt to push to the image when it already exists. +.PHONY: publish-operator-ci +publish-operator-ci: image-operator-ci + @if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)" >/dev/null 2>&1; then \ + echo "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION) already exists. "; \ + else \ + docker push "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)"; \ + fi + .PHONY: print-version print-version: @echo $(VERSION) @@ -1039,7 +1049,7 @@ endif .PHONY: pkg pkg: mkdir -p $(BUILDDIR)/ - cp ./build.assets/build-package.sh $(BUILDDIR)/ + cp ./build.assets/build-package.sh ./build.assets/build-common.sh $(BUILDDIR)/ chmod +x $(BUILDDIR)/build-package.sh # arch and runtime are currently ignored on OS X # we pass them through for consistency - they will be dropped by the build script @@ -1057,7 +1067,7 @@ pkg-tsh: .PHONY: rpm rpm: mkdir -p $(BUILDDIR)/ - cp ./build.assets/build-package.sh $(BUILDDIR)/ + cp ./build.assets/build-package.sh ./build.assets/build-common.sh $(BUILDDIR)/ chmod +x $(BUILDDIR)/build-package.sh cp -a ./build.assets/rpm $(BUILDDIR)/ cp -a ./build.assets/rpm-sign $(BUILDDIR)/ @@ -1073,20 +1083,15 @@ rpm-unsigned: .PHONY: deb deb: mkdir -p $(BUILDDIR)/ - cp ./build.assets/build-package.sh $(BUILDDIR)/ + cp ./build.assets/build-package.sh ./build.assets/build-common.sh $(BUILDDIR)/ chmod +x $(BUILDDIR)/build-package.sh cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p deb -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION) if [ -f e/Makefile ]; then $(MAKE) -C e deb; fi -# update Helm chart versions -# this isn't a 'proper' semver regex but should cover most cases -# the order of parameters in sed's extended regex mode matters; the -# dash (-) must be the last character for this to work as expected -.PHONY: update-helm-charts -update-helm-charts: - sed -i -E "s/^ tag: [a-z0-9.-]+$$/ tag: $(VERSION)/" examples/chart/teleport/values.yaml - sed -i -E "s/^ tag: [a-z0-9.-]+$$/ tag: $(VERSION)/" examples/chart/teleport-auto-trustedcluster/values.yaml - sed -i -E "s/^ tag: [a-z0-9.-]+$$/ tag: $(VERSION)/" examples/chart/teleport-daemonset/values.yaml +# check binary compatibility with different OSes +.PHONY: test-compat +test-compat: + ./build.assets/build-test-compat.sh .PHONY: ensure-webassets ensure-webassets: @@ -1124,6 +1129,13 @@ update-webassets: build.assets/webapps/update-teleport-webassets.sh -w $(WEBAPPS_BRANCH) -t $(TELEPORT_BRANCH) # dronegen generates .drone.yml config +# +# Usage: +# - install github.com/gravitational/tdr +# - set $DRONE_TOKEN and $DRONE_SERVER (https://drone.platform.teleport.sh) +# - tsh login --proxy=platform.teleport.sh +# - tsh app login drone +# - make dronegen .PHONY: dronegen dronegen: go run ./dronegen diff --git a/README.md b/README.md index 21c3ea51b6b2a..06ecf3ebd0559 100644 --- a/README.md +++ b/README.md @@ -112,9 +112,9 @@ In a production environment, Teleport must run as `root`. For testing or non-pro If you wish to deploy Teleport inside a Docker container: ``` # This command will pull the Teleport container image for version 8 -$ docker pull quay.io/gravitational/teleport:8 +docker pull public.ecr.aws/gravitational/teleport:8 ``` -View latest tags on [Quay.io | gravitational/teleport](https://quay.io/repository/gravitational/teleport?tab=tags) +View latest tags on [Amazon ECR Public | gravitational/teleport](https://gallery.ecr.aws/gravitational/teleport) ### For Local Testing and Development @@ -126,11 +126,11 @@ The `teleport` repository contains the Teleport daemon binary (written in Go) and a web UI written in Javascript (a git submodule located in the `webassets/` directory). -If your intention is to build and deploy for use in a production infrastructure -a released tag should be used. The default branch, `master`, is the current -development branch for an upcoming major version. Get the latest release tags -listed at https://goteleport.com/download/ and then use that tag in the `git clone`. -For example `git clone https://github.com/gravitational/teleport.git -b v9.1.2` gets release v9.1.2. +If your intention is to build and deploy for use in a production infrastructure +a released tag should be used. The default branch, `master`, is the current +development branch for an upcoming major version. Get the latest release tags +listed at https://goteleport.com/download/ and then use that tag in the `git clone`. +For example `git clone https://github.com/gravitational/teleport.git -b v9.1.2` gets release v9.1.2. ### Dockerized Build @@ -145,7 +145,7 @@ $ make -C build.assets build-binaries ### Local Build To perform a build on your host, ensure you have installed Go. In order to -include the Rust-powered features like Desktop Access and `roletester`, you'll +include the Rust-powered features like Desktop Access, you'll also need `cargo` and `rustc`. The current versions of these tools can be found in `build.assets/Makefile`. diff --git a/api/client/client.go b/api/client/client.go index cd6c48aa1f893..ec819165ff86a 100644 --- a/api/client/client.go +++ b/api/client/client.go @@ -38,7 +38,6 @@ import ( "github.com/gravitational/teleport/api/types/events" "github.com/gravitational/teleport/api/utils" - "github.com/golang/protobuf/ptypes/empty" "github.com/gravitational/trace" "github.com/gravitational/trace/trail" "github.com/jonboulle/clockwork" @@ -49,6 +48,7 @@ import ( "google.golang.org/grpc/credentials" ggzip "google.golang.org/grpc/encoding/gzip" "google.golang.org/grpc/keepalive" + "google.golang.org/protobuf/types/known/emptypb" ) func init() { @@ -262,18 +262,22 @@ func connect(ctx context.Context, cfg Config) (*Client, error) { }() var errs []error - for errChan != nil { +Outer: + for { select { // Use the first client to successfully connect in syncConnect. case clt := <-cltChan: + go func() { + for range errChan { + } + }() return clt, nil case err, ok := <-errChan: - if ok { - // Add a new line to make errs human readable. - errs = append(errs, trace.Wrap(err, "")) - continue + if !ok { + break Outer } - errChan = nil + // Add a new line to make errs human readable. + errs = append(errs, trace.Wrap(err, "")) } } @@ -305,7 +309,7 @@ type ( // authConnect connects to the Teleport Auth Server directly. func authConnect(ctx context.Context, params connectParams) (*Client, error) { - dialer := NewDialer(params.cfg.KeepAlivePeriod, params.cfg.DialTimeout) + dialer := NewDialer(ctx, params.cfg.KeepAlivePeriod, params.cfg.DialTimeout) clt := newClient(params.cfg, dialer, params.tlsConfig) if err := clt.dialGRPC(ctx, params.addr); err != nil { return nil, trace.Wrap(err, "failed to connect to addr %v as an auth server", params.addr) @@ -644,13 +648,29 @@ func (c *Client) GetUser(name string, withSecrets bool) (types.User, error) { // GetCurrentUser returns current user as seen by the server. // Useful especially in the context of remote clusters which perform role and trait mapping. func (c *Client) GetCurrentUser(ctx context.Context) (types.User, error) { - currentUser, err := c.grpc.GetCurrentUser(ctx, &empty.Empty{}) + currentUser, err := c.grpc.GetCurrentUser(ctx, &emptypb.Empty{}) if err != nil { return nil, trail.FromGRPC(err) } return currentUser, nil } +// GetCurrentUserRoles returns current user's roles. +func (c *Client) GetCurrentUserRoles(ctx context.Context) ([]types.Role, error) { + stream, err := c.grpc.GetCurrentUserRoles(ctx, &emptypb.Empty{}) + if err != nil { + return nil, trail.FromGRPC(err) + } + var roles []types.Role + for role, err := stream.Recv(); err != io.EOF; role, err = stream.Recv() { + if err != nil { + return nil, trail.FromGRPC(err) + } + roles = append(roles, role) + } + return roles, nil +} + // GetUsers returns a list of users. // withSecrets controls whether authentication details are returned. func (c *Client) GetUsers(withSecrets bool) ([]types.User, error) { @@ -700,6 +720,16 @@ func (c *Client) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequ return certs, nil } +// UnstableAssertSystemRole is not a stable part of the public API. Used by older +// instances to prove that they hold a given system role. +// +// DELETE IN: 11.0 (server side method should continue to exist until 12.0 for back-compat reasons, +// but v11 clients should no longer need this method) +func (c *Client) UnstableAssertSystemRole(ctx context.Context, req proto.UnstableSystemRoleAssertion) error { + _, err := c.grpc.UnstableAssertSystemRole(ctx, &req, c.callOpts...) + return trail.FromGRPC(err) +} + // EmitAuditEvent sends an auditable event to the auth server. func (c *Client) EmitAuditEvent(ctx context.Context, event events.AuditEvent) error { grpcEvent, err := events.ToOneOf(event) @@ -1198,7 +1228,7 @@ func (c *Client) GetAppSession(ctx context.Context, req types.GetAppSessionReque // GetAppSessions gets all application web sessions. func (c *Client) GetAppSessions(ctx context.Context) ([]types.WebSession, error) { - resp, err := c.grpc.GetAppSessions(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetAppSessions(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -1212,7 +1242,7 @@ func (c *Client) GetAppSessions(ctx context.Context) ([]types.WebSession, error) // GetSnowflakeSessions gets all Snowflake web sessions. func (c *Client) GetSnowflakeSessions(ctx context.Context) ([]types.WebSession, error) { - resp, err := c.grpc.GetSnowflakeSessions(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetSnowflakeSessions(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -1284,13 +1314,13 @@ func (c *Client) DeleteSnowflakeSession(ctx context.Context, req types.DeleteSno // DeleteAllAppSessions removes all application web sessions. func (c *Client) DeleteAllAppSessions(ctx context.Context) error { - _, err := c.grpc.DeleteAllAppSessions(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllAppSessions(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } // DeleteAllSnowflakeSessions removes all Snowflake web sessions. func (c *Client) DeleteAllSnowflakeSessions(ctx context.Context) error { - _, err := c.grpc.DeleteAllAppSessions(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllAppSessions(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } @@ -1464,7 +1494,7 @@ func (c *Client) GetRole(ctx context.Context, name string) (types.Role, error) { // GetRoles returns a list of roles func (c *Client) GetRoles(ctx context.Context) ([]types.Role, error) { - resp, err := c.grpc.GetRoles(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetRoles(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -1775,7 +1805,7 @@ func (c *Client) GetTrustedCluster(ctx context.Context, name string) (types.Trus // GetTrustedClusters returns a list of Trusted Clusters. func (c *Client) GetTrustedClusters(ctx context.Context) ([]types.TrustedCluster, error) { - resp, err := c.grpc.GetTrustedClusters(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetTrustedClusters(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -1822,7 +1852,7 @@ func (c *Client) GetToken(ctx context.Context, name string) (types.ProvisionToke // GetTokens returns a list of active provision tokens for nodes and users. func (c *Client) GetTokens(ctx context.Context) ([]types.ProvisionToken, error) { - resp, err := c.grpc.GetTokens(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetTokens(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -1844,12 +1874,25 @@ func (c *Client) UpsertToken(ctx context.Context, token types.ProvisionToken) er return trail.FromGRPC(err) } +// CreateToken creates a provision token. +func (c *Client) CreateToken(ctx context.Context, token types.ProvisionToken) error { + tokenV2, ok := token.(*types.ProvisionTokenV2) + if !ok { + return trace.BadParameter("invalid type %T", token) + } + _, err := c.grpc.CreateToken(ctx, tokenV2, c.callOpts...) + return trail.FromGRPC(err) +} + // GenerateToken generates a new auth token for the given service roles. // This token can be used by corresponding services to authenticate with // the Auth server and get a signed certificate and private key. func (c *Client) GenerateToken(ctx context.Context, req *proto.GenerateTokenRequest) (string, error) { resp, err := c.grpc.GenerateToken(ctx, req, c.callOpts...) - return resp.Token, trail.FromGRPC(err) + if err != nil { + return "", trail.FromGRPC(err) + } + return resp.Token, nil } // DeleteToken deletes a provision token by name. @@ -2038,7 +2081,7 @@ func (c *Client) SearchSessionEvents(ctx context.Context, fromUTC time.Time, toU // GetClusterNetworkingConfig gets cluster networking configuration. func (c *Client) GetClusterNetworkingConfig(ctx context.Context) (types.ClusterNetworkingConfig, error) { - resp, err := c.grpc.GetClusterNetworkingConfig(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetClusterNetworkingConfig(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2057,13 +2100,13 @@ func (c *Client) SetClusterNetworkingConfig(ctx context.Context, netConfig types // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. func (c *Client) ResetClusterNetworkingConfig(ctx context.Context) error { - _, err := c.grpc.ResetClusterNetworkingConfig(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.ResetClusterNetworkingConfig(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } // GetSessionRecordingConfig gets session recording configuration. func (c *Client) GetSessionRecordingConfig(ctx context.Context) (types.SessionRecordingConfig, error) { - resp, err := c.grpc.GetSessionRecordingConfig(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetSessionRecordingConfig(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2082,13 +2125,13 @@ func (c *Client) SetSessionRecordingConfig(ctx context.Context, recConfig types. // ResetSessionRecordingConfig resets session recording configuration to defaults. func (c *Client) ResetSessionRecordingConfig(ctx context.Context) error { - _, err := c.grpc.ResetSessionRecordingConfig(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.ResetSessionRecordingConfig(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } // GetAuthPreference gets cluster auth preference. func (c *Client) GetAuthPreference(ctx context.Context) (types.AuthPreference, error) { - resp, err := c.grpc.GetAuthPreference(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetAuthPreference(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2107,19 +2150,63 @@ func (c *Client) SetAuthPreference(ctx context.Context, authPref types.AuthPrefe // ResetAuthPreference resets cluster auth preference to defaults. func (c *Client) ResetAuthPreference(ctx context.Context) error { - _, err := c.grpc.ResetAuthPreference(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.ResetAuthPreference(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } // GetClusterAuditConfig gets cluster audit configuration. func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditConfig, error) { - resp, err := c.grpc.GetClusterAuditConfig(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetClusterAuditConfig(ctx, &emptypb.Empty{}, c.callOpts...) + if err != nil { + return nil, trail.FromGRPC(err) + } + return resp, nil +} + +// GetInstaller gets all installer script resources +func (c *Client) GetInstallers(ctx context.Context) ([]types.Installer, error) { + resp, err := c.grpc.GetInstallers(ctx, &emptypb.Empty{}, c.callOpts...) + if err != nil { + return nil, trail.FromGRPC(err) + } + installers := make([]types.Installer, len(resp.Installers)) + for i, inst := range resp.Installers { + installers[i] = inst + } + return installers, nil +} + +// GetInstaller gets the cluster installer resource +func (c *Client) GetInstaller(ctx context.Context, name string) (types.Installer, error) { + resp, err := c.grpc.GetInstaller(ctx, &types.ResourceRequest{Name: name}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } return resp, nil } +// SetInstaller sets the cluster installer resource +func (c *Client) SetInstaller(ctx context.Context, inst types.Installer) error { + instV1, ok := inst.(*types.InstallerV1) + if !ok { + return trace.BadParameter("invalid type %T", inst) + } + _, err := c.grpc.SetInstaller(ctx, instV1, c.callOpts...) + return trail.FromGRPC(err) +} + +// DeleteInstaller deletes the cluster installer resource +func (c *Client) DeleteInstaller(ctx context.Context, name string) error { + _, err := c.grpc.DeleteInstaller(ctx, &types.ResourceRequest{Name: name}, c.callOpts...) + return trail.FromGRPC(err) +} + +// DeleteAllInstallers deletes all the installer resources. +func (c *Client) DeleteAllInstallers(ctx context.Context) error { + _, err := c.grpc.DeleteAllInstallers(ctx, &emptypb.Empty{}, c.callOpts...) + return trail.FromGRPC(err) +} + // GetLock gets a lock by name. func (c *Client) GetLock(ctx context.Context, name string) (types.Lock, error) { if name == "" { @@ -2193,7 +2280,7 @@ func (c *Client) ReplaceRemoteLocks(ctx context.Context, clusterName string, loc // GetNetworkRestrictions retrieves the network restrictions func (c *Client) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error) { - nr, err := c.grpc.GetNetworkRestrictions(ctx, &empty.Empty{}, c.callOpts...) + nr, err := c.grpc.GetNetworkRestrictions(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2215,7 +2302,7 @@ func (c *Client) SetNetworkRestrictions(ctx context.Context, nr types.NetworkRes // DeleteNetworkRestrictions deletes the network restrictions func (c *Client) DeleteNetworkRestrictions(ctx context.Context) error { - _, err := c.grpc.DeleteNetworkRestrictions(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteNetworkRestrictions(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return trail.FromGRPC(err) } @@ -2256,7 +2343,7 @@ func (c *Client) GetApp(ctx context.Context, name string) (types.Application, er // GetApps returns all application resources. func (c *Client) GetApps(ctx context.Context) ([]types.Application, error) { - items, err := c.grpc.GetApps(ctx, &empty.Empty{}, c.callOpts...) + items, err := c.grpc.GetApps(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2275,7 +2362,7 @@ func (c *Client) DeleteApp(ctx context.Context, name string) error { // DeleteAllApps deletes all application resources. func (c *Client) DeleteAllApps(ctx context.Context) error { - _, err := c.grpc.DeleteAllApps(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllApps(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } @@ -2313,7 +2400,7 @@ func (c *Client) GetDatabase(ctx context.Context, name string) (types.Database, // GetDatabases returns all database resources. func (c *Client) GetDatabases(ctx context.Context) ([]types.Database, error) { - items, err := c.grpc.GetDatabases(ctx, &empty.Empty{}, c.callOpts...) + items, err := c.grpc.GetDatabases(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2332,13 +2419,13 @@ func (c *Client) DeleteDatabase(ctx context.Context, name string) error { // DeleteAllDatabases deletes all database resources. func (c *Client) DeleteAllDatabases(ctx context.Context) error { - _, err := c.grpc.DeleteAllDatabases(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllDatabases(ctx, &emptypb.Empty{}, c.callOpts...) return trail.FromGRPC(err) } // GetWindowsDesktopServices returns all registered windows desktop services. func (c *Client) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error) { - resp, err := c.grpc.GetWindowsDesktopServices(ctx, &empty.Empty{}, c.callOpts...) + resp, err := c.grpc.GetWindowsDesktopServices(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2384,7 +2471,7 @@ func (c *Client) DeleteWindowsDesktopService(ctx context.Context, name string) e // DeleteAllWindowsDesktopServices removes all registered windows desktop services. func (c *Client) DeleteAllWindowsDesktopServices(ctx context.Context) error { - _, err := c.grpc.DeleteAllWindowsDesktopServices(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllWindowsDesktopServices(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return trail.FromGRPC(err) } @@ -2451,7 +2538,7 @@ func (c *Client) DeleteWindowsDesktop(ctx context.Context, hostID, name string) // DeleteAllWindowsDesktops removes all registered windows desktop hosts. func (c *Client) DeleteAllWindowsDesktops(ctx context.Context) error { - _, err := c.grpc.DeleteAllWindowsDesktops(ctx, &empty.Empty{}, c.callOpts...) + _, err := c.grpc.DeleteAllWindowsDesktops(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return trail.FromGRPC(err) } @@ -2570,6 +2657,8 @@ func (c *Client) ListResources(ctx context.Context, req proto.ListResourcesReque resources[i] = respResource.GetKubeService() case types.KindWindowsDesktop: resources[i] = respResource.GetWindowsDesktop() + case types.KindWindowsDesktopService: + resources[i] = respResource.GetWindowsDesktopService() case types.KindKubernetesCluster: resources[i] = respResource.GetKubeCluster() default: @@ -2674,12 +2763,15 @@ func (c *Client) CreateSessionTracker(ctx context.Context, st types.SessionTrack func (c *Client) GetSessionTracker(ctx context.Context, sessionID string) (types.SessionTracker, error) { req := &proto.GetSessionTrackerRequest{SessionID: sessionID} resp, err := c.grpc.GetSessionTracker(ctx, req, c.callOpts...) - return resp, trail.FromGRPC(err) + if err != nil { + return nil, trail.FromGRPC(err) + } + return resp, nil } // GetActiveSessionTrackers returns a list of active session trackers. func (c *Client) GetActiveSessionTrackers(ctx context.Context) ([]types.SessionTracker, error) { - stream, err := c.grpc.GetActiveSessionTrackers(ctx, &empty.Empty{}, c.callOpts...) + stream, err := c.grpc.GetActiveSessionTrackers(ctx, &emptypb.Empty{}, c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -2721,7 +2813,7 @@ func (c *Client) MaintainSessionPresence(ctx context.Context) (proto.AuthService // GetDomainName returns local auth domain of the current auth server func (c *Client) GetDomainName(ctx context.Context) (string, error) { - resp, err := c.grpc.GetDomainName(ctx, &empty.Empty{}) + resp, err := c.grpc.GetDomainName(ctx, &emptypb.Empty{}) if err != nil { return "", trail.FromGRPC(err) } @@ -2731,9 +2823,69 @@ func (c *Client) GetDomainName(ctx context.Context) (string, error) { // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster. If // the cluster has multiple TLS certs, they will all be concatenated. func (c *Client) GetClusterCACert(ctx context.Context) (*proto.GetClusterCACertResponse, error) { - resp, err := c.grpc.GetClusterCACert(ctx, &empty.Empty{}) + resp, err := c.grpc.GetClusterCACert(ctx, &emptypb.Empty{}) if err != nil { return nil, trail.FromGRPC(err) } return resp, nil } + +// GetConnectionDiagnostic reads a connection diagnostic +func (c *Client) GetConnectionDiagnostic(ctx context.Context, name string) (types.ConnectionDiagnostic, error) { + req := &proto.GetConnectionDiagnosticRequest{ + Name: name, + } + res, err := c.grpc.GetConnectionDiagnostic(ctx, req, c.callOpts...) + return res, trail.FromGRPC(err) +} + +// CreateConnectionDiagnostic creates a new connection diagnostic. +func (c *Client) CreateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error { + connectionDiagnosticV1, ok := connectionDiagnostic.(*types.ConnectionDiagnosticV1) + if !ok { + return trace.BadParameter("invalid type %T", connectionDiagnostic) + } + _, err := c.grpc.CreateConnectionDiagnostic(ctx, connectionDiagnosticV1, c.callOpts...) + return trail.FromGRPC(err) +} + +// UpdateConnectionDiagnostic updates a connection diagnostic. +func (c *Client) UpdateConnectionDiagnostic(ctx context.Context, connectionDiagnostic types.ConnectionDiagnostic) error { + connectionDiagnosticV1, ok := connectionDiagnostic.(*types.ConnectionDiagnosticV1) + if !ok { + return trace.BadParameter("invalid type %T", connectionDiagnostic) + } + _, err := c.grpc.UpdateConnectionDiagnostic(ctx, connectionDiagnosticV1, c.callOpts...) + return trail.FromGRPC(err) +} + +// AppendDiagnosticTrace adds a new trace for the given ConnectionDiagnostic. +func (c *Client) AppendDiagnosticTrace(ctx context.Context, name string, t *types.ConnectionDiagnosticTrace) (types.ConnectionDiagnostic, error) { + req := &proto.AppendDiagnosticTraceRequest{ + Name: name, + Trace: t, + } + connectionDiagnostic, err := c.grpc.AppendDiagnosticTrace(ctx, req, c.callOpts...) + if err != nil { + return nil, trace.Wrap(err) + } + + return connectionDiagnostic, nil +} + +// GetClusterAlerts loads matching cluster alerts. +func (c *Client) GetClusterAlerts(ctx context.Context, query types.GetClusterAlertsRequest) ([]types.ClusterAlert, error) { + rsp, err := c.grpc.GetClusterAlerts(ctx, &query, c.callOpts...) + if err != nil { + return nil, trail.FromGRPC(err) + } + return rsp.Alerts, nil +} + +// UpsertClusterAlert creates a cluster alert. +func (c *Client) UpsertClusterAlert(ctx context.Context, alert types.ClusterAlert) error { + _, err := c.grpc.UpsertClusterAlert(ctx, &proto.UpsertClusterAlertRequest{ + Alert: alert, + }, c.callOpts...) + return trail.FromGRPC(err) +} diff --git a/api/client/client_test.go b/api/client/client_test.go index 32e30969d4771..d4c19d0f2745b 100644 --- a/api/client/client_test.go +++ b/api/client/client_test.go @@ -28,7 +28,6 @@ import ( "github.com/gravitational/teleport/api/defaults" "github.com/gravitational/teleport/api/types" - "github.com/golang/protobuf/ptypes/empty" "github.com/google/go-cmp/cmp" "github.com/gravitational/trace" "github.com/gravitational/trace/trail" @@ -38,6 +37,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/emptypb" ) // mockServer mocks an Auth Server. @@ -648,9 +648,9 @@ func (m *mockOIDCConnectorServer) GetOIDCConnectors(ctx context.Context, req *ty }, nil } -func (m *mockOIDCConnectorServer) UpsertOIDCConnector(ctx context.Context, oidcConnector *types.OIDCConnectorV3) (*empty.Empty, error) { +func (m *mockOIDCConnectorServer) UpsertOIDCConnector(ctx context.Context, oidcConnector *types.OIDCConnectorV3) (*emptypb.Empty, error) { m.connectors[oidcConnector.Metadata.Name] = oidcConnector - return &empty.Empty{}, nil + return &emptypb.Empty{}, nil } // Test that client will perform properly with an old server diff --git a/api/client/contextdialer.go b/api/client/contextdialer.go index 0fae13ae726da..f738a80c74552 100644 --- a/api/client/contextdialer.go +++ b/api/client/contextdialer.go @@ -22,9 +22,12 @@ import ( "net" "time" + oteltrace "go.opentelemetry.io/otel/trace" + "github.com/gravitational/teleport/api/client/proxy" "github.com/gravitational/teleport/api/client/webclient" "github.com/gravitational/teleport/api/constants" + "github.com/gravitational/teleport/api/observability/tracing" tracessh "github.com/gravitational/teleport/api/observability/tracing/ssh" "github.com/gravitational/teleport/api/utils/sshutils" @@ -54,13 +57,33 @@ func newDirectDialer(keepAlivePeriod, dialTimeout time.Duration) ContextDialer { } } +// tracedDialer ensures that the provided ContextDialerFunc is given a context +// which contains tracing information. In the event that a grpc dial occurs without +// a grpc.WithBlock dialing option, the context provided to the dial function will +// be context.Background(), which doesn't contain any tracing information. To get around +// this limitation, any tracing context from the provided context.Context will be extracted +// and used instead. +func tracedDialer(ctx context.Context, fn ContextDialerFunc) ContextDialerFunc { + return func(dialCtx context.Context, network, addr string) (net.Conn, error) { + traceCtx := dialCtx + if spanCtx := oteltrace.SpanContextFromContext(dialCtx); !spanCtx.IsValid() { + traceCtx = oteltrace.ContextWithSpanContext(traceCtx, oteltrace.SpanContextFromContext(ctx)) + } + + traceCtx, span := tracing.DefaultProvider().Tracer("dialer").Start(traceCtx, "client/DirectDial") + defer span.End() + + return fn(traceCtx, network, addr) + } +} + // NewDialer makes a new dialer that connects to an Auth server either directly or via an HTTP proxy, depending // on the environment. -func NewDialer(keepAlivePeriod, dialTimeout time.Duration) ContextDialer { - return ContextDialerFunc(func(ctx context.Context, network, addr string) (net.Conn, error) { +func NewDialer(ctx context.Context, keepAlivePeriod, dialTimeout time.Duration) ContextDialer { + return tracedDialer(ctx, func(ctx context.Context, network, addr string) (net.Conn, error) { dialer := newDirectDialer(keepAlivePeriod, dialTimeout) - if proxyAddr := proxy.GetProxyAddress(addr); proxyAddr != nil { - return DialProxyWithDialer(ctx, proxyAddr.Host, addr, dialer) + if proxyURL := proxy.GetProxyURL(addr); proxyURL != nil { + return DialProxyWithDialer(ctx, proxyURL, addr, dialer) } return dialer.DialContext(ctx, network, addr) }) diff --git a/api/client/credentials_test.go b/api/client/credentials_test.go index 7985d9a4b4a5a..1f6b6dea31989 100644 --- a/api/client/credentials_test.go +++ b/api/client/credentials_test.go @@ -28,6 +28,7 @@ import ( "github.com/gravitational/teleport/api/identityfile" "github.com/gravitational/teleport/api/profile" + "github.com/gravitational/teleport/api/utils/keys" "github.com/gravitational/teleport/api/utils/sshutils" "github.com/stretchr/testify/require" @@ -234,6 +235,7 @@ func writeProfile(t *testing.T, p *profile.Profile) { require.NoError(t, os.WriteFile(p.KnownHostsPath(), sshCACert, 0600)) require.NoError(t, os.MkdirAll(p.SSHDir(), 0700)) require.NoError(t, os.WriteFile(p.SSHCertPath(), sshCert, 0600)) + require.NoError(t, os.WriteFile(p.PPKFilePath(), ppkFile, 0600)) } func getExpectedTLSConfig(t *testing.T) *tls.Config { @@ -250,7 +252,13 @@ func getExpectedTLSConfig(t *testing.T) *tls.Config { } func getExpectedSSHConfig(t *testing.T) *ssh.ClientConfig { - config, err := sshutils.ProxyClientSSHConfig(sshCert, keyPEM, [][]byte{sshCACert}) + cert, err := sshutils.ParseCertificate(sshCert) + require.NoError(t, err) + + priv, err := keys.ParsePrivateKey(keyPEM) + require.NoError(t, err) + + config, err := sshutils.ProxyClientSSHConfig(cert, priv, sshCACert) require.NoError(t, err) return config @@ -347,4 +355,31 @@ Na6B0YR7mdrrL+lyzymnOr6UOrT5nUWRAB1QeY7dhBNnsvoZwaS3VLSc1KCk sshCert = []byte("ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg8C10PShw+GxCadSlC4nFURIAyvDtgWRvHPabpL5wzDQAAAADAQABAAABAQDORRWgniufZcCLYcl4EgjGWx0w8bMuugm5v14cBWykC54MktKCpB24dOiDTVH0wABGhZTBtAs3QMhskUrvRSvARNdu5ERwbOoW9aU4Mtn+kxZBaP4eFk1luBkEojvAJewNrbkY3N5gJ5O9avpL6UGEu7Z5IZhQmBPIysTLZWBt/ceJEOm7ZZez/cyOl2b+UUa5c6gA7sGaRHC2FYtE4yE6j28d6w2U+JfhJrJYWqBvsROVbvhmFy5b8AfRP2pnzdWfSqbODm+iccbHvZI3jIq/ZsIjZAVlcoR/yxEwwPV2urE0Nnu+TGDO8lyS2DpgSleINe+kH9U9cnu2vxoJ+LdlAAAAAAAAAAAAAAABAAAADGFjY2Vzcy1hZG1pbgAAABAAAAAMYWNjZXNzLWFkbWluAAAAAGAtfCkAAAAAYC4lJQAAAAAAAACdAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnRlbGVwb3J0LXJvbGVzAAAALQAAACl7InZlcnNpb24iOiJ2MSIsInJvbGVzIjpbImFjY2Vzcy1hZG1pbiJdfQAAAA90ZWxlcG9ydC10cmFpdHMAAAATAAAAD3sibG9naW5zIjpudWxsfQAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD3VbuNmR0h3tjYIkTVG+HfNByigp6tuNl8XVylIWx7a7ojRA1nJVzAtNs9QQMut8XY+7jxf4Ue83eIaE0e0QKA0GZlRdbSG0zaYzK8CDAcPVN6Ywt8jnGKuuMhBAckGkN/9nyuJHgTAKeHYgdgQgijPuW/D59s3Sk3vCRHryZzJfZDQ52i40B1q2zLvCcQa6UBvPblHAF3usRa08DnsNkgLey1EkkyvBazqt1amH2Epl3uJRHHUtRVSp2a+0597leT58RZNFfFfB9pccPJfD7cn+iiDmN62T/8YslLYl/O6xCJ43Or7wIRHwJ1tY5hq/Bw7LYn29zeBrIkxIvsH8WtAAABFAAAAAxyc2Etc2hhMi01MTIAAAEAhIz0X+wgA0B8Bi67ALpTEA3kHVWaQY3aT+Ig8obof9upq51H0YlySPJph8h6pVzfSJzQYtuGbmzQ/XAGRMn541mnSUGoy0WCHzscyCowaj9VgjFyVpct7Nz98dB3PnRocNTajGGla+AteZEU3d6KXv/CaA4NGwO3k0rYB+UfX0AAaatAwwxnzYehpCvwSqPdrq/OIyb0aljZHADoNRrcnmYDbB1V76WWY6eTCxYGXx1QyU4A8kH9U8pIZ1fVif/i8dSTbBTftTtv5bmO4WUbVscRw/xIqgZ8v6StNLGHPTt/+Zn+iUoiIrwcnpy+yQp2SRTv7+Lg2SSvJO818x3NNg==") sshCACert = []byte("@cert-authority *.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMIgxZpT5362npj0x6NQA76IB73bcK85K8cEyKURuHtFC83RjBzvzqtUz6X02+6ohVZiR2MdmsXkCLznzwEIZ0NtoxgnLTZLmduPLeAuYW2vIFpd0G17y6Yog9vxhQ0BLdlhU5Y3JYjRYjmQMfe1iD/RXWD6rEvgWlz+c3HMQR33JqkVIEFH34upfkC2RQG3TXjMe5t14l3yCTtyF5YGzN7+6z/4+/EDto/F3zVtSEp+k8XE/m0ddTGo7usa8ErAom31RwrgkNRmgJmPleDwEflybEsgGKApJXkfFxmG2wu20JoEt/CFjY3fIIa/5aqIGJPpMH4aEdLcj/iyNCog8D type=host") + + ppkFile = []byte(`PuTTY-User-Key-File-3: ssh-rsa +Encryption: none +Comment: test.com +Public-Lines: 6 +AAAAB3NzaC1yc2EAAAADAQABAAABAQDORRWgniufZcCLYcl4EgjGWx0w8bMuugm5 +v14cBWykC54MktKCpB24dOiDTVH0wABGhZTBtAs3QMhskUrvRSvARNdu5ERwbOoW +9aU4Mtn+kxZBaP4eFk1luBkEojvAJewNrbkY3N5gJ5O9avpL6UGEu7Z5IZhQmBPI +ysTLZWBt/ceJEOm7ZZez/cyOl2b+UUa5c6gA7sGaRHC2FYtE4yE6j28d6w2U+Jfh +JrJYWqBvsROVbvhmFy5b8AfRP2pnzdWfSqbODm+iccbHvZI3jIq/ZsIjZAVlcoR/ +yxEwwPV2urE0Nnu+TGDO8lyS2DpgSleINe+kH9U9cnu2vxoJ+Ld +Private-Lines: 14 +AAABAE1Vk207wAksAgt/5yQwRr/vizs9czuSnnDYsbT5x6idfm0iYvB+DXKJyl7o +D1Ee5zuJe6NAGHBnxn0F4D1jBqs4ZDj8NjicbQucn4w5bIfIp7BwZ83p+KypYB/f +n11EGoNqXZpXvLv6Oqbqw9rQIjNcmWZC1TNqQQioFS5Y3NV/gw5uYCRXZlSLMsRC +vcX2+LN2EP76ZbkpIVpTCidC2TxwFPPbyMsG774Olfz4U2IDgX1mO+milF7RIa/v +PADSeHAX6tJHmZ13GsyP0GAdPbFa0Ls/uykeGi1uGPFkdkNEqbWlDf1Z9IG0dr/c +k2eh8G2X8E+VFgzsKp4kWtH9nGEAAACBAOQgKFCPDVQPRqgCX7O4ZBh0MKV9V9fi +aRYReHWSrFeNDUXqmitL3f5lk2I5TDjzuqKJaz6Ag1JUGFOqaCA7RJ3yeipGLizI +MWSp0tjpQ7YSqGSXvWlEwj9UYU1R8sgAUV2xoLTTChWJGd/AvfiTPl+U9HimUx3i +vsI4mXeefrJtAAAAgQDneUWh0uIpCNBHsihSYan4/qqesPA51TVF9P2Ox7fnE5v2 +1i9mzdeRRdT4wQYAxbU++ajW/3E6Nlt0VgH0j+0hhNLKNhA1oWOAkw8wtLHaqMzO +EVcBjl/y3bT8IG3ZXWrjppry1HaWX/9C9jiaq8lRpoHSmS5qwVsoxclwYp292QAA +AIBV1ZA8WqvC+xZrPwmtmN87BHwGjqpE52kbUfcD94k8IqqhPR9oN9uOlcoBzZiS +3SkunUpmzKlcXe63RQYOEqEVlTNOafcYNc5gW8NXKrgF7vBE91VsfmOGJvLt3pIv +k53lH1qmEOm9+vrhNwNzpHk4AqDkP+0YDG++B4n0BtJJpw== +Private-MAC: 8951bbe929e0714a61df01bc8fbc5223e3688f174aee29339931984fb9224c7d`) ) diff --git a/api/client/events.go b/api/client/events.go index 5a64486ef6d9a..caf0e316ee4ec 100644 --- a/api/client/events.go +++ b/api/client/events.go @@ -154,6 +154,10 @@ func EventToGRPC(in types.Event) (*proto.Event, error) { out.Resource = &proto.Event_WindowsDesktop{ WindowsDesktop: r, } + case *types.InstallerV1: + out.Resource = &proto.Event_Installer{ + Installer: r, + } default: return nil, trace.BadParameter("resource type %T is not supported", in.Resource) } @@ -273,6 +277,9 @@ func EventFromGRPC(in proto.Event) (*types.Event, error) { } else if r := in.GetWindowsDesktop(); r != nil { out.Resource = r return &out, nil + } else if r := in.GetInstaller(); r != nil { + out.Resource = r + return &out, nil } else { return nil, trace.BadParameter("received unsupported resource %T", in.Resource) } diff --git a/api/client/inventory.go b/api/client/inventory.go new file mode 100644 index 0000000000000..16a2130e8f809 --- /dev/null +++ b/api/client/inventory.go @@ -0,0 +1,552 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package client + +import ( + "context" + "io" + "sync" + + "github.com/gravitational/teleport/api/client/proto" + "github.com/gravitational/trace" + "github.com/gravitational/trace/trail" +) + +// DownstreamInventoryControlStream is the client/agent side of a bidirectional stream established +// between teleport instances and auth servers. +type DownstreamInventoryControlStream interface { + // Send attempts to send an upstream message. An error returned from this + // method either indicates that the stream itself has failed, or that the + // supplied context was canceled. + Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error + // Recv accesses the incoming/downstream message channel. + Recv() <-chan proto.DownstreamInventoryMessage + // Close closes the underlying stream without error. + Close() error + // CloseWithError closes the underlying stream with an error that can later + // be retrieved with Error(). Subsequent calls to CloseWithError have no effect. + CloseWithError(err error) error + // Done signals that the stream has been closed. + Done() <-chan struct{} + // Error checks for any error associated with stream closure (returns `nil` if + // the stream is open, or io.EOF if the stream was closed without error). + Error() error +} + +// UpstreamInventoryControlStream is the server/controller side of a bidirectional stream established +// between teleport instances and auth servers. +type UpstreamInventoryControlStream interface { + // Send attempts to send a downstream message. An error returned from this + // method either indicates that the stream itself has failed, or that the + // supplied context was canceled. + Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error + // Recv access the incoming/upstream message channel. + Recv() <-chan proto.UpstreamInventoryMessage + // PeerAddr gets the underlying TCP peer address (may be empty in some cases). + PeerAddr() string + // Close closes the underlying stream without error. + Close() error + // CloseWithError closes the underlying stream with an error that can later + // be retrieved with Error(). Subsequent calls to CloseWithError have no effect. + CloseWithError(err error) error + // Done signals that the stream has been closed. + Done() <-chan struct{} + // Error checks for any error associated with stream closure (returns `nil` if + // the stream is open, or io.EOF if the stream closed without error). + Error() error +} + +type ICSPipeOption func(*pipeOptions) + +type pipeOptions struct { + peerAddrFn func() string +} + +func ICSPipePeerAddr(peerAddr string) ICSPipeOption { + return ICSPipePeerAddrFn(func() string { + return peerAddr + }) +} + +func ICSPipePeerAddrFn(fn func() string) ICSPipeOption { + return func(opts *pipeOptions) { + opts.peerAddrFn = fn + } +} + +// InventoryControlStreamPipe creates the two halves of an inventory control stream over an in-memory +// pipe. +func InventoryControlStreamPipe(opts ...ICSPipeOption) (UpstreamInventoryControlStream, DownstreamInventoryControlStream) { + var options pipeOptions + for _, opt := range opts { + opt(&options) + } + pipe := &pipeControlStream{ + downC: make(chan proto.DownstreamInventoryMessage), + upC: make(chan proto.UpstreamInventoryMessage), + doneC: make(chan struct{}), + peerAddrFn: options.peerAddrFn, + } + return upstreamPipeControlStream{pipe}, downstreamPipeControlStream{pipe} +} + +type pipeControlStream struct { + downC chan proto.DownstreamInventoryMessage + upC chan proto.UpstreamInventoryMessage + peerAddrFn func() string + mu sync.Mutex + err error + doneC chan struct{} +} + +func (p *pipeControlStream) Close() error { + return p.CloseWithError(nil) +} + +func (p *pipeControlStream) CloseWithError(err error) error { + p.mu.Lock() + defer p.mu.Unlock() + if p.err != nil { + // stream already closed + return nil + } + + if err != nil { + p.err = err + } else { + // represent "closure without error" with EOF. + p.err = io.EOF + } + close(p.doneC) + return nil +} + +func (p *pipeControlStream) Done() <-chan struct{} { + return p.doneC +} + +func (p *pipeControlStream) Error() error { + p.mu.Lock() + defer p.mu.Unlock() + return p.err +} + +type upstreamPipeControlStream struct { + *pipeControlStream +} + +func (u upstreamPipeControlStream) Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error { + select { + case u.downC <- msg: + return nil + case <-u.Done(): + return trace.Errorf("failed to send downstream inventory message (pipe closed)") + case <-ctx.Done(): + return trace.Errorf("failed to send downstream inventory message: %v", ctx.Err()) + } +} + +func (u upstreamPipeControlStream) Recv() <-chan proto.UpstreamInventoryMessage { + return u.upC +} + +func (u upstreamPipeControlStream) PeerAddr() string { + if u.peerAddrFn != nil { + return u.peerAddrFn() + } + return "" +} + +type downstreamPipeControlStream struct { + *pipeControlStream +} + +func (d downstreamPipeControlStream) Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error { + select { + case d.upC <- msg: + return nil + case <-d.Done(): + return trace.Errorf("failed to send upstream inventory message (pipe closed)") + case <-ctx.Done(): + return trace.Errorf("failed to send upstream inventory message: %v", ctx.Err()) + } +} + +func (d downstreamPipeControlStream) Recv() <-chan proto.DownstreamInventoryMessage { + return d.downC +} + +// InventoryControlStream opens a new control stream. The first message sent must be an +// UpstreamInventoryHello, and the first message received must be a DownstreamInventoryHello. +func (c *Client) InventoryControlStream(ctx context.Context) (DownstreamInventoryControlStream, error) { + cancelCtx, cancel := context.WithCancel(ctx) + stream, err := c.grpc.InventoryControlStream(cancelCtx, c.callOpts...) + if err != nil { + cancel() + return nil, trail.FromGRPC(err) + } + return newDownstreamInventoryControlStream(stream, cancel), nil +} + +func (c *Client) GetInventoryStatus(ctx context.Context, req proto.InventoryStatusRequest) (proto.InventoryStatusSummary, error) { + rsp, err := c.grpc.GetInventoryStatus(ctx, &req, c.callOpts...) + if err != nil { + return proto.InventoryStatusSummary{}, trail.FromGRPC(err) + } + + return *rsp, nil +} + +func (c *Client) PingInventory(ctx context.Context, req proto.InventoryPingRequest) (proto.InventoryPingResponse, error) { + rsp, err := c.grpc.PingInventory(ctx, &req, c.callOpts...) + if err != nil { + return proto.InventoryPingResponse{}, trail.FromGRPC(err) + } + + return *rsp, nil +} + +func newDownstreamInventoryControlStream(stream proto.AuthService_InventoryControlStreamClient, cancel context.CancelFunc) DownstreamInventoryControlStream { + ics := &downstreamICS{ + sendC: make(chan upstreamSend), + recvC: make(chan proto.DownstreamInventoryMessage), + cancel: cancel, + doneC: make(chan struct{}), + } + + go ics.runRecvLoop(stream) + go ics.runSendLoop(stream) + + return ics +} + +// upstreamSend is a helper message used to help us inject per-send context cancellation +type upstreamSend struct { + msg proto.UpstreamInventoryMessage + errC chan error +} + +// downstreamICS is a helper which manages a proto.AuthService_InventoryControlStreamClient +// stream and wraps its API to use friendlier types and support select/cancellation. +type downstreamICS struct { + sendC chan upstreamSend + recvC chan proto.DownstreamInventoryMessage + mu sync.Mutex + cancel context.CancelFunc + doneC chan struct{} + err error +} + +// runRecvLoop waits for incoming messages, converts them to the friendlier DownstreamInventoryMessage +// type, and pushes them to the recvC channel. +func (i *downstreamICS) runRecvLoop(stream proto.AuthService_InventoryControlStreamClient) { + for { + oneOf, err := stream.Recv() + if err != nil { + // preserve EOF to help distinguish "ok" closure. + if !trace.IsEOF(err) { + err = trace.Errorf("inventory control stream closed: %v", trail.FromGRPC(err)) + } + i.CloseWithError(err) + return + } + + var msg proto.DownstreamInventoryMessage + + switch { + case oneOf.GetHello() != nil: + msg = *oneOf.GetHello() + case oneOf.GetPing() != nil: + msg = *oneOf.GetPing() + default: + // TODO: log unknown message variants once we have a better story around + // logging in api/* packages. + continue + } + + select { + case i.recvC <- msg: + case <-i.Done(): + // stream closed by other goroutine + return + } + } +} + +// runSendLoop pulls messages off of the sendC channel, applies the appropriate protobuf wrapper types, +// and sends them over the stream. +func (i *downstreamICS) runSendLoop(stream proto.AuthService_InventoryControlStreamClient) { + for { + select { + case sendMsg := <-i.sendC: + var oneOf proto.UpstreamInventoryOneOf + switch msg := sendMsg.msg.(type) { + case proto.UpstreamInventoryHello: + oneOf.Msg = &proto.UpstreamInventoryOneOf_Hello{ + Hello: &msg, + } + case proto.InventoryHeartbeat: + oneOf.Msg = &proto.UpstreamInventoryOneOf_Heartbeat{ + Heartbeat: &msg, + } + case proto.UpstreamInventoryPong: + oneOf.Msg = &proto.UpstreamInventoryOneOf_Pong{ + Pong: &msg, + } + default: + sendMsg.errC <- trace.BadParameter("cannot send unexpected upstream msg type: %T", msg) + continue + } + err := trail.FromGRPC(stream.Send(&oneOf)) + sendMsg.errC <- err + if err != nil { + // preserve EOF errors + if !trace.IsEOF(err) { + err = trace.Errorf("upstream send failed: %v", err) + } + i.CloseWithError(err) + return + } + case <-i.Done(): + // stream closed by other goroutine + return + } + } +} + +func (i *downstreamICS) Send(ctx context.Context, msg proto.UpstreamInventoryMessage) error { + errC := make(chan error, 1) + select { + case i.sendC <- upstreamSend{msg: msg, errC: errC}: + select { + case err := <-errC: + return trace.Wrap(err) + case <-ctx.Done(): + return trace.Errorf("inventory control msg send result skipped: %v", ctx.Err()) + } + case <-ctx.Done(): + return trace.Errorf("inventory control msg not sent: %v", ctx.Err()) + case <-i.Done(): + err := i.Error() + if err == nil { + return trace.Errorf("inventory control stream externally closed during send") + } + return trace.Errorf("inventory control msg not sent: %v", err) + } +} + +func (i *downstreamICS) Recv() <-chan proto.DownstreamInventoryMessage { + return i.recvC +} + +func (i *downstreamICS) Done() <-chan struct{} { + return i.doneC +} + +func (i *downstreamICS) Close() error { + return i.CloseWithError(nil) +} + +func (i *downstreamICS) CloseWithError(err error) error { + i.mu.Lock() + defer i.mu.Unlock() + if i.err != nil { + // already closed + return nil + } + if err != nil { + i.err = err + } else { + i.err = io.EOF + } + i.cancel() + close(i.doneC) + return nil +} + +func (i *downstreamICS) Error() error { + i.mu.Lock() + defer i.mu.Unlock() + return i.err +} + +// NewUpstreamInventoryControlStream wraps the server-side control stream handle. For use as part of the internals +// of the auth server's GRPC API implementation. +func NewUpstreamInventoryControlStream(stream proto.AuthService_InventoryControlStreamServer, peerAddr string) UpstreamInventoryControlStream { + ics := &upstreamICS{ + sendC: make(chan downstreamSend), + recvC: make(chan proto.UpstreamInventoryMessage), + doneC: make(chan struct{}), + peerAddr: peerAddr, + } + + go ics.runRecvLoop(stream) + go ics.runSendLoop(stream) + + return ics +} + +// downstreamSend is a helper message used to help us inject per-send context cancellation +type downstreamSend struct { + msg proto.DownstreamInventoryMessage + errC chan error +} + +// upstreamICS is a helper which manages a proto.AuthService_InventoryControlStreamServer +// stream and wraps its API to use friendlier types and support select/cancellation. +type upstreamICS struct { + sendC chan downstreamSend + recvC chan proto.UpstreamInventoryMessage + peerAddr string + mu sync.Mutex + doneC chan struct{} + err error +} + +// runRecvLoop waits for incoming messages, converts them to the friendlier UpstreamInventoryMessage +// type, and pushes them to the recvC channel. +func (i *upstreamICS) runRecvLoop(stream proto.AuthService_InventoryControlStreamServer) { + for { + oneOf, err := stream.Recv() + if err != nil { + // preserve eof errors + if !trace.IsEOF(err) { + err = trace.Errorf("inventory control stream recv failed: %v", trail.FromGRPC(err)) + } + i.CloseWithError(err) + return + } + + var msg proto.UpstreamInventoryMessage + + switch { + case oneOf.GetHello() != nil: + msg = *oneOf.GetHello() + case oneOf.GetHeartbeat() != nil: + msg = *oneOf.GetHeartbeat() + case oneOf.GetPong() != nil: + msg = *oneOf.GetPong() + default: + // TODO: log unknown message variants once we have a better story around + // logging in api/* packages. + continue + } + + select { + case i.recvC <- msg: + case <-i.Done(): + // stream closed by other goroutine + return + } + } +} + +// runSendLoop pulls messages off of the sendC channel, applies the appropriate protobuf wrapper types, +// and sends them over the channel. +func (i *upstreamICS) runSendLoop(stream proto.AuthService_InventoryControlStreamServer) { + for { + select { + case sendMsg := <-i.sendC: + var oneOf proto.DownstreamInventoryOneOf + switch msg := sendMsg.msg.(type) { + case proto.DownstreamInventoryHello: + oneOf.Msg = &proto.DownstreamInventoryOneOf_Hello{ + Hello: &msg, + } + case proto.DownstreamInventoryPing: + oneOf.Msg = &proto.DownstreamInventoryOneOf_Ping{ + Ping: &msg, + } + default: + sendMsg.errC <- trace.BadParameter("cannot send unexpected upstream msg type: %T", msg) + continue + } + err := trail.FromGRPC(stream.Send(&oneOf)) + sendMsg.errC <- err + if err != nil { + // preserve eof errors + if !trace.IsEOF(err) { + err = trace.Errorf("downstream send failed: %v", err) + } + i.CloseWithError(err) + return + } + case <-i.Done(): + // stream closed by other goroutine + return + } + } +} + +func (i *upstreamICS) Send(ctx context.Context, msg proto.DownstreamInventoryMessage) error { + errC := make(chan error, 1) + select { + case i.sendC <- downstreamSend{msg: msg, errC: errC}: + select { + case err := <-errC: + return trace.Wrap(err) + case <-ctx.Done(): + return trace.Errorf("inventory control msg send result skipped: %v", ctx.Err()) + } + case <-ctx.Done(): + return trace.Errorf("inventory control msg not sent: %v", ctx.Err()) + case <-i.Done(): + err := i.Error() + if err == nil { + return trace.Errorf("inventory control stream externally closed during send") + } + return trace.Errorf("inventory control msg not sent: %v", err) + } +} + +func (i *upstreamICS) Recv() <-chan proto.UpstreamInventoryMessage { + return i.recvC +} + +func (i *upstreamICS) PeerAddr() string { + return i.peerAddr +} + +func (i *upstreamICS) Done() <-chan struct{} { + return i.doneC +} + +func (i *upstreamICS) Close() error { + return i.CloseWithError(nil) +} + +func (i *upstreamICS) CloseWithError(err error) error { + i.mu.Lock() + defer i.mu.Unlock() + if i.err != nil { + // already closed + return nil + } + if err != nil { + i.err = err + } else { + i.err = io.EOF + } + close(i.doneC) + return nil +} + +func (i *upstreamICS) Error() error { + i.mu.Lock() + defer i.mu.Unlock() + return i.err +} diff --git a/api/client/inventory_test.go b/api/client/inventory_test.go new file mode 100644 index 0000000000000..fa99979cc65eb --- /dev/null +++ b/api/client/inventory_test.go @@ -0,0 +1,103 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package client + +import ( + "context" + "testing" + "time" + + "github.com/gravitational/teleport/api/client/proto" + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" +) + +// TestInventoryControlStreamPipe is a sanity-check to make sure that the in-memory +// pipe version of the ICS works as expected. This test is trivial but it helps to +// keep accidental breakage of the pipe abstraction from showing up in an obscure +// way inside the tests that rely upon it. +func TestInventoryControlStreamPipe(t *testing.T) { + ctx, cancel := context.WithCancel(context.TODO()) + defer cancel() + + upstream, downstream := InventoryControlStreamPipe() + defer upstream.Close() + + upMsgs := []proto.UpstreamInventoryMessage{ + proto.UpstreamInventoryHello{}, + proto.UpstreamInventoryPong{}, + proto.InventoryHeartbeat{}, + } + + downMsgs := []proto.DownstreamInventoryMessage{ + proto.DownstreamInventoryHello{}, + proto.DownstreamInventoryPing{}, + proto.DownstreamInventoryPing{}, // duplicate to pad downMsgs to same length as upMsgs + } + + go func() { + for _, m := range upMsgs { + downstream.Send(ctx, m) + } + }() + + go func() { + for _, m := range downMsgs { + upstream.Send(ctx, m) + } + }() + + timeout := time.NewTimer(time.Second * 5) + defer timeout.Stop() + for i := range upMsgs { + if !timeout.Stop() { + <-timeout.C + } + timeout.Reset(time.Second * 5) + + // upstream handle recv + select { + case msg := <-upstream.Recv(): + require.IsType(t, upMsgs[i], msg) + case <-timeout.C: + t.Fatalf("timeout waiting for message: %T", upMsgs[i]) + } + + // downstream handle recv + select { + case msg := <-downstream.Recv(): + require.IsType(t, downMsgs[i], msg) + case <-timeout.C: + t.Fatalf("timeout waiting for message: %T", downMsgs[i]) + } + } + + upstream.Close() + + if !timeout.Stop() { + <-timeout.C + } + timeout.Reset(time.Second * 5) + + select { + case <-downstream.Done(): + case <-timeout.C: + t.Fatal("timeout waiting for close") + } + + require.True(t, trace.IsEOF(downstream.Error())) +} diff --git a/api/client/keepaliver.go b/api/client/keepaliver.go index 0b797bf1cdf6d..7b70513fc6c05 100644 --- a/api/client/keepaliver.go +++ b/api/client/keepaliver.go @@ -23,8 +23,8 @@ import ( "github.com/gravitational/teleport/api/client/proto" "github.com/gravitational/teleport/api/types" - "github.com/golang/protobuf/ptypes/empty" "github.com/gravitational/trace/trail" + "google.golang.org/protobuf/types/known/emptypb" ) // NewKeepAliver returns a new instance of keep aliver. @@ -92,7 +92,7 @@ func (k *streamKeepAliver) Done() <-chan struct{} { // recv is necessary to receive errors from the // server, otherwise no errors will be propagated func (k *streamKeepAliver) recv() { - err := k.stream.RecvMsg(&empty.Empty{}) + err := k.stream.RecvMsg(&emptypb.Empty{}) k.closeWithError(trail.FromGRPC(err)) } diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go index 6f556e8cffb64..6194cd9117d52 100644 --- a/api/client/proto/authservice.pb.go +++ b/api/client/proto/authservice.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: authservice.proto +// source: teleport/legacy/client/proto/authservice.proto package proto @@ -9,8 +9,6 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - empty "github.com/golang/protobuf/ptypes/empty" - _ "github.com/golang/protobuf/ptypes/timestamp" github_com_gravitational_teleport_api_types "github.com/gravitational/teleport/api/types" types "github.com/gravitational/teleport/api/types" events "github.com/gravitational/teleport/api/types/events" @@ -20,6 +18,8 @@ import ( grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" + _ "google.golang.org/protobuf/types/known/timestamppb" io "io" math "math" math_bits "math/bits" @@ -68,7 +68,7 @@ func (x Operation) String() string { } func (Operation) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{0} + return fileDescriptor_0ffcffcda38ae159, []int{0} } // DeviceType describes supported MFA device types. @@ -102,7 +102,7 @@ func (x DeviceType) String() string { } func (DeviceType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{1} + return fileDescriptor_0ffcffcda38ae159, []int{1} } type DeviceUsage int32 @@ -135,7 +135,7 @@ func (x DeviceUsage) String() string { } func (DeviceUsage) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{2} + return fileDescriptor_0ffcffcda38ae159, []int{2} } // Order specifies any ordering of some objects as returned in regards to some aspect @@ -162,7 +162,7 @@ func (x Order) String() string { } func (Order) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{3} + return fileDescriptor_0ffcffcda38ae159, []int{3} } type UserCertsRequest_CertUsage int32 @@ -212,7 +212,7 @@ func (x UserCertsRequest_CertUsage) String() string { } func (UserCertsRequest_CertUsage) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{4, 0} + return fileDescriptor_0ffcffcda38ae159, []int{4, 0} } // Requester is a name of service that sent the request. @@ -240,7 +240,7 @@ func (x DatabaseCertRequest_Requester) String() string { } func (DatabaseCertRequest_Requester) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{74, 0} + return fileDescriptor_0ffcffcda38ae159, []int{74, 0} } // Event returns cluster event @@ -279,6 +279,7 @@ type Event struct { // *Event_AppServer // *Event_App // *Event_SnowflakeSession + // *Event_Installer Resource isEvent_Resource `protobuf_oneof:"Resource"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -289,7 +290,7 @@ func (m *Event) Reset() { *m = Event{} } func (m *Event) String() string { return proto.CompactTextString(m) } func (*Event) ProtoMessage() {} func (*Event) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{0} + return fileDescriptor_0ffcffcda38ae159, []int{0} } func (m *Event) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -411,6 +412,9 @@ type Event_App struct { type Event_SnowflakeSession struct { SnowflakeSession *types.WebSessionV2 `protobuf:"bytes,31,opt,name=SnowflakeSession,proto3,oneof" json:"snowflake_session,omitempty"` } +type Event_Installer struct { + Installer *types.InstallerV1 `protobuf:"bytes,34,opt,name=Installer,proto3,oneof" json:"installer,omitempty"` +} func (*Event_ResourceHeader) isEvent_Resource() {} func (*Event_CertAuthority) isEvent_Resource() {} @@ -441,6 +445,7 @@ func (*Event_Database) isEvent_Resource() {} func (*Event_AppServer) isEvent_Resource() {} func (*Event_App) isEvent_Resource() {} func (*Event_SnowflakeSession) isEvent_Resource() {} +func (*Event_Installer) isEvent_Resource() {} func (m *Event) GetResource() isEvent_Resource { if m != nil { @@ -659,6 +664,13 @@ func (m *Event) GetSnowflakeSession() *types.WebSessionV2 { return nil } +func (m *Event) GetInstaller() *types.InstallerV1 { + if x, ok := m.GetResource().(*Event_Installer); ok { + return x.Installer + } + return nil +} + // XXX_OneofWrappers is for the internal use of the proto package. func (*Event) XXX_OneofWrappers() []interface{} { return []interface{}{ @@ -691,6 +703,7 @@ func (*Event) XXX_OneofWrappers() []interface{} { (*Event_AppServer)(nil), (*Event_App)(nil), (*Event_SnowflakeSession)(nil), + (*Event_Installer)(nil), } } @@ -707,7 +720,7 @@ func (m *Watch) Reset() { *m = Watch{} } func (m *Watch) String() string { return proto.CompactTextString(m) } func (*Watch) ProtoMessage() {} func (*Watch) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{1} + return fileDescriptor_0ffcffcda38ae159, []int{1} } func (m *Watch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -767,7 +780,7 @@ func (m *WatchKind) Reset() { *m = WatchKind{} } func (m *WatchKind) String() string { return proto.CompactTextString(m) } func (*WatchKind) ProtoMessage() {} func (*WatchKind) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{2} + return fileDescriptor_0ffcffcda38ae159, []int{2} } func (m *WatchKind) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -859,17 +872,27 @@ type HostCertsRequest struct { // clients request certs assuming one state and auth servers issue another. Rotation *types.Rotation `protobuf:"bytes,9,opt,name=Rotation,proto3" json:"rotation,omitempty"` // NoCache is argument that only local callers can supply to bypass cache - NoCache bool `protobuf:"varint,10,opt,name=NoCache,proto3" json:"-"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + NoCache bool `protobuf:"varint,10,opt,name=NoCache,proto3" json:"-"` + // SystemRoles is a list of system roles held by the host. Most host certs are + // single-role and only specify the Role field. The SystemRoles field is only + // currently used on Instance certs, which need to express all roles held by + // the instance. + SystemRoles []github_com_gravitational_teleport_api_types.SystemRole `protobuf:"bytes,11,rep,name=SystemRoles,proto3,casttype=github.com/gravitational/teleport/api/types.SystemRole" json:"system_roles,omitempty"` + // UnstableSystemRoleAssertionID is not a stable part of the public API. Used by + // older instances to requisition a multi-role cert by individually proving which + // system roles are held. + // DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) + UnstableSystemRoleAssertionID string `protobuf:"bytes,12,opt,name=UnstableSystemRoleAssertionID,proto3" json:"system_role_assertion_id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *HostCertsRequest) Reset() { *m = HostCertsRequest{} } func (m *HostCertsRequest) String() string { return proto.CompactTextString(m) } func (*HostCertsRequest) ProtoMessage() {} func (*HostCertsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{3} + return fileDescriptor_0ffcffcda38ae159, []int{3} } func (m *HostCertsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,6 +991,20 @@ func (m *HostCertsRequest) GetNoCache() bool { return false } +func (m *HostCertsRequest) GetSystemRoles() []github_com_gravitational_teleport_api_types.SystemRole { + if m != nil { + return m.SystemRoles + } + return nil +} + +func (m *HostCertsRequest) GetUnstableSystemRoleAssertionID() string { + if m != nil { + return m.UnstableSystemRoleAssertionID + } + return "" +} + // UserCertRequest specifies certificate-generation parameters // for a user. type UserCertsRequest struct { @@ -1011,16 +1048,25 @@ type UserCertsRequest struct { // RouteToWindowsDesktop specifies the target windows desktop name to encode into // certificate so windows desktop client requests are routed appropriately. RouteToWindowsDesktop RouteToWindowsDesktop `protobuf:"bytes,13,opt,name=RouteToWindowsDesktop,proto3" json:"route_to_windows_desktop,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // UseRoleRequests is used to ensure a certificate request is intended to + // use role impersonation, even if the list of role requests is empty. + UseRoleRequests bool `protobuf:"varint,14,opt,name=UseRoleRequests,proto3" json:"use_role_requests,omitempty"` + // DropAccessRequests is an optional list of request IDs indicating requests + // whose escalated privileges should be removed from the certificate. + DropAccessRequests []string `protobuf:"bytes,15,rep,name=DropAccessRequests,proto3" json:"drop_access_requests,omitempty"` + // ConnectionDiagnosticID is the ID of the ConnectionDiagnostic resource we should use to add + // traces as we pass certain checkpoints. + ConnectionDiagnosticID string `protobuf:"bytes,16,opt,name=ConnectionDiagnosticID,proto3" json:"connection_diagnostic_id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *UserCertsRequest) Reset() { *m = UserCertsRequest{} } func (m *UserCertsRequest) String() string { return proto.CompactTextString(m) } func (*UserCertsRequest) ProtoMessage() {} func (*UserCertsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{4} + return fileDescriptor_0ffcffcda38ae159, []int{4} } func (m *UserCertsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1140,6 +1186,27 @@ func (m *UserCertsRequest) GetRouteToWindowsDesktop() RouteToWindowsDesktop { return RouteToWindowsDesktop{} } +func (m *UserCertsRequest) GetUseRoleRequests() bool { + if m != nil { + return m.UseRoleRequests + } + return false +} + +func (m *UserCertsRequest) GetDropAccessRequests() []string { + if m != nil { + return m.DropAccessRequests + } + return nil +} + +func (m *UserCertsRequest) GetConnectionDiagnosticID() string { + if m != nil { + return m.ConnectionDiagnosticID + } + return "" +} + // RouteToDatabase combines parameters for database service routing information. type RouteToDatabase struct { // ServiceName is the Teleport database proxy service name the cert is for. @@ -1159,7 +1226,7 @@ func (m *RouteToDatabase) Reset() { *m = RouteToDatabase{} } func (m *RouteToDatabase) String() string { return proto.CompactTextString(m) } func (*RouteToDatabase) ProtoMessage() {} func (*RouteToDatabase) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{5} + return fileDescriptor_0ffcffcda38ae159, []int{5} } func (m *RouteToDatabase) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1231,7 +1298,7 @@ func (m *RouteToWindowsDesktop) Reset() { *m = RouteToWindowsDesktop{} } func (m *RouteToWindowsDesktop) String() string { return proto.CompactTextString(m) } func (*RouteToWindowsDesktop) ProtoMessage() {} func (*RouteToWindowsDesktop) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{6} + return fileDescriptor_0ffcffcda38ae159, []int{6} } func (m *RouteToWindowsDesktop) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1295,7 +1362,7 @@ func (m *RouteToApp) Reset() { *m = RouteToApp{} } func (m *RouteToApp) String() string { return proto.CompactTextString(m) } func (*RouteToApp) ProtoMessage() {} func (*RouteToApp) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{7} + return fileDescriptor_0ffcffcda38ae159, []int{7} } func (m *RouteToApp) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1374,7 +1441,7 @@ func (m *GetUserRequest) Reset() { *m = GetUserRequest{} } func (m *GetUserRequest) String() string { return proto.CompactTextString(m) } func (*GetUserRequest) ProtoMessage() {} func (*GetUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{8} + return fileDescriptor_0ffcffcda38ae159, []int{8} } func (m *GetUserRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1430,7 +1497,7 @@ func (m *GetUsersRequest) Reset() { *m = GetUsersRequest{} } func (m *GetUsersRequest) String() string { return proto.CompactTextString(m) } func (*GetUsersRequest) ProtoMessage() {} func (*GetUsersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{9} + return fileDescriptor_0ffcffcda38ae159, []int{9} } func (m *GetUsersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1478,7 +1545,7 @@ func (m *AccessRequests) Reset() { *m = AccessRequests{} } func (m *AccessRequests) String() string { return proto.CompactTextString(m) } func (*AccessRequests) ProtoMessage() {} func (*AccessRequests) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{10} + return fileDescriptor_0ffcffcda38ae159, []int{10} } func (m *AccessRequests) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1526,7 +1593,7 @@ func (m *PluginDataSeq) Reset() { *m = PluginDataSeq{} } func (m *PluginDataSeq) String() string { return proto.CompactTextString(m) } func (*PluginDataSeq) ProtoMessage() {} func (*PluginDataSeq) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{11} + return fileDescriptor_0ffcffcda38ae159, []int{11} } func (m *PluginDataSeq) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1592,7 +1659,7 @@ func (m *RequestStateSetter) Reset() { *m = RequestStateSetter{} } func (m *RequestStateSetter) String() string { return proto.CompactTextString(m) } func (*RequestStateSetter) ProtoMessage() {} func (*RequestStateSetter) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{12} + return fileDescriptor_0ffcffcda38ae159, []int{12} } func (m *RequestStateSetter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1735,7 @@ func (m *RequestID) Reset() { *m = RequestID{} } func (m *RequestID) String() string { return proto.CompactTextString(m) } func (*RequestID) ProtoMessage() {} func (*RequestID) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{13} + return fileDescriptor_0ffcffcda38ae159, []int{13} } func (m *RequestID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1716,7 +1783,7 @@ func (m *RotateUserTokenSecretsRequest) Reset() { *m = RotateUserTokenSe func (m *RotateUserTokenSecretsRequest) String() string { return proto.CompactTextString(m) } func (*RotateUserTokenSecretsRequest) ProtoMessage() {} func (*RotateUserTokenSecretsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{14} + return fileDescriptor_0ffcffcda38ae159, []int{14} } func (m *RotateUserTokenSecretsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1764,7 +1831,7 @@ func (m *GetResetPasswordTokenRequest) Reset() { *m = GetResetPasswordTo func (m *GetResetPasswordTokenRequest) String() string { return proto.CompactTextString(m) } func (*GetResetPasswordTokenRequest) ProtoMessage() {} func (*GetResetPasswordTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{15} + return fileDescriptor_0ffcffcda38ae159, []int{15} } func (m *GetResetPasswordTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1817,7 +1884,7 @@ func (m *CreateResetPasswordTokenRequest) Reset() { *m = CreateResetPass func (m *CreateResetPasswordTokenRequest) String() string { return proto.CompactTextString(m) } func (*CreateResetPasswordTokenRequest) ProtoMessage() {} func (*CreateResetPasswordTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{16} + return fileDescriptor_0ffcffcda38ae159, []int{16} } func (m *CreateResetPasswordTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1883,7 +1950,7 @@ func (m *RenewableCertsRequest) Reset() { *m = RenewableCertsRequest{} } func (m *RenewableCertsRequest) String() string { return proto.CompactTextString(m) } func (*RenewableCertsRequest) ProtoMessage() {} func (*RenewableCertsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{17} + return fileDescriptor_0ffcffcda38ae159, []int{17} } func (m *RenewableCertsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1938,17 +2005,20 @@ type CreateBotRequest struct { TokenID string `protobuf:"bytes,3,opt,name=TokenID,proto3" json:"token_id"` // Roles is a list of roles the created bot should be allowed to assume // via role impersonation. - Roles []string `protobuf:"bytes,4,rep,name=Roles,proto3" json:"roles"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Roles []string `protobuf:"bytes,4,rep,name=Roles,proto3" json:"roles"` + // Traits are used to populate role variables. These will propagate to + // role impersonated certificates generated by the bot. + Traits github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,5,opt,name=Traits,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"traits,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *CreateBotRequest) Reset() { *m = CreateBotRequest{} } func (m *CreateBotRequest) String() string { return proto.CompactTextString(m) } func (*CreateBotRequest) ProtoMessage() {} func (*CreateBotRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{18} + return fileDescriptor_0ffcffcda38ae159, []int{18} } func (m *CreateBotRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2027,7 +2097,7 @@ func (m *CreateBotResponse) Reset() { *m = CreateBotResponse{} } func (m *CreateBotResponse) String() string { return proto.CompactTextString(m) } func (*CreateBotResponse) ProtoMessage() {} func (*CreateBotResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{19} + return fileDescriptor_0ffcffcda38ae159, []int{19} } func (m *CreateBotResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2104,7 +2174,7 @@ func (m *DeleteBotRequest) Reset() { *m = DeleteBotRequest{} } func (m *DeleteBotRequest) String() string { return proto.CompactTextString(m) } func (*DeleteBotRequest) ProtoMessage() {} func (*DeleteBotRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{20} + return fileDescriptor_0ffcffcda38ae159, []int{20} } func (m *DeleteBotRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2151,7 +2221,7 @@ func (m *GetBotUsersRequest) Reset() { *m = GetBotUsersRequest{} } func (m *GetBotUsersRequest) String() string { return proto.CompactTextString(m) } func (*GetBotUsersRequest) ProtoMessage() {} func (*GetBotUsersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{21} + return fileDescriptor_0ffcffcda38ae159, []int{21} } func (m *GetBotUsersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2191,7 +2261,7 @@ func (m *PingRequest) Reset() { *m = PingRequest{} } func (m *PingRequest) String() string { return proto.CompactTextString(m) } func (*PingRequest) ProtoMessage() {} func (*PingRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{22} + return fileDescriptor_0ffcffcda38ae159, []int{22} } func (m *PingRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2231,7 +2301,10 @@ type PingResponse struct { // ProxyPublicAddr is the server's public proxy address. ProxyPublicAddr string `protobuf:"bytes,4,opt,name=ProxyPublicAddr,proto3" json:"proxy_public_addr"` // IsBoring signals whether or not the server was compiled with BoringCrypto. - IsBoring bool `protobuf:"varint,5,opt,name=IsBoring,proto3" json:"is_boring"` + IsBoring bool `protobuf:"varint,5,opt,name=IsBoring,proto3" json:"is_boring"` + // RemoteAddr is the client peer addr as seen from the auth server (used to assist + // instances in guessing their external IP when none is configured). + RemoteAddr string `protobuf:"bytes,7,opt,name=RemoteAddr,proto3" json:"remote_addr"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2241,7 +2314,7 @@ func (m *PingResponse) Reset() { *m = PingResponse{} } func (m *PingResponse) String() string { return proto.CompactTextString(m) } func (*PingResponse) ProtoMessage() {} func (*PingResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{23} + return fileDescriptor_0ffcffcda38ae159, []int{23} } func (m *PingResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2305,6 +2378,13 @@ func (m *PingResponse) GetIsBoring() bool { return false } +func (m *PingResponse) GetRemoteAddr() string { + if m != nil { + return m.RemoteAddr + } + return "" +} + // Features are auth server features. type Features struct { // Kubernetes enables Kubernetes Access product @@ -2328,17 +2408,21 @@ type Features struct { // Desktop enables desktop access product Desktop bool `protobuf:"varint,10,opt,name=Desktop,proto3" json:"desktop"` // ModeratedSessions enables moderated sessions product - ModeratedSessions bool `protobuf:"varint,11,opt,name=ModeratedSessions,proto3" json:"moderated_sessions"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ModeratedSessions bool `protobuf:"varint,11,opt,name=ModeratedSessions,proto3" json:"moderated_sessions"` + // MachineID enables MachineID product + MachineID bool `protobuf:"varint,12,opt,name=MachineID,proto3" json:"machine_id"` + // ResourceAccessRequests enables resource access requests product + ResourceAccessRequests bool `protobuf:"varint,13,opt,name=ResourceAccessRequests,proto3" json:"resource_access_requests"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Features) Reset() { *m = Features{} } func (m *Features) String() string { return proto.CompactTextString(m) } func (*Features) ProtoMessage() {} func (*Features) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{24} + return fileDescriptor_0ffcffcda38ae159, []int{24} } func (m *Features) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2444,6 +2528,20 @@ func (m *Features) GetModeratedSessions() bool { return false } +func (m *Features) GetMachineID() bool { + if m != nil { + return m.MachineID + } + return false +} + +func (m *Features) GetResourceAccessRequests() bool { + if m != nil { + return m.ResourceAccessRequests + } + return false +} + // DeleteUserRequest is the input value for the DeleteUser method. type DeleteUserRequest struct { // Name is the user name to delete. @@ -2457,7 +2555,7 @@ func (m *DeleteUserRequest) Reset() { *m = DeleteUserRequest{} } func (m *DeleteUserRequest) String() string { return proto.CompactTextString(m) } func (*DeleteUserRequest) ProtoMessage() {} func (*DeleteUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{25} + return fileDescriptor_0ffcffcda38ae159, []int{25} } func (m *DeleteUserRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2505,7 +2603,7 @@ func (m *Semaphores) Reset() { *m = Semaphores{} } func (m *Semaphores) String() string { return proto.CompactTextString(m) } func (*Semaphores) ProtoMessage() {} func (*Semaphores) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{26} + return fileDescriptor_0ffcffcda38ae159, []int{26} } func (m *Semaphores) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2562,7 +2660,7 @@ func (m *AuditStreamRequest) Reset() { *m = AuditStreamRequest{} } func (m *AuditStreamRequest) String() string { return proto.CompactTextString(m) } func (*AuditStreamRequest) ProtoMessage() {} func (*AuditStreamRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{27} + return fileDescriptor_0ffcffcda38ae159, []int{27} } func (m *AuditStreamRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2687,7 +2785,7 @@ func (m *AuditStreamStatus) Reset() { *m = AuditStreamStatus{} } func (m *AuditStreamStatus) String() string { return proto.CompactTextString(m) } func (*AuditStreamStatus) ProtoMessage() {} func (*AuditStreamStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{28} + return fileDescriptor_0ffcffcda38ae159, []int{28} } func (m *AuditStreamStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2735,7 +2833,7 @@ func (m *CreateStream) Reset() { *m = CreateStream{} } func (m *CreateStream) String() string { return proto.CompactTextString(m) } func (*CreateStream) ProtoMessage() {} func (*CreateStream) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{29} + return fileDescriptor_0ffcffcda38ae159, []int{29} } func (m *CreateStream) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2786,7 +2884,7 @@ func (m *ResumeStream) Reset() { *m = ResumeStream{} } func (m *ResumeStream) String() string { return proto.CompactTextString(m) } func (*ResumeStream) ProtoMessage() {} func (*ResumeStream) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{30} + return fileDescriptor_0ffcffcda38ae159, []int{30} } func (m *ResumeStream) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2841,7 +2939,7 @@ func (m *CompleteStream) Reset() { *m = CompleteStream{} } func (m *CompleteStream) String() string { return proto.CompactTextString(m) } func (*CompleteStream) ProtoMessage() {} func (*CompleteStream) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{31} + return fileDescriptor_0ffcffcda38ae159, []int{31} } func (m *CompleteStream) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2881,7 +2979,7 @@ func (m *FlushAndCloseStream) Reset() { *m = FlushAndCloseStream{} } func (m *FlushAndCloseStream) String() string { return proto.CompactTextString(m) } func (*FlushAndCloseStream) ProtoMessage() {} func (*FlushAndCloseStream) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{32} + return fileDescriptor_0ffcffcda38ae159, []int{32} } func (m *FlushAndCloseStream) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2924,7 +3022,7 @@ func (m *GetApplicationServersRequest) Reset() { *m = GetApplicationServ func (m *GetApplicationServersRequest) String() string { return proto.CompactTextString(m) } func (*GetApplicationServersRequest) ProtoMessage() {} func (*GetApplicationServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{33} + return fileDescriptor_0ffcffcda38ae159, []int{33} } func (m *GetApplicationServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2974,7 +3072,7 @@ func (m *GetApplicationServersResponse) Reset() { *m = GetApplicationSer func (m *GetApplicationServersResponse) String() string { return proto.CompactTextString(m) } func (*GetApplicationServersResponse) ProtoMessage() {} func (*GetApplicationServersResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{34} + return fileDescriptor_0ffcffcda38ae159, []int{34} } func (m *GetApplicationServersResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3023,7 +3121,7 @@ func (m *UpsertApplicationServerRequest) Reset() { *m = UpsertApplicatio func (m *UpsertApplicationServerRequest) String() string { return proto.CompactTextString(m) } func (*UpsertApplicationServerRequest) ProtoMessage() {} func (*UpsertApplicationServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{35} + return fileDescriptor_0ffcffcda38ae159, []int{35} } func (m *UpsertApplicationServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3076,7 +3174,7 @@ func (m *DeleteApplicationServerRequest) Reset() { *m = DeleteApplicatio func (m *DeleteApplicationServerRequest) String() string { return proto.CompactTextString(m) } func (*DeleteApplicationServerRequest) ProtoMessage() {} func (*DeleteApplicationServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{36} + return fileDescriptor_0ffcffcda38ae159, []int{36} } func (m *DeleteApplicationServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3139,7 +3237,7 @@ func (m *DeleteAllApplicationServersRequest) Reset() { *m = DeleteAllApp func (m *DeleteAllApplicationServersRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAllApplicationServersRequest) ProtoMessage() {} func (*DeleteAllApplicationServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{37} + return fileDescriptor_0ffcffcda38ae159, []int{37} } func (m *DeleteAllApplicationServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3192,7 +3290,7 @@ func (m *GetAppServersRequest) Reset() { *m = GetAppServersRequest{} } func (m *GetAppServersRequest) String() string { return proto.CompactTextString(m) } func (*GetAppServersRequest) ProtoMessage() {} func (*GetAppServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{38} + return fileDescriptor_0ffcffcda38ae159, []int{38} } func (m *GetAppServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3251,7 +3349,7 @@ func (m *GetAppServersResponse) Reset() { *m = GetAppServersResponse{} } func (m *GetAppServersResponse) String() string { return proto.CompactTextString(m) } func (*GetAppServersResponse) ProtoMessage() {} func (*GetAppServersResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{39} + return fileDescriptor_0ffcffcda38ae159, []int{39} } func (m *GetAppServersResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3301,7 +3399,7 @@ func (m *UpsertAppServerRequest) Reset() { *m = UpsertAppServerRequest{} func (m *UpsertAppServerRequest) String() string { return proto.CompactTextString(m) } func (*UpsertAppServerRequest) ProtoMessage() {} func (*UpsertAppServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{40} + return fileDescriptor_0ffcffcda38ae159, []int{40} } func (m *UpsertAppServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3354,7 +3452,7 @@ func (m *DeleteAppServerRequest) Reset() { *m = DeleteAppServerRequest{} func (m *DeleteAppServerRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAppServerRequest) ProtoMessage() {} func (*DeleteAppServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{41} + return fileDescriptor_0ffcffcda38ae159, []int{41} } func (m *DeleteAppServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3412,7 +3510,7 @@ func (m *DeleteAllAppServersRequest) Reset() { *m = DeleteAllAppServersR func (m *DeleteAllAppServersRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAllAppServersRequest) ProtoMessage() {} func (*DeleteAllAppServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{42} + return fileDescriptor_0ffcffcda38ae159, []int{42} } func (m *DeleteAllAppServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3468,7 +3566,7 @@ func (m *GenerateAppTokenRequest) Reset() { *m = GenerateAppTokenRequest func (m *GenerateAppTokenRequest) String() string { return proto.CompactTextString(m) } func (*GenerateAppTokenRequest) ProtoMessage() {} func (*GenerateAppTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{43} + return fileDescriptor_0ffcffcda38ae159, []int{43} } func (m *GenerateAppTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3537,7 +3635,7 @@ func (m *GenerateAppTokenResponse) Reset() { *m = GenerateAppTokenRespon func (m *GenerateAppTokenResponse) String() string { return proto.CompactTextString(m) } func (*GenerateAppTokenResponse) ProtoMessage() {} func (*GenerateAppTokenResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{44} + return fileDescriptor_0ffcffcda38ae159, []int{44} } func (m *GenerateAppTokenResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3586,7 +3684,7 @@ func (m *GetAppSessionRequest) Reset() { *m = GetAppSessionRequest{} } func (m *GetAppSessionRequest) String() string { return proto.CompactTextString(m) } func (*GetAppSessionRequest) ProtoMessage() {} func (*GetAppSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{45} + return fileDescriptor_0ffcffcda38ae159, []int{45} } func (m *GetAppSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3635,7 +3733,7 @@ func (m *GetAppSessionResponse) Reset() { *m = GetAppSessionResponse{} } func (m *GetAppSessionResponse) String() string { return proto.CompactTextString(m) } func (*GetAppSessionResponse) ProtoMessage() {} func (*GetAppSessionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{46} + return fileDescriptor_0ffcffcda38ae159, []int{46} } func (m *GetAppSessionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3782,7 @@ func (m *GetAppSessionsResponse) Reset() { *m = GetAppSessionsResponse{} func (m *GetAppSessionsResponse) String() string { return proto.CompactTextString(m) } func (*GetAppSessionsResponse) ProtoMessage() {} func (*GetAppSessionsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{47} + return fileDescriptor_0ffcffcda38ae159, []int{47} } func (m *GetAppSessionsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3733,7 +3831,7 @@ func (m *GetSnowflakeSessionsResponse) Reset() { *m = GetSnowflakeSessio func (m *GetSnowflakeSessionsResponse) String() string { return proto.CompactTextString(m) } func (*GetSnowflakeSessionsResponse) ProtoMessage() {} func (*GetSnowflakeSessionsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{48} + return fileDescriptor_0ffcffcda38ae159, []int{48} } func (m *GetSnowflakeSessionsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3788,7 +3886,7 @@ func (m *CreateAppSessionRequest) Reset() { *m = CreateAppSessionRequest func (m *CreateAppSessionRequest) String() string { return proto.CompactTextString(m) } func (*CreateAppSessionRequest) ProtoMessage() {} func (*CreateAppSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{49} + return fileDescriptor_0ffcffcda38ae159, []int{49} } func (m *CreateAppSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3858,7 +3956,7 @@ func (m *CreateAppSessionResponse) Reset() { *m = CreateAppSessionRespon func (m *CreateAppSessionResponse) String() string { return proto.CompactTextString(m) } func (*CreateAppSessionResponse) ProtoMessage() {} func (*CreateAppSessionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{50} + return fileDescriptor_0ffcffcda38ae159, []int{50} } func (m *CreateAppSessionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3911,7 +4009,7 @@ func (m *CreateSnowflakeSessionRequest) Reset() { *m = CreateSnowflakeSe func (m *CreateSnowflakeSessionRequest) String() string { return proto.CompactTextString(m) } func (*CreateSnowflakeSessionRequest) ProtoMessage() {} func (*CreateSnowflakeSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{51} + return fileDescriptor_0ffcffcda38ae159, []int{51} } func (m *CreateSnowflakeSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3973,7 +4071,7 @@ func (m *CreateSnowflakeSessionResponse) Reset() { *m = CreateSnowflakeS func (m *CreateSnowflakeSessionResponse) String() string { return proto.CompactTextString(m) } func (*CreateSnowflakeSessionResponse) ProtoMessage() {} func (*CreateSnowflakeSessionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{52} + return fileDescriptor_0ffcffcda38ae159, []int{52} } func (m *CreateSnowflakeSessionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4022,7 +4120,7 @@ func (m *GetSnowflakeSessionRequest) Reset() { *m = GetSnowflakeSessionR func (m *GetSnowflakeSessionRequest) String() string { return proto.CompactTextString(m) } func (*GetSnowflakeSessionRequest) ProtoMessage() {} func (*GetSnowflakeSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{53} + return fileDescriptor_0ffcffcda38ae159, []int{53} } func (m *GetSnowflakeSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4071,7 +4169,7 @@ func (m *GetSnowflakeSessionResponse) Reset() { *m = GetSnowflakeSession func (m *GetSnowflakeSessionResponse) String() string { return proto.CompactTextString(m) } func (*GetSnowflakeSessionResponse) ProtoMessage() {} func (*GetSnowflakeSessionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{54} + return fileDescriptor_0ffcffcda38ae159, []int{54} } func (m *GetSnowflakeSessionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4119,7 +4217,7 @@ func (m *DeleteAppSessionRequest) Reset() { *m = DeleteAppSessionRequest func (m *DeleteAppSessionRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAppSessionRequest) ProtoMessage() {} func (*DeleteAppSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{55} + return fileDescriptor_0ffcffcda38ae159, []int{55} } func (m *DeleteAppSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4167,7 +4265,7 @@ func (m *DeleteSnowflakeSessionRequest) Reset() { *m = DeleteSnowflakeSe func (m *DeleteSnowflakeSessionRequest) String() string { return proto.CompactTextString(m) } func (*DeleteSnowflakeSessionRequest) ProtoMessage() {} func (*DeleteSnowflakeSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{56} + return fileDescriptor_0ffcffcda38ae159, []int{56} } func (m *DeleteSnowflakeSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4314,7 @@ func (m *DeleteUserAppSessionsRequest) Reset() { *m = DeleteUserAppSessi func (m *DeleteUserAppSessionsRequest) String() string { return proto.CompactTextString(m) } func (*DeleteUserAppSessionsRequest) ProtoMessage() {} func (*DeleteUserAppSessionsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{57} + return fileDescriptor_0ffcffcda38ae159, []int{57} } func (m *DeleteUserAppSessionsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4265,7 +4363,7 @@ func (m *GetWebSessionResponse) Reset() { *m = GetWebSessionResponse{} } func (m *GetWebSessionResponse) String() string { return proto.CompactTextString(m) } func (*GetWebSessionResponse) ProtoMessage() {} func (*GetWebSessionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{58} + return fileDescriptor_0ffcffcda38ae159, []int{58} } func (m *GetWebSessionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4314,7 +4412,7 @@ func (m *GetWebSessionsResponse) Reset() { *m = GetWebSessionsResponse{} func (m *GetWebSessionsResponse) String() string { return proto.CompactTextString(m) } func (*GetWebSessionsResponse) ProtoMessage() {} func (*GetWebSessionsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{59} + return fileDescriptor_0ffcffcda38ae159, []int{59} } func (m *GetWebSessionsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4363,7 +4461,7 @@ func (m *GetWebTokenResponse) Reset() { *m = GetWebTokenResponse{} } func (m *GetWebTokenResponse) String() string { return proto.CompactTextString(m) } func (*GetWebTokenResponse) ProtoMessage() {} func (*GetWebTokenResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{60} + return fileDescriptor_0ffcffcda38ae159, []int{60} } func (m *GetWebTokenResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4412,7 +4510,7 @@ func (m *GetWebTokensResponse) Reset() { *m = GetWebTokensResponse{} } func (m *GetWebTokensResponse) String() string { return proto.CompactTextString(m) } func (*GetWebTokensResponse) ProtoMessage() {} func (*GetWebTokensResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{61} + return fileDescriptor_0ffcffcda38ae159, []int{61} } func (m *GetWebTokensResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4460,7 +4558,7 @@ func (m *GetKubeServicesRequest) Reset() { *m = GetKubeServicesRequest{} func (m *GetKubeServicesRequest) String() string { return proto.CompactTextString(m) } func (*GetKubeServicesRequest) ProtoMessage() {} func (*GetKubeServicesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{62} + return fileDescriptor_0ffcffcda38ae159, []int{62} } func (m *GetKubeServicesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4504,7 +4602,7 @@ func (m *GetKubeServicesResponse) Reset() { *m = GetKubeServicesResponse func (m *GetKubeServicesResponse) String() string { return proto.CompactTextString(m) } func (*GetKubeServicesResponse) ProtoMessage() {} func (*GetKubeServicesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{63} + return fileDescriptor_0ffcffcda38ae159, []int{63} } func (m *GetKubeServicesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4553,7 +4651,7 @@ func (m *UpsertKubeServiceRequest) Reset() { *m = UpsertKubeServiceReque func (m *UpsertKubeServiceRequest) String() string { return proto.CompactTextString(m) } func (*UpsertKubeServiceRequest) ProtoMessage() {} func (*UpsertKubeServiceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{64} + return fileDescriptor_0ffcffcda38ae159, []int{64} } func (m *UpsertKubeServiceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4602,7 +4700,7 @@ func (m *DeleteKubeServiceRequest) Reset() { *m = DeleteKubeServiceReque func (m *DeleteKubeServiceRequest) String() string { return proto.CompactTextString(m) } func (*DeleteKubeServiceRequest) ProtoMessage() {} func (*DeleteKubeServiceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{65} + return fileDescriptor_0ffcffcda38ae159, []int{65} } func (m *DeleteKubeServiceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4649,7 +4747,7 @@ func (m *DeleteAllKubeServicesRequest) Reset() { *m = DeleteAllKubeServi func (m *DeleteAllKubeServicesRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAllKubeServicesRequest) ProtoMessage() {} func (*DeleteAllKubeServicesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{66} + return fileDescriptor_0ffcffcda38ae159, []int{66} } func (m *DeleteAllKubeServicesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4694,7 +4792,7 @@ func (m *GetDatabaseServersRequest) Reset() { *m = GetDatabaseServersReq func (m *GetDatabaseServersRequest) String() string { return proto.CompactTextString(m) } func (*GetDatabaseServersRequest) ProtoMessage() {} func (*GetDatabaseServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{67} + return fileDescriptor_0ffcffcda38ae159, []int{67} } func (m *GetDatabaseServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4752,7 +4850,7 @@ func (m *GetDatabaseServersResponse) Reset() { *m = GetDatabaseServersRe func (m *GetDatabaseServersResponse) String() string { return proto.CompactTextString(m) } func (*GetDatabaseServersResponse) ProtoMessage() {} func (*GetDatabaseServersResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{68} + return fileDescriptor_0ffcffcda38ae159, []int{68} } func (m *GetDatabaseServersResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4801,7 +4899,7 @@ func (m *UpsertDatabaseServerRequest) Reset() { *m = UpsertDatabaseServe func (m *UpsertDatabaseServerRequest) String() string { return proto.CompactTextString(m) } func (*UpsertDatabaseServerRequest) ProtoMessage() {} func (*UpsertDatabaseServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{69} + return fileDescriptor_0ffcffcda38ae159, []int{69} } func (m *UpsertDatabaseServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4854,7 +4952,7 @@ func (m *DeleteDatabaseServerRequest) Reset() { *m = DeleteDatabaseServe func (m *DeleteDatabaseServerRequest) String() string { return proto.CompactTextString(m) } func (*DeleteDatabaseServerRequest) ProtoMessage() {} func (*DeleteDatabaseServerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{70} + return fileDescriptor_0ffcffcda38ae159, []int{70} } func (m *DeleteDatabaseServerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4917,7 +5015,7 @@ func (m *DeleteAllDatabaseServersRequest) Reset() { *m = DeleteAllDataba func (m *DeleteAllDatabaseServersRequest) String() string { return proto.CompactTextString(m) } func (*DeleteAllDatabaseServersRequest) ProtoMessage() {} func (*DeleteAllDatabaseServersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{71} + return fileDescriptor_0ffcffcda38ae159, []int{71} } func (m *DeleteAllDatabaseServersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4974,7 +5072,7 @@ func (m *DatabaseCSRRequest) Reset() { *m = DatabaseCSRRequest{} } func (m *DatabaseCSRRequest) String() string { return proto.CompactTextString(m) } func (*DatabaseCSRRequest) ProtoMessage() {} func (*DatabaseCSRRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{72} + return fileDescriptor_0ffcffcda38ae159, []int{72} } func (m *DatabaseCSRRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5039,7 +5137,7 @@ func (m *DatabaseCSRResponse) Reset() { *m = DatabaseCSRResponse{} } func (m *DatabaseCSRResponse) String() string { return proto.CompactTextString(m) } func (*DatabaseCSRResponse) ProtoMessage() {} func (*DatabaseCSRResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{73} + return fileDescriptor_0ffcffcda38ae159, []int{73} } func (m *DatabaseCSRResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5105,7 +5203,7 @@ func (m *DatabaseCertRequest) Reset() { *m = DatabaseCertRequest{} } func (m *DatabaseCertRequest) String() string { return proto.CompactTextString(m) } func (*DatabaseCertRequest) ProtoMessage() {} func (*DatabaseCertRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{74} + return fileDescriptor_0ffcffcda38ae159, []int{74} } func (m *DatabaseCertRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5185,7 +5283,7 @@ func (m *DatabaseCertResponse) Reset() { *m = DatabaseCertResponse{} } func (m *DatabaseCertResponse) String() string { return proto.CompactTextString(m) } func (*DatabaseCertResponse) ProtoMessage() {} func (*DatabaseCertResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{75} + return fileDescriptor_0ffcffcda38ae159, []int{75} } func (m *DatabaseCertResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5241,7 +5339,7 @@ func (m *SnowflakeJWTRequest) Reset() { *m = SnowflakeJWTRequest{} } func (m *SnowflakeJWTRequest) String() string { return proto.CompactTextString(m) } func (*SnowflakeJWTRequest) ProtoMessage() {} func (*SnowflakeJWTRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{76} + return fileDescriptor_0ffcffcda38ae159, []int{76} } func (m *SnowflakeJWTRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5296,7 +5394,7 @@ func (m *SnowflakeJWTResponse) Reset() { *m = SnowflakeJWTResponse{} } func (m *SnowflakeJWTResponse) String() string { return proto.CompactTextString(m) } func (*SnowflakeJWTResponse) ProtoMessage() {} func (*SnowflakeJWTResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{77} + return fileDescriptor_0ffcffcda38ae159, []int{77} } func (m *SnowflakeJWTResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5345,7 +5443,7 @@ func (m *GetRoleRequest) Reset() { *m = GetRoleRequest{} } func (m *GetRoleRequest) String() string { return proto.CompactTextString(m) } func (*GetRoleRequest) ProtoMessage() {} func (*GetRoleRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{78} + return fileDescriptor_0ffcffcda38ae159, []int{78} } func (m *GetRoleRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5394,7 +5492,7 @@ func (m *GetRolesResponse) Reset() { *m = GetRolesResponse{} } func (m *GetRolesResponse) String() string { return proto.CompactTextString(m) } func (*GetRolesResponse) ProtoMessage() {} func (*GetRolesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{79} + return fileDescriptor_0ffcffcda38ae159, []int{79} } func (m *GetRolesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5443,7 +5541,7 @@ func (m *DeleteRoleRequest) Reset() { *m = DeleteRoleRequest{} } func (m *DeleteRoleRequest) String() string { return proto.CompactTextString(m) } func (*DeleteRoleRequest) ProtoMessage() {} func (*DeleteRoleRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{80} + return fileDescriptor_0ffcffcda38ae159, []int{80} } func (m *DeleteRoleRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5501,7 +5599,7 @@ func (m *MFAAuthenticateChallenge) Reset() { *m = MFAAuthenticateChallen func (m *MFAAuthenticateChallenge) String() string { return proto.CompactTextString(m) } func (*MFAAuthenticateChallenge) ProtoMessage() {} func (*MFAAuthenticateChallenge) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{81} + return fileDescriptor_0ffcffcda38ae159, []int{81} } func (m *MFAAuthenticateChallenge) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5560,7 +5658,7 @@ func (m *MFAAuthenticateResponse) Reset() { *m = MFAAuthenticateResponse func (m *MFAAuthenticateResponse) String() string { return proto.CompactTextString(m) } func (*MFAAuthenticateResponse) ProtoMessage() {} func (*MFAAuthenticateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{82} + return fileDescriptor_0ffcffcda38ae159, []int{82} } func (m *MFAAuthenticateResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5645,7 +5743,7 @@ func (m *TOTPChallenge) Reset() { *m = TOTPChallenge{} } func (m *TOTPChallenge) String() string { return proto.CompactTextString(m) } func (*TOTPChallenge) ProtoMessage() {} func (*TOTPChallenge) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{83} + return fileDescriptor_0ffcffcda38ae159, []int{83} } func (m *TOTPChallenge) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5686,7 +5784,7 @@ func (m *TOTPResponse) Reset() { *m = TOTPResponse{} } func (m *TOTPResponse) String() string { return proto.CompactTextString(m) } func (*TOTPResponse) ProtoMessage() {} func (*TOTPResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{84} + return fileDescriptor_0ffcffcda38ae159, []int{84} } func (m *TOTPResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5739,7 +5837,7 @@ func (m *MFARegisterChallenge) Reset() { *m = MFARegisterChallenge{} } func (m *MFARegisterChallenge) String() string { return proto.CompactTextString(m) } func (*MFARegisterChallenge) ProtoMessage() {} func (*MFARegisterChallenge) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{85} + return fileDescriptor_0ffcffcda38ae159, []int{85} } func (m *MFARegisterChallenge) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5828,7 +5926,7 @@ func (m *MFARegisterResponse) Reset() { *m = MFARegisterResponse{} } func (m *MFARegisterResponse) String() string { return proto.CompactTextString(m) } func (*MFARegisterResponse) ProtoMessage() {} func (*MFARegisterResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{86} + return fileDescriptor_0ffcffcda38ae159, []int{86} } func (m *MFARegisterResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5928,7 +6026,7 @@ func (m *TOTPRegisterChallenge) Reset() { *m = TOTPRegisterChallenge{} } func (m *TOTPRegisterChallenge) String() string { return proto.CompactTextString(m) } func (*TOTPRegisterChallenge) ProtoMessage() {} func (*TOTPRegisterChallenge) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{87} + return fileDescriptor_0ffcffcda38ae159, []int{87} } func (m *TOTPRegisterChallenge) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6018,7 +6116,7 @@ func (m *TOTPRegisterResponse) Reset() { *m = TOTPRegisterResponse{} } func (m *TOTPRegisterResponse) String() string { return proto.CompactTextString(m) } func (*TOTPRegisterResponse) ProtoMessage() {} func (*TOTPRegisterResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{88} + return fileDescriptor_0ffcffcda38ae159, []int{88} } func (m *TOTPRegisterResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6070,7 +6168,7 @@ func (m *AddMFADeviceRequest) Reset() { *m = AddMFADeviceRequest{} } func (m *AddMFADeviceRequest) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceRequest) ProtoMessage() {} func (*AddMFADeviceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{89} + return fileDescriptor_0ffcffcda38ae159, []int{89} } func (m *AddMFADeviceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6173,7 +6271,7 @@ func (m *AddMFADeviceResponse) Reset() { *m = AddMFADeviceResponse{} } func (m *AddMFADeviceResponse) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceResponse) ProtoMessage() {} func (*AddMFADeviceResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{90} + return fileDescriptor_0ffcffcda38ae159, []int{90} } func (m *AddMFADeviceResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6275,7 +6373,7 @@ func (m *AddMFADeviceRequestInit) Reset() { *m = AddMFADeviceRequestInit func (m *AddMFADeviceRequestInit) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceRequestInit) ProtoMessage() {} func (*AddMFADeviceRequestInit) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{91} + return fileDescriptor_0ffcffcda38ae159, []int{91} } func (m *AddMFADeviceRequestInit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6337,7 +6435,7 @@ func (m *AddMFADeviceResponseAck) Reset() { *m = AddMFADeviceResponseAck func (m *AddMFADeviceResponseAck) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceResponseAck) ProtoMessage() {} func (*AddMFADeviceResponseAck) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{92} + return fileDescriptor_0ffcffcda38ae159, []int{92} } func (m *AddMFADeviceResponseAck) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6389,7 +6487,7 @@ func (m *DeleteMFADeviceRequest) Reset() { *m = DeleteMFADeviceRequest{} func (m *DeleteMFADeviceRequest) String() string { return proto.CompactTextString(m) } func (*DeleteMFADeviceRequest) ProtoMessage() {} func (*DeleteMFADeviceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{93} + return fileDescriptor_0ffcffcda38ae159, []int{93} } func (m *DeleteMFADeviceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6477,7 +6575,7 @@ func (m *DeleteMFADeviceResponse) Reset() { *m = DeleteMFADeviceResponse func (m *DeleteMFADeviceResponse) String() string { return proto.CompactTextString(m) } func (*DeleteMFADeviceResponse) ProtoMessage() {} func (*DeleteMFADeviceResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{94} + return fileDescriptor_0ffcffcda38ae159, []int{94} } func (m *DeleteMFADeviceResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6564,7 +6662,7 @@ func (m *DeleteMFADeviceRequestInit) Reset() { *m = DeleteMFADeviceReque func (m *DeleteMFADeviceRequestInit) String() string { return proto.CompactTextString(m) } func (*DeleteMFADeviceRequestInit) ProtoMessage() {} func (*DeleteMFADeviceRequestInit) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{95} + return fileDescriptor_0ffcffcda38ae159, []int{95} } func (m *DeleteMFADeviceRequestInit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6602,16 +6700,17 @@ func (m *DeleteMFADeviceRequestInit) GetDeviceName() string { // DeleteMFADeviceResponseAck is a confirmation of successful device deletion. type DeleteMFADeviceResponseAck struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Device *types.MFADevice `protobuf:"bytes,1,opt,name=Device,proto3" json:"Device,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *DeleteMFADeviceResponseAck) Reset() { *m = DeleteMFADeviceResponseAck{} } func (m *DeleteMFADeviceResponseAck) String() string { return proto.CompactTextString(m) } func (*DeleteMFADeviceResponseAck) ProtoMessage() {} func (*DeleteMFADeviceResponseAck) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{96} + return fileDescriptor_0ffcffcda38ae159, []int{96} } func (m *DeleteMFADeviceResponseAck) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6640,6 +6739,13 @@ func (m *DeleteMFADeviceResponseAck) XXX_DiscardUnknown() { var xxx_messageInfo_DeleteMFADeviceResponseAck proto.InternalMessageInfo +func (m *DeleteMFADeviceResponseAck) GetDevice() *types.MFADevice { + if m != nil { + return m.Device + } + return nil +} + // DeleteMFADeviceSyncRequest is a request to delete a MFA device (nonstream). type DeleteMFADeviceSyncRequest struct { // TokenID is the ID of a user token that will be used to verify this request. @@ -6658,7 +6764,7 @@ func (m *DeleteMFADeviceSyncRequest) Reset() { *m = DeleteMFADeviceSyncR func (m *DeleteMFADeviceSyncRequest) String() string { return proto.CompactTextString(m) } func (*DeleteMFADeviceSyncRequest) ProtoMessage() {} func (*DeleteMFADeviceSyncRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{97} + return fileDescriptor_0ffcffcda38ae159, []int{97} } func (m *DeleteMFADeviceSyncRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6723,7 +6829,7 @@ func (m *AddMFADeviceSyncRequest) Reset() { *m = AddMFADeviceSyncRequest func (m *AddMFADeviceSyncRequest) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceSyncRequest) ProtoMessage() {} func (*AddMFADeviceSyncRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{98} + return fileDescriptor_0ffcffcda38ae159, []int{98} } func (m *AddMFADeviceSyncRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6792,7 +6898,7 @@ func (m *AddMFADeviceSyncResponse) Reset() { *m = AddMFADeviceSyncRespon func (m *AddMFADeviceSyncResponse) String() string { return proto.CompactTextString(m) } func (*AddMFADeviceSyncResponse) ProtoMessage() {} func (*AddMFADeviceSyncResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{99} + return fileDescriptor_0ffcffcda38ae159, []int{99} } func (m *AddMFADeviceSyncResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6847,7 +6953,7 @@ func (m *GetMFADevicesRequest) Reset() { *m = GetMFADevicesRequest{} } func (m *GetMFADevicesRequest) String() string { return proto.CompactTextString(m) } func (*GetMFADevicesRequest) ProtoMessage() {} func (*GetMFADevicesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{100} + return fileDescriptor_0ffcffcda38ae159, []int{100} } func (m *GetMFADevicesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6895,7 +7001,7 @@ func (m *GetMFADevicesResponse) Reset() { *m = GetMFADevicesResponse{} } func (m *GetMFADevicesResponse) String() string { return proto.CompactTextString(m) } func (*GetMFADevicesResponse) ProtoMessage() {} func (*GetMFADevicesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{101} + return fileDescriptor_0ffcffcda38ae159, []int{101} } func (m *GetMFADevicesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6946,7 +7052,7 @@ func (m *UserSingleUseCertsRequest) Reset() { *m = UserSingleUseCertsReq func (m *UserSingleUseCertsRequest) String() string { return proto.CompactTextString(m) } func (*UserSingleUseCertsRequest) ProtoMessage() {} func (*UserSingleUseCertsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{102} + return fileDescriptor_0ffcffcda38ae159, []int{102} } func (m *UserSingleUseCertsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7035,7 +7141,7 @@ func (m *UserSingleUseCertsResponse) Reset() { *m = UserSingleUseCertsRe func (m *UserSingleUseCertsResponse) String() string { return proto.CompactTextString(m) } func (*UserSingleUseCertsResponse) ProtoMessage() {} func (*UserSingleUseCertsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{103} + return fileDescriptor_0ffcffcda38ae159, []int{103} } func (m *UserSingleUseCertsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7127,7 +7233,7 @@ func (m *IsMFARequiredRequest) Reset() { *m = IsMFARequiredRequest{} } func (m *IsMFARequiredRequest) String() string { return proto.CompactTextString(m) } func (*IsMFARequiredRequest) ProtoMessage() {} func (*IsMFARequiredRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{104} + return fileDescriptor_0ffcffcda38ae159, []int{104} } func (m *IsMFARequiredRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7241,7 +7347,7 @@ func (m *StreamSessionEventsRequest) Reset() { *m = StreamSessionEventsR func (m *StreamSessionEventsRequest) String() string { return proto.CompactTextString(m) } func (*StreamSessionEventsRequest) ProtoMessage() {} func (*StreamSessionEventsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{105} + return fileDescriptor_0ffcffcda38ae159, []int{105} } func (m *StreamSessionEventsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7299,7 +7405,7 @@ func (m *NodeLogin) Reset() { *m = NodeLogin{} } func (m *NodeLogin) String() string { return proto.CompactTextString(m) } func (*NodeLogin) ProtoMessage() {} func (*NodeLogin) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{106} + return fileDescriptor_0ffcffcda38ae159, []int{106} } func (m *NodeLogin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7354,7 +7460,7 @@ func (m *IsMFARequiredResponse) Reset() { *m = IsMFARequiredResponse{} } func (m *IsMFARequiredResponse) String() string { return proto.CompactTextString(m) } func (*IsMFARequiredResponse) ProtoMessage() {} func (*IsMFARequiredResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{107} + return fileDescriptor_0ffcffcda38ae159, []int{107} } func (m *IsMFARequiredResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7405,7 +7511,7 @@ func (m *SingleUseUserCert) Reset() { *m = SingleUseUserCert{} } func (m *SingleUseUserCert) String() string { return proto.CompactTextString(m) } func (*SingleUseUserCert) ProtoMessage() {} func (*SingleUseUserCert) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{108} + return fileDescriptor_0ffcffcda38ae159, []int{108} } func (m *SingleUseUserCert) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7506,7 +7612,7 @@ func (m *GetEventsRequest) Reset() { *m = GetEventsRequest{} } func (m *GetEventsRequest) String() string { return proto.CompactTextString(m) } func (*GetEventsRequest) ProtoMessage() {} func (*GetEventsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{109} + return fileDescriptor_0ffcffcda38ae159, []int{109} } func (m *GetEventsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7607,7 +7713,7 @@ func (m *GetSessionEventsRequest) Reset() { *m = GetSessionEventsRequest func (m *GetSessionEventsRequest) String() string { return proto.CompactTextString(m) } func (*GetSessionEventsRequest) ProtoMessage() {} func (*GetSessionEventsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{110} + return fileDescriptor_0ffcffcda38ae159, []int{110} } func (m *GetSessionEventsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7687,7 +7793,7 @@ func (m *Events) Reset() { *m = Events{} } func (m *Events) String() string { return proto.CompactTextString(m) } func (*Events) ProtoMessage() {} func (*Events) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{111} + return fileDescriptor_0ffcffcda38ae159, []int{111} } func (m *Events) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7745,7 +7851,7 @@ func (m *GetLocksRequest) Reset() { *m = GetLocksRequest{} } func (m *GetLocksRequest) String() string { return proto.CompactTextString(m) } func (*GetLocksRequest) ProtoMessage() {} func (*GetLocksRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{112} + return fileDescriptor_0ffcffcda38ae159, []int{112} } func (m *GetLocksRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7800,7 +7906,7 @@ func (m *GetLocksResponse) Reset() { *m = GetLocksResponse{} } func (m *GetLocksResponse) String() string { return proto.CompactTextString(m) } func (*GetLocksResponse) ProtoMessage() {} func (*GetLocksResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{113} + return fileDescriptor_0ffcffcda38ae159, []int{113} } func (m *GetLocksResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7848,7 +7954,7 @@ func (m *GetLockRequest) Reset() { *m = GetLockRequest{} } func (m *GetLockRequest) String() string { return proto.CompactTextString(m) } func (*GetLockRequest) ProtoMessage() {} func (*GetLockRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{114} + return fileDescriptor_0ffcffcda38ae159, []int{114} } func (m *GetLockRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7896,7 +8002,7 @@ func (m *DeleteLockRequest) Reset() { *m = DeleteLockRequest{} } func (m *DeleteLockRequest) String() string { return proto.CompactTextString(m) } func (*DeleteLockRequest) ProtoMessage() {} func (*DeleteLockRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{115} + return fileDescriptor_0ffcffcda38ae159, []int{115} } func (m *DeleteLockRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7946,7 +8052,7 @@ func (m *ReplaceRemoteLocksRequest) Reset() { *m = ReplaceRemoteLocksReq func (m *ReplaceRemoteLocksRequest) String() string { return proto.CompactTextString(m) } func (*ReplaceRemoteLocksRequest) ProtoMessage() {} func (*ReplaceRemoteLocksRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{116} + return fileDescriptor_0ffcffcda38ae159, []int{116} } func (m *ReplaceRemoteLocksRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8002,7 +8108,7 @@ func (m *GetWindowsDesktopServicesResponse) Reset() { *m = GetWindowsDes func (m *GetWindowsDesktopServicesResponse) String() string { return proto.CompactTextString(m) } func (*GetWindowsDesktopServicesResponse) ProtoMessage() {} func (*GetWindowsDesktopServicesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{117} + return fileDescriptor_0ffcffcda38ae159, []int{117} } func (m *GetWindowsDesktopServicesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8051,7 +8157,7 @@ func (m *GetWindowsDesktopServiceRequest) Reset() { *m = GetWindowsDeskt func (m *GetWindowsDesktopServiceRequest) String() string { return proto.CompactTextString(m) } func (*GetWindowsDesktopServiceRequest) ProtoMessage() {} func (*GetWindowsDesktopServiceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{118} + return fileDescriptor_0ffcffcda38ae159, []int{118} } func (m *GetWindowsDesktopServiceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8100,7 +8206,7 @@ func (m *GetWindowsDesktopServiceResponse) Reset() { *m = GetWindowsDesk func (m *GetWindowsDesktopServiceResponse) String() string { return proto.CompactTextString(m) } func (*GetWindowsDesktopServiceResponse) ProtoMessage() {} func (*GetWindowsDesktopServiceResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{119} + return fileDescriptor_0ffcffcda38ae159, []int{119} } func (m *GetWindowsDesktopServiceResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8149,7 +8255,7 @@ func (m *DeleteWindowsDesktopServiceRequest) Reset() { *m = DeleteWindow func (m *DeleteWindowsDesktopServiceRequest) String() string { return proto.CompactTextString(m) } func (*DeleteWindowsDesktopServiceRequest) ProtoMessage() {} func (*DeleteWindowsDesktopServiceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{120} + return fileDescriptor_0ffcffcda38ae159, []int{120} } func (m *DeleteWindowsDesktopServiceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8198,7 +8304,7 @@ func (m *GetWindowsDesktopsResponse) Reset() { *m = GetWindowsDesktopsRe func (m *GetWindowsDesktopsResponse) String() string { return proto.CompactTextString(m) } func (*GetWindowsDesktopsResponse) ProtoMessage() {} func (*GetWindowsDesktopsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{121} + return fileDescriptor_0ffcffcda38ae159, []int{121} } func (m *GetWindowsDesktopsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8251,7 +8357,7 @@ func (m *DeleteWindowsDesktopRequest) Reset() { *m = DeleteWindowsDeskto func (m *DeleteWindowsDesktopRequest) String() string { return proto.CompactTextString(m) } func (*DeleteWindowsDesktopRequest) ProtoMessage() {} func (*DeleteWindowsDesktopRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{122} + return fileDescriptor_0ffcffcda38ae159, []int{122} } func (m *DeleteWindowsDesktopRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8312,7 +8418,7 @@ func (m *WindowsDesktopCertRequest) Reset() { *m = WindowsDesktopCertReq func (m *WindowsDesktopCertRequest) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopCertRequest) ProtoMessage() {} func (*WindowsDesktopCertRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{123} + return fileDescriptor_0ffcffcda38ae159, []int{123} } func (m *WindowsDesktopCertRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8375,7 +8481,7 @@ func (m *WindowsDesktopCertResponse) Reset() { *m = WindowsDesktopCertRe func (m *WindowsDesktopCertResponse) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopCertResponse) ProtoMessage() {} func (*WindowsDesktopCertResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{124} + return fileDescriptor_0ffcffcda38ae159, []int{124} } func (m *WindowsDesktopCertResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8424,7 +8530,7 @@ func (m *CertAuthorityRequest) Reset() { *m = CertAuthorityRequest{} } func (m *CertAuthorityRequest) String() string { return proto.CompactTextString(m) } func (*CertAuthorityRequest) ProtoMessage() {} func (*CertAuthorityRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{125} + return fileDescriptor_0ffcffcda38ae159, []int{125} } func (m *CertAuthorityRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8473,7 +8579,7 @@ func (m *CRL) Reset() { *m = CRL{} } func (m *CRL) String() string { return proto.CompactTextString(m) } func (*CRL) ProtoMessage() {} func (*CRL) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{126} + return fileDescriptor_0ffcffcda38ae159, []int{126} } func (m *CRL) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8541,7 +8647,7 @@ func (m *ChangeUserAuthenticationRequest) Reset() { *m = ChangeUserAuthe func (m *ChangeUserAuthenticationRequest) String() string { return proto.CompactTextString(m) } func (*ChangeUserAuthenticationRequest) ProtoMessage() {} func (*ChangeUserAuthenticationRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{127} + return fileDescriptor_0ffcffcda38ae159, []int{127} } func (m *ChangeUserAuthenticationRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8617,7 +8723,7 @@ func (m *ChangeUserAuthenticationResponse) Reset() { *m = ChangeUserAuth func (m *ChangeUserAuthenticationResponse) String() string { return proto.CompactTextString(m) } func (*ChangeUserAuthenticationResponse) ProtoMessage() {} func (*ChangeUserAuthenticationResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{128} + return fileDescriptor_0ffcffcda38ae159, []int{128} } func (m *ChangeUserAuthenticationResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8683,7 +8789,7 @@ func (m *StartAccountRecoveryRequest) Reset() { *m = StartAccountRecover func (m *StartAccountRecoveryRequest) String() string { return proto.CompactTextString(m) } func (*StartAccountRecoveryRequest) ProtoMessage() {} func (*StartAccountRecoveryRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{129} + return fileDescriptor_0ffcffcda38ae159, []int{129} } func (m *StartAccountRecoveryRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8758,7 +8864,7 @@ func (m *VerifyAccountRecoveryRequest) Reset() { *m = VerifyAccountRecov func (m *VerifyAccountRecoveryRequest) String() string { return proto.CompactTextString(m) } func (*VerifyAccountRecoveryRequest) ProtoMessage() {} func (*VerifyAccountRecoveryRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{130} + return fileDescriptor_0ffcffcda38ae159, []int{130} } func (m *VerifyAccountRecoveryRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8873,7 +8979,7 @@ func (m *CompleteAccountRecoveryRequest) Reset() { *m = CompleteAccountR func (m *CompleteAccountRecoveryRequest) String() string { return proto.CompactTextString(m) } func (*CompleteAccountRecoveryRequest) ProtoMessage() {} func (*CompleteAccountRecoveryRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{131} + return fileDescriptor_0ffcffcda38ae159, []int{131} } func (m *CompleteAccountRecoveryRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8979,7 +9085,7 @@ func (m *RecoveryCodes) Reset() { *m = RecoveryCodes{} } func (m *RecoveryCodes) String() string { return proto.CompactTextString(m) } func (*RecoveryCodes) ProtoMessage() {} func (*RecoveryCodes) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{132} + return fileDescriptor_0ffcffcda38ae159, []int{132} } func (m *RecoveryCodes) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9042,7 +9148,7 @@ func (m *CreateAccountRecoveryCodesRequest) Reset() { *m = CreateAccount func (m *CreateAccountRecoveryCodesRequest) String() string { return proto.CompactTextString(m) } func (*CreateAccountRecoveryCodesRequest) ProtoMessage() {} func (*CreateAccountRecoveryCodesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{133} + return fileDescriptor_0ffcffcda38ae159, []int{133} } func (m *CreateAccountRecoveryCodesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9093,7 +9199,7 @@ func (m *GetAccountRecoveryTokenRequest) Reset() { *m = GetAccountRecove func (m *GetAccountRecoveryTokenRequest) String() string { return proto.CompactTextString(m) } func (*GetAccountRecoveryTokenRequest) ProtoMessage() {} func (*GetAccountRecoveryTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{134} + return fileDescriptor_0ffcffcda38ae159, []int{134} } func (m *GetAccountRecoveryTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9141,7 +9247,7 @@ func (m *GetAccountRecoveryCodesRequest) Reset() { *m = GetAccountRecove func (m *GetAccountRecoveryCodesRequest) String() string { return proto.CompactTextString(m) } func (*GetAccountRecoveryCodesRequest) ProtoMessage() {} func (*GetAccountRecoveryCodesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{135} + return fileDescriptor_0ffcffcda38ae159, []int{135} } func (m *GetAccountRecoveryCodesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9183,7 +9289,7 @@ func (m *UserCredentials) Reset() { *m = UserCredentials{} } func (m *UserCredentials) String() string { return proto.CompactTextString(m) } func (*UserCredentials) ProtoMessage() {} func (*UserCredentials) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{136} + return fileDescriptor_0ffcffcda38ae159, []int{136} } func (m *UserCredentials) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9237,7 +9343,7 @@ func (m *ContextUser) Reset() { *m = ContextUser{} } func (m *ContextUser) String() string { return proto.CompactTextString(m) } func (*ContextUser) ProtoMessage() {} func (*ContextUser) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{137} + return fileDescriptor_0ffcffcda38ae159, []int{137} } func (m *ContextUser) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9277,7 +9383,7 @@ func (m *Passwordless) Reset() { *m = Passwordless{} } func (m *Passwordless) String() string { return proto.CompactTextString(m) } func (*Passwordless) ProtoMessage() {} func (*Passwordless) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{138} + return fileDescriptor_0ffcffcda38ae159, []int{138} } func (m *Passwordless) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9327,7 +9433,7 @@ func (m *CreateAuthenticateChallengeRequest) Reset() { *m = CreateAuthen func (m *CreateAuthenticateChallengeRequest) String() string { return proto.CompactTextString(m) } func (*CreateAuthenticateChallengeRequest) ProtoMessage() {} func (*CreateAuthenticateChallengeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{139} + return fileDescriptor_0ffcffcda38ae159, []int{139} } func (m *CreateAuthenticateChallengeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9447,7 +9553,7 @@ func (m *CreatePrivilegeTokenRequest) Reset() { *m = CreatePrivilegeToke func (m *CreatePrivilegeTokenRequest) String() string { return proto.CompactTextString(m) } func (*CreatePrivilegeTokenRequest) ProtoMessage() {} func (*CreatePrivilegeTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{140} + return fileDescriptor_0ffcffcda38ae159, []int{140} } func (m *CreatePrivilegeTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9503,7 +9609,7 @@ func (m *CreateRegisterChallengeRequest) Reset() { *m = CreateRegisterCh func (m *CreateRegisterChallengeRequest) String() string { return proto.CompactTextString(m) } func (*CreateRegisterChallengeRequest) ProtoMessage() {} func (*CreateRegisterChallengeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{141} + return fileDescriptor_0ffcffcda38ae159, []int{141} } func (m *CreateRegisterChallengeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9564,6 +9670,7 @@ type PaginatedResource struct { // *PaginatedResource_KubeService // *PaginatedResource_WindowsDesktop // *PaginatedResource_KubeCluster + // *PaginatedResource_WindowsDesktopService Resource isPaginatedResource_Resource `protobuf_oneof:"resource"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -9574,7 +9681,7 @@ func (m *PaginatedResource) Reset() { *m = PaginatedResource{} } func (m *PaginatedResource) String() string { return proto.CompactTextString(m) } func (*PaginatedResource) ProtoMessage() {} func (*PaginatedResource) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{142} + return fileDescriptor_0ffcffcda38ae159, []int{142} } func (m *PaginatedResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9627,13 +9734,17 @@ type PaginatedResource_WindowsDesktop struct { type PaginatedResource_KubeCluster struct { KubeCluster *types.KubernetesClusterV3 `protobuf:"bytes,6,opt,name=KubeCluster,proto3,oneof" json:"kube_cluster,omitempty"` } +type PaginatedResource_WindowsDesktopService struct { + WindowsDesktopService *types.WindowsDesktopServiceV3 `protobuf:"bytes,8,opt,name=WindowsDesktopService,proto3,oneof" json:"windows_desktop_service,omitempty"` +} -func (*PaginatedResource_DatabaseServer) isPaginatedResource_Resource() {} -func (*PaginatedResource_AppServer) isPaginatedResource_Resource() {} -func (*PaginatedResource_Node) isPaginatedResource_Resource() {} -func (*PaginatedResource_KubeService) isPaginatedResource_Resource() {} -func (*PaginatedResource_WindowsDesktop) isPaginatedResource_Resource() {} -func (*PaginatedResource_KubeCluster) isPaginatedResource_Resource() {} +func (*PaginatedResource_DatabaseServer) isPaginatedResource_Resource() {} +func (*PaginatedResource_AppServer) isPaginatedResource_Resource() {} +func (*PaginatedResource_Node) isPaginatedResource_Resource() {} +func (*PaginatedResource_KubeService) isPaginatedResource_Resource() {} +func (*PaginatedResource_WindowsDesktop) isPaginatedResource_Resource() {} +func (*PaginatedResource_KubeCluster) isPaginatedResource_Resource() {} +func (*PaginatedResource_WindowsDesktopService) isPaginatedResource_Resource() {} func (m *PaginatedResource) GetResource() isPaginatedResource_Resource { if m != nil { @@ -9684,6 +9795,13 @@ func (m *PaginatedResource) GetKubeCluster() *types.KubernetesClusterV3 { return nil } +func (m *PaginatedResource) GetWindowsDesktopService() *types.WindowsDesktopServiceV3 { + if x, ok := m.GetResource().(*PaginatedResource_WindowsDesktopService); ok { + return x.WindowsDesktopService + } + return nil +} + // XXX_OneofWrappers is for the internal use of the proto package. func (*PaginatedResource) XXX_OneofWrappers() []interface{} { return []interface{}{ @@ -9693,6 +9811,7 @@ func (*PaginatedResource) XXX_OneofWrappers() []interface{} { (*PaginatedResource_KubeService)(nil), (*PaginatedResource_WindowsDesktop)(nil), (*PaginatedResource_KubeCluster)(nil), + (*PaginatedResource_WindowsDesktopService)(nil), } } @@ -9743,7 +9862,7 @@ func (m *ListResourcesRequest) Reset() { *m = ListResourcesRequest{} } func (m *ListResourcesRequest) String() string { return proto.CompactTextString(m) } func (*ListResourcesRequest) ProtoMessage() {} func (*ListResourcesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{143} + return fileDescriptor_0ffcffcda38ae159, []int{143} } func (m *ListResourcesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9868,7 +9987,7 @@ func (m *ListResourcesResponse) Reset() { *m = ListResourcesResponse{} } func (m *ListResourcesResponse) String() string { return proto.CompactTextString(m) } func (*ListResourcesResponse) ProtoMessage() {} func (*ListResourcesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{144} + return fileDescriptor_0ffcffcda38ae159, []int{144} } func (m *ListResourcesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9979,7 +10098,7 @@ func (m *CreateSessionTrackerRequest) Reset() { *m = CreateSessionTracke func (m *CreateSessionTrackerRequest) String() string { return proto.CompactTextString(m) } func (*CreateSessionTrackerRequest) ProtoMessage() {} func (*CreateSessionTrackerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{145} + return fileDescriptor_0ffcffcda38ae159, []int{145} } func (m *CreateSessionTrackerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10126,7 +10245,7 @@ func (m *GetSessionTrackerRequest) Reset() { *m = GetSessionTrackerReque func (m *GetSessionTrackerRequest) String() string { return proto.CompactTextString(m) } func (*GetSessionTrackerRequest) ProtoMessage() {} func (*GetSessionTrackerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{146} + return fileDescriptor_0ffcffcda38ae159, []int{146} } func (m *GetSessionTrackerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10175,7 +10294,7 @@ func (m *RemoveSessionTrackerRequest) Reset() { *m = RemoveSessionTracke func (m *RemoveSessionTrackerRequest) String() string { return proto.CompactTextString(m) } func (*RemoveSessionTrackerRequest) ProtoMessage() {} func (*RemoveSessionTrackerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{147} + return fileDescriptor_0ffcffcda38ae159, []int{147} } func (m *RemoveSessionTrackerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10223,7 +10342,7 @@ func (m *SessionTrackerUpdateState) Reset() { *m = SessionTrackerUpdateS func (m *SessionTrackerUpdateState) String() string { return proto.CompactTextString(m) } func (*SessionTrackerUpdateState) ProtoMessage() {} func (*SessionTrackerUpdateState) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{148} + return fileDescriptor_0ffcffcda38ae159, []int{148} } func (m *SessionTrackerUpdateState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10271,7 +10390,7 @@ func (m *SessionTrackerAddParticipant) Reset() { *m = SessionTrackerAddP func (m *SessionTrackerAddParticipant) String() string { return proto.CompactTextString(m) } func (*SessionTrackerAddParticipant) ProtoMessage() {} func (*SessionTrackerAddParticipant) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{149} + return fileDescriptor_0ffcffcda38ae159, []int{149} } func (m *SessionTrackerAddParticipant) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10319,7 +10438,7 @@ func (m *SessionTrackerRemoveParticipant) Reset() { *m = SessionTrackerR func (m *SessionTrackerRemoveParticipant) String() string { return proto.CompactTextString(m) } func (*SessionTrackerRemoveParticipant) ProtoMessage() {} func (*SessionTrackerRemoveParticipant) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{150} + return fileDescriptor_0ffcffcda38ae159, []int{150} } func (m *SessionTrackerRemoveParticipant) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10368,7 +10487,7 @@ func (m *SessionTrackerUpdateExpiry) Reset() { *m = SessionTrackerUpdate func (m *SessionTrackerUpdateExpiry) String() string { return proto.CompactTextString(m) } func (*SessionTrackerUpdateExpiry) ProtoMessage() {} func (*SessionTrackerUpdateExpiry) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{151} + return fileDescriptor_0ffcffcda38ae159, []int{151} } func (m *SessionTrackerUpdateExpiry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10423,7 +10542,7 @@ func (m *UpdateSessionTrackerRequest) Reset() { *m = UpdateSessionTracke func (m *UpdateSessionTrackerRequest) String() string { return proto.CompactTextString(m) } func (*UpdateSessionTrackerRequest) ProtoMessage() {} func (*UpdateSessionTrackerRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{152} + return fileDescriptor_0ffcffcda38ae159, []int{152} } func (m *UpdateSessionTrackerRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10541,7 +10660,7 @@ func (m *PresenceMFAChallengeRequest) Reset() { *m = PresenceMFAChalleng func (m *PresenceMFAChallengeRequest) String() string { return proto.CompactTextString(m) } func (*PresenceMFAChallengeRequest) ProtoMessage() {} func (*PresenceMFAChallengeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{153} + return fileDescriptor_0ffcffcda38ae159, []int{153} } func (m *PresenceMFAChallengeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10592,7 +10711,7 @@ func (m *PresenceMFAChallengeSend) Reset() { *m = PresenceMFAChallengeSe func (m *PresenceMFAChallengeSend) String() string { return proto.CompactTextString(m) } func (*PresenceMFAChallengeSend) ProtoMessage() {} func (*PresenceMFAChallengeSend) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{154} + return fileDescriptor_0ffcffcda38ae159, []int{154} } func (m *PresenceMFAChallengeSend) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10679,7 +10798,7 @@ func (m *GetDomainNameResponse) Reset() { *m = GetDomainNameResponse{} } func (m *GetDomainNameResponse) String() string { return proto.CompactTextString(m) } func (*GetDomainNameResponse) ProtoMessage() {} func (*GetDomainNameResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{155} + return fileDescriptor_0ffcffcda38ae159, []int{155} } func (m *GetDomainNameResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10728,7 +10847,7 @@ func (m *GetClusterCACertResponse) Reset() { *m = GetClusterCACertRespon func (m *GetClusterCACertResponse) String() string { return proto.CompactTextString(m) } func (*GetClusterCACertResponse) ProtoMessage() {} func (*GetClusterCACertResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{156} + return fileDescriptor_0ffcffcda38ae159, []int{156} } func (m *GetClusterCACertResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10784,7 +10903,7 @@ func (m *GenerateTokenRequest) Reset() { *m = GenerateTokenRequest{} } func (m *GenerateTokenRequest) String() string { return proto.CompactTextString(m) } func (*GenerateTokenRequest) ProtoMessage() {} func (*GenerateTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{157} + return fileDescriptor_0ffcffcda38ae159, []int{157} } func (m *GenerateTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10854,7 +10973,7 @@ func (m *GenerateTokenResponse) Reset() { *m = GenerateTokenResponse{} } func (m *GenerateTokenResponse) String() string { return proto.CompactTextString(m) } func (*GenerateTokenResponse) ProtoMessage() {} func (*GenerateTokenResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{158} + return fileDescriptor_0ffcffcda38ae159, []int{158} } func (m *GenerateTokenResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10903,7 +11022,7 @@ func (m *GetOIDCAuthRequestRequest) Reset() { *m = GetOIDCAuthRequestReq func (m *GetOIDCAuthRequestRequest) String() string { return proto.CompactTextString(m) } func (*GetOIDCAuthRequestRequest) ProtoMessage() {} func (*GetOIDCAuthRequestRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{159} + return fileDescriptor_0ffcffcda38ae159, []int{159} } func (m *GetOIDCAuthRequestRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -10952,7 +11071,7 @@ func (m *GetSAMLAuthRequestRequest) Reset() { *m = GetSAMLAuthRequestReq func (m *GetSAMLAuthRequestRequest) String() string { return proto.CompactTextString(m) } func (*GetSAMLAuthRequestRequest) ProtoMessage() {} func (*GetSAMLAuthRequestRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{160} + return fileDescriptor_0ffcffcda38ae159, []int{160} } func (m *GetSAMLAuthRequestRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -11001,7 +11120,7 @@ func (m *GetGithubAuthRequestRequest) Reset() { *m = GetGithubAuthReques func (m *GetGithubAuthRequestRequest) String() string { return proto.CompactTextString(m) } func (*GetGithubAuthRequestRequest) ProtoMessage() {} func (*GetGithubAuthRequestRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{161} + return fileDescriptor_0ffcffcda38ae159, []int{161} } func (m *GetGithubAuthRequestRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -11052,7 +11171,7 @@ func (m *GetSSODiagnosticInfoRequest) Reset() { *m = GetSSODiagnosticInf func (m *GetSSODiagnosticInfoRequest) String() string { return proto.CompactTextString(m) } func (*GetSSODiagnosticInfoRequest) ProtoMessage() {} func (*GetSSODiagnosticInfoRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_ce8bd90b12161215, []int{162} + return fileDescriptor_0ffcffcda38ae159, []int{162} } func (m *GetSSODiagnosticInfoRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -11095,2851 +11214,2923 @@ func (m *GetSSODiagnosticInfoRequest) GetAuthRequestID() string { return "" } -func init() { - proto.RegisterEnum("proto.Operation", Operation_name, Operation_value) - proto.RegisterEnum("proto.DeviceType", DeviceType_name, DeviceType_value) - proto.RegisterEnum("proto.DeviceUsage", DeviceUsage_name, DeviceUsage_value) - proto.RegisterEnum("proto.Order", Order_name, Order_value) - proto.RegisterEnum("proto.UserCertsRequest_CertUsage", UserCertsRequest_CertUsage_name, UserCertsRequest_CertUsage_value) - proto.RegisterEnum("proto.DatabaseCertRequest_Requester", DatabaseCertRequest_Requester_name, DatabaseCertRequest_Requester_value) - proto.RegisterType((*Event)(nil), "proto.Event") - proto.RegisterType((*Watch)(nil), "proto.Watch") - proto.RegisterType((*WatchKind)(nil), "proto.WatchKind") - proto.RegisterMapType((map[string]string)(nil), "proto.WatchKind.FilterEntry") - proto.RegisterType((*HostCertsRequest)(nil), "proto.HostCertsRequest") - proto.RegisterType((*UserCertsRequest)(nil), "proto.UserCertsRequest") - proto.RegisterType((*RouteToDatabase)(nil), "proto.RouteToDatabase") - proto.RegisterType((*RouteToWindowsDesktop)(nil), "proto.RouteToWindowsDesktop") - proto.RegisterType((*RouteToApp)(nil), "proto.RouteToApp") - proto.RegisterType((*GetUserRequest)(nil), "proto.GetUserRequest") - proto.RegisterType((*GetUsersRequest)(nil), "proto.GetUsersRequest") - proto.RegisterType((*AccessRequests)(nil), "proto.AccessRequests") - proto.RegisterType((*PluginDataSeq)(nil), "proto.PluginDataSeq") - proto.RegisterType((*RequestStateSetter)(nil), "proto.RequestStateSetter") - proto.RegisterType((*RequestID)(nil), "proto.RequestID") - proto.RegisterType((*RotateUserTokenSecretsRequest)(nil), "proto.RotateUserTokenSecretsRequest") - proto.RegisterType((*GetResetPasswordTokenRequest)(nil), "proto.GetResetPasswordTokenRequest") - proto.RegisterType((*CreateResetPasswordTokenRequest)(nil), "proto.CreateResetPasswordTokenRequest") - proto.RegisterType((*RenewableCertsRequest)(nil), "proto.RenewableCertsRequest") - proto.RegisterType((*CreateBotRequest)(nil), "proto.CreateBotRequest") - proto.RegisterType((*CreateBotResponse)(nil), "proto.CreateBotResponse") - proto.RegisterType((*DeleteBotRequest)(nil), "proto.DeleteBotRequest") - proto.RegisterType((*GetBotUsersRequest)(nil), "proto.GetBotUsersRequest") - proto.RegisterType((*PingRequest)(nil), "proto.PingRequest") - proto.RegisterType((*PingResponse)(nil), "proto.PingResponse") - proto.RegisterType((*Features)(nil), "proto.Features") - proto.RegisterType((*DeleteUserRequest)(nil), "proto.DeleteUserRequest") - proto.RegisterType((*Semaphores)(nil), "proto.Semaphores") - proto.RegisterType((*AuditStreamRequest)(nil), "proto.AuditStreamRequest") - proto.RegisterType((*AuditStreamStatus)(nil), "proto.AuditStreamStatus") - proto.RegisterType((*CreateStream)(nil), "proto.CreateStream") - proto.RegisterType((*ResumeStream)(nil), "proto.ResumeStream") - proto.RegisterType((*CompleteStream)(nil), "proto.CompleteStream") - proto.RegisterType((*FlushAndCloseStream)(nil), "proto.FlushAndCloseStream") - proto.RegisterType((*GetApplicationServersRequest)(nil), "proto.GetApplicationServersRequest") - proto.RegisterType((*GetApplicationServersResponse)(nil), "proto.GetApplicationServersResponse") - proto.RegisterType((*UpsertApplicationServerRequest)(nil), "proto.UpsertApplicationServerRequest") - proto.RegisterType((*DeleteApplicationServerRequest)(nil), "proto.DeleteApplicationServerRequest") - proto.RegisterType((*DeleteAllApplicationServersRequest)(nil), "proto.DeleteAllApplicationServersRequest") - proto.RegisterType((*GetAppServersRequest)(nil), "proto.GetAppServersRequest") - proto.RegisterType((*GetAppServersResponse)(nil), "proto.GetAppServersResponse") - proto.RegisterType((*UpsertAppServerRequest)(nil), "proto.UpsertAppServerRequest") - proto.RegisterType((*DeleteAppServerRequest)(nil), "proto.DeleteAppServerRequest") - proto.RegisterType((*DeleteAllAppServersRequest)(nil), "proto.DeleteAllAppServersRequest") - proto.RegisterType((*GenerateAppTokenRequest)(nil), "proto.GenerateAppTokenRequest") - proto.RegisterType((*GenerateAppTokenResponse)(nil), "proto.GenerateAppTokenResponse") - proto.RegisterType((*GetAppSessionRequest)(nil), "proto.GetAppSessionRequest") - proto.RegisterType((*GetAppSessionResponse)(nil), "proto.GetAppSessionResponse") - proto.RegisterType((*GetAppSessionsResponse)(nil), "proto.GetAppSessionsResponse") - proto.RegisterType((*GetSnowflakeSessionsResponse)(nil), "proto.GetSnowflakeSessionsResponse") - proto.RegisterType((*CreateAppSessionRequest)(nil), "proto.CreateAppSessionRequest") - proto.RegisterType((*CreateAppSessionResponse)(nil), "proto.CreateAppSessionResponse") - proto.RegisterType((*CreateSnowflakeSessionRequest)(nil), "proto.CreateSnowflakeSessionRequest") - proto.RegisterType((*CreateSnowflakeSessionResponse)(nil), "proto.CreateSnowflakeSessionResponse") - proto.RegisterType((*GetSnowflakeSessionRequest)(nil), "proto.GetSnowflakeSessionRequest") - proto.RegisterType((*GetSnowflakeSessionResponse)(nil), "proto.GetSnowflakeSessionResponse") - proto.RegisterType((*DeleteAppSessionRequest)(nil), "proto.DeleteAppSessionRequest") - proto.RegisterType((*DeleteSnowflakeSessionRequest)(nil), "proto.DeleteSnowflakeSessionRequest") - proto.RegisterType((*DeleteUserAppSessionsRequest)(nil), "proto.DeleteUserAppSessionsRequest") - proto.RegisterType((*GetWebSessionResponse)(nil), "proto.GetWebSessionResponse") - proto.RegisterType((*GetWebSessionsResponse)(nil), "proto.GetWebSessionsResponse") - proto.RegisterType((*GetWebTokenResponse)(nil), "proto.GetWebTokenResponse") - proto.RegisterType((*GetWebTokensResponse)(nil), "proto.GetWebTokensResponse") - proto.RegisterType((*GetKubeServicesRequest)(nil), "proto.GetKubeServicesRequest") - proto.RegisterType((*GetKubeServicesResponse)(nil), "proto.GetKubeServicesResponse") - proto.RegisterType((*UpsertKubeServiceRequest)(nil), "proto.UpsertKubeServiceRequest") - proto.RegisterType((*DeleteKubeServiceRequest)(nil), "proto.DeleteKubeServiceRequest") - proto.RegisterType((*DeleteAllKubeServicesRequest)(nil), "proto.DeleteAllKubeServicesRequest") - proto.RegisterType((*GetDatabaseServersRequest)(nil), "proto.GetDatabaseServersRequest") - proto.RegisterType((*GetDatabaseServersResponse)(nil), "proto.GetDatabaseServersResponse") - proto.RegisterType((*UpsertDatabaseServerRequest)(nil), "proto.UpsertDatabaseServerRequest") - proto.RegisterType((*DeleteDatabaseServerRequest)(nil), "proto.DeleteDatabaseServerRequest") - proto.RegisterType((*DeleteAllDatabaseServersRequest)(nil), "proto.DeleteAllDatabaseServersRequest") - proto.RegisterType((*DatabaseCSRRequest)(nil), "proto.DatabaseCSRRequest") - proto.RegisterType((*DatabaseCSRResponse)(nil), "proto.DatabaseCSRResponse") - proto.RegisterType((*DatabaseCertRequest)(nil), "proto.DatabaseCertRequest") - proto.RegisterType((*DatabaseCertResponse)(nil), "proto.DatabaseCertResponse") - proto.RegisterType((*SnowflakeJWTRequest)(nil), "proto.SnowflakeJWTRequest") - proto.RegisterType((*SnowflakeJWTResponse)(nil), "proto.SnowflakeJWTResponse") - proto.RegisterType((*GetRoleRequest)(nil), "proto.GetRoleRequest") - proto.RegisterType((*GetRolesResponse)(nil), "proto.GetRolesResponse") - proto.RegisterType((*DeleteRoleRequest)(nil), "proto.DeleteRoleRequest") - proto.RegisterType((*MFAAuthenticateChallenge)(nil), "proto.MFAAuthenticateChallenge") - proto.RegisterType((*MFAAuthenticateResponse)(nil), "proto.MFAAuthenticateResponse") - proto.RegisterType((*TOTPChallenge)(nil), "proto.TOTPChallenge") - proto.RegisterType((*TOTPResponse)(nil), "proto.TOTPResponse") - proto.RegisterType((*MFARegisterChallenge)(nil), "proto.MFARegisterChallenge") - proto.RegisterType((*MFARegisterResponse)(nil), "proto.MFARegisterResponse") - proto.RegisterType((*TOTPRegisterChallenge)(nil), "proto.TOTPRegisterChallenge") - proto.RegisterType((*TOTPRegisterResponse)(nil), "proto.TOTPRegisterResponse") - proto.RegisterType((*AddMFADeviceRequest)(nil), "proto.AddMFADeviceRequest") - proto.RegisterType((*AddMFADeviceResponse)(nil), "proto.AddMFADeviceResponse") - proto.RegisterType((*AddMFADeviceRequestInit)(nil), "proto.AddMFADeviceRequestInit") - proto.RegisterType((*AddMFADeviceResponseAck)(nil), "proto.AddMFADeviceResponseAck") - proto.RegisterType((*DeleteMFADeviceRequest)(nil), "proto.DeleteMFADeviceRequest") - proto.RegisterType((*DeleteMFADeviceResponse)(nil), "proto.DeleteMFADeviceResponse") - proto.RegisterType((*DeleteMFADeviceRequestInit)(nil), "proto.DeleteMFADeviceRequestInit") - proto.RegisterType((*DeleteMFADeviceResponseAck)(nil), "proto.DeleteMFADeviceResponseAck") - proto.RegisterType((*DeleteMFADeviceSyncRequest)(nil), "proto.DeleteMFADeviceSyncRequest") - proto.RegisterType((*AddMFADeviceSyncRequest)(nil), "proto.AddMFADeviceSyncRequest") - proto.RegisterType((*AddMFADeviceSyncResponse)(nil), "proto.AddMFADeviceSyncResponse") - proto.RegisterType((*GetMFADevicesRequest)(nil), "proto.GetMFADevicesRequest") - proto.RegisterType((*GetMFADevicesResponse)(nil), "proto.GetMFADevicesResponse") - proto.RegisterType((*UserSingleUseCertsRequest)(nil), "proto.UserSingleUseCertsRequest") - proto.RegisterType((*UserSingleUseCertsResponse)(nil), "proto.UserSingleUseCertsResponse") - proto.RegisterType((*IsMFARequiredRequest)(nil), "proto.IsMFARequiredRequest") - proto.RegisterType((*StreamSessionEventsRequest)(nil), "proto.StreamSessionEventsRequest") - proto.RegisterType((*NodeLogin)(nil), "proto.NodeLogin") - proto.RegisterType((*IsMFARequiredResponse)(nil), "proto.IsMFARequiredResponse") - proto.RegisterType((*SingleUseUserCert)(nil), "proto.SingleUseUserCert") - proto.RegisterType((*GetEventsRequest)(nil), "proto.GetEventsRequest") - proto.RegisterType((*GetSessionEventsRequest)(nil), "proto.GetSessionEventsRequest") - proto.RegisterType((*Events)(nil), "proto.Events") - proto.RegisterType((*GetLocksRequest)(nil), "proto.GetLocksRequest") - proto.RegisterType((*GetLocksResponse)(nil), "proto.GetLocksResponse") - proto.RegisterType((*GetLockRequest)(nil), "proto.GetLockRequest") - proto.RegisterType((*DeleteLockRequest)(nil), "proto.DeleteLockRequest") - proto.RegisterType((*ReplaceRemoteLocksRequest)(nil), "proto.ReplaceRemoteLocksRequest") - proto.RegisterType((*GetWindowsDesktopServicesResponse)(nil), "proto.GetWindowsDesktopServicesResponse") - proto.RegisterType((*GetWindowsDesktopServiceRequest)(nil), "proto.GetWindowsDesktopServiceRequest") - proto.RegisterType((*GetWindowsDesktopServiceResponse)(nil), "proto.GetWindowsDesktopServiceResponse") - proto.RegisterType((*DeleteWindowsDesktopServiceRequest)(nil), "proto.DeleteWindowsDesktopServiceRequest") - proto.RegisterType((*GetWindowsDesktopsResponse)(nil), "proto.GetWindowsDesktopsResponse") - proto.RegisterType((*DeleteWindowsDesktopRequest)(nil), "proto.DeleteWindowsDesktopRequest") - proto.RegisterType((*WindowsDesktopCertRequest)(nil), "proto.WindowsDesktopCertRequest") - proto.RegisterType((*WindowsDesktopCertResponse)(nil), "proto.WindowsDesktopCertResponse") - proto.RegisterType((*CertAuthorityRequest)(nil), "proto.CertAuthorityRequest") - proto.RegisterType((*CRL)(nil), "proto.CRL") - proto.RegisterType((*ChangeUserAuthenticationRequest)(nil), "proto.ChangeUserAuthenticationRequest") - proto.RegisterType((*ChangeUserAuthenticationResponse)(nil), "proto.ChangeUserAuthenticationResponse") - proto.RegisterType((*StartAccountRecoveryRequest)(nil), "proto.StartAccountRecoveryRequest") - proto.RegisterType((*VerifyAccountRecoveryRequest)(nil), "proto.VerifyAccountRecoveryRequest") - proto.RegisterType((*CompleteAccountRecoveryRequest)(nil), "proto.CompleteAccountRecoveryRequest") - proto.RegisterType((*RecoveryCodes)(nil), "proto.RecoveryCodes") - proto.RegisterType((*CreateAccountRecoveryCodesRequest)(nil), "proto.CreateAccountRecoveryCodesRequest") - proto.RegisterType((*GetAccountRecoveryTokenRequest)(nil), "proto.GetAccountRecoveryTokenRequest") - proto.RegisterType((*GetAccountRecoveryCodesRequest)(nil), "proto.GetAccountRecoveryCodesRequest") - proto.RegisterType((*UserCredentials)(nil), "proto.UserCredentials") - proto.RegisterType((*ContextUser)(nil), "proto.ContextUser") - proto.RegisterType((*Passwordless)(nil), "proto.Passwordless") - proto.RegisterType((*CreateAuthenticateChallengeRequest)(nil), "proto.CreateAuthenticateChallengeRequest") - proto.RegisterType((*CreatePrivilegeTokenRequest)(nil), "proto.CreatePrivilegeTokenRequest") - proto.RegisterType((*CreateRegisterChallengeRequest)(nil), "proto.CreateRegisterChallengeRequest") - proto.RegisterType((*PaginatedResource)(nil), "proto.PaginatedResource") - proto.RegisterType((*ListResourcesRequest)(nil), "proto.ListResourcesRequest") - proto.RegisterMapType((map[string]string)(nil), "proto.ListResourcesRequest.LabelsEntry") - proto.RegisterType((*ListResourcesResponse)(nil), "proto.ListResourcesResponse") - proto.RegisterType((*CreateSessionTrackerRequest)(nil), "proto.CreateSessionTrackerRequest") - proto.RegisterType((*GetSessionTrackerRequest)(nil), "proto.GetSessionTrackerRequest") - proto.RegisterType((*RemoveSessionTrackerRequest)(nil), "proto.RemoveSessionTrackerRequest") - proto.RegisterType((*SessionTrackerUpdateState)(nil), "proto.SessionTrackerUpdateState") - proto.RegisterType((*SessionTrackerAddParticipant)(nil), "proto.SessionTrackerAddParticipant") - proto.RegisterType((*SessionTrackerRemoveParticipant)(nil), "proto.SessionTrackerRemoveParticipant") - proto.RegisterType((*SessionTrackerUpdateExpiry)(nil), "proto.SessionTrackerUpdateExpiry") - proto.RegisterType((*UpdateSessionTrackerRequest)(nil), "proto.UpdateSessionTrackerRequest") - proto.RegisterType((*PresenceMFAChallengeRequest)(nil), "proto.PresenceMFAChallengeRequest") - proto.RegisterType((*PresenceMFAChallengeSend)(nil), "proto.PresenceMFAChallengeSend") - proto.RegisterType((*GetDomainNameResponse)(nil), "proto.GetDomainNameResponse") - proto.RegisterType((*GetClusterCACertResponse)(nil), "proto.GetClusterCACertResponse") - proto.RegisterType((*GenerateTokenRequest)(nil), "proto.GenerateTokenRequest") - proto.RegisterMapType((map[string]string)(nil), "proto.GenerateTokenRequest.LabelsEntry") - proto.RegisterType((*GenerateTokenResponse)(nil), "proto.GenerateTokenResponse") - proto.RegisterType((*GetOIDCAuthRequestRequest)(nil), "proto.GetOIDCAuthRequestRequest") - proto.RegisterType((*GetSAMLAuthRequestRequest)(nil), "proto.GetSAMLAuthRequestRequest") - proto.RegisterType((*GetGithubAuthRequestRequest)(nil), "proto.GetGithubAuthRequestRequest") - proto.RegisterType((*GetSSODiagnosticInfoRequest)(nil), "proto.GetSSODiagnosticInfoRequest") +// UnstableSystemRoleAssertion is not a stable part of the public API. Used by older instances +// to prove that they hold a given system role. +// DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) +type UnstableSystemRoleAssertion struct { + ServerID string `protobuf:"bytes,1,opt,name=ServerID,proto3" json:"server_id,omitempty"` + AssertionID string `protobuf:"bytes,2,opt,name=AssertionID,proto3" json:"assertion_id,omitempty"` + SystemRole github_com_gravitational_teleport_api_types.SystemRole `protobuf:"bytes,3,opt,name=SystemRole,proto3,casttype=github.com/gravitational/teleport/api/types.SystemRole" json:"system_role,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *UnstableSystemRoleAssertion) Reset() { *m = UnstableSystemRoleAssertion{} } +func (m *UnstableSystemRoleAssertion) String() string { return proto.CompactTextString(m) } +func (*UnstableSystemRoleAssertion) ProtoMessage() {} +func (*UnstableSystemRoleAssertion) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{163} +} +func (m *UnstableSystemRoleAssertion) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UnstableSystemRoleAssertion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UnstableSystemRoleAssertion.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *UnstableSystemRoleAssertion) XXX_Merge(src proto.Message) { + xxx_messageInfo_UnstableSystemRoleAssertion.Merge(m, src) +} +func (m *UnstableSystemRoleAssertion) XXX_Size() int { + return m.Size() +} +func (m *UnstableSystemRoleAssertion) XXX_DiscardUnknown() { + xxx_messageInfo_UnstableSystemRoleAssertion.DiscardUnknown(m) } -func init() { proto.RegisterFile("authservice.proto", fileDescriptor_ce8bd90b12161215) } +var xxx_messageInfo_UnstableSystemRoleAssertion proto.InternalMessageInfo -var fileDescriptor_ce8bd90b12161215 = []byte{ - // 10275 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x7d, 0x5b, 0x6c, 0x1c, 0x49, - 0x92, 0x98, 0xba, 0xf9, 0x6a, 0x06, 0x1f, 0x6a, 0xa5, 0x48, 0xb1, 0xd5, 0xa2, 0xd8, 0x52, 0xcd, - 0x8c, 0x56, 0x33, 0xb7, 0x27, 0x69, 0xc8, 0x79, 0xcf, 0xec, 0xcc, 0x76, 0x37, 0x29, 0x92, 0x12, - 0x45, 0x71, 0xaa, 0xa9, 0xd6, 0xec, 0xee, 0xec, 0xf6, 0x16, 0xbb, 0x53, 0x64, 0x99, 0xcd, 0xae, - 0xde, 0xaa, 0xa2, 0x34, 0x82, 0x61, 0xc3, 0xaf, 0xb3, 0x0d, 0x03, 0xc6, 0x9d, 0x01, 0x1f, 0xec, - 0x83, 0x61, 0xf8, 0x00, 0xfb, 0xcb, 0x80, 0xfd, 0x61, 0x18, 0xf6, 0x8f, 0x81, 0x83, 0x01, 0xc3, - 0x5e, 0x1b, 0x30, 0xec, 0x9f, 0x83, 0x01, 0x7f, 0xd0, 0xeb, 0xfd, 0x32, 0xf8, 0x67, 0x18, 0x36, - 0xe0, 0xfd, 0x32, 0x32, 0xf2, 0x51, 0x99, 0xf5, 0xe8, 0x26, 0x25, 0xf9, 0xee, 0x47, 0x62, 0x65, - 0x66, 0x44, 0x46, 0x46, 0x46, 0x46, 0x46, 0x46, 0x46, 0x46, 0xc3, 0x25, 0xe7, 0x38, 0x3c, 0x08, - 0xa8, 0xff, 0xdc, 0x6d, 0xd3, 0x3b, 0x7d, 0xdf, 0x0b, 0x3d, 0x32, 0x86, 0xff, 0x95, 0xe7, 0xf6, - 0xbd, 0x7d, 0x0f, 0xff, 0xbc, 0xcb, 0xfe, 0xe2, 0x95, 0xe5, 0x6b, 0xfb, 0x9e, 0xb7, 0xdf, 0xa5, - 0x77, 0xf1, 0x6b, 0xef, 0xf8, 0xd9, 0x5d, 0x7a, 0xd4, 0x0f, 0x5f, 0x8a, 0xca, 0x4a, 0xbc, 0x32, - 0x74, 0x8f, 0x68, 0x10, 0x3a, 0x47, 0x7d, 0xd1, 0x60, 0xaa, 0x4d, 0xfd, 0x30, 0x10, 0x1f, 0x1f, - 0xef, 0xbb, 0xe1, 0xc1, 0xf1, 0xde, 0x9d, 0xb6, 0x77, 0x74, 0x77, 0xdf, 0x77, 0x9e, 0xbb, 0xa1, - 0x13, 0xba, 0x5e, 0xcf, 0xe9, 0xde, 0x0d, 0x69, 0x97, 0xf6, 0x3d, 0x3f, 0xbc, 0xeb, 0xf4, 0xdd, - 0xbb, 0xe1, 0xcb, 0x3e, 0x0d, 0xf8, 0xbf, 0x02, 0xb0, 0x7e, 0x1e, 0xc0, 0x17, 0x74, 0x8f, 0x0d, - 0xb1, 0xa7, 0xfe, 0x78, 0x25, 0x24, 0xbe, 0xd3, 0xef, 0x53, 0x3f, 0xfa, 0x43, 0x20, 0xf9, 0xea, - 0x3c, 0x48, 0xe8, 0x73, 0xda, 0x0b, 0xe5, 0x7f, 0x1c, 0x81, 0xf5, 0xbb, 0xf3, 0x30, 0xb6, 0xc6, - 0x0a, 0xc8, 0x27, 0x30, 0xba, 0xfb, 0xb2, 0x4f, 0x4b, 0xb9, 0x1b, 0xb9, 0xdb, 0xb3, 0xcb, 0x45, - 0x5e, 0x7f, 0xe7, 0x71, 0x9f, 0xfa, 0x88, 0xb2, 0x46, 0x4e, 0x4f, 0x2a, 0xb3, 0x0c, 0xd1, 0xf7, - 0xbd, 0x23, 0x37, 0x44, 0xae, 0xdb, 0x08, 0x41, 0x9e, 0xc2, 0xac, 0x4d, 0x03, 0xef, 0xd8, 0x6f, - 0xd3, 0x0d, 0xea, 0x74, 0xa8, 0x5f, 0xca, 0xdf, 0xc8, 0xdd, 0x9e, 0x5a, 0x9e, 0xbf, 0xc3, 0x99, - 0x66, 0x56, 0xd6, 0xae, 0x9c, 0x9e, 0x54, 0x88, 0x2f, 0xca, 0x22, 0x64, 0x1b, 0x17, 0xec, 0x18, - 0x1a, 0xf2, 0x2d, 0xcc, 0xd4, 0xa9, 0x1f, 0x56, 0x8f, 0xc3, 0x03, 0xcf, 0x77, 0xc3, 0x97, 0xa5, - 0x11, 0xc4, 0x7b, 0x45, 0xe0, 0x35, 0xea, 0x9a, 0xcb, 0xb5, 0xc5, 0xd3, 0x93, 0x4a, 0x89, 0x4d, - 0x70, 0xcb, 0x91, 0xa5, 0x06, 0x7a, 0x13, 0x19, 0xf9, 0x06, 0xa6, 0x1b, 0x8c, 0x5d, 0xed, 0x5d, - 0xef, 0x90, 0xf6, 0x82, 0xd2, 0xa8, 0x41, 0xb4, 0x5e, 0xd5, 0x5c, 0xae, 0x5d, 0x3b, 0x3d, 0xa9, - 0x2c, 0x04, 0x58, 0xd6, 0x0a, 0xb1, 0xd0, 0x40, 0x6d, 0x60, 0x22, 0x3f, 0x87, 0xd9, 0x1d, 0xdf, - 0x7b, 0xee, 0x06, 0xae, 0xd7, 0xc3, 0xa2, 0xd2, 0x18, 0xe2, 0x5e, 0x10, 0xb8, 0xcd, 0xca, 0xe6, - 0x72, 0xed, 0xfa, 0xe9, 0x49, 0xe5, 0x6a, 0x5f, 0x96, 0xf2, 0x0e, 0x4c, 0xce, 0x98, 0x20, 0x64, - 0x17, 0xa6, 0xea, 0xdd, 0xe3, 0x20, 0xa4, 0xfe, 0xb6, 0x73, 0x44, 0x4b, 0xe3, 0x88, 0x7e, 0x4e, - 0xf2, 0x25, 0xaa, 0x69, 0x2e, 0xd7, 0xca, 0xa7, 0x27, 0x95, 0x2b, 0x6d, 0x5e, 0xd4, 0xea, 0x39, - 0x47, 0x26, 0xcb, 0x75, 0x34, 0xe4, 0x63, 0x18, 0x7d, 0x12, 0x50, 0xbf, 0x54, 0x40, 0x74, 0x33, - 0x02, 0x1d, 0x2b, 0x6a, 0x2e, 0xf3, 0xf9, 0x3f, 0x0e, 0xa8, 0x6f, 0xc0, 0x23, 0x00, 0x03, 0xb4, - 0xbd, 0x2e, 0x2d, 0x4d, 0x1a, 0x80, 0xac, 0xa8, 0xf9, 0x21, 0x07, 0xf4, 0xbd, 0xae, 0xd9, 0x31, - 0x02, 0x90, 0x4d, 0x98, 0x64, 0x3d, 0x07, 0x7d, 0xa7, 0x4d, 0x4b, 0x80, 0xd0, 0x45, 0x01, 0xad, - 0xca, 0x6b, 0x0b, 0xa7, 0x27, 0x95, 0xcb, 0x3d, 0xf9, 0x69, 0x60, 0x89, 0xa0, 0xc9, 0x57, 0x30, - 0xde, 0xa0, 0xfe, 0x73, 0xea, 0x97, 0xa6, 0x10, 0xcf, 0x45, 0x39, 0x91, 0x58, 0xd8, 0x5c, 0xae, - 0xcd, 0x9d, 0x9e, 0x54, 0x8a, 0x01, 0x7e, 0x19, 0x38, 0x04, 0x18, 0x93, 0x36, 0x9b, 0x3e, 0xa7, - 0x7e, 0x40, 0x77, 0x8f, 0x7b, 0x3d, 0xda, 0x2d, 0x4d, 0x1b, 0xd2, 0x66, 0xd4, 0x49, 0x69, 0xf3, - 0x79, 0x61, 0x2b, 0xc4, 0x52, 0x53, 0xda, 0x0c, 0x00, 0x72, 0x00, 0x45, 0xfe, 0x57, 0xdd, 0xeb, - 0xf5, 0x68, 0x9b, 0x2d, 0xa9, 0xd2, 0x0c, 0x76, 0x70, 0x55, 0x74, 0x10, 0xaf, 0x6e, 0x2e, 0xd7, - 0x2a, 0xa7, 0x27, 0x95, 0x6b, 0x1c, 0x77, 0xab, 0xad, 0x2a, 0x8c, 0x6e, 0x12, 0x58, 0xd9, 0x38, - 0xaa, 0xed, 0x36, 0x0d, 0x02, 0x9b, 0xfe, 0xe2, 0x98, 0x06, 0x61, 0x69, 0xd6, 0x18, 0x87, 0x51, - 0xd7, 0x5c, 0xe1, 0xe3, 0x70, 0xb0, 0xb0, 0xe5, 0xf3, 0x52, 0x73, 0x1c, 0x06, 0x00, 0xd9, 0x01, - 0xa8, 0xf6, 0xfb, 0x0d, 0x1a, 0x30, 0x61, 0x2c, 0x5d, 0x44, 0xd4, 0x97, 0x05, 0xea, 0xa7, 0x74, - 0x4f, 0x54, 0x34, 0x97, 0x6b, 0x57, 0x4f, 0x4f, 0x2a, 0xf3, 0x4e, 0xbf, 0xdf, 0x0a, 0x78, 0x91, - 0x81, 0x54, 0xc3, 0xc1, 0xf9, 0x7e, 0xe4, 0x85, 0x54, 0x88, 0x62, 0xa9, 0x18, 0xe3, 0xbb, 0x56, - 0x27, 0xe9, 0xf5, 0xb1, 0xb0, 0x25, 0xc4, 0x3a, 0xce, 0x77, 0x0d, 0x80, 0xad, 0xc5, 0x55, 0x27, - 0x74, 0xf6, 0x9c, 0x80, 0x0a, 0xf1, 0xb8, 0x64, 0xac, 0x45, 0xb3, 0xb2, 0xb9, 0xc2, 0xd7, 0x62, - 0x47, 0x94, 0xb6, 0x52, 0xe4, 0x25, 0x86, 0x8f, 0x71, 0x24, 0x1a, 0x78, 0x89, 0x0c, 0xe1, 0xc8, - 0x0b, 0xba, 0x97, 0xce, 0x91, 0xa8, 0x29, 0xd9, 0x80, 0xc2, 0x53, 0xba, 0xc7, 0x35, 0xc7, 0x65, - 0xc4, 0x77, 0x29, 0xc2, 0xc7, 0x75, 0xc6, 0x0a, 0x5f, 0x15, 0x0c, 0x5b, 0x52, 0x5b, 0x28, 0x68, - 0xf2, 0x3b, 0x39, 0x58, 0x90, 0x2b, 0x9c, 0x86, 0x2f, 0x3c, 0xff, 0xd0, 0xed, 0xed, 0xd7, 0xbd, - 0xde, 0x33, 0x77, 0xbf, 0x34, 0x87, 0x98, 0x6f, 0xc4, 0x94, 0x46, 0xac, 0x55, 0x73, 0xb9, 0xf6, - 0xbd, 0xd3, 0x93, 0xca, 0x5b, 0x4a, 0x81, 0xa8, 0x7a, 0x26, 0x90, 0xcf, 0xdc, 0x7d, 0xa3, 0xe3, - 0xac, 0xbe, 0xc8, 0x5f, 0xcc, 0xc1, 0x15, 0x31, 0x3a, 0x9b, 0xb6, 0x3d, 0xbf, 0x13, 0x91, 0x31, - 0x8f, 0x64, 0x54, 0xd4, 0x6a, 0x4d, 0x6b, 0xd4, 0x5c, 0xae, 0xdd, 0x3a, 0x3d, 0xa9, 0x58, 0x82, - 0x71, 0x2d, 0x5f, 0x56, 0xa7, 0x11, 0x91, 0xd1, 0x11, 0x93, 0x04, 0xa6, 0xfc, 0x77, 0x7c, 0xfa, - 0x8c, 0xfa, 0xb4, 0xd7, 0xa6, 0xa5, 0x2b, 0x86, 0x24, 0x98, 0x95, 0x52, 0x2b, 0xb3, 0xad, 0xa4, - 0xd5, 0x57, 0xc5, 0xa6, 0x24, 0x98, 0x20, 0xe4, 0x17, 0x40, 0x04, 0x03, 0xaa, 0xc7, 0x1d, 0x37, - 0x14, 0x03, 0x5c, 0xc0, 0x5e, 0xae, 0x99, 0x7c, 0xd6, 0x1a, 0x34, 0x97, 0x6b, 0xd6, 0xe9, 0x49, - 0x65, 0x49, 0xb2, 0xd8, 0x61, 0x55, 0x69, 0x03, 0x4b, 0x41, 0xce, 0x34, 0xef, 0x96, 0xd7, 0x3e, - 0x2c, 0x95, 0x0c, 0xcd, 0xcb, 0x8a, 0xa4, 0xca, 0xee, 0x7a, 0xed, 0x43, 0x53, 0xf3, 0xb2, 0x5a, - 0x12, 0xc2, 0x65, 0x31, 0x4b, 0x36, 0x0d, 0x42, 0xdf, 0x45, 0xdd, 0x11, 0x94, 0xae, 0x22, 0x9e, - 0x45, 0xa9, 0x83, 0x93, 0x2d, 0x9a, 0x1f, 0x70, 0x6a, 0x85, 0x20, 0xb4, 0x7c, 0xad, 0xce, 0xe8, - 0x26, 0x0d, 0x3d, 0xf9, 0x73, 0x30, 0xff, 0xd4, 0xed, 0x75, 0xbc, 0x17, 0xc1, 0x2a, 0x0d, 0x0e, - 0x43, 0xaf, 0xdf, 0xe0, 0x96, 0x5f, 0xa9, 0x8c, 0xfd, 0x2e, 0x49, 0x31, 0x4f, 0x6b, 0xd3, 0x5c, - 0xa9, 0xbd, 0x73, 0x7a, 0x52, 0xb9, 0xf9, 0x82, 0x57, 0xb6, 0x3a, 0xbc, 0xb6, 0x25, 0x8c, 0x47, - 0xa3, 0xf3, 0xf4, 0x5e, 0x98, 0x08, 0x98, 0x15, 0xa5, 0x6b, 0x86, 0x08, 0x98, 0x95, 0x52, 0x19, - 0xc4, 0x3a, 0x34, 0x45, 0xc0, 0x04, 0x21, 0xeb, 0x50, 0x90, 0xea, 0xa1, 0xb4, 0x68, 0x2c, 0x5d, - 0x59, 0xdc, 0x5c, 0xe1, 0x16, 0x90, 0x54, 0x31, 0xe6, 0xca, 0x95, 0xad, 0xc8, 0x16, 0x4c, 0xa2, - 0x8e, 0x44, 0x95, 0x75, 0x1d, 0x31, 0x11, 0x29, 0xa8, 0xb2, 0xbc, 0xb9, 0x52, 0x2b, 0x9d, 0x9e, - 0x54, 0xe6, 0xb8, 0x96, 0x4d, 0x28, 0xaa, 0x08, 0x01, 0x59, 0x81, 0x91, 0x6a, 0xbf, 0x5f, 0x5a, - 0x42, 0x3c, 0xd3, 0x11, 0x9e, 0xe6, 0x4a, 0xed, 0xd2, 0xe9, 0x49, 0x65, 0xc6, 0xe9, 0x9b, 0xc3, - 0x62, 0xad, 0xc9, 0x1e, 0x14, 0x1b, 0x3d, 0xef, 0xc5, 0xb3, 0xae, 0x73, 0x48, 0xa5, 0x7a, 0xab, - 0x64, 0xab, 0x37, 0xdc, 0xac, 0x02, 0x09, 0x90, 0xaa, 0xe4, 0x12, 0xf8, 0x6a, 0x00, 0x05, 0x69, - 0xf4, 0x3d, 0x18, 0x2d, 0x4c, 0x14, 0x0b, 0xd6, 0x06, 0x8c, 0x3d, 0x75, 0xc2, 0xf6, 0x01, 0xf9, - 0x0a, 0xc6, 0x1e, 0xba, 0xbd, 0x4e, 0x50, 0xca, 0xdd, 0x18, 0x41, 0xbb, 0x80, 0x5b, 0xa4, 0x58, - 0xc9, 0x2a, 0x6a, 0x0b, 0xbf, 0x3c, 0xa9, 0x5c, 0x38, 0x3d, 0xa9, 0x5c, 0x3c, 0x64, 0xcd, 0x34, - 0xb3, 0x94, 0xc3, 0x59, 0xff, 0x3c, 0x0f, 0x93, 0xaa, 0x35, 0x59, 0x84, 0x51, 0xf6, 0x3f, 0xda, - 0xb7, 0x93, 0xb5, 0xc2, 0xe9, 0x49, 0x65, 0x94, 0xc1, 0xd9, 0x58, 0x4a, 0x96, 0x61, 0x6a, 0xcb, - 0x73, 0x3a, 0x0d, 0xda, 0xf6, 0x69, 0x18, 0xa0, 0x01, 0x5b, 0xa8, 0x15, 0x4f, 0x4f, 0x2a, 0xd3, - 0x5d, 0xcf, 0xe9, 0xb4, 0x02, 0x5e, 0x6e, 0xeb, 0x8d, 0x18, 0x46, 0xb4, 0xbe, 0x46, 0x22, 0x8c, - 0xcc, 0x4a, 0xb1, 0xb1, 0x94, 0x3c, 0x80, 0xf1, 0xfb, 0x6e, 0x97, 0xed, 0x67, 0xa3, 0x48, 0xff, - 0x62, 0x9c, 0xfe, 0x3b, 0xbc, 0x7a, 0xad, 0x17, 0xfa, 0x2f, 0xb9, 0x71, 0xf2, 0x0c, 0x0b, 0xb4, - 0x81, 0x08, 0x0c, 0xe4, 0x1e, 0x4c, 0x34, 0x8e, 0xf7, 0x90, 0xfc, 0x31, 0xec, 0x0c, 0x25, 0x28, - 0x38, 0xde, 0x6b, 0xb1, 0x21, 0x68, 0x00, 0xb2, 0x59, 0xf9, 0x53, 0x98, 0xd2, 0xd0, 0x93, 0x22, - 0x8c, 0x1c, 0xd2, 0x97, 0x7c, 0xec, 0x36, 0xfb, 0x93, 0xcc, 0xc1, 0xd8, 0x73, 0xa7, 0x7b, 0x4c, - 0x71, 0xa8, 0x93, 0x36, 0xff, 0xf8, 0x2c, 0xff, 0x49, 0xce, 0xfa, 0x4f, 0xa3, 0x50, 0xdc, 0xf0, - 0x82, 0x90, 0x59, 0xcb, 0x6a, 0xdb, 0x7f, 0x0b, 0xc6, 0x59, 0xd9, 0xe6, 0xaa, 0xe0, 0xdf, 0xd4, - 0xe9, 0x49, 0x65, 0xe2, 0xc0, 0x0b, 0xc2, 0x96, 0xdb, 0xb1, 0x45, 0x15, 0x79, 0x17, 0x0a, 0xdb, - 0x5e, 0x87, 0x22, 0x53, 0x10, 0x6d, 0x6d, 0xe6, 0xf4, 0xa4, 0x32, 0xd9, 0xf3, 0x3a, 0x14, 0x2d, - 0x4f, 0x5b, 0x55, 0x93, 0xa6, 0xb0, 0x18, 0x39, 0xef, 0x6a, 0x8c, 0x77, 0xcc, 0x44, 0xfc, 0xcd, - 0x49, 0xe5, 0xa3, 0x73, 0x1c, 0x69, 0xee, 0x34, 0x5e, 0x06, 0x21, 0x3d, 0x62, 0x98, 0x84, 0x41, - 0xf9, 0x14, 0xe6, 0xaa, 0x9d, 0x8e, 0xcb, 0x21, 0x76, 0x7c, 0xb7, 0xd7, 0x76, 0xfb, 0x4e, 0x37, - 0xc0, 0x39, 0x98, 0xac, 0xbd, 0x75, 0x7a, 0x52, 0xa9, 0x38, 0xaa, 0xbe, 0xd5, 0x57, 0x0d, 0x34, - 0x1e, 0xa6, 0x22, 0x20, 0x2b, 0x50, 0x58, 0xdd, 0x6e, 0xa0, 0xb9, 0x59, 0x1a, 0x43, 0x64, 0xb8, - 0x01, 0x77, 0x7a, 0x01, 0x0e, 0x4d, 0x47, 0xa0, 0x1a, 0x92, 0x8f, 0x60, 0x7a, 0xe7, 0x78, 0xaf, - 0xeb, 0xb6, 0x77, 0xb7, 0x1a, 0x0f, 0xe9, 0x4b, 0xb4, 0xd3, 0xa7, 0xb9, 0x5a, 0xee, 0x63, 0x79, - 0x2b, 0xec, 0x06, 0xad, 0x43, 0xfa, 0xd2, 0x36, 0xda, 0x45, 0x70, 0x8d, 0xc6, 0x06, 0x83, 0x9b, - 0x48, 0xc0, 0x05, 0xc1, 0x81, 0x0e, 0xc7, 0xdb, 0x91, 0xbb, 0x00, 0xdc, 0xfa, 0xa9, 0x76, 0x3a, - 0xdc, 0x8c, 0x9f, 0xac, 0x5d, 0x3c, 0x3d, 0xa9, 0x4c, 0x09, 0x7b, 0xc9, 0xe9, 0x74, 0x7c, 0x5b, - 0x6b, 0x42, 0xea, 0x50, 0xb0, 0x3d, 0xce, 0x60, 0x61, 0xbc, 0x5f, 0x54, 0xc6, 0x3b, 0x2f, 0x16, - 0xc7, 0x35, 0xf1, 0xa5, 0x8f, 0x52, 0xb6, 0x20, 0x15, 0x98, 0xd8, 0xf6, 0xea, 0x4e, 0xfb, 0x80, - 0x9b, 0xf0, 0x85, 0xda, 0xd8, 0xe9, 0x49, 0x25, 0xf7, 0xdb, 0xb6, 0x2c, 0xb5, 0xfe, 0x51, 0x01, - 0x8a, 0xec, 0x9c, 0x60, 0x48, 0xd4, 0xf7, 0x61, 0x92, 0xd3, 0xfe, 0x50, 0x08, 0xe6, 0x74, 0x6d, - 0xf6, 0xf4, 0xa4, 0x02, 0x62, 0x80, 0x6c, 0x70, 0x51, 0x03, 0x72, 0x1b, 0x0a, 0x0c, 0x43, 0x2f, - 0x12, 0xad, 0xe9, 0xd3, 0x93, 0x4a, 0xe1, 0x58, 0x94, 0xd9, 0xaa, 0x96, 0x34, 0x60, 0x62, 0xed, - 0xbb, 0xbe, 0xeb, 0xd3, 0x40, 0x1c, 0x17, 0xcb, 0x77, 0xb8, 0x57, 0xe0, 0x8e, 0xf4, 0x0a, 0xdc, - 0xd9, 0x95, 0x5e, 0x81, 0xda, 0x75, 0xa1, 0x42, 0x2e, 0x51, 0x0e, 0x12, 0x8d, 0xef, 0xf7, 0xfe, - 0x5b, 0x25, 0x67, 0x4b, 0x4c, 0xe4, 0xfb, 0x30, 0x7e, 0xdf, 0xf3, 0x8f, 0x9c, 0x10, 0x4f, 0x89, - 0x93, 0x62, 0xb9, 0x62, 0x89, 0xb1, 0x5c, 0xb1, 0x84, 0xdc, 0x87, 0x59, 0xdb, 0x3b, 0x0e, 0xe9, - 0xae, 0x27, 0x4d, 0x5a, 0xbe, 0x6a, 0x97, 0x4e, 0x4f, 0x2a, 0x65, 0x9f, 0xd5, 0xb4, 0x42, 0x2f, - 0x69, 0xbc, 0xda, 0x31, 0x28, 0xb2, 0x06, 0xb3, 0x86, 0xf1, 0x1d, 0x94, 0xc6, 0x51, 0xf2, 0xb8, - 0x61, 0x62, 0x98, 0xec, 0xba, 0xfc, 0xc5, 0x80, 0xc8, 0x36, 0x5c, 0x7a, 0x78, 0xbc, 0x47, 0xfd, - 0x1e, 0x0d, 0x69, 0x20, 0x29, 0x9a, 0x40, 0x8a, 0x6e, 0x9c, 0x9e, 0x54, 0x16, 0x0f, 0x55, 0x65, - 0x0a, 0x4d, 0x49, 0x50, 0x42, 0xe1, 0xa2, 0x20, 0x54, 0x6d, 0x75, 0x05, 0x61, 0xb2, 0x73, 0x15, - 0x17, 0xab, 0xad, 0xbd, 0x25, 0xb8, 0x7c, 0x4d, 0x8d, 0x3d, 0xb9, 0xf9, 0xd9, 0x71, 0x9c, 0x6c, - 0xc5, 0x29, 0x6d, 0x32, 0x89, 0xd4, 0xf2, 0x83, 0xa0, 0xd4, 0x26, 0xba, 0x2c, 0x2a, 0xbd, 0xb2, - 0x05, 0x63, 0x4f, 0x02, 0x67, 0x9f, 0x4b, 0xe2, 0xec, 0xf2, 0x4d, 0x41, 0x51, 0x5c, 0xfa, 0xd0, - 0x77, 0x80, 0x0d, 0x6b, 0x97, 0xd9, 0x0e, 0x72, 0xcc, 0xfe, 0xd4, 0x77, 0x10, 0xac, 0x23, 0x5f, - 0x03, 0x08, 0xaa, 0xd8, 0xee, 0x39, 0x25, 0xf6, 0x73, 0x63, 0x90, 0xd5, 0x7e, 0xbf, 0xb6, 0x24, - 0xc6, 0x77, 0x45, 0x8d, 0xcf, 0xd8, 0x4f, 0x6d, 0x0d, 0x09, 0xf9, 0x0a, 0xa6, 0x51, 0x5d, 0xc9, - 0x19, 0x9d, 0xc6, 0x19, 0x45, 0xf7, 0x02, 0x53, 0x80, 0x69, 0xf3, 0x69, 0x00, 0x90, 0x3f, 0x0f, - 0xf3, 0x02, 0x5d, 0xcc, 0x94, 0x99, 0x11, 0xa6, 0x9b, 0x41, 0x9e, 0xd9, 0xa6, 0xf6, 0x9e, 0xa0, - 0xd4, 0x52, 0x94, 0x66, 0x1a, 0x37, 0x76, 0x7a, 0x37, 0xd6, 0x37, 0x30, 0xa9, 0x98, 0x47, 0x26, - 0x60, 0xa4, 0xda, 0xed, 0x16, 0x2f, 0xb0, 0x3f, 0x1a, 0x8d, 0x8d, 0x62, 0x8e, 0xcc, 0x02, 0x44, - 0x12, 0x53, 0xcc, 0x93, 0xe9, 0xc8, 0x20, 0x2a, 0x8e, 0x60, 0xfb, 0x7e, 0xbf, 0x38, 0x4a, 0x48, - 0xdc, 0x12, 0x2b, 0x8e, 0x59, 0xff, 0x25, 0x97, 0x10, 0x2c, 0xb6, 0x2f, 0x0b, 0xe3, 0x0d, 0xe5, - 0x80, 0x6f, 0x3e, 0xb8, 0x2f, 0x0b, 0xb3, 0x8f, 0x6f, 0x2c, 0x7a, 0x23, 0xa6, 0x2b, 0x76, 0x18, - 0x0f, 0xda, 0x5e, 0x57, 0xd7, 0x15, 0x7d, 0x51, 0x66, 0xab, 0x5a, 0xb2, 0xac, 0x69, 0x95, 0x91, - 0x68, 0x63, 0x95, 0x5a, 0x45, 0x97, 0x30, 0xa5, 0x5f, 0x96, 0x35, 0x0b, 0x6f, 0x34, 0x82, 0x49, - 0x91, 0x68, 0xd5, 0xce, 0x3a, 0xce, 0x98, 0x33, 0xf2, 0x79, 0xc2, 0x20, 0xe5, 0x23, 0x44, 0xa1, - 0x8c, 0x4d, 0x4d, 0xc2, 0xd6, 0xac, 0xc0, 0xd8, 0x96, 0xb7, 0xef, 0xf6, 0xc4, 0x20, 0x27, 0x4f, - 0x4f, 0x2a, 0x63, 0x5d, 0x56, 0x60, 0xf3, 0x72, 0xeb, 0xff, 0xe6, 0x74, 0xf9, 0x55, 0xf6, 0x4a, - 0x2e, 0xd5, 0x5e, 0xf9, 0x3e, 0x4c, 0x0a, 0xa3, 0x6c, 0x73, 0x55, 0x60, 0x44, 0x7d, 0x2c, 0xcf, - 0x5c, 0x6e, 0xc7, 0x8e, 0x1a, 0xb0, 0x9d, 0x86, 0x2b, 0x67, 0xdc, 0x69, 0x46, 0xa2, 0x9d, 0x46, - 0xa8, 0x6f, 0xbe, 0xd3, 0x44, 0x4d, 0xd8, 0x44, 0xea, 0x1e, 0xab, 0xd1, 0x68, 0x22, 0x75, 0xdf, - 0x94, 0xe9, 0x8f, 0xfa, 0x0c, 0xa0, 0xfa, 0xb4, 0xc1, 0xa4, 0xbf, 0x6a, 0x6f, 0x0b, 0x1d, 0x8a, - 0xee, 0x2c, 0xe7, 0x45, 0xd0, 0xc2, 0xd5, 0xe2, 0xf8, 0xfa, 0x96, 0xa4, 0xb5, 0xb6, 0xba, 0x30, - 0xbb, 0x4e, 0x43, 0x36, 0x6b, 0x72, 0xc3, 0x19, 0x3c, 0xfc, 0x2f, 0x60, 0xea, 0xa9, 0x1b, 0x1e, - 0x98, 0x06, 0x20, 0x76, 0xf6, 0xc2, 0x0d, 0x0f, 0xa4, 0x01, 0xa8, 0x75, 0xa6, 0x37, 0xb7, 0xd6, - 0xe0, 0xa2, 0xe8, 0x4d, 0xed, 0x6f, 0xcb, 0x26, 0xc2, 0x5c, 0x64, 0x51, 0xea, 0x08, 0x4d, 0x34, - 0x34, 0xae, 0xf0, 0x49, 0x23, 0xb1, 0x05, 0x70, 0x6b, 0x38, 0xcb, 0x9b, 0x83, 0x82, 0x13, 0xdb, - 0x1a, 0xe2, 0x1b, 0x82, 0xf5, 0x04, 0x66, 0x76, 0xba, 0xc7, 0xfb, 0x6e, 0x8f, 0x09, 0x68, 0x83, - 0xfe, 0x82, 0xac, 0x02, 0x44, 0x05, 0xa2, 0x07, 0x69, 0xe3, 0x47, 0x15, 0xcd, 0x15, 0x31, 0xc5, - 0x58, 0x82, 0x3a, 0xdc, 0xd6, 0xe0, 0xac, 0xbf, 0x31, 0x02, 0x44, 0xf4, 0xd1, 0x08, 0x9d, 0x90, - 0x36, 0x68, 0xc8, 0xb6, 0x8b, 0x2b, 0x90, 0x57, 0x66, 0xe3, 0xf8, 0xe9, 0x49, 0x25, 0xef, 0x76, - 0xec, 0xfc, 0xe6, 0x2a, 0xf9, 0x00, 0xc6, 0xb0, 0x19, 0xf2, 0x7a, 0x56, 0xf5, 0xa7, 0x63, 0xe0, - 0x32, 0x1d, 0xb0, 0x3f, 0x6d, 0xde, 0x98, 0x7c, 0x08, 0x93, 0xab, 0xb4, 0x4b, 0xf7, 0x9d, 0xd0, - 0x93, 0x72, 0xc7, 0x0d, 0x31, 0x59, 0xa8, 0x4d, 0x51, 0xd4, 0x92, 0x6d, 0xe0, 0x36, 0x75, 0x02, - 0xaf, 0xa7, 0x6f, 0xe0, 0x3e, 0x96, 0xe8, 0x1b, 0x38, 0x6f, 0x43, 0x7e, 0x3f, 0x07, 0x53, 0xd5, - 0x5e, 0x4f, 0x18, 0x38, 0x81, 0x70, 0xdf, 0xce, 0xdf, 0x51, 0xde, 0xf7, 0x2d, 0x67, 0x8f, 0x76, - 0x9b, 0xcc, 0x64, 0x0e, 0x6a, 0xdf, 0x32, 0x9d, 0xfa, 0x5f, 0x4f, 0x2a, 0x9f, 0xbf, 0x8a, 0x43, - 0xff, 0xce, 0xae, 0xef, 0xb8, 0x61, 0x80, 0xbe, 0xb2, 0xa8, 0x43, 0x5d, 0xcc, 0x34, 0x3a, 0xc8, - 0xbb, 0x30, 0xc6, 0xe4, 0x5b, 0xda, 0x01, 0x38, 0xd9, 0x6c, 0x1d, 0x18, 0x87, 0x1f, 0x6c, 0x61, - 0xbd, 0x05, 0x93, 0x82, 0x93, 0x9b, 0xab, 0x59, 0x53, 0x60, 0xad, 0xc2, 0x75, 0xb4, 0xe2, 0x28, - 0x93, 0x5c, 0xf4, 0x18, 0x09, 0x49, 0x8c, 0xcc, 0xfe, 0x09, 0x2c, 0x56, 0xd0, 0x38, 0x21, 0xe8, - 0x71, 0xb2, 0x65, 0x8d, 0x55, 0x87, 0xc5, 0x75, 0x1a, 0xda, 0x34, 0xa0, 0xe1, 0x8e, 0x13, 0x04, - 0x2f, 0x3c, 0xbf, 0x83, 0x55, 0xe7, 0x42, 0xf2, 0x57, 0x72, 0x50, 0xa9, 0xfb, 0x94, 0xcd, 0x74, - 0x26, 0xa2, 0xc1, 0x2b, 0x78, 0x51, 0x5c, 0x60, 0xe4, 0xa3, 0x5a, 0xc6, 0x6b, 0x71, 0x49, 0xf1, - 0x0e, 0x8c, 0xec, 0xee, 0x6e, 0xa1, 0xc4, 0x8c, 0x20, 0xe3, 0x46, 0xc2, 0xb0, 0xfb, 0x9b, 0x93, - 0x4a, 0x61, 0xf5, 0x98, 0x5f, 0x70, 0xd8, 0xac, 0xde, 0x7a, 0x06, 0xf3, 0x36, 0xed, 0xd1, 0x17, - 0xce, 0x5e, 0x97, 0x1a, 0xe6, 0x6a, 0x05, 0xc6, 0xb8, 0x43, 0x2e, 0x31, 0x04, 0x5e, 0x6e, 0xda, - 0xb3, 0xf9, 0x21, 0xf6, 0xac, 0xf5, 0x87, 0x39, 0x28, 0xf2, 0xe1, 0xd6, 0xbc, 0xf0, 0x6c, 0xe3, - 0x13, 0x23, 0xc8, 0x0f, 0x1e, 0x01, 0xb9, 0x15, 0x71, 0x7b, 0x24, 0xda, 0xfc, 0x90, 0x54, 0xa6, - 0xc3, 0x65, 0x25, 0x1b, 0x10, 0x97, 0x25, 0x7e, 0x34, 0xc2, 0x01, 0xa1, 0x2c, 0x49, 0x09, 0xfa, - 0x27, 0x79, 0xb8, 0xa4, 0x91, 0x18, 0xf4, 0xbd, 0x5e, 0x40, 0xd9, 0x19, 0x8f, 0x09, 0x8b, 0x46, - 0x27, 0x9e, 0xf1, 0xd8, 0x96, 0xd9, 0x8a, 0x2c, 0x71, 0x24, 0xf8, 0x5d, 0x76, 0xb8, 0xe8, 0x26, - 0x8e, 0x83, 0xa8, 0xb8, 0x79, 0x53, 0x59, 0x7d, 0x66, 0xa2, 0xef, 0x42, 0x01, 0xff, 0x64, 0x8c, - 0x18, 0xcd, 0x66, 0x84, 0x6a, 0x44, 0x5c, 0x80, 0x07, 0x9e, 0xdb, 0x7b, 0x44, 0xc3, 0x03, 0x4f, - 0x1e, 0x9e, 0x37, 0x99, 0x12, 0xfb, 0x33, 0x9e, 0xdb, 0x6b, 0x1d, 0x61, 0xf1, 0x79, 0x0f, 0x9d, - 0x11, 0x42, 0x5b, 0x43, 0x6e, 0xdd, 0x83, 0x22, 0xd3, 0x37, 0x67, 0x9f, 0x51, 0x6b, 0x0e, 0xc8, - 0x3a, 0x0d, 0x6b, 0x9e, 0xb1, 0x71, 0x58, 0x33, 0x30, 0xb5, 0xe3, 0xf6, 0xf6, 0xe5, 0xe7, 0xbf, - 0xc8, 0xc3, 0x34, 0xff, 0x16, 0x33, 0x10, 0xdb, 0x49, 0x73, 0x67, 0xd9, 0x49, 0x3f, 0x81, 0x19, - 0xe1, 0x32, 0xa2, 0x3e, 0xfa, 0x71, 0xf8, 0x7c, 0xe0, 0x89, 0x92, 0x7b, 0x8e, 0x5a, 0xcf, 0x79, - 0x8d, 0x6d, 0x36, 0x24, 0x5b, 0x30, 0xcb, 0x0b, 0xee, 0x53, 0x27, 0x3c, 0x8e, 0x4e, 0x55, 0x17, - 0x85, 0x9d, 0x29, 0x8b, 0xb9, 0x32, 0x12, 0xb8, 0x9e, 0x89, 0x42, 0x3b, 0x06, 0x4b, 0xbe, 0x82, - 0x8b, 0x3b, 0xbe, 0xf7, 0xdd, 0x4b, 0xcd, 0x76, 0xe0, 0xfa, 0x78, 0x9e, 0x1d, 0xc2, 0xfa, 0xac, - 0xaa, 0xa5, 0x5b, 0x10, 0xf1, 0xd6, 0x4c, 0xa6, 0x36, 0x83, 0x9a, 0xe7, 0xbb, 0xbd, 0x7d, 0x9c, - 0xcd, 0x02, 0x97, 0x29, 0x37, 0x68, 0xed, 0x61, 0xa1, 0xad, 0xaa, 0xad, 0xff, 0x31, 0x02, 0x05, - 0xd5, 0xf1, 0x1d, 0xdd, 0x2c, 0x15, 0x9b, 0x31, 0x2e, 0xcf, 0xe8, 0xf0, 0x63, 0x6b, 0x2d, 0xc8, - 0x55, 0xee, 0x30, 0xe3, 0x66, 0xc0, 0x04, 0x93, 0x31, 0xa7, 0xdf, 0xe7, 0x6e, 0xb1, 0x2b, 0x90, - 0x5f, 0xad, 0x21, 0x17, 0x0a, 0x5c, 0x99, 0x76, 0xf6, 0xec, 0xfc, 0x6a, 0x8d, 0xcd, 0xf5, 0xe3, - 0xcd, 0xd5, 0x3a, 0x0e, 0xa8, 0xc0, 0xe7, 0xda, 0x73, 0x3b, 0x6d, 0x1b, 0x4b, 0x59, 0x6d, 0xa3, - 0xfa, 0x68, 0x4b, 0x10, 0x8d, 0xb5, 0x81, 0x73, 0xd4, 0xb5, 0xb1, 0x94, 0xd9, 0x81, 0x7c, 0x8f, - 0xae, 0x7b, 0xbd, 0xd0, 0xf7, 0xba, 0x01, 0xba, 0x0a, 0x0a, 0xc6, 0x76, 0xde, 0x16, 0x55, 0x76, - 0xac, 0x29, 0x79, 0x0a, 0x0b, 0xd5, 0xce, 0x73, 0xa7, 0xd7, 0xa6, 0x1d, 0x5e, 0xf3, 0xd4, 0xf3, - 0x0f, 0x9f, 0x75, 0xbd, 0x17, 0x01, 0x9e, 0xf2, 0x0a, 0xe2, 0xbc, 0x28, 0x9a, 0xb4, 0x04, 0xba, - 0x17, 0xb2, 0x91, 0x9d, 0x05, 0xcd, 0x54, 0x44, 0xbd, 0xeb, 0x1d, 0x77, 0xf0, 0x78, 0x57, 0xe0, - 0x2a, 0xa2, 0xcd, 0x0a, 0x6c, 0x5e, 0xce, 0xb8, 0xb4, 0xd1, 0x78, 0x84, 0xa7, 0x33, 0xc1, 0xa5, - 0x83, 0xe0, 0xc8, 0x66, 0x65, 0xe4, 0x1d, 0x98, 0x90, 0x26, 0x2d, 0x77, 0x0a, 0xa0, 0xc7, 0x48, - 0x9a, 0xb2, 0xb2, 0x8e, 0xac, 0xc2, 0xa5, 0x47, 0x5e, 0x87, 0xfa, 0x4e, 0x48, 0x3b, 0xc2, 0xba, - 0x0c, 0xf0, 0xa0, 0x55, 0xe0, 0x66, 0xf5, 0x91, 0xac, 0x94, 0xfe, 0xc4, 0xc0, 0x4e, 0x02, 0x58, - 0xef, 0xc3, 0x25, 0xbe, 0xf4, 0xce, 0x6c, 0xef, 0x59, 0x3b, 0x00, 0x0d, 0x7a, 0xe4, 0xf4, 0x0f, - 0x3c, 0x26, 0x1e, 0x35, 0xfd, 0x4b, 0x18, 0x40, 0x44, 0x5d, 0x49, 0x88, 0x8a, 0xe6, 0x8a, 0xb4, - 0x88, 0x65, 0x4b, 0x5b, 0x83, 0xb2, 0xfe, 0x63, 0x1e, 0x08, 0xba, 0xe6, 0x1b, 0xa1, 0x4f, 0x9d, - 0x23, 0x49, 0xc6, 0xa7, 0x30, 0xcd, 0xb5, 0x28, 0x2f, 0x46, 0x72, 0x98, 0x75, 0xc5, 0x97, 0x8f, - 0x5e, 0xb5, 0x71, 0xc1, 0x36, 0x9a, 0x32, 0x50, 0x9b, 0x06, 0xc7, 0x47, 0x12, 0x34, 0x6f, 0x80, - 0xea, 0x55, 0x0c, 0x54, 0xff, 0x26, 0x5f, 0xc1, 0x6c, 0xdd, 0x3b, 0xea, 0x33, 0x9e, 0x08, 0xe0, - 0x11, 0x61, 0xc3, 0x88, 0x7e, 0x8d, 0xca, 0x8d, 0x0b, 0x76, 0xac, 0x39, 0xd9, 0x86, 0xcb, 0xf7, - 0xbb, 0xc7, 0xc1, 0x41, 0xb5, 0xd7, 0xa9, 0x77, 0xbd, 0x40, 0x62, 0x19, 0x15, 0x2e, 0x15, 0xb1, - 0xf8, 0x93, 0x2d, 0x36, 0x2e, 0xd8, 0x69, 0x80, 0xe4, 0x1d, 0x11, 0x67, 0x20, 0x6c, 0xa9, 0x99, - 0x3b, 0x22, 0x0c, 0xe1, 0x71, 0x8f, 0x3e, 0x7e, 0xb6, 0x71, 0xc1, 0xe6, 0xb5, 0xb5, 0x49, 0x98, - 0x90, 0x8a, 0xef, 0x2e, 0x5c, 0xd2, 0xd8, 0xc9, 0xac, 0xbf, 0xe3, 0x80, 0x94, 0xa1, 0xf0, 0xa4, - 0xdf, 0xf5, 0x9c, 0x8e, 0x34, 0x26, 0x6c, 0xf5, 0x6d, 0x7d, 0xdf, 0xe4, 0x34, 0x59, 0xd4, 0x4f, - 0x34, 0xbc, 0x71, 0x54, 0x60, 0x6d, 0x98, 0xcc, 0x1d, 0xdc, 0xda, 0xe8, 0x37, 0x1f, 0xeb, 0xb7, - 0x18, 0xe7, 0xb5, 0x35, 0x9f, 0xca, 0x3c, 0xeb, 0x21, 0x1a, 0x4a, 0xd5, 0x7e, 0xbf, 0xeb, 0xb6, - 0x71, 0x7f, 0xe1, 0xda, 0x51, 0xd9, 0x18, 0xbf, 0xa5, 0xdf, 0x86, 0x6b, 0x9b, 0xab, 0xba, 0xfb, - 0xd6, 0xee, 0xbb, 0xad, 0x1f, 0xc3, 0xf5, 0x0c, 0x64, 0x62, 0x9f, 0xf8, 0x14, 0x26, 0x44, 0x51, - 0x4c, 0xa0, 0xf5, 0xfb, 0x03, 0x5c, 0x95, 0x81, 0x80, 0x94, 0xed, 0xad, 0x6f, 0x60, 0xe9, 0x49, - 0x3f, 0xa0, 0x7e, 0x12, 0xbd, 0x24, 0xf5, 0x23, 0x75, 0xdb, 0x9e, 0xcb, 0xbc, 0x9b, 0x80, 0xd3, - 0x93, 0xca, 0x38, 0xc7, 0x2d, 0x2f, 0xd9, 0xad, 0xdf, 0xcb, 0xc1, 0x12, 0x5f, 0xaa, 0x99, 0xa8, - 0xcf, 0xc3, 0x05, 0xcd, 0x2f, 0x9d, 0xcf, 0xf6, 0x4b, 0x0f, 0x74, 0xd4, 0x5b, 0x5f, 0x83, 0x25, - 0x28, 0xea, 0x76, 0xdf, 0xd0, 0xdc, 0xfc, 0xa5, 0x1c, 0xcc, 0xf1, 0xc9, 0x79, 0x0d, 0x2c, 0xe4, - 0x07, 0x30, 0xdb, 0x38, 0x74, 0xfb, 0x4d, 0xa7, 0xeb, 0x76, 0xb8, 0x8b, 0x96, 0x6f, 0x47, 0xf3, - 0xb8, 0xd3, 0x1e, 0xba, 0xfd, 0xd6, 0xf3, 0xa8, 0x2a, 0x67, 0xc7, 0x1a, 0x5b, 0x8f, 0x61, 0x3e, - 0x46, 0x83, 0x10, 0x8c, 0x8f, 0xe2, 0x82, 0x91, 0x08, 0x95, 0x48, 0x97, 0x8a, 0x47, 0x70, 0x45, - 0x49, 0x85, 0x39, 0x65, 0x2b, 0x31, 0x69, 0x48, 0x20, 0x4c, 0x13, 0x85, 0x36, 0x5c, 0x51, 0x92, - 0xf0, 0x1a, 0x12, 0x20, 0x27, 0x37, 0x9f, 0x3a, 0xb9, 0x9b, 0x50, 0xd6, 0x27, 0xf7, 0x75, 0x26, - 0xf5, 0x3f, 0xe4, 0x60, 0x61, 0x9d, 0xf6, 0x70, 0xeb, 0xa9, 0xf6, 0xfb, 0xc6, 0xc9, 0x44, 0x77, - 0x4f, 0xe7, 0x06, 0xba, 0xa7, 0x95, 0xd9, 0x9d, 0x4f, 0x37, 0xbb, 0xd9, 0x9e, 0xfa, 0xc4, 0xde, - 0x14, 0xb2, 0x8a, 0x7b, 0xea, 0xb1, 0xef, 0xda, 0xac, 0x8c, 0x6c, 0x46, 0xae, 0xed, 0xd1, 0xa1, - 0xae, 0xed, 0xcb, 0xc2, 0xd5, 0x37, 0x21, 0x5c, 0xdb, 0x86, 0x43, 0xdb, 0xfa, 0x1c, 0x4a, 0xc9, - 0xb1, 0x08, 0xf9, 0x18, 0x76, 0xd4, 0xb1, 0x56, 0x23, 0xe9, 0x16, 0x37, 0xed, 0xca, 0xa5, 0x1f, - 0x53, 0xa1, 0x03, 0x5c, 0x48, 0x56, 0x23, 0x92, 0x4f, 0x81, 0x45, 0xf4, 0xff, 0x19, 0x93, 0x4f, - 0x7e, 0xdd, 0x98, 0xcb, 0xbe, 0x6e, 0x14, 0x32, 0xca, 0x41, 0x25, 0x80, 0xf5, 0x14, 0xae, 0x18, - 0x48, 0x23, 0xa9, 0xff, 0x01, 0x14, 0x94, 0x81, 0x61, 0x7a, 0x38, 0x0c, 0xb4, 0x38, 0x6f, 0xca, - 0xd6, 0x50, 0x20, 0xd6, 0x4f, 0x51, 0x77, 0xc7, 0xef, 0x2f, 0xdf, 0x18, 0xfa, 0x5f, 0xe5, 0x60, - 0x81, 0x6f, 0x5e, 0x49, 0xb6, 0x9e, 0x5d, 0xb8, 0xfe, 0x44, 0xbc, 0x72, 0xf7, 0x52, 0xbc, 0x72, - 0x08, 0xa2, 0x7b, 0xe5, 0x74, 0x5f, 0xdc, 0x83, 0xd1, 0x42, 0xbe, 0x38, 0x62, 0x35, 0xa1, 0x94, - 0x1c, 0xe1, 0x1b, 0x98, 0xf2, 0x7f, 0x99, 0x83, 0xeb, 0x62, 0xdf, 0x8f, 0xcd, 0xce, 0xf9, 0x19, - 0xf8, 0x21, 0x4c, 0x0b, 0x58, 0xbe, 0x02, 0xb8, 0x52, 0xc1, 0x2b, 0x72, 0x29, 0xc4, 0x7c, 0x25, - 0x18, 0xcd, 0xc8, 0x87, 0xda, 0xb1, 0x94, 0x7b, 0x18, 0xae, 0x32, 0x35, 0xc2, 0xcf, 0xaf, 0x99, - 0x87, 0x53, 0xeb, 0x5b, 0x58, 0xca, 0x22, 0xfc, 0x0d, 0xf0, 0xe5, 0x01, 0x94, 0x53, 0x24, 0xf6, - 0xd5, 0xd6, 0xea, 0x8f, 0xe0, 0x5a, 0x2a, 0xae, 0x37, 0x40, 0xe6, 0x3a, 0x2c, 0x68, 0xdb, 0xc0, - 0x6b, 0xd0, 0xf8, 0x08, 0xae, 0x73, 0x44, 0x6f, 0x66, 0xc8, 0x1b, 0xb0, 0x18, 0x9d, 0x29, 0x0c, - 0x85, 0x72, 0x4e, 0xa1, 0x12, 0x8a, 0x2e, 0x62, 0xc5, 0x1b, 0x54, 0x74, 0x51, 0xc3, 0x37, 0xa6, - 0x89, 0x36, 0xe1, 0x32, 0x47, 0x6c, 0x6e, 0x0a, 0xcb, 0xfa, 0xa6, 0x90, 0x1a, 0x90, 0x96, 0xdc, - 0x27, 0x1e, 0xe1, 0x3e, 0x21, 0x9b, 0x44, 0x14, 0x7e, 0x08, 0xe3, 0x22, 0xe6, 0x96, 0xd3, 0x97, - 0x82, 0x0c, 0x0d, 0x06, 0x1e, 0x68, 0x6b, 0x8b, 0xc6, 0x56, 0x09, 0x87, 0xcc, 0x0e, 0xe9, 0xe2, - 0xb6, 0x47, 0xb9, 0x4c, 0xbe, 0x66, 0x3b, 0x73, 0xac, 0xe6, 0x35, 0x8d, 0x9d, 0xc7, 0x50, 0xe2, - 0xc6, 0x8e, 0x86, 0xf5, 0xb5, 0xcc, 0x9d, 0x4f, 0xa0, 0xc4, 0xe5, 0x29, 0x05, 0xe1, 0x60, 0x1b, - 0x66, 0x49, 0x4a, 0x62, 0xb5, 0xdb, 0x4d, 0x1b, 0xfd, 0x5f, 0xcb, 0xc1, 0xd5, 0x75, 0x1a, 0x9a, - 0x61, 0x89, 0x7f, 0x2a, 0x26, 0xe7, 0xb7, 0xa8, 0x72, 0x12, 0x84, 0x88, 0xa9, 0xf8, 0x32, 0x3e, - 0x15, 0x99, 0x31, 0x98, 0xe9, 0x53, 0xf2, 0x63, 0xb8, 0xc6, 0xa7, 0xc4, 0x6c, 0x2f, 0x07, 0xfa, - 0x79, 0x6c, 0x56, 0x32, 0xb1, 0xa7, 0xcd, 0xce, 0xdf, 0xcc, 0xc1, 0x35, 0xce, 0xe4, 0x74, 0xe4, - 0x7f, 0xd2, 0x87, 0x92, 0x6d, 0xa8, 0xa8, 0x39, 0x7f, 0x03, 0x13, 0x6b, 0xfd, 0xd3, 0x1c, 0x10, - 0x89, 0xa7, 0xde, 0xb0, 0x25, 0x8e, 0xab, 0x30, 0x52, 0x6f, 0xd8, 0x22, 0xfc, 0x02, 0x8d, 0xcd, - 0x76, 0xe0, 0xdb, 0xac, 0x2c, 0x6e, 0x1a, 0xe4, 0xcf, 0x62, 0x1a, 0x6c, 0x02, 0x69, 0xb8, 0xfb, - 0xbd, 0xa7, 0x6e, 0x78, 0xa0, 0x3a, 0xab, 0x0a, 0x57, 0x19, 0x46, 0xbf, 0x06, 0xee, 0x7e, 0xaf, - 0x85, 0xf7, 0x5f, 0x2a, 0xc2, 0xb6, 0xed, 0xd8, 0x29, 0x40, 0xd6, 0x4f, 0xe0, 0xb2, 0x41, 0xaf, - 0x90, 0xa1, 0x45, 0x18, 0xad, 0x53, 0x3f, 0x14, 0x14, 0x23, 0xd7, 0xda, 0xd4, 0x0f, 0x6d, 0x2c, - 0x25, 0xb7, 0x60, 0xa2, 0x5e, 0x45, 0xb7, 0x3d, 0x9a, 0xd7, 0xd3, 0x5c, 0xc9, 0xb5, 0x9d, 0x16, - 0x3e, 0xfb, 0xb0, 0x65, 0xa5, 0xf5, 0x6f, 0xf3, 0x1a, 0x76, 0x06, 0x3e, 0x9c, 0x1d, 0xef, 0x03, - 0x70, 0xfe, 0x6b, 0xdc, 0x60, 0x76, 0xc1, 0x94, 0x70, 0x79, 0xf2, 0x7d, 0xc0, 0xd6, 0x1a, 0x9d, - 0xf1, 0xca, 0x41, 0x5e, 0x71, 0x73, 0x20, 0xe9, 0x8e, 0x57, 0x57, 0xdc, 0x02, 0x75, 0x60, 0xeb, - 0x8d, 0xc8, 0xcf, 0x60, 0x46, 0xd0, 0x2c, 0x08, 0x1a, 0xc3, 0x3b, 0xb4, 0xb7, 0x85, 0x5f, 0x26, - 0x65, 0x6c, 0x77, 0x54, 0x7b, 0x11, 0x90, 0x2f, 0x3f, 0xf9, 0x34, 0x9a, 0xe8, 0xac, 0x5b, 0xea, - 0xf6, 0x88, 0xfa, 0xe4, 0x22, 0x4c, 0x3d, 0xd9, 0x6e, 0xec, 0xac, 0xd5, 0x37, 0xef, 0x6f, 0xae, - 0xad, 0x16, 0x2f, 0x90, 0x02, 0x8c, 0xee, 0xd6, 0x77, 0xb7, 0x8a, 0x39, 0xeb, 0x5b, 0x98, 0x33, - 0xfb, 0x7a, 0xa3, 0xd3, 0x14, 0xc2, 0x65, 0xb5, 0x97, 0x3f, 0x78, 0xba, 0xab, 0xdd, 0xac, 0x56, - 0xdb, 0x6d, 0xef, 0xb8, 0x17, 0xc6, 0x1d, 0xe0, 0x0e, 0x2f, 0x16, 0x92, 0xa9, 0x35, 0x32, 0xae, - 0x2d, 0xf2, 0x03, 0xaf, 0x2d, 0xac, 0x8f, 0x61, 0xce, 0xec, 0xf5, 0xac, 0xc7, 0xa2, 0xb7, 0xf1, - 0xca, 0x59, 0x0b, 0xd6, 0x20, 0x44, 0x77, 0x41, 0x8a, 0x95, 0xfd, 0x31, 0x14, 0x45, 0xab, 0x48, - 0x33, 0xbe, 0x25, 0x0f, 0x85, 0x5c, 0x2f, 0x9a, 0x0f, 0x28, 0xe4, 0x7d, 0xcc, 0xf7, 0xa4, 0x93, - 0x73, 0x58, 0x0f, 0x7f, 0x27, 0x07, 0xa5, 0x47, 0xf7, 0xab, 0xd5, 0xe3, 0xf0, 0x80, 0xf6, 0x42, - 0xb7, 0xed, 0x84, 0xb4, 0x7e, 0xe0, 0x74, 0xbb, 0xb4, 0xb7, 0x4f, 0xc9, 0x6d, 0x18, 0xdd, 0x7d, - 0xbc, 0xbb, 0x23, 0x7c, 0x89, 0x73, 0x42, 0x60, 0x58, 0x91, 0x6a, 0x63, 0x63, 0x0b, 0xf2, 0x10, - 0x2e, 0x3d, 0x15, 0x4f, 0x96, 0x54, 0x95, 0xf0, 0x22, 0x5e, 0xbf, 0xa3, 0x1e, 0x33, 0xd5, 0x7d, - 0xda, 0x61, 0xbd, 0x38, 0xdd, 0x6a, 0xc0, 0x74, 0x33, 0x13, 0xeb, 0x24, 0xdc, 0x83, 0xd1, 0x42, - 0xae, 0x98, 0xb7, 0x7e, 0x3f, 0x07, 0x0b, 0x31, 0xca, 0xb4, 0x8b, 0x25, 0x9d, 0xb0, 0xcb, 0x1a, - 0x61, 0xb2, 0xc9, 0xc6, 0x05, 0x41, 0x59, 0x1d, 0xe3, 0xe3, 0xb1, 0x07, 0x41, 0xd0, 0x3b, 0x83, - 0x09, 0x8a, 0x10, 0x28, 0x40, 0x11, 0x79, 0x8a, 0xe5, 0xd6, 0x45, 0x98, 0x31, 0x38, 0x60, 0x59, - 0x30, 0xad, 0xf7, 0xcc, 0xd8, 0x5c, 0xf7, 0x3a, 0x8a, 0xcd, 0xec, 0x6f, 0xeb, 0x6f, 0xe5, 0x60, - 0xee, 0xd1, 0xfd, 0xaa, 0x4d, 0xf7, 0x5d, 0xb6, 0x4c, 0x22, 0x16, 0x2f, 0x1b, 0x23, 0x59, 0x34, - 0x46, 0x12, 0x6b, 0xab, 0x86, 0xf4, 0x59, 0x62, 0x48, 0x8b, 0x69, 0x43, 0xc2, 0xe3, 0x82, 0xeb, - 0xf5, 0x8c, 0x91, 0x68, 0x3e, 0xd3, 0xbf, 0x9b, 0x83, 0xcb, 0x1a, 0x4d, 0x8a, 0xfe, 0xf7, 0x0d, - 0x92, 0xae, 0xa5, 0x90, 0x94, 0x60, 0x72, 0x2d, 0x41, 0xd1, 0xdb, 0x83, 0x28, 0x1a, 0xca, 0xe3, - 0x3f, 0xce, 0xc1, 0x7c, 0x2a, 0x0f, 0xc8, 0x15, 0xb6, 0x71, 0xb7, 0x7d, 0x1a, 0x0a, 0xf6, 0x8a, - 0x2f, 0x56, 0xbe, 0x19, 0x04, 0xc7, 0xe2, 0x3d, 0xd9, 0xa4, 0x2d, 0xbe, 0xc8, 0xdb, 0x30, 0xb3, - 0x43, 0x7d, 0xd7, 0xeb, 0x34, 0x68, 0xdb, 0xeb, 0x75, 0xf8, 0x8d, 0xd4, 0x8c, 0x6d, 0x16, 0x92, - 0x45, 0x98, 0xac, 0x76, 0xf7, 0x3d, 0xdf, 0x0d, 0x0f, 0xb8, 0xdb, 0x7a, 0xd2, 0x8e, 0x0a, 0x18, - 0xee, 0x55, 0x77, 0xdf, 0x0d, 0xf9, 0xdd, 0xfe, 0x8c, 0x2d, 0xbe, 0x48, 0x09, 0x26, 0x84, 0xda, - 0xc0, 0x1b, 0x98, 0x49, 0x5b, 0x7e, 0x32, 0x88, 0xaf, 0x6d, 0x14, 0x02, 0x8c, 0xc6, 0xb4, 0xc5, - 0x97, 0xf5, 0x1e, 0xcc, 0xa5, 0xf1, 0x31, 0x55, 0x64, 0xfe, 0x42, 0x1e, 0x2e, 0x57, 0x3b, 0x9d, - 0x47, 0xf7, 0xab, 0xab, 0x54, 0xb7, 0xff, 0x3e, 0x80, 0xd1, 0xcd, 0x9e, 0x1b, 0x0a, 0xc3, 0x65, - 0x49, 0x4c, 0x4f, 0x4a, 0x4b, 0xd6, 0x8a, 0xcd, 0x10, 0xfb, 0x9f, 0xd8, 0x70, 0x79, 0xed, 0x3b, - 0x37, 0x08, 0xdd, 0xde, 0x3e, 0xce, 0x39, 0xef, 0x58, 0xcc, 0xb1, 0x44, 0x92, 0xb1, 0xdc, 0x36, - 0x2e, 0xd8, 0x69, 0xc0, 0x64, 0x17, 0xae, 0x6c, 0xd3, 0x17, 0x29, 0x22, 0xa4, 0x82, 0x29, 0x15, - 0xda, 0x14, 0xc9, 0xc9, 0x80, 0xd5, 0x25, 0xf4, 0xaf, 0xe6, 0x31, 0x42, 0x57, 0x1b, 0x98, 0xe8, - 0xf9, 0x09, 0xcc, 0x69, 0x04, 0x45, 0x1a, 0x27, 0x27, 0xde, 0x87, 0xa4, 0x0e, 0x47, 0x5f, 0x48, - 0xa9, 0xe0, 0xe4, 0x29, 0x2c, 0x98, 0x44, 0x45, 0x98, 0xcd, 0xc5, 0x90, 0xd6, 0x64, 0xe3, 0x82, - 0x9d, 0x05, 0x4d, 0x96, 0x61, 0xa4, 0xda, 0x3e, 0x14, 0x6c, 0x49, 0x9f, 0x32, 0x3e, 0xb2, 0x6a, - 0xfb, 0x10, 0x23, 0xea, 0xdb, 0x87, 0xc6, 0x7a, 0xf8, 0x37, 0x39, 0x58, 0xc8, 0x98, 0x61, 0xb2, - 0x04, 0xc0, 0x0b, 0x35, 0xdd, 0xae, 0x95, 0x30, 0x63, 0x84, 0x7f, 0x61, 0xc0, 0xc3, 0x08, 0xee, - 0xfd, 0x32, 0x2e, 0x31, 0xaa, 0xb0, 0xb5, 0x46, 0x64, 0x07, 0xa6, 0xf8, 0x17, 0x0f, 0x8f, 0x1c, - 0x45, 0x18, 0x62, 0xc0, 0xf0, 0x78, 0x48, 0x8c, 0x79, 0xea, 0x60, 0x41, 0x2b, 0x1e, 0x16, 0xa9, - 0xa3, 0x10, 0x5e, 0x9d, 0x7a, 0x7c, 0x14, 0x6a, 0xd0, 0xe4, 0x36, 0x8c, 0xf3, 0x42, 0x31, 0x87, - 0xf2, 0x65, 0x5f, 0xd4, 0x58, 0xd4, 0x5b, 0x7f, 0x98, 0x93, 0xbe, 0xe0, 0xc4, 0xd2, 0xf8, 0xd8, - 0x58, 0x1a, 0x37, 0x15, 0xc1, 0x69, 0x8d, 0x8d, 0xd5, 0x51, 0x83, 0xa9, 0x57, 0x59, 0x15, 0x3a, - 0x90, 0x2e, 0xb7, 0xff, 0x30, 0x27, 0xfd, 0x14, 0x49, 0xd1, 0x5d, 0x83, 0xe9, 0x57, 0x13, 0x59, - 0x03, 0x8c, 0x7c, 0xc8, 0x25, 0x2a, 0x3f, 0x78, 0xa4, 0x03, 0x85, 0xea, 0x0b, 0xe9, 0xee, 0x7e, - 0x15, 0xb1, 0xb2, 0x16, 0x53, 0xa0, 0x55, 0x77, 0xd6, 0x71, 0xa2, 0xb6, 0xf1, 0xb2, 0xd7, 0x96, - 0xf3, 0x74, 0x2b, 0x1e, 0xe4, 0x93, 0x19, 0xc1, 0xa1, 0xd3, 0x90, 0x8f, 0x5c, 0x94, 0x42, 0xe4, - 0xd0, 0x18, 0xd3, 0x89, 0xfa, 0x57, 0x79, 0x53, 0xc2, 0x5e, 0xa5, 0xd3, 0x3a, 0xcc, 0x6c, 0xd3, - 0x17, 0x89, 0x7e, 0xf1, 0x5e, 0xbc, 0x47, 0x5f, 0xb4, 0xb4, 0xbe, 0x35, 0x69, 0x37, 0x61, 0xc8, - 0x1e, 0xcc, 0x4a, 0x5d, 0x70, 0x56, 0x95, 0xc8, 0x23, 0xbe, 0x59, 0x0f, 0x47, 0xcf, 0x9c, 0x96, - 0x2f, 0x4a, 0xf5, 0x50, 0x6d, 0x13, 0xe3, 0x9b, 0x5f, 0xa5, 0xd6, 0x0e, 0x94, 0x92, 0xdc, 0x13, - 0xbd, 0x7d, 0x30, 0x6c, 0x81, 0xf2, 0xa3, 0x72, 0xc7, 0x5c, 0xac, 0x1b, 0xe8, 0xd5, 0x51, 0x6d, - 0xd4, 0x79, 0xf4, 0x5e, 0x7c, 0x32, 0xf0, 0x02, 0x5f, 0x4e, 0x86, 0xfe, 0x48, 0x25, 0x0a, 0x1c, - 0x9b, 0x8f, 0x61, 0x12, 0x84, 0xbd, 0x07, 0x13, 0xa2, 0x48, 0x3d, 0xfe, 0x89, 0xab, 0x0e, 0xd9, - 0xc0, 0xfa, 0x83, 0x1c, 0x5c, 0x65, 0xb6, 0x7b, 0xc3, 0xed, 0xed, 0x77, 0xe9, 0x93, 0xc0, 0x0c, - 0xdb, 0xfa, 0x6d, 0x43, 0x7d, 0x2c, 0x64, 0x84, 0x83, 0xff, 0xff, 0x52, 0x1a, 0xff, 0x20, 0x07, - 0xe5, 0x34, 0xda, 0xde, 0xac, 0xde, 0xb8, 0x23, 0x0e, 0x5b, 0x9c, 0xda, 0x92, 0x00, 0x57, 0x7d, - 0xca, 0xc1, 0xb2, 0x41, 0xb2, 0xff, 0x0d, 0x85, 0xf1, 0x7f, 0x72, 0x30, 0xb7, 0x19, 0x20, 0xf9, - 0xbf, 0x38, 0x76, 0x7d, 0xda, 0x91, 0x8c, 0xbb, 0x93, 0xf6, 0x68, 0x00, 0xe7, 0x75, 0xe3, 0x42, - 0xda, 0xa3, 0x80, 0x0f, 0xb4, 0xb0, 0xe8, 0xfc, 0xa0, 0xd7, 0x00, 0xc6, 0x2b, 0xb7, 0x5b, 0x30, - 0xba, 0xcd, 0x8c, 0xa4, 0x11, 0x21, 0x7f, 0x1c, 0x82, 0x15, 0x61, 0x04, 0x33, 0x23, 0x99, 0x7d, - 0x90, 0xfb, 0x89, 0x38, 0xe9, 0xd1, 0xe1, 0xd1, 0xee, 0xc9, 0xe7, 0x79, 0xb5, 0x02, 0x8c, 0xef, - 0x3a, 0xfe, 0x3e, 0x0d, 0xad, 0x1f, 0x43, 0x59, 0x04, 0x16, 0x70, 0xc7, 0x27, 0x86, 0x1f, 0x04, - 0x91, 0x43, 0x6e, 0x50, 0x30, 0xc0, 0x12, 0x40, 0x23, 0x74, 0xfc, 0x70, 0xb3, 0xd7, 0xa1, 0xdf, - 0xe1, 0x68, 0xc7, 0x6c, 0xad, 0xc4, 0xfa, 0x10, 0x26, 0xd5, 0x10, 0xf0, 0x84, 0xa6, 0xd9, 0x81, - 0x38, 0x9c, 0x39, 0x23, 0x72, 0x5b, 0x86, 0x6b, 0xaf, 0xc0, 0x7c, 0x6c, 0x2a, 0x84, 0x9c, 0x94, - 0xd9, 0x84, 0xf1, 0x32, 0x1e, 0xba, 0x64, 0xab, 0x6f, 0xab, 0x0e, 0x97, 0x12, 0x33, 0x4d, 0x08, - 0x46, 0xe3, 0xf3, 0xd3, 0x37, 0xdb, 0x26, 0x1a, 0x8d, 0x0d, 0x56, 0xb6, 0xbb, 0xd5, 0xe0, 0x91, - 0x89, 0xac, 0x6c, 0x77, 0xab, 0x51, 0x1b, 0xe7, 0x92, 0x63, 0xfd, 0xe3, 0x3c, 0x1e, 0x4a, 0x13, - 0x3c, 0x88, 0xf9, 0x97, 0x74, 0x1f, 0x57, 0x0d, 0x26, 0x71, 0xc4, 0xab, 0x32, 0x82, 0x77, 0xf0, - 0x6d, 0x64, 0xe1, 0x97, 0x27, 0x95, 0x0b, 0x78, 0x05, 0x19, 0x81, 0x91, 0x2f, 0x61, 0x62, 0xad, - 0xd7, 0x41, 0x0c, 0x23, 0xe7, 0xc0, 0x20, 0x81, 0xd8, 0x3c, 0x20, 0xc9, 0xcc, 0xc0, 0x11, 0x8e, - 0x13, 0x5b, 0x2b, 0x41, 0x36, 0xbb, 0x47, 0x2e, 0x8f, 0x39, 0x19, 0xb3, 0xf9, 0x07, 0xe3, 0x26, - 0x92, 0x20, 0x1f, 0x64, 0x4d, 0xda, 0xea, 0x9b, 0x58, 0x30, 0xf6, 0xd8, 0xef, 0x88, 0xe7, 0x31, - 0xb3, 0xcb, 0xd3, 0x32, 0x0b, 0x06, 0x2b, 0xb3, 0x79, 0x95, 0xf5, 0xbf, 0xf0, 0x1e, 0x38, 0x4c, - 0x95, 0x1b, 0x83, 0x2b, 0xb9, 0xd7, 0xe6, 0x4a, 0xfe, 0x55, 0xb8, 0xa2, 0x46, 0x3d, 0x92, 0x35, - 0xea, 0xd1, 0xac, 0x51, 0x8f, 0x65, 0x8f, 0x7a, 0x1d, 0xc6, 0xf9, 0x50, 0xc9, 0x5b, 0x30, 0xb6, - 0x19, 0xd2, 0xa3, 0xc8, 0x59, 0xa1, 0x47, 0xf2, 0xd8, 0xbc, 0x8e, 0x9d, 0xa3, 0xb6, 0x9c, 0x20, - 0x94, 0xb1, 0xb0, 0x93, 0xb6, 0xfc, 0xb4, 0x7e, 0x8e, 0xa1, 0xf2, 0x5b, 0x5e, 0xfb, 0x50, 0xf3, - 0x64, 0x4e, 0xf0, 0x55, 0x19, 0xbf, 0x10, 0x60, 0xad, 0x78, 0x8d, 0x2d, 0x5b, 0x90, 0x1b, 0x30, - 0xb5, 0xd9, 0xbb, 0xef, 0xf9, 0x6d, 0xfa, 0xb8, 0xd7, 0xe5, 0xd8, 0x0b, 0xb6, 0x5e, 0x24, 0x3c, - 0x2c, 0xa2, 0x87, 0xc8, 0xc3, 0x82, 0x05, 0x31, 0x0f, 0x0b, 0x7f, 0x28, 0x6d, 0xf3, 0x3a, 0xe1, - 0xc0, 0x61, 0x7f, 0x0f, 0x72, 0xaf, 0x28, 0x3f, 0xcc, 0xb0, 0x86, 0x7b, 0x70, 0xd5, 0xa6, 0xfd, - 0xae, 0xc3, 0xcc, 0xa8, 0x23, 0x8f, 0xb7, 0x57, 0x63, 0xbe, 0x91, 0x12, 0xc5, 0x69, 0x3a, 0x53, - 0x15, 0xc9, 0xf9, 0x01, 0x24, 0x1f, 0xc1, 0xcd, 0x75, 0x1a, 0xa6, 0xbe, 0x76, 0x8e, 0x06, 0xbf, - 0x01, 0x05, 0xf1, 0x5a, 0x46, 0x8e, 0x7f, 0xd8, 0x43, 0x6b, 0x71, 0x39, 0x24, 0xf0, 0xa8, 0xbf, - 0xac, 0xaf, 0xa0, 0x92, 0xd5, 0xdd, 0xd9, 0xc2, 0xee, 0x5c, 0xb8, 0x91, 0x8d, 0x40, 0x6d, 0x8b, - 0x13, 0xa2, 0x43, 0x75, 0x20, 0x1e, 0x4c, 0xad, 0xba, 0x2e, 0x40, 0xc3, 0x40, 0xfc, 0x61, 0xd5, - 0x64, 0x5c, 0xcf, 0x6b, 0x90, 0xdb, 0xc2, 0x0b, 0x0d, 0x13, 0x41, 0xc4, 0xd7, 0x2a, 0x14, 0x64, - 0x59, 0xec, 0x46, 0x23, 0xf1, 0x90, 0x1c, 0x19, 0xda, 0x91, 0x08, 0x14, 0x98, 0xf5, 0x73, 0x79, - 0xed, 0x60, 0x42, 0x9c, 0x2d, 0x22, 0xfc, 0x2c, 0xf7, 0x0c, 0x96, 0x07, 0x57, 0x4d, 0xdc, 0xba, - 0xc3, 0xbb, 0xa8, 0x39, 0xbc, 0xb9, 0x9f, 0x9b, 0xc9, 0xa5, 0xbd, 0xb5, 0xd6, 0xeb, 0xf4, 0x3d, - 0xb7, 0x17, 0x8a, 0xc5, 0xab, 0x17, 0x91, 0x25, 0xdd, 0xad, 0x3d, 0x9d, 0x0c, 0xa1, 0xbf, 0x07, - 0xe5, 0xb4, 0x0e, 0x35, 0xb7, 0x88, 0xf2, 0x0c, 0x73, 0x83, 0xc4, 0x3a, 0x80, 0x39, 0x23, 0x35, - 0x4f, 0x94, 0x6b, 0x24, 0x4a, 0x49, 0x34, 0x59, 0xfb, 0xe2, 0x37, 0x27, 0x95, 0x4f, 0xce, 0x13, - 0xa7, 0x2d, 0x71, 0xee, 0xaa, 0x57, 0x00, 0xd6, 0x02, 0x8c, 0xd4, 0xed, 0x2d, 0x1c, 0xb6, 0xbd, - 0xa5, 0x86, 0x6d, 0x6f, 0x59, 0x7f, 0x94, 0x87, 0x4a, 0xfd, 0xc0, 0xe9, 0xed, 0xf3, 0xeb, 0xde, - 0xc8, 0xee, 0xd2, 0xee, 0x8f, 0xcf, 0x7a, 0xda, 0x58, 0x86, 0xa9, 0x6d, 0xfa, 0x42, 0xbe, 0x60, - 0x10, 0x6f, 0x01, 0xd0, 0x3f, 0xcd, 0x4e, 0x02, 0x7d, 0x51, 0x6e, 0xeb, 0x8d, 0xc8, 0x9f, 0x7d, - 0x75, 0xbf, 0x0b, 0x4f, 0xd0, 0x11, 0x1d, 0x32, 0x78, 0x6d, 0xda, 0x69, 0x23, 0xa3, 0x8b, 0xe4, - 0xf1, 0x68, 0xf4, 0xfc, 0xc7, 0x23, 0xeb, 0x9f, 0xe5, 0xe0, 0x46, 0x36, 0x07, 0x45, 0x4f, 0xab, - 0x46, 0xae, 0x94, 0x01, 0x97, 0xde, 0x78, 0x24, 0xd4, 0x72, 0xa5, 0xc4, 0xf3, 0xa3, 0xd8, 0xb4, - 0xed, 0x3d, 0xa7, 0xfe, 0xcb, 0x98, 0x1f, 0x5b, 0x16, 0xd7, 0xbd, 0x0e, 0x0d, 0x64, 0xa6, 0x29, - 0x5e, 0x64, 0x3c, 0x5d, 0x16, 0x65, 0xd6, 0xbf, 0xcf, 0xc1, 0x35, 0xdc, 0x06, 0x85, 0x97, 0x4f, - 0x56, 0xbc, 0x52, 0xe4, 0x88, 0xde, 0xb9, 0x98, 0x75, 0x8c, 0x1c, 0x91, 0x14, 0xb4, 0xda, 0x5e, - 0x87, 0xda, 0x46, 0x33, 0xb2, 0x09, 0x53, 0xe2, 0x5b, 0x73, 0xe5, 0xcc, 0x6b, 0x99, 0x97, 0x50, - 0xa8, 0xf8, 0x99, 0x0f, 0x45, 0x48, 0x20, 0x6b, 0xe1, 0xd3, 0x16, 0x1d, 0xd6, 0xfa, 0x75, 0x1e, - 0x16, 0x9b, 0xd4, 0x77, 0x9f, 0xbd, 0xcc, 0x18, 0xcc, 0x63, 0x98, 0x93, 0x45, 0x38, 0x66, 0x53, - 0x98, 0xf9, 0x13, 0x54, 0x49, 0x6a, 0xc0, 0x1a, 0xb4, 0x94, 0x6c, 0xa7, 0x02, 0x9e, 0xe3, 0x51, - 0xf6, 0x07, 0x50, 0x50, 0xeb, 0x61, 0x04, 0x39, 0x83, 0x73, 0x23, 0xd7, 0x82, 0x99, 0x03, 0x43, - 0x2d, 0x8a, 0xbf, 0x9c, 0x7d, 0x5d, 0x20, 0xec, 0xff, 0x21, 0x47, 0x33, 0xbe, 0x34, 0xd8, 0xb2, - 0x70, 0xb4, 0xda, 0x94, 0xa5, 0xb1, 0x71, 0xc1, 0xce, 0xea, 0xa9, 0x36, 0x05, 0x93, 0x55, 0xbc, - 0xcc, 0x60, 0xe6, 0xf6, 0xff, 0xce, 0xc3, 0x92, 0x0c, 0xf6, 0xcd, 0x60, 0xf3, 0x37, 0xb0, 0x20, - 0x8b, 0xaa, 0xfd, 0xbe, 0xef, 0x3d, 0xa7, 0x1d, 0x93, 0xd3, 0xfc, 0x19, 0xb8, 0xe4, 0xb4, 0x23, - 0xda, 0x44, 0xcc, 0xce, 0x02, 0x7f, 0x33, 0x6e, 0x8c, 0x2f, 0x4d, 0xed, 0xc4, 0x67, 0x03, 0xdd, - 0x09, 0xba, 0x76, 0x32, 0x93, 0x84, 0xe9, 0x9a, 0xaa, 0x93, 0x70, 0x83, 0x8c, 0xbe, 0xae, 0x1b, - 0x84, 0x1d, 0xd4, 0x4c, 0x9c, 0xb5, 0x59, 0x98, 0xde, 0xa6, 0x2f, 0x22, 0xbe, 0xff, 0x4e, 0x0e, - 0x66, 0x8c, 0xc5, 0x4d, 0xde, 0x85, 0x31, 0xfc, 0x03, 0x77, 0x5e, 0xf1, 0x16, 0x8e, 0x2d, 0x30, - 0xe3, 0x2d, 0x1c, 0x6f, 0xba, 0x09, 0x13, 0x3c, 0xce, 0xaa, 0x73, 0x06, 0x8b, 0x5a, 0xc5, 0x4d, - 0xb6, 0x39, 0x08, 0x37, 0xae, 0x05, 0xbc, 0xf5, 0x10, 0x6e, 0x8a, 0x20, 0x36, 0x73, 0xf2, 0xb1, - 0xa3, 0x73, 0x6e, 0x14, 0x96, 0x03, 0x4b, 0xeb, 0x34, 0xae, 0x7a, 0x8c, 0xb8, 0xd2, 0xaf, 0xe0, - 0xa2, 0x51, 0xae, 0x30, 0xe2, 0x7b, 0x19, 0x25, 0x43, 0x0a, 0x75, 0xbc, 0xb5, 0x75, 0x23, 0xad, - 0x0b, 0x9d, 0x58, 0x8b, 0xc2, 0x45, 0x3c, 0x37, 0xaa, 0x1b, 0x9d, 0xe0, 0x1c, 0x5a, 0xef, 0xb6, - 0xb6, 0xae, 0xb9, 0xc6, 0xe3, 0x4f, 0xad, 0xe5, 0x1e, 0xa7, 0x6a, 0xad, 0x19, 0x98, 0xaa, 0x7b, - 0xbd, 0x90, 0x7e, 0x87, 0x8f, 0x9d, 0xac, 0x59, 0x98, 0x96, 0x55, 0x5d, 0x1a, 0x04, 0xd6, 0xdf, - 0x1b, 0x01, 0x4b, 0x30, 0x36, 0xcd, 0xe7, 0x21, 0xf9, 0xb1, 0x97, 0x20, 0x56, 0x6c, 0x22, 0x57, - 0x74, 0xcf, 0x4e, 0x54, 0xcb, 0x25, 0x0f, 0x6f, 0x79, 0xdb, 0x51, 0xa9, 0x21, 0x79, 0x89, 0xd1, - 0xff, 0x24, 0x43, 0x4d, 0xf2, 0xc5, 0x86, 0x29, 0x88, 0x32, 0xd4, 0xa4, 0x81, 0x37, 0x5d, 0x65, - 0xda, 0x06, 0x1b, 0xc4, 0xe6, 0x4e, 0xd4, 0xa3, 0x0c, 0x55, 0x23, 0xd2, 0xf6, 0xf1, 0x82, 0x56, - 0x22, 0xed, 0x9e, 0x8e, 0x84, 0x3c, 0x31, 0x79, 0x29, 0xd6, 0xa3, 0xbc, 0x41, 0xd5, 0xab, 0x38, - 0xd6, 0xbe, 0x56, 0x62, 0x66, 0x31, 0x34, 0xda, 0x6a, 0x7e, 0xac, 0xbf, 0x9d, 0x83, 0x6b, 0x7c, - 0x76, 0x76, 0x7c, 0xf7, 0xb9, 0xdb, 0xa5, 0xfb, 0xd4, 0x10, 0xd3, 0xe3, 0xf4, 0x9b, 0xa8, 0xdc, - 0x99, 0x74, 0x34, 0x26, 0x65, 0xa1, 0x02, 0x3c, 0xcb, 0x51, 0x9a, 0x86, 0xdf, 0x3a, 0xc9, 0xc9, - 0x00, 0xca, 0xc4, 0xf5, 0xcc, 0x79, 0x6d, 0xb6, 0x9a, 0x71, 0xa3, 0x92, 0xcf, 0xb8, 0x51, 0x31, - 0x3c, 0xd5, 0xe1, 0x90, 0x2b, 0x96, 0x91, 0xd7, 0x77, 0xde, 0xfe, 0x6a, 0x04, 0x2e, 0xed, 0x38, - 0xfb, 0x6e, 0x8f, 0xe9, 0x1e, 0x99, 0x27, 0x89, 0x54, 0x13, 0x29, 0xed, 0x06, 0x07, 0x3c, 0xa5, - 0xe4, 0xac, 0x5b, 0xd6, 0xb3, 0x4b, 0xe5, 0xb3, 0x5e, 0x70, 0x98, 0x39, 0xa4, 0x3e, 0x35, 0x7c, - 0x75, 0x89, 0x98, 0x37, 0x8c, 0x2a, 0xe9, 0x79, 0x9d, 0x58, 0x9a, 0x47, 0xf4, 0x77, 0x3d, 0x86, - 0x29, 0x2d, 0x70, 0x4d, 0x08, 0x68, 0x02, 0x03, 0xb2, 0xe5, 0xf0, 0x78, 0x8f, 0xa6, 0xa6, 0xf4, - 0xd2, 0x31, 0xa4, 0x24, 0xf2, 0x1a, 0x7b, 0xc3, 0x89, 0xbc, 0x7e, 0xcc, 0x49, 0x96, 0x9e, 0xcf, - 0x71, 0xb1, 0x6f, 0x70, 0xf4, 0x09, 0xf7, 0x67, 0x73, 0x45, 0xa3, 0x3e, 0x2d, 0x2b, 0xa1, 0x8e, - 0xac, 0x06, 0x50, 0x90, 0xf9, 0x4f, 0xad, 0xff, 0x39, 0x0e, 0x73, 0x5b, 0x6e, 0x10, 0xca, 0xd9, - 0x0d, 0x22, 0xd5, 0x3f, 0x2d, 0xcb, 0xb4, 0x43, 0x90, 0xb0, 0xd2, 0x78, 0x79, 0x2b, 0x96, 0x8e, - 0xd5, 0x00, 0x20, 0x1f, 0xea, 0xfe, 0xbb, 0xbc, 0x96, 0x40, 0x25, 0x99, 0x49, 0x53, 0x77, 0xec, - 0xbd, 0x6b, 0xb8, 0x8f, 0xf8, 0xbe, 0xda, 0x65, 0x05, 0xfa, 0xbe, 0xca, 0x7d, 0x4a, 0x2b, 0x71, - 0x9f, 0x12, 0xef, 0x80, 0x2b, 0xc5, 0x43, 0x6a, 0x98, 0xdc, 0xca, 0xd9, 0xf4, 0x04, 0xc6, 0xf1, - 0xf5, 0x3c, 0x4f, 0xa3, 0x34, 0xb5, 0xfc, 0x3d, 0xb1, 0x40, 0xd2, 0x98, 0xc0, 0xdf, 0xd9, 0x07, - 0x5a, 0x8a, 0xac, 0x2e, 0x16, 0xe8, 0x4f, 0xf6, 0x79, 0x13, 0xb2, 0x0b, 0x97, 0x77, 0x7c, 0xda, - 0x41, 0xd5, 0xb2, 0xf6, 0x5d, 0xdf, 0x17, 0x47, 0x0c, 0x74, 0xf0, 0xf1, 0x8c, 0x75, 0x7d, 0x59, - 0xdd, 0xa2, 0xaa, 0x5e, 0xd7, 0x30, 0x29, 0xe0, 0x64, 0x0d, 0x66, 0x1b, 0xd4, 0xf1, 0xdb, 0x07, - 0x0f, 0xe9, 0x4b, 0xa6, 0x18, 0x83, 0xd2, 0x44, 0x94, 0x81, 0x27, 0xc0, 0x1a, 0x36, 0x50, 0xac, - 0xd2, 0xaf, 0x75, 0x4c, 0x20, 0xf2, 0x43, 0x18, 0x6f, 0x78, 0x7e, 0x58, 0x7b, 0x19, 0x4b, 0xad, - 0xca, 0x0b, 0x6b, 0x57, 0x65, 0x16, 0xa2, 0xc0, 0xf3, 0xc3, 0xd6, 0x9e, 0xce, 0x37, 0x01, 0x47, - 0xee, 0x33, 0xab, 0x8b, 0x59, 0x82, 0xa1, 0xd3, 0xad, 0x63, 0x78, 0x02, 0x7f, 0x74, 0x29, 0x2c, - 0x2b, 0x34, 0x1f, 0x43, 0xa7, 0xdb, 0xc2, 0x7d, 0xde, 0xbc, 0x60, 0xd2, 0xa1, 0xc8, 0x4b, 0x98, - 0x33, 0x05, 0x5d, 0xe4, 0x28, 0x03, 0x23, 0x49, 0x61, 0x5a, 0x93, 0xda, 0x6d, 0x41, 0xe5, 0x8d, - 0x78, 0x02, 0xbe, 0x44, 0xda, 0xb2, 0xd4, 0x2e, 0xc8, 0x23, 0x4c, 0x02, 0xc5, 0x39, 0x53, 0x0d, - 0x78, 0xbc, 0x13, 0x7f, 0xe9, 0x79, 0xf3, 0xf4, 0xa4, 0x72, 0xfd, 0x18, 0xb3, 0x6d, 0x22, 0x47, - 0x1d, 0xfe, 0x8e, 0x40, 0xe7, 0x68, 0x02, 0xb4, 0xfc, 0x29, 0x4c, 0x69, 0xd2, 0x71, 0xae, 0x0c, - 0x67, 0x7f, 0x9c, 0x83, 0xf9, 0x98, 0xb8, 0x89, 0xf3, 0xe9, 0x63, 0x98, 0x54, 0x85, 0xc2, 0xa5, - 0x53, 0x52, 0xfb, 0x68, 0x4c, 0x0f, 0x73, 0x61, 0x97, 0x6b, 0x51, 0x27, 0x36, 0xc2, 0x41, 0xee, - 0xc1, 0xc4, 0x36, 0xfd, 0x2e, 0xf2, 0x83, 0xf2, 0x73, 0x4f, 0x8f, 0x6d, 0xea, 0xe6, 0x02, 0x91, - 0xcd, 0xc8, 0xa7, 0x00, 0xda, 0x2c, 0xf3, 0x45, 0x88, 0xb1, 0x93, 0xe9, 0x13, 0xac, 0x35, 0xb6, - 0xfe, 0x68, 0x42, 0x6e, 0xd3, 0xf2, 0x75, 0x82, 0xef, 0xb4, 0x0f, 0xa3, 0x20, 0xd6, 0x0f, 0x93, - 0x11, 0xa3, 0x67, 0xd1, 0x08, 0xb7, 0x8c, 0xc4, 0x0a, 0xd9, 0x79, 0xa0, 0xa3, 0x1c, 0x1b, 0x23, - 0x67, 0xc8, 0xb1, 0x71, 0x17, 0x26, 0x36, 0x7b, 0xcf, 0x5d, 0x66, 0x94, 0xf3, 0x90, 0x47, 0x34, - 0x69, 0x5d, 0x5e, 0xa4, 0x33, 0x46, 0xb4, 0x22, 0x9f, 0x42, 0x61, 0xc3, 0x0b, 0xc2, 0x9e, 0x0c, - 0x77, 0x14, 0xab, 0x30, 0x44, 0xbf, 0x70, 0xeb, 0x40, 0x54, 0xe9, 0x3a, 0x47, 0x36, 0x27, 0x1f, - 0xc1, 0x44, 0xb5, 0xd3, 0x61, 0x8b, 0x5a, 0x28, 0x04, 0x4c, 0x22, 0x2b, 0x20, 0x1d, 0x5e, 0xa3, - 0x77, 0x29, 0x1a, 0x93, 0x2f, 0x4c, 0x27, 0xed, 0x44, 0x94, 0x81, 0x26, 0x3d, 0xa1, 0xb2, 0xe9, - 0xc0, 0x7d, 0x57, 0xde, 0xf2, 0x14, 0xa2, 0x9c, 0x3e, 0x98, 0x9f, 0xc7, 0xd0, 0xa4, 0x78, 0x49, - 0xb4, 0x09, 0x93, 0x9b, 0x3d, 0x37, 0x74, 0x31, 0xab, 0xc9, 0xa4, 0xb1, 0x1f, 0xef, 0x38, 0x7e, - 0xe8, 0xb6, 0xdd, 0xbe, 0xd3, 0x0b, 0xf9, 0x6c, 0xb9, 0xb2, 0xa1, 0x3e, 0x5b, 0x0a, 0x5a, 0xcf, - 0x7f, 0x06, 0x6f, 0x2c, 0xff, 0x59, 0x6a, 0x0a, 0xb1, 0xa9, 0x57, 0x4f, 0x21, 0xb6, 0xc2, 0xe7, - 0x12, 0x6d, 0xe0, 0xe9, 0x48, 0x10, 0xd1, 0x77, 0x69, 0x1a, 0xbb, 0xb6, 0x6a, 0x48, 0x6e, 0x60, - 0x16, 0x93, 0x99, 0x28, 0xdc, 0xd3, 0xb8, 0x55, 0xce, 0x6f, 0xae, 0x92, 0x16, 0x4c, 0xb3, 0xd6, - 0x3b, 0x5e, 0xd7, 0x6d, 0xbb, 0x34, 0x28, 0xcd, 0x1a, 0xce, 0x6e, 0x73, 0x51, 0x60, 0xa3, 0x97, - 0x0d, 0x1a, 0xf2, 0x3d, 0x15, 0xbb, 0xee, 0x0b, 0x40, 0x7d, 0x4f, 0xd5, 0x11, 0x92, 0x9f, 0xb1, - 0xfd, 0x40, 0xc7, 0x22, 0x32, 0x20, 0x2f, 0xa4, 0x76, 0xd1, 0x7c, 0x5f, 0x6e, 0x14, 0xe2, 0xe9, - 0x10, 0x2f, 0x36, 0x37, 0x0a, 0x1d, 0xc0, 0xb2, 0xa1, 0x14, 0x5d, 0x2d, 0xc5, 0x56, 0xef, 0x47, - 0xc9, 0xe7, 0x2b, 0x98, 0xfd, 0x33, 0x7a, 0xbe, 0xa2, 0x0b, 0x44, 0xf4, 0x90, 0xe5, 0x09, 0x5c, - 0xb3, 0xe9, 0x91, 0xf7, 0x9c, 0xbe, 0x59, 0xb4, 0x3f, 0x81, 0xab, 0x26, 0xc2, 0x27, 0xfd, 0x0e, - 0xbe, 0xbd, 0xe6, 0x77, 0x58, 0xa9, 0xb9, 0x7d, 0x04, 0x00, 0xcf, 0xed, 0xc3, 0x13, 0x46, 0xb0, - 0x3f, 0xf5, 0xf5, 0x80, 0x75, 0x96, 0x07, 0x8b, 0x26, 0xf2, 0x6a, 0xa7, 0xa3, 0x2d, 0x04, 0x66, - 0x50, 0x6a, 0x9f, 0x31, 0x0b, 0x56, 0x5f, 0x31, 0xa8, 0x39, 0xfb, 0x51, 0x81, 0xbe, 0x56, 0xb5, - 0x76, 0x16, 0x85, 0x4a, 0x9c, 0x3d, 0x8c, 0x65, 0x7a, 0x9f, 0x35, 0x98, 0xd1, 0x3e, 0xd5, 0x81, - 0x10, 0x55, 0x89, 0xd6, 0x83, 0xc9, 0x30, 0x13, 0xc4, 0x6a, 0x43, 0x39, 0x8d, 0x69, 0xb8, 0xcc, - 0x5e, 0x92, 0xb5, 0x68, 0xe9, 0x0e, 0xbf, 0x3b, 0xbc, 0x98, 0xf9, 0xb6, 0xf3, 0x77, 0x47, 0xe1, - 0x9a, 0x98, 0x8c, 0x37, 0x39, 0xe3, 0xe4, 0xe7, 0x30, 0xa5, 0xcd, 0xb1, 0x60, 0xfa, 0x0d, 0x19, - 0x6e, 0x90, 0x25, 0x0b, 0x5c, 0x5f, 0x1e, 0x63, 0x41, 0x2b, 0x36, 0xdd, 0xcc, 0x30, 0xd6, 0xc5, - 0xa6, 0x0b, 0xb3, 0xe6, 0x44, 0x8b, 0xc3, 0xc6, 0x5b, 0xa9, 0x9d, 0x98, 0x4d, 0x65, 0x96, 0x8b, - 0x4e, 0x2b, 0x75, 0xba, 0x31, 0x5d, 0xb3, 0x29, 0x44, 0xdf, 0xc1, 0xa5, 0xc4, 0x2c, 0x8b, 0xb3, - 0xc9, 0xad, 0xd4, 0x0e, 0x13, 0xad, 0xb9, 0xf2, 0xf3, 0xb1, 0x38, 0xb3, 0xdb, 0x64, 0x27, 0xa4, - 0x03, 0xd3, 0xfa, 0xc4, 0x8b, 0xc3, 0xcb, 0xcd, 0x01, 0xac, 0xe4, 0x0d, 0xb9, 0xaa, 0x12, 0xbc, - 0xc4, 0xb9, 0x37, 0x7f, 0xe1, 0xc0, 0xc0, 0x5a, 0x2b, 0xc0, 0x38, 0xff, 0x66, 0x2a, 0x60, 0xc7, - 0xa7, 0x01, 0xed, 0xb5, 0xa9, 0x1e, 0x39, 0xf2, 0xba, 0x2a, 0xe0, 0xdf, 0xe5, 0xa0, 0x94, 0x86, - 0xb7, 0x41, 0x7b, 0x1d, 0xb2, 0x03, 0xc5, 0x78, 0x47, 0x42, 0xaa, 0x2d, 0x69, 0x51, 0x65, 0x93, - 0xb4, 0x71, 0xc1, 0x4e, 0x40, 0xb3, 0x4d, 0x48, 0x2b, 0x3b, 0x67, 0x88, 0x4e, 0x12, 0x54, 0x77, - 0x70, 0x6c, 0x60, 0x24, 0xd2, 0xaa, 0x77, 0xe4, 0xb8, 0x3d, 0xb6, 0x77, 0x2b, 0x83, 0xf0, 0x2e, - 0x40, 0x54, 0x2a, 0x78, 0xc3, 0x9d, 0x00, 0x58, 0x2a, 0xc3, 0xd5, 0x54, 0x13, 0xeb, 0x0b, 0xd4, - 0xe0, 0x62, 0x9f, 0xe3, 0x0f, 0x19, 0x14, 0xb2, 0x1b, 0x30, 0xb6, 0xbb, 0xd5, 0xa8, 0x57, 0xc5, - 0xb3, 0x08, 0xfe, 0xc6, 0xad, 0x1b, 0xb4, 0xda, 0x8e, 0xcd, 0x2b, 0xac, 0x7f, 0x9d, 0x87, 0x39, - 0xf9, 0x2e, 0xdb, 0xf0, 0xb0, 0x0c, 0x4d, 0x3f, 0xf5, 0x23, 0xf3, 0x5d, 0x79, 0x5d, 0xbd, 0x2b, - 0x7f, 0x8d, 0x94, 0xba, 0xe2, 0x45, 0xfa, 0x19, 0xdf, 0xb1, 0x3c, 0x54, 0x07, 0xbb, 0x51, 0xe3, - 0x60, 0x97, 0x36, 0x1e, 0xe3, 0x60, 0x87, 0x7c, 0xe0, 0x07, 0x3b, 0x79, 0x9c, 0x7b, 0x1d, 0xeb, - 0xfe, 0x13, 0x36, 0x97, 0x46, 0x97, 0x67, 0x7d, 0xc0, 0xb1, 0x85, 0xef, 0xe8, 0x1e, 0x6f, 0xae, - 0xd6, 0x99, 0x10, 0x09, 0x52, 0xe5, 0x0c, 0xdc, 0xc5, 0xa0, 0x1f, 0x81, 0x53, 0x97, 0x04, 0xd4, - 0x69, 0xe2, 0x59, 0xb0, 0xd6, 0xc4, 0x5a, 0x41, 0x6c, 0x8d, 0xea, 0xa3, 0xad, 0x14, 0x6c, 0x59, - 0x19, 0xd9, 0xb6, 0xf1, 0xa1, 0xed, 0x3a, 0xce, 0xd7, 0x9b, 0x20, 0xe2, 0x0f, 0x72, 0xfc, 0xe5, - 0x6e, 0xe3, 0xf1, 0xaa, 0xeb, 0xec, 0xf7, 0xbc, 0x20, 0x74, 0xdb, 0x9b, 0xbd, 0x67, 0x9e, 0xe6, - 0x60, 0xd6, 0xba, 0xd1, 0x12, 0x64, 0xa3, 0x35, 0x8e, 0xc9, 0xef, 0xc5, 0x4b, 0x21, 0x4c, 0x35, - 0x6d, 0xc7, 0x5b, 0x93, 0x4f, 0x61, 0x46, 0x2b, 0x52, 0xbb, 0x22, 0x4f, 0x5c, 0xa4, 0x83, 0xbb, - 0x1d, 0xdb, 0x6c, 0xf9, 0xde, 0x7b, 0x30, 0xa9, 0x7e, 0x5e, 0x86, 0x14, 0x60, 0x74, 0x73, 0x7b, - 0x73, 0x97, 0xa7, 0x12, 0xdd, 0x79, 0xb2, 0x5b, 0xcc, 0x11, 0x80, 0xf1, 0xd5, 0xb5, 0xad, 0xb5, - 0xdd, 0xb5, 0x62, 0xfe, 0xbd, 0x96, 0xee, 0x9f, 0x23, 0xd7, 0x60, 0x61, 0x75, 0xad, 0xb9, 0x59, - 0x5f, 0x6b, 0xed, 0xfe, 0x68, 0x67, 0xad, 0x65, 0xbe, 0x4e, 0x9a, 0x83, 0xa2, 0x5e, 0xb9, 0xfb, - 0x78, 0x77, 0xa7, 0x98, 0x23, 0x25, 0x98, 0xd3, 0x4b, 0x9f, 0xae, 0xd5, 0xaa, 0x4f, 0x76, 0x37, - 0xb6, 0x8b, 0x23, 0xd6, 0x68, 0x21, 0x5f, 0xcc, 0xbf, 0xf7, 0x73, 0xc3, 0x79, 0x47, 0x16, 0xa1, - 0x24, 0x9a, 0x3f, 0x69, 0x54, 0xd7, 0xb3, 0xbb, 0xe0, 0xb5, 0x8f, 0xee, 0x57, 0x8b, 0x39, 0x72, - 0x1d, 0xae, 0x1a, 0xa5, 0x3b, 0xd5, 0x46, 0xe3, 0xe9, 0x63, 0x7b, 0x75, 0x6b, 0xad, 0xd1, 0x28, - 0xe6, 0xdf, 0xbb, 0x25, 0xa2, 0x6c, 0xc8, 0x2c, 0xc0, 0xea, 0x5a, 0xa3, 0xbe, 0xb6, 0xbd, 0xba, - 0xb9, 0xbd, 0x5e, 0xbc, 0x40, 0x66, 0x60, 0xb2, 0xaa, 0x3e, 0x73, 0xcb, 0x7f, 0xff, 0x10, 0xa6, - 0x18, 0xa3, 0xa4, 0xaf, 0xab, 0x05, 0x0b, 0x8f, 0x1c, 0xb7, 0x17, 0x3a, 0x6e, 0x4f, 0xa8, 0x5e, - 0xa9, 0x38, 0x49, 0x65, 0x80, 0x26, 0x65, 0x4a, 0xb8, 0x3c, 0x2c, 0x96, 0xf0, 0x76, 0xee, 0x5e, - 0x8e, 0x34, 0x60, 0x2e, 0xed, 0xd4, 0x48, 0x2c, 0x33, 0x47, 0x51, 0x9a, 0x2d, 0x51, 0xce, 0x32, - 0x7c, 0xc9, 0x23, 0xb8, 0x94, 0xb0, 0x64, 0x15, 0xbd, 0x59, 0x36, 0xee, 0x20, 0x74, 0x25, 0xbc, - 0xc7, 0x08, 0xdd, 0xb8, 0x1d, 0x1b, 0x90, 0x2b, 0x09, 0x2b, 0x69, 0x8d, 0xed, 0x54, 0x99, 0xc8, - 0xee, 0xe5, 0x88, 0x0d, 0x73, 0x69, 0x36, 0xb1, 0x1a, 0xf2, 0x00, 0x83, 0xb9, 0x9c, 0xd1, 0x1d, - 0xc3, 0x99, 0x66, 0x75, 0x29, 0x9c, 0x03, 0x4c, 0xb2, 0x4c, 0x9c, 0x5f, 0xb0, 0xf3, 0x46, 0xaf, - 0xf3, 0x90, 0xd2, 0x7e, 0xb5, 0xeb, 0x3e, 0xa7, 0x01, 0x91, 0x91, 0xb0, 0xaa, 0x28, 0x0b, 0xf6, - 0x76, 0x8e, 0xfc, 0x16, 0x4c, 0x61, 0xb6, 0x79, 0x11, 0xb8, 0x35, 0xad, 0x67, 0xa0, 0x2f, 0xcb, - 0x2f, 0xac, 0xbc, 0x97, 0x23, 0x3f, 0x80, 0x89, 0x75, 0x1a, 0xa2, 0xbb, 0xf6, 0x66, 0xec, 0x87, - 0x9b, 0x36, 0x7b, 0xca, 0x19, 0x20, 0x09, 0x8e, 0x3b, 0x6f, 0x99, 0x66, 0xe2, 0x8f, 0x73, 0x11, - 0x43, 0xbc, 0xba, 0x9c, 0x20, 0x9b, 0xac, 0xb3, 0x15, 0xdd, 0xa5, 0x21, 0x3d, 0x6b, 0x97, 0x59, - 0x3c, 0xda, 0x82, 0x59, 0xf5, 0x54, 0x76, 0x1b, 0xef, 0xfb, 0xac, 0x18, 0xb2, 0xe0, 0x1c, 0xd8, - 0x3e, 0x63, 0x72, 0xcb, 0x77, 0x0f, 0x15, 0x25, 0x4c, 0xb2, 0xe2, 0x86, 0x15, 0x13, 0x79, 0x33, - 0x0d, 0x56, 0x25, 0xd0, 0x57, 0xb0, 0xf1, 0x94, 0xfa, 0x31, 0x58, 0x0a, 0x65, 0xbd, 0x5f, 0x33, - 0x62, 0x98, 0xdc, 0xd0, 0x08, 0x48, 0x0d, 0x74, 0x2e, 0xdf, 0x1c, 0xd0, 0x82, 0xef, 0x7f, 0xb8, - 0xd6, 0x1f, 0xc0, 0x8c, 0x11, 0x63, 0x4a, 0xe4, 0xf3, 0x97, 0xb4, 0x20, 0xe0, 0xf2, 0x62, 0x7a, - 0xa5, 0xd8, 0x4f, 0xef, 0xe3, 0x12, 0x8f, 0x25, 0xac, 0x2d, 0xa7, 0x25, 0xa6, 0xe5, 0x1e, 0xc0, - 0xb2, 0x4c, 0x3e, 0x16, 0x03, 0x79, 0x88, 0x19, 0x07, 0xcc, 0xc2, 0xe6, 0xf2, 0x40, 0x4c, 0x19, - 0xe9, 0x6f, 0xef, 0xe5, 0xc8, 0x1a, 0x5c, 0x56, 0x17, 0xb4, 0xda, 0xcf, 0x16, 0x65, 0x00, 0x64, - 0x8a, 0xc1, 0x57, 0x70, 0x59, 0x08, 0x95, 0x81, 0xa6, 0xa8, 0xf4, 0x83, 0xd8, 0xc4, 0x32, 0x11, - 0x3c, 0x80, 0xf9, 0x46, 0x6c, 0x50, 0xfc, 0x8c, 0x73, 0xd5, 0x44, 0xa1, 0x65, 0xca, 0xcd, 0xc4, - 0xf5, 0x10, 0x48, 0xe3, 0x78, 0xef, 0xc8, 0x55, 0xe8, 0x9e, 0xbb, 0xf4, 0x05, 0xb9, 0x1e, 0x1b, - 0x12, 0x2b, 0xc4, 0x66, 0xa8, 0x60, 0xb2, 0x58, 0x44, 0x76, 0x79, 0xda, 0x1d, 0x9e, 0x42, 0xd0, - 0xe9, 0x3b, 0x7b, 0x6e, 0xd7, 0x0d, 0x5d, 0xca, 0x64, 0x4c, 0x07, 0xd0, 0xab, 0xa4, 0x38, 0x5c, - 0xcd, 0x6c, 0x41, 0xbe, 0x84, 0x99, 0x75, 0x1a, 0x46, 0xc9, 0x80, 0xc9, 0x42, 0x22, 0x7d, 0xb0, - 0x98, 0x3a, 0x19, 0xaa, 0x63, 0x66, 0x20, 0xde, 0x84, 0x22, 0xd7, 0x8f, 0x1a, 0x8a, 0xeb, 0x09, - 0x14, 0xa2, 0x89, 0xe3, 0x3b, 0x47, 0x41, 0x26, 0xb7, 0xee, 0xc2, 0xe8, 0x8e, 0xdb, 0xdb, 0x27, - 0xf2, 0xe6, 0x4d, 0x4b, 0xa6, 0x59, 0xbe, 0x6c, 0x94, 0x09, 0x39, 0xde, 0x83, 0x0a, 0xcf, 0x82, - 0x9b, 0xcc, 0x3c, 0x2b, 0x7f, 0xea, 0xe3, 0x6d, 0x15, 0x67, 0x3e, 0x20, 0x5b, 0xae, 0xe2, 0x4f, - 0xbc, 0xbe, 0xb9, 0x42, 0x76, 0x90, 0xeb, 0xc9, 0x0e, 0xc8, 0x5b, 0xd1, 0x96, 0x98, 0x99, 0xf8, - 0xb6, 0x4c, 0xe2, 0x88, 0x9b, 0x2b, 0x44, 0xa5, 0xd3, 0x49, 0x41, 0x7a, 0xcb, 0xd8, 0xb9, 0xcf, - 0x87, 0xf7, 0x4b, 0x98, 0x54, 0x59, 0x5f, 0x95, 0xf2, 0x8a, 0xa7, 0xaa, 0x2d, 0x97, 0x92, 0x15, - 0x82, 0x9b, 0x5f, 0xf0, 0x04, 0xcd, 0x26, 0x7c, 0x3c, 0x31, 0x6a, 0xe6, 0xe4, 0x7d, 0x0a, 0x53, - 0x5a, 0x4a, 0x54, 0xb5, 0x58, 0x92, 0x69, 0x52, 0xcb, 0xe6, 0xcf, 0xd3, 0xdd, 0xcb, 0x91, 0xbb, - 0xb8, 0x81, 0xa1, 0xa7, 0x70, 0x3e, 0x02, 0xd3, 0x32, 0x42, 0xc6, 0x40, 0xc8, 0xc7, 0x18, 0xee, - 0x5b, 0x3f, 0xf6, 0x7d, 0xda, 0xe3, 0x70, 0x59, 0x96, 0x44, 0x0c, 0x70, 0x05, 0x0a, 0x32, 0xdb, - 0x37, 0xb9, 0x62, 0x76, 0x95, 0x4d, 0xde, 0x0a, 0x00, 0x67, 0x16, 0xf6, 0x64, 0x56, 0x67, 0xb2, - 0x63, 0x85, 0xed, 0xaa, 0x9d, 0x73, 0x02, 0x7d, 0x29, 0x77, 0x56, 0x04, 0x2a, 0x19, 0x53, 0xa0, - 0xb3, 0x23, 0x0b, 0x7e, 0x13, 0x8a, 0xd5, 0x36, 0xea, 0x7a, 0x95, 0xdd, 0x92, 0x2c, 0xa9, 0xa5, - 0x6f, 0x56, 0x48, 0x5c, 0xf3, 0xf1, 0x64, 0x99, 0x5b, 0xd4, 0xc1, 0xc8, 0xe3, 0x05, 0xb5, 0xe3, - 0xc7, 0xaa, 0xd2, 0x21, 0x32, 0x89, 0x5a, 0x83, 0xb9, 0xba, 0xd3, 0x6b, 0xd3, 0xee, 0xeb, 0xa1, - 0xf9, 0x0c, 0xf5, 0x94, 0x96, 0xf9, 0xf3, 0x4a, 0x1c, 0x5e, 0xa8, 0xa9, 0x4b, 0xca, 0x19, 0xa3, - 0x9a, 0x56, 0xe1, 0xa2, 0x48, 0x30, 0xa4, 0xd8, 0x92, 0x05, 0x9d, 0xd5, 0xfd, 0xc7, 0x30, 0xbb, - 0xc6, 0xf4, 0xf8, 0x71, 0xc7, 0xe5, 0xaf, 0x2d, 0x88, 0x19, 0x3e, 0x9f, 0x09, 0xb8, 0x21, 0x73, - 0x31, 0x6b, 0x29, 0x31, 0xd5, 0xea, 0x48, 0x66, 0x1d, 0x2d, 0xcf, 0x49, 0xb4, 0x7a, 0xf6, 0x4c, - 0xb4, 0x00, 0xf6, 0x65, 0xda, 0xb5, 0x58, 0xa2, 0x43, 0x5d, 0x13, 0x65, 0xa6, 0x41, 0x2c, 0xbf, - 0x3d, 0xb8, 0x91, 0x08, 0xcc, 0x18, 0xf9, 0xeb, 0x79, 0x66, 0x63, 0x2f, 0x64, 0x24, 0x91, 0x24, - 0xef, 0x28, 0x93, 0x78, 0x50, 0x92, 0xc9, 0x14, 0xa3, 0xf1, 0x1b, 0x2d, 0x59, 0x54, 0x06, 0xce, - 0xc1, 0xd9, 0x25, 0x33, 0x19, 0xac, 0x02, 0xb1, 0x53, 0xb3, 0x40, 0x92, 0x77, 0x4d, 0xec, 0x03, - 0x32, 0x45, 0x66, 0xf6, 0xf0, 0x18, 0x45, 0x2f, 0x4a, 0x42, 0xa8, 0x4c, 0xaf, 0xb4, 0x4c, 0x91, - 0xca, 0xf4, 0x4a, 0x4d, 0xe1, 0xc8, 0x19, 0xbc, 0x0e, 0x17, 0x63, 0xf9, 0x18, 0xc9, 0xf5, 0x38, - 0x63, 0x87, 0x30, 0x94, 0x23, 0x7a, 0x24, 0x05, 0x3b, 0x89, 0x28, 0x3d, 0x43, 0x63, 0xd6, 0x18, - 0x39, 0xba, 0x27, 0xca, 0x76, 0xd2, 0x73, 0x2e, 0x92, 0x9b, 0x29, 0x2c, 0x3c, 0x1b, 0xeb, 0x38, - 0xda, 0x06, 0x14, 0xe3, 0x29, 0x0b, 0xc9, 0x52, 0xcc, 0xc7, 0x14, 0xcb, 0xcb, 0x58, 0xae, 0x64, - 0xd6, 0x8b, 0xdd, 0xea, 0x41, 0x34, 0x29, 0xfc, 0xc6, 0x3f, 0x3e, 0x29, 0x7a, 0x06, 0xb1, 0xc4, - 0xa4, 0x98, 0xe9, 0xbc, 0xd6, 0x71, 0x3f, 0xd1, 0x52, 0x85, 0x65, 0xee, 0x27, 0xd7, 0xd3, 0xf0, - 0x44, 0xb7, 0xd0, 0x0d, 0x99, 0x1b, 0x5e, 0xa3, 0x6b, 0xc9, 0xd8, 0x70, 0x93, 0xa4, 0x55, 0x32, - 0xeb, 0xd5, 0x48, 0x8b, 0xf1, 0x3c, 0x6b, 0x0a, 0x69, 0x46, 0x02, 0xb6, 0x4c, 0x51, 0xbe, 0x0f, - 0x73, 0xe6, 0x2c, 0x0e, 0x19, 0x6f, 0x16, 0x9e, 0x5d, 0x98, 0x4f, 0xcd, 0xb1, 0xa6, 0x74, 0xd1, - 0xa0, 0x0c, 0x6c, 0x99, 0x58, 0x29, 0x5c, 0x49, 0x4f, 0xab, 0xa7, 0xcc, 0xb8, 0x81, 0xe9, 0x02, - 0xcb, 0xef, 0x0c, 0x69, 0x25, 0x18, 0xfa, 0x2d, 0x1e, 0x5b, 0x12, 0x7d, 0xdc, 0xd4, 0x7c, 0x1c, - 0x19, 0x1d, 0x58, 0x83, 0x9a, 0x28, 0x19, 0x98, 0x4b, 0xcb, 0x37, 0x99, 0xc9, 0xe2, 0xb7, 0xb2, - 0x71, 0x46, 0x82, 0xd5, 0x94, 0xcf, 0xec, 0x33, 0x39, 0x33, 0x30, 0x83, 0xde, 0x80, 0x23, 0x78, - 0x94, 0x65, 0xf5, 0xec, 0x24, 0x67, 0x1f, 0x9d, 0x66, 0x8c, 0xd4, 0x76, 0x44, 0x86, 0xa5, 0xc4, - 0xb2, 0xe8, 0x25, 0xd6, 0x64, 0x4a, 0x8a, 0x3d, 0xbe, 0x26, 0xb5, 0x34, 0x79, 0x67, 0x59, 0x93, - 0x69, 0x59, 0xf5, 0xd4, 0xf2, 0xd1, 0xe8, 0x92, 0x46, 0x51, 0xbc, 0xe2, 0x3c, 0xcb, 0xe7, 0x2c, - 0xa4, 0x65, 0xe1, 0x59, 0x45, 0x63, 0x59, 0xfd, 0xd8, 0xeb, 0x55, 0x83, 0x4d, 0x86, 0x1e, 0x2c, - 0x1b, 0x83, 0x33, 0x55, 0x60, 0x1d, 0xa6, 0xf5, 0x2c, 0x7d, 0x99, 0x54, 0x5c, 0x4b, 0xe2, 0x08, - 0x34, 0x5f, 0xc0, 0xac, 0xe2, 0x02, 0xa7, 0x66, 0x31, 0xce, 0x1c, 0x83, 0xa0, 0xec, 0x21, 0x11, - 0x9d, 0x35, 0x43, 0x48, 0xca, 0x36, 0x16, 0x2f, 0x73, 0xb3, 0xd9, 0xfc, 0x2d, 0xe0, 0x8c, 0x9f, - 0x14, 0xce, 0x44, 0xf3, 0x04, 0x9f, 0x2a, 0xea, 0x29, 0xf7, 0x88, 0x26, 0x25, 0x29, 0xa9, 0xf8, - 0xca, 0x4b, 0x59, 0xd5, 0xfa, 0xbe, 0xfd, 0x35, 0x5c, 0x4a, 0xa4, 0x16, 0x54, 0xae, 0xd1, 0xac, - 0xa4, 0x83, 0x83, 0xf7, 0xc6, 0x0d, 0x36, 0xe0, 0x18, 0x60, 0x73, 0x79, 0x38, 0xd2, 0xa4, 0x85, - 0xb5, 0x25, 0x5f, 0x37, 0xa6, 0x11, 0x97, 0x95, 0xc0, 0x70, 0xb8, 0x82, 0x8f, 0xa5, 0x2e, 0x8c, - 0x29, 0xf8, 0xf4, 0xc4, 0x86, 0x99, 0x58, 0x7f, 0x86, 0xbf, 0x9b, 0x11, 0x4b, 0x8b, 0xa7, 0x7c, - 0x64, 0x99, 0xa9, 0x10, 0xcb, 0x37, 0x07, 0xb4, 0xd0, 0x27, 0x68, 0x0b, 0xe6, 0xd2, 0x12, 0x0d, - 0x6a, 0x9e, 0xdc, 0xcc, 0x2c, 0x84, 0x29, 0x1c, 0xb5, 0xe5, 0x6a, 0xcf, 0xc0, 0x36, 0x20, 0xed, - 0x60, 0x26, 0x07, 0x7e, 0x2c, 0x93, 0x49, 0x26, 0xd3, 0x03, 0xaa, 0xc3, 0xff, 0x90, 0xfc, 0x81, - 0x03, 0x8e, 0x1a, 0x17, 0x1b, 0xee, 0x7e, 0x4f, 0xcb, 0xbe, 0xa7, 0x0e, 0x1a, 0xc9, 0x0c, 0x82, - 0x4a, 0xb3, 0xa4, 0x25, 0xeb, 0x7b, 0x1c, 0x5d, 0x66, 0xea, 0x59, 0xe2, 0x48, 0x39, 0x3b, 0x4d, - 0x9d, 0xd2, 0x32, 0xa9, 0x69, 0xe5, 0x34, 0x84, 0x7a, 0x8a, 0x36, 0x85, 0x30, 0x25, 0x5b, 0x9c, - 0x42, 0x98, 0x9a, 0xd3, 0x8d, 0xfb, 0x0c, 0xf0, 0x97, 0x43, 0x35, 0x9f, 0x81, 0x96, 0x60, 0xad, - 0x6c, 0xe6, 0x62, 0x23, 0x9f, 0xe3, 0xd1, 0x9f, 0xdf, 0x8b, 0x66, 0xdf, 0x3b, 0x18, 0x98, 0x22, - 0x25, 0xb9, 0x22, 0x7d, 0xe4, 0xd8, 0xa1, 0x89, 0x79, 0xf8, 0x69, 0x1e, 0x81, 0xcc, 0xd3, 0xbc, - 0x4e, 0x68, 0xb6, 0xf3, 0x70, 0x5a, 0x4f, 0x00, 0xa2, 0x78, 0x95, 0x92, 0x7b, 0x48, 0xf1, 0x2a, - 0x2d, 0xa3, 0x0f, 0x1e, 0x1e, 0x77, 0xe5, 0x49, 0x21, 0xc2, 0x77, 0x7d, 0x60, 0x4a, 0x9e, 0xf2, - 0xd2, 0xe0, 0x3c, 0x36, 0xe2, 0x02, 0xaa, 0x18, 0xcf, 0x51, 0x42, 0xd2, 0x32, 0x2a, 0x69, 0xa9, - 0x5f, 0x94, 0xbd, 0x9b, 0x99, 0xdc, 0x64, 0x47, 0x9e, 0x42, 0x4c, 0xbc, 0x19, 0x79, 0x75, 0x74, - 0xd4, 0x83, 0xed, 0x92, 0x28, 0x5d, 0x89, 0x7e, 0x56, 0x48, 0xa4, 0x43, 0xd1, 0xed, 0x92, 0x94, - 0x0c, 0x27, 0xae, 0x8c, 0xd4, 0x4c, 0xcf, 0xd2, 0xf7, 0xae, 0x69, 0xcd, 0x0f, 0x78, 0x12, 0x33, - 0xf4, 0x8a, 0x8f, 0xfc, 0x54, 0x66, 0x16, 0x4f, 0xe6, 0xb0, 0x7a, 0x27, 0xe6, 0x27, 0x4c, 0x7f, - 0x44, 0x51, 0x1e, 0x94, 0x22, 0x8b, 0x3c, 0xc2, 0xd7, 0xf6, 0x8f, 0x37, 0x57, 0xeb, 0x75, 0xaf, - 0xd7, 0xa3, 0xed, 0xd0, 0xf3, 0x13, 0xb7, 0x39, 0xda, 0x6f, 0xdc, 0x45, 0x4c, 0xe6, 0x4d, 0x0c, - 0xc0, 0xe6, 0x0a, 0x69, 0xe0, 0xa5, 0x82, 0x51, 0x9a, 0x72, 0xa1, 0x93, 0x82, 0xb0, 0x9c, 0x8e, - 0x70, 0xcb, 0x0d, 0x42, 0x6e, 0x0f, 0xb0, 0x85, 0x67, 0x92, 0x99, 0x41, 0xc3, 0x20, 0xb3, 0x82, - 0x8b, 0x4d, 0x3a, 0x1a, 0x49, 0xdd, 0x30, 0x39, 0x5a, 0x87, 0x79, 0xce, 0xf0, 0x58, 0xa4, 0x81, - 0x41, 0x8f, 0x56, 0x5e, 0xce, 0x28, 0x27, 0xdb, 0xb8, 0x0f, 0xc6, 0x4b, 0xb5, 0x7d, 0x30, 0x3d, - 0x94, 0x21, 0x13, 0x1f, 0x9f, 0xca, 0x46, 0xf5, 0xd1, 0xd6, 0x2b, 0x4d, 0xa5, 0x01, 0xd8, 0x5c, - 0x16, 0x53, 0x69, 0x94, 0x9e, 0x6f, 0x2a, 0x63, 0x08, 0xcd, 0xa9, 0x34, 0xc9, 0xcc, 0xa0, 0x61, - 0xf8, 0x54, 0xa6, 0xa3, 0x39, 0xf7, 0x54, 0xc6, 0xc2, 0x3c, 0x0c, 0x7a, 0xd2, 0xa6, 0x32, 0xde, - 0x9e, 0x4f, 0x65, 0xbc, 0x54, 0x9b, 0xca, 0xf4, 0x38, 0x92, 0x4c, 0x7c, 0x5f, 0x23, 0x3e, 0x1e, - 0x47, 0x72, 0xae, 0xc9, 0x2c, 0xc9, 0x43, 0x84, 0x09, 0xda, 0x5c, 0x21, 0x4f, 0xf1, 0xbc, 0x1b, - 0x2b, 0x3f, 0xdb, 0x84, 0x2e, 0x66, 0x21, 0xc5, 0x29, 0xdd, 0x84, 0x79, 0x3e, 0xa5, 0x71, 0x72, - 0x33, 0x69, 0x19, 0x34, 0x1f, 0x7c, 0x5a, 0xe3, 0xa8, 0xce, 0x3b, 0xb1, 0x8f, 0xa4, 0xd2, 0x4c, - 0x84, 0xe2, 0xc4, 0xa8, 0xd2, 0x27, 0x37, 0xb3, 0x86, 0xec, 0xe2, 0x69, 0x3e, 0x59, 0xae, 0x79, - 0x02, 0xb2, 0x62, 0x7e, 0x86, 0x62, 0x4d, 0xc4, 0xf6, 0xe8, 0x58, 0xb3, 0x02, 0x7f, 0x14, 0xd6, - 0x24, 0xf4, 0x2a, 0x2e, 0xdb, 0x5d, 0x9f, 0x9d, 0x8e, 0x3a, 0xc9, 0xa3, 0x93, 0xc9, 0x3f, 0x79, - 0xcd, 0x67, 0x36, 0x6f, 0x2e, 0x93, 0x4d, 0x14, 0x40, 0xb3, 0x78, 0xd0, 0xd9, 0x32, 0x1d, 0x0d, - 0xca, 0xc7, 0x86, 0x34, 0xc7, 0x63, 0x34, 0x65, 0xf5, 0x9d, 0x4d, 0x94, 0x3a, 0x78, 0x9f, 0x71, - 0x74, 0x59, 0xd2, 0xc1, 0xad, 0x40, 0x7e, 0xce, 0x1d, 0xc6, 0x99, 0x1d, 0xdf, 0x7b, 0xee, 0xaa, - 0x9f, 0x8a, 0x68, 0x2e, 0x93, 0x1f, 0xc2, 0xa4, 0x04, 0x1e, 0xce, 0x90, 0x38, 0x34, 0x32, 0xe4, - 0x4b, 0x98, 0x12, 0x0c, 0x41, 0x0a, 0xb2, 0x7a, 0x1a, 0x6c, 0xc8, 0x68, 0x11, 0x72, 0x9a, 0x21, - 0x93, 0x0c, 0xd5, 0xd3, 0x0c, 0x99, 0xb4, 0xa0, 0xba, 0x1f, 0xc0, 0x94, 0x60, 0xe9, 0x40, 0x6e, - 0x64, 0x7b, 0x8e, 0xe6, 0xa3, 0x70, 0x49, 0xbc, 0xc7, 0xa8, 0x7b, 0xbd, 0x67, 0xee, 0xfe, 0x50, - 0xc6, 0x24, 0x41, 0x9a, 0xcb, 0xa4, 0x89, 0xe9, 0x5a, 0xe4, 0x1b, 0x0c, 0x1a, 0xbe, 0xf0, 0xfc, - 0x43, 0xb7, 0xb7, 0x3f, 0x04, 0xe5, 0x0d, 0x13, 0x65, 0x1c, 0x8e, 0xe3, 0x6d, 0x64, 0xe3, 0x1d, - 0x0a, 0x9f, 0x39, 0xfa, 0x6d, 0x58, 0xc4, 0xcb, 0xd9, 0xf3, 0x52, 0x9c, 0x7d, 0xdc, 0xbe, 0x1a, - 0x85, 0x56, 0xd9, 0xb4, 0xed, 0xf9, 0x9d, 0xe1, 0xc8, 0x2a, 0x66, 0x98, 0x54, 0x0c, 0xac, 0xb9, - 0xcc, 0xb0, 0x36, 0x32, 0xb1, 0x0e, 0x83, 0x1e, 0xa0, 0x61, 0xaf, 0xe1, 0xd8, 0xcf, 0x49, 0x6d, - 0xb6, 0xe3, 0x08, 0x83, 0x51, 0x8e, 0xc3, 0x83, 0x1d, 0x9f, 0x3e, 0xa3, 0x3e, 0xc6, 0xc7, 0x0d, - 0x8b, 0x0c, 0x33, 0x9b, 0x37, 0x97, 0x19, 0x96, 0x46, 0x02, 0x4b, 0x56, 0xeb, 0x41, 0xc6, 0x05, - 0x0e, 0xed, 0x8c, 0xd4, 0x64, 0x5f, 0xfe, 0x4e, 0xaa, 0xa4, 0x6c, 0x44, 0x3b, 0x54, 0x1a, 0x29, - 0xc7, 0xca, 0x33, 0x7a, 0x1c, 0x57, 0x40, 0xaa, 0xdc, 0x86, 0xd3, 0x93, 0x93, 0x69, 0xb7, 0x24, - 0xa9, 0x59, 0xcb, 0xe2, 0x28, 0xf8, 0xa1, 0x78, 0xcb, 0x6b, 0x1f, 0xea, 0x87, 0x62, 0x2d, 0xdb, - 0x55, 0xd9, 0xcc, 0x45, 0x25, 0xd4, 0x21, 0x26, 0xa4, 0xd2, 0xef, 0xc3, 0xf5, 0x7c, 0x57, 0xfa, - 0xa1, 0xd8, 0xcc, 0xcc, 0xa5, 0x0e, 0xc5, 0xd8, 0xa1, 0x89, 0x79, 0xf8, 0xa1, 0x18, 0x81, 0xcc, - 0x43, 0xb1, 0x4e, 0x68, 0xf6, 0xc2, 0x23, 0xc9, 0xd4, 0x5c, 0xca, 0xdc, 0xca, 0xcc, 0xda, 0x35, - 0xe0, 0xca, 0xfc, 0x72, 0x4a, 0x36, 0x41, 0x75, 0xd8, 0xcc, 0xce, 0x34, 0x58, 0x36, 0xef, 0x7f, - 0xef, 0xe5, 0xc8, 0x36, 0xfe, 0xca, 0x89, 0x50, 0x05, 0x36, 0x0d, 0x42, 0xdf, 0x6d, 0x87, 0x03, - 0xdd, 0xc3, 0xd2, 0xba, 0x4a, 0x81, 0x69, 0x7e, 0xc0, 0xf0, 0x35, 0xd2, 0xf1, 0x0d, 0x84, 0x1b, - 0xe0, 0x4f, 0xb8, 0x2a, 0xe2, 0xf6, 0xce, 0x41, 0x62, 0xb6, 0x88, 0x4f, 0xf0, 0x3b, 0xb0, 0x6c, - 0xd0, 0x62, 0xf4, 0x2e, 0x5d, 0xd8, 0x8b, 0x77, 0x60, 0x9c, 0x03, 0x65, 0xee, 0x36, 0xd3, 0x3a, - 0x0c, 0x79, 0x5f, 0x46, 0xb4, 0x30, 0x10, 0xa3, 0x2a, 0x93, 0xae, 0xf7, 0x61, 0x92, 0x3b, 0x90, - 0xcf, 0x0e, 0xf2, 0xb9, 0x8c, 0x7b, 0x19, 0x44, 0x58, 0x76, 0xb8, 0xd9, 0x8c, 0x7e, 0xa1, 0x76, - 0x7e, 0x46, 0xfe, 0x00, 0x9d, 0xf8, 0xd2, 0x69, 0x96, 0x0d, 0x3f, 0x1f, 0xcb, 0x11, 0x20, 0x58, - 0xfa, 0x09, 0xde, 0x24, 0xa8, 0xb4, 0x9c, 0x59, 0xe4, 0x5f, 0x4a, 0x40, 0x93, 0xcf, 0x61, 0x96, - 0x33, 0x57, 0x01, 0x27, 0x1b, 0x0d, 0xe0, 0xd9, 0x2c, 0x67, 0xf3, 0xab, 0x00, 0xff, 0x50, 0x5e, - 0x39, 0x0c, 0x25, 0xfb, 0x2c, 0x97, 0x0d, 0xc3, 0x59, 0x97, 0x85, 0xe5, 0xa7, 0xb8, 0xe9, 0xa6, - 0xa7, 0xe0, 0xcb, 0x44, 0x76, 0x5b, 0xbb, 0x4c, 0x19, 0x9c, 0xbc, 0xef, 0x10, 0x23, 0x9f, 0x53, - 0x1b, 0x29, 0x57, 0xef, 0x90, 0x9c, 0x7c, 0xe5, 0xef, 0x0d, 0x6d, 0xa7, 0x1c, 0xac, 0xe2, 0x27, - 0x76, 0xd2, 0xfb, 0x1b, 0x92, 0x88, 0x2f, 0xc5, 0xf9, 0x9d, 0x91, 0xdf, 0x4e, 0x22, 0x34, 0xc3, - 0x2a, 0x06, 0x8e, 0x21, 0x8b, 0xfd, 0x5f, 0x6b, 0xbf, 0x94, 0x73, 0xce, 0x49, 0xc8, 0x36, 0xa3, - 0x48, 0x32, 0xeb, 0x1f, 0x19, 0xf4, 0x38, 0x5e, 0xbf, 0x5a, 0xc8, 0xca, 0x16, 0xb8, 0x2e, 0xc3, - 0xec, 0x63, 0x99, 0x26, 0xb2, 0x72, 0x56, 0x0c, 0x38, 0xe4, 0x8a, 0x40, 0xf3, 0x37, 0x82, 0x28, - 0x39, 0xdb, 0xe7, 0x47, 0xa4, 0xae, 0x38, 0x62, 0x88, 0xac, 0x01, 0xd3, 0x3b, 0xdc, 0xdb, 0x5a, - 0xca, 0x98, 0xd7, 0xf3, 0x4f, 0xa8, 0x13, 0x05, 0x57, 0x27, 0x53, 0x13, 0xaa, 0x6d, 0x3f, 0x33, - 0x4d, 0xa2, 0x9a, 0xdd, 0x01, 0x79, 0x0d, 0xeb, 0xd1, 0x0f, 0x6a, 0x1a, 0xb9, 0x0c, 0xeb, 0xf6, - 0x96, 0x3a, 0x5e, 0xa5, 0x25, 0x39, 0x2c, 0x83, 0xac, 0xb4, 0xb7, 0xd8, 0x5a, 0xcf, 0x4a, 0xa1, - 0x17, 0xc5, 0x74, 0x0e, 0xce, 0x52, 0xa8, 0xd6, 0xfa, 0xd0, 0x5c, 0x7c, 0xdb, 0x30, 0x97, 0x96, - 0xfa, 0x4e, 0x4d, 0xda, 0x80, 0xbc, 0x78, 0xa9, 0x81, 0xa3, 0x3b, 0x30, 0x9f, 0x9a, 0x7e, 0x4e, - 0xdd, 0xf5, 0x0d, 0x4a, 0x4e, 0x97, 0x8a, 0xf1, 0x1b, 0x58, 0xc8, 0xc8, 0xb5, 0x16, 0x79, 0xae, - 0x07, 0xe6, 0x62, 0xcb, 0x14, 0x88, 0x6f, 0xa1, 0x9c, 0x9d, 0xc6, 0x8b, 0xdc, 0x36, 0xbd, 0xef, - 0xd9, 0xc9, 0xb3, 0xca, 0xa9, 0x79, 0x07, 0xc9, 0x2e, 0x26, 0x08, 0x4e, 0xcb, 0xeb, 0xa5, 0xe8, - 0x1e, 0x9c, 0xf7, 0x2b, 0x23, 0xe0, 0x77, 0x21, 0x23, 0x95, 0xd7, 0x00, 0xac, 0x67, 0xa0, 0x76, - 0x5b, 0xea, 0x25, 0x33, 0xb7, 0x53, 0xec, 0xf9, 0x4f, 0x6a, 0xe2, 0xa7, 0x54, 0x3a, 0x1f, 0xc0, - 0x8c, 0x91, 0x5c, 0x43, 0x89, 0x7f, 0x5a, 0x86, 0x17, 0xe5, 0x5d, 0x48, 0xcf, 0xc7, 0xb1, 0x86, - 0x57, 0x2e, 0xd1, 0xf3, 0xca, 0x01, 0x36, 0x70, 0x74, 0xb5, 0x9b, 0x7c, 0xc5, 0xf9, 0x10, 0x0f, - 0x45, 0xc6, 0xa3, 0xcc, 0x01, 0xc7, 0x61, 0x85, 0x29, 0xf5, 0x15, 0x67, 0xad, 0xf8, 0xcb, 0xff, - 0xbe, 0x94, 0xfb, 0xe5, 0xaf, 0x97, 0x72, 0xff, 0xf9, 0xd7, 0x4b, 0xb9, 0x5f, 0xfd, 0x7a, 0x29, - 0xb7, 0x37, 0x8e, 0x10, 0x2b, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x23, 0x18, 0x56, 0x17, 0xcc, - 0x9e, 0x00, 0x00, +func (m *UnstableSystemRoleAssertion) GetServerID() string { + if m != nil { + return m.ServerID + } + return "" } -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn +func (m *UnstableSystemRoleAssertion) GetAssertionID() string { + if m != nil { + return m.AssertionID + } + return "" +} -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 +func (m *UnstableSystemRoleAssertion) GetSystemRole() github_com_gravitational_teleport_api_types.SystemRole { + if m != nil { + return m.SystemRole + } + return "" +} -// AuthServiceClient is the client API for AuthService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type AuthServiceClient interface { - // MaintainSessionPresence establishes a channel used to continously verify the presence for a - // session. - MaintainSessionPresence(ctx context.Context, opts ...grpc.CallOption) (AuthService_MaintainSessionPresenceClient, error) - // CreateSessionTracker creates a new session tracker resource. - CreateSessionTracker(ctx context.Context, in *CreateSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) - // GetSessionTracker fetches a session tracker resource. - GetSessionTracker(ctx context.Context, in *GetSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) - // GetActiveSessionTrackers returns a list of active sessions. - GetActiveSessionTrackers(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (AuthService_GetActiveSessionTrackersClient, error) - // RemoveSessionTracker removes a session tracker resource. - RemoveSessionTracker(ctx context.Context, in *RemoveSessionTrackerRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateSessionTracker updates some state of a session tracker. - UpdateSessionTracker(ctx context.Context, in *UpdateSessionTrackerRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // SendKeepAlives allows node to send a stream of keep alive requests - SendKeepAlives(ctx context.Context, opts ...grpc.CallOption) (AuthService_SendKeepAlivesClient, error) - // WatchEvents returns a new stream of cluster events - WatchEvents(ctx context.Context, in *Watch, opts ...grpc.CallOption) (AuthService_WatchEventsClient, error) - // GetNode retrieves a node described by the given request. - GetNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*types.ServerV2, error) - // UpsertNode upserts a node in a backend. - UpsertNode(ctx context.Context, in *types.ServerV2, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteNode deletes an existing node in a backend described by the given request. - DeleteNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllNodes deletes all nodes. - DeleteAllNodes(ctx context.Context, in *types.ResourcesInNamespaceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GenerateUserCerts generates a set of user certificates. - GenerateUserCerts(ctx context.Context, in *UserCertsRequest, opts ...grpc.CallOption) (*Certs, error) - // GenerateHostCerts generates a set of host certificates. - GenerateHostCerts(ctx context.Context, in *HostCertsRequest, opts ...grpc.CallOption) (*Certs, error) - // GenerateUserSingleUseCerts generates a set of single-use user - // certificates. - GenerateUserSingleUseCerts(ctx context.Context, opts ...grpc.CallOption) (AuthService_GenerateUserSingleUseCertsClient, error) - // IsMFARequired checks whether MFA is required to access the specified - // target. - IsMFARequired(ctx context.Context, in *IsMFARequiredRequest, opts ...grpc.CallOption) (*IsMFARequiredResponse, error) - // GetAccessRequests gets all pending access requests. - // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. - GetAccessRequests(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (*AccessRequests, error) - // GetAccessRequestsV2 gets all pending access requests. - GetAccessRequestsV2(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (AuthService_GetAccessRequestsV2Client, error) - // CreateAccessRequest creates a new access request. - CreateAccessRequest(ctx context.Context, in *types.AccessRequestV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAccessRequest deletes an access request. - DeleteAccessRequest(ctx context.Context, in *RequestID, opts ...grpc.CallOption) (*empty.Empty, error) - // SetAccessRequestState sets the state of an access request. - SetAccessRequestState(ctx context.Context, in *RequestStateSetter, opts ...grpc.CallOption) (*empty.Empty, error) - // SubmitAccessReview applies a review to a request and returns the post-application state. - SubmitAccessReview(ctx context.Context, in *types.AccessReviewSubmission, opts ...grpc.CallOption) (*types.AccessRequestV3, error) - // GetAccessCapabilities requests the access capabilites of a user. - GetAccessCapabilities(ctx context.Context, in *types.AccessCapabilitiesRequest, opts ...grpc.CallOption) (*types.AccessCapabilities, error) - // GetPluginData gets all plugin data matching the supplied filter. - GetPluginData(ctx context.Context, in *types.PluginDataFilter, opts ...grpc.CallOption) (*PluginDataSeq, error) - // UpdatePluginData updates a plugin's resource-specific datastore. - UpdatePluginData(ctx context.Context, in *types.PluginDataUpdateParams, opts ...grpc.CallOption) (*empty.Empty, error) - // Ping gets basic info about the auth server. This method is intended - // to mimic the behavior of the proxy's Ping method, and may be used by - // clients for verification or configuration on startup. - Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error) - // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. - // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. - RotateResetPasswordTokenSecrets(ctx context.Context, in *RotateUserTokenSecretsRequest, opts ...grpc.CallOption) (*types.UserTokenSecretsV3, error) - // GetResetPasswordToken returns a reset password token. - GetResetPasswordToken(ctx context.Context, in *GetResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // CreateResetPasswordToken resets users current password and second factors and creates a reset - // password token. - CreateResetPasswordToken(ctx context.Context, in *CreateResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // CreateBot creates a new bot user. - CreateBot(ctx context.Context, in *CreateBotRequest, opts ...grpc.CallOption) (*CreateBotResponse, error) - // DeleteBot deletes a bot user. - DeleteBot(ctx context.Context, in *DeleteBotRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetBotUsers gets all users with bot labels. - GetBotUsers(ctx context.Context, in *GetBotUsersRequest, opts ...grpc.CallOption) (AuthService_GetBotUsersClient, error) - // GetUser gets a user resource by name. - GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*types.UserV2, error) - // GetCurrentUser returns current user as seen by the server. - // Useful especially in the context of remote clusters which perform role and trait mapping. - GetCurrentUser(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.UserV2, error) - // GetUsers gets all current user resources. - GetUsers(ctx context.Context, in *GetUsersRequest, opts ...grpc.CallOption) (AuthService_GetUsersClient, error) - // CreateUser inserts a new user entry to a backend. - CreateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateUser updates an existing user in a backend. - UpdateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteUser deletes an existing user in a backend by username. - DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // AcquireSemaphore acquires lease with requested resources from semaphore. - AcquireSemaphore(ctx context.Context, in *types.AcquireSemaphoreRequest, opts ...grpc.CallOption) (*types.SemaphoreLease, error) - // KeepAliveSemaphoreLease updates semaphore lease. - KeepAliveSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*empty.Empty, error) - // CancelSemaphoreLease cancels semaphore lease early. - CancelSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*empty.Empty, error) - // GetSemaphores returns a list of all semaphores matching the supplied filter. - GetSemaphores(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*Semaphores, error) - // DeleteSemaphore deletes a semaphore matching the supplied filter. - DeleteSemaphore(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*empty.Empty, error) - // EmitAuditEvent emits audit event - EmitAuditEvent(ctx context.Context, in *events.OneOf, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateAuditStream creates or resumes audit events streams - CreateAuditStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_CreateAuditStreamClient, error) - // GetApplicationServers gets all application servers. - // DELETE IN 10.0. Deprecated, use ListResources. - GetApplicationServers(ctx context.Context, in *GetApplicationServersRequest, opts ...grpc.CallOption) (*GetApplicationServersResponse, error) - // UpsertApplicationServer adds an application server. - UpsertApplicationServer(ctx context.Context, in *UpsertApplicationServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteApplicationServer removes an application server. - DeleteApplicationServer(ctx context.Context, in *DeleteApplicationServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllApplicationServers removes all application servers. - DeleteAllApplicationServers(ctx context.Context, in *DeleteAllApplicationServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetAppServers gets all application servers. - // - // DELETE IN 9.0. Deprecated, use GetApplicationServers. - GetAppServers(ctx context.Context, in *GetAppServersRequest, opts ...grpc.CallOption) (*GetAppServersResponse, error) - // UpsertAppServer adds an application server. - // - // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. - UpsertAppServer(ctx context.Context, in *UpsertAppServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteAppServer removes an application server. - // - // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. - DeleteAppServer(ctx context.Context, in *DeleteAppServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllAppServers removes all application servers. - // - // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. - DeleteAllAppServers(ctx context.Context, in *DeleteAllAppServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GenerateAppToken will generate a JWT token for application access. - GenerateAppToken(ctx context.Context, in *GenerateAppTokenRequest, opts ...grpc.CallOption) (*GenerateAppTokenResponse, error) - // GetAppSession gets an application web session. - GetAppSession(ctx context.Context, in *GetAppSessionRequest, opts ...grpc.CallOption) (*GetAppSessionResponse, error) - // GetAppSessions gets all application web sessions. - GetAppSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetAppSessionsResponse, error) - // CreateAppSession creates an application web session. Application web - // sessions represent a browser session the client holds. - CreateAppSession(ctx context.Context, in *CreateAppSessionRequest, opts ...grpc.CallOption) (*CreateAppSessionResponse, error) - // DeleteAppSession removes an application web session. - DeleteAppSession(ctx context.Context, in *DeleteAppSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllAppSessions removes all application web sessions. - DeleteAllAppSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteUserAppSessions deletes all user’s application sessions. - DeleteUserAppSessions(ctx context.Context, in *DeleteUserAppSessionsRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access - // Snowflake integration. - CreateSnowflakeSession(ctx context.Context, in *CreateSnowflakeSessionRequest, opts ...grpc.CallOption) (*CreateSnowflakeSessionResponse, error) - // GetSnowflakeSession returns a web session with sub kind Snowflake. - GetSnowflakeSession(ctx context.Context, in *GetSnowflakeSessionRequest, opts ...grpc.CallOption) (*GetSnowflakeSessionResponse, error) - // GetSnowflakeSessions gets all Snowflake web sessions. - GetSnowflakeSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetSnowflakeSessionsResponse, error) - // DeleteSnowflakeSession removes a Snowflake web session. - DeleteSnowflakeSession(ctx context.Context, in *DeleteSnowflakeSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllSnowflakeSessions removes all Snowflake web sessions. - DeleteAllSnowflakeSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetWebSession gets a web session. - GetWebSession(ctx context.Context, in *types.GetWebSessionRequest, opts ...grpc.CallOption) (*GetWebSessionResponse, error) - // GetWebSessions gets all web sessions. - GetWebSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWebSessionsResponse, error) - // DeleteWebSession deletes a web session. - DeleteWebSession(ctx context.Context, in *types.DeleteWebSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllWebSessions deletes all web sessions. - DeleteAllWebSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetWebToken gets a web token. - GetWebToken(ctx context.Context, in *types.GetWebTokenRequest, opts ...grpc.CallOption) (*GetWebTokenResponse, error) - // GetWebTokens gets all web tokens. - GetWebTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWebTokensResponse, error) - // DeleteWebToken deletes a web token. - DeleteWebToken(ctx context.Context, in *types.DeleteWebTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllWebTokens deletes all web tokens. - DeleteAllWebTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateRemoteCluster updates remote cluster - UpdateRemoteCluster(ctx context.Context, in *types.RemoteClusterV3, opts ...grpc.CallOption) (*empty.Empty, error) - // GetKubeServices gets all kubernetes services. - // DELETE IN 10.0. Deprecated, use ListResources. - GetKubeServices(ctx context.Context, in *GetKubeServicesRequest, opts ...grpc.CallOption) (*GetKubeServicesResponse, error) - // UpsertKubeService adds or updates a kubernetes service. - // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 - UpsertKubeService(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // UpsertKubeServiceV2 adds or updates a kubernetes service. - UpsertKubeServiceV2(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteKubeService removes a kubernetes service. - DeleteKubeService(ctx context.Context, in *DeleteKubeServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllKubeServices removes all kubernetes services. - DeleteAllKubeServices(ctx context.Context, in *DeleteAllKubeServicesRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetDatabaseServers returns all registered database proxy servers. - // DELETE IN 10.0. Deprecated, use ListResources. - GetDatabaseServers(ctx context.Context, in *GetDatabaseServersRequest, opts ...grpc.CallOption) (*GetDatabaseServersResponse, error) - // UpsertDatabaseServer registers a new database proxy server. - UpsertDatabaseServer(ctx context.Context, in *UpsertDatabaseServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteDatabaseServer removes the specified database proxy server. - DeleteDatabaseServer(ctx context.Context, in *DeleteDatabaseServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllDatabaseServers removes all registered database proxy servers. - DeleteAllDatabaseServers(ctx context.Context, in *DeleteAllDatabaseServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // SignDatabaseCSR generates client certificate used by proxy to - // authenticate with a remote database service. - SignDatabaseCSR(ctx context.Context, in *DatabaseCSRRequest, opts ...grpc.CallOption) (*DatabaseCSRResponse, error) - // GenerateDatabaseCert generates client certificate used by a database - // service to authenticate with the database instance. - GenerateDatabaseCert(ctx context.Context, in *DatabaseCertRequest, opts ...grpc.CallOption) (*DatabaseCertResponse, error) - /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. - GenerateSnowflakeJWT(ctx context.Context, in *SnowflakeJWTRequest, opts ...grpc.CallOption) (*SnowflakeJWTResponse, error) - // GetRole retrieves a role described by the given request. - GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*types.RoleV5, error) - // GetRole retrieves all roles. - GetRoles(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetRolesResponse, error) - // UpsertRole upserts a role in a backend. - UpsertRole(ctx context.Context, in *types.RoleV5, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteRole deletes an existing role in a backend described by the given request. - DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // AddMFADevice adds an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- ExistingMFAChallenge - // -> ExistingMFAResponse - // <- NewMFARegisterChallenge - // -> NewMFARegisterResponse - // <- Ack - AddMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_AddMFADeviceClient, error) - // DeleteMFADevice deletes an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- MFAChallenge - // -> MFAResponse - // <- Ack - DeleteMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_DeleteMFADeviceClient, error) - // AddMFADeviceSync adds a new MFA device (nonstream). - AddMFADeviceSync(ctx context.Context, in *AddMFADeviceSyncRequest, opts ...grpc.CallOption) (*AddMFADeviceSyncResponse, error) - // DeleteMFADeviceSync deletes a users MFA device (nonstream). - DeleteMFADeviceSync(ctx context.Context, in *DeleteMFADeviceSyncRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetMFADevices returns all MFA devices registered for the user calling - // this RPC. - GetMFADevices(ctx context.Context, in *GetMFADevicesRequest, opts ...grpc.CallOption) (*GetMFADevicesResponse, error) - // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA - // devices. - CreateAuthenticateChallenge(ctx context.Context, in *CreateAuthenticateChallengeRequest, opts ...grpc.CallOption) (*MFAAuthenticateChallenge, error) - // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. - CreateRegisterChallenge(ctx context.Context, in *CreateRegisterChallengeRequest, opts ...grpc.CallOption) (*MFARegisterChallenge, error) - // GetOIDCConnector gets an OIDC connector resource by name. - GetOIDCConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3, error) - // GetOIDCConnectors gets all current OIDC connector resources. - GetOIDCConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3List, error) - // UpsertOIDCConnector upserts an OIDC connector in a backend. - UpsertOIDCConnector(ctx context.Context, in *types.OIDCConnectorV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. - DeleteOIDCConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateOIDCAuthRequest creates OIDCAuthRequest. - CreateOIDCAuthRequest(ctx context.Context, in *types.OIDCAuthRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) - // GetOIDCAuthRequest returns OIDC auth request if found. - GetOIDCAuthRequest(ctx context.Context, in *GetOIDCAuthRequestRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) - // GetSAMLConnector gets a SAML connector resource by name. - GetSAMLConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2, error) - // GetSAMLConnectors gets all current SAML connector resources. - GetSAMLConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2List, error) - // UpsertSAMLConnector upserts a SAML connector in a backend. - UpsertSAMLConnector(ctx context.Context, in *types.SAMLConnectorV2, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. - DeleteSAMLConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateSAMLAuthRequest creates SAMLAuthRequest. - CreateSAMLAuthRequest(ctx context.Context, in *types.SAMLAuthRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) - // GetSAMLAuthRequest returns SAML auth request if found. - GetSAMLAuthRequest(ctx context.Context, in *GetSAMLAuthRequestRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) - // GetGithubConnector gets a Github connector resource by name. - GetGithubConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3, error) - // GetGithubConnectors gets all current Github connector resources. - GetGithubConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3List, error) - // UpsertGithubConnector upserts a Github connector in a backend. - UpsertGithubConnector(ctx context.Context, in *types.GithubConnectorV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteGithubConnector deletes an existing Github connector in a backend by name. - DeleteGithubConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateGithubAuthRequest creates GithubAuthRequest. - CreateGithubAuthRequest(ctx context.Context, in *types.GithubAuthRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) - // GetGithubAuthRequest returns Github auth request if found. - GetGithubAuthRequest(ctx context.Context, in *GetGithubAuthRequestRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) - // GetSSODiagnosticInfo returns SSO diagnostic info records. - GetSSODiagnosticInfo(ctx context.Context, in *GetSSODiagnosticInfoRequest, opts ...grpc.CallOption) (*types.SSODiagnosticInfo, error) - // GetTrustedCluster gets a Trusted Cluster resource by name. - GetTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) - // GetTrustedClusters gets all current Trusted Cluster resources. - GetTrustedClusters(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.TrustedClusterV2List, error) - // UpsertTrustedCluster upserts a Trusted Cluster in a backend. - UpsertTrustedCluster(ctx context.Context, in *types.TrustedClusterV2, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) - // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. - DeleteTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetToken retrieves a token described by the given request. - GetToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.ProvisionTokenV2, error) - // GetToken retrieves all tokens. - GetTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ProvisionTokenV2List, error) - // UpsertToken upserts a token in a backend. - UpsertToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*empty.Empty, error) - // GenerateToken generates a new auth token. - GenerateToken(ctx context.Context, in *GenerateTokenRequest, opts ...grpc.CallOption) (*GenerateTokenResponse, error) - // DeleteToken deletes an existing token in a backend described by the given request. - DeleteToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // GetClusterAuditConfig gets cluster audit configuration. - GetClusterAuditConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ClusterAuditConfigV2, error) - // GetClusterNetworkingConfig gets cluster networking configuration. - GetClusterNetworkingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ClusterNetworkingConfigV2, error) - // SetClusterNetworkingConfig sets cluster networking configuration. - SetClusterNetworkingConfig(ctx context.Context, in *types.ClusterNetworkingConfigV2, opts ...grpc.CallOption) (*empty.Empty, error) - // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. - ResetClusterNetworkingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetSessionRecordingConfig gets session recording configuration. - GetSessionRecordingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.SessionRecordingConfigV2, error) - // SetSessionRecordingConfig sets session recording configuration. - SetSessionRecordingConfig(ctx context.Context, in *types.SessionRecordingConfigV2, opts ...grpc.CallOption) (*empty.Empty, error) - // ResetSessionRecordingConfig resets session recording configuration to defaults. - ResetSessionRecordingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetAuthPreference gets cluster auth preference. - GetAuthPreference(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.AuthPreferenceV2, error) - // SetAuthPreference sets cluster auth preference. - SetAuthPreference(ctx context.Context, in *types.AuthPreferenceV2, opts ...grpc.CallOption) (*empty.Empty, error) - // ResetAuthPreference resets cluster auth preference to defaults. - ResetAuthPreference(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetEvents gets events from the audit log. - GetEvents(ctx context.Context, in *GetEventsRequest, opts ...grpc.CallOption) (*Events, error) - // GetSessionEvents gets completed session events from the audit log. - GetSessionEvents(ctx context.Context, in *GetSessionEventsRequest, opts ...grpc.CallOption) (*Events, error) - // GetLock gets a lock by name. - GetLock(ctx context.Context, in *GetLockRequest, opts ...grpc.CallOption) (*types.LockV2, error) - // GetLocks gets all/in-force locks that match at least one of the targets when specified. - GetLocks(ctx context.Context, in *GetLocksRequest, opts ...grpc.CallOption) (*GetLocksResponse, error) - // UpsertLock upserts a lock. - UpsertLock(ctx context.Context, in *types.LockV2, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteLock deletes a lock. - DeleteLock(ctx context.Context, in *DeleteLockRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. - ReplaceRemoteLocks(ctx context.Context, in *ReplaceRemoteLocksRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // StreamSessionEvents streams audit events from a given session recording. - StreamSessionEvents(ctx context.Context, in *StreamSessionEventsRequest, opts ...grpc.CallOption) (AuthService_StreamSessionEventsClient, error) - // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). - GetNetworkRestrictions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.NetworkRestrictionsV4, error) - // SetNetworkRestrictions updates the network restrictions. - SetNetworkRestrictions(ctx context.Context, in *types.NetworkRestrictionsV4, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteNetworkRestrictions delete the network restrictions. - DeleteNetworkRestrictions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetApps returns all registered applications. - GetApps(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.AppV3List, error) - // GetApp returns an application by name. - GetApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.AppV3, error) - // CreateApp creates a new application resource. - CreateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateApp updates existing application resource. - UpdateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteApp removes specified application resource. - DeleteApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllApps removes all application resources. - DeleteAllApps(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetDatabases returns all registered databases. - GetDatabases(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.DatabaseV3List, error) - // GetDatabase returns a database by name. - GetDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.DatabaseV3, error) - // CreateDatabase creates a new database resource. - CreateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateDatabase updates existing database resource. - UpdateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteDatabase removes specified database resource. - DeleteDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllDatabases removes all database resources. - DeleteAllDatabases(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetWindowsDesktopServices returns all registered Windows desktop services. - GetWindowsDesktopServices(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWindowsDesktopServicesResponse, error) - GetWindowsDesktopService(ctx context.Context, in *GetWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*GetWindowsDesktopServiceResponse, error) - // UpsertWindowsDesktopService registers a new Windows desktop service. - UpsertWindowsDesktopService(ctx context.Context, in *types.WindowsDesktopServiceV3, opts ...grpc.CallOption) (*types.KeepAlive, error) - // DeleteWindowsDesktopService removes the specified Windows desktop service. - DeleteWindowsDesktopService(ctx context.Context, in *DeleteWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. - DeleteAllWindowsDesktopServices(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. - GetWindowsDesktops(ctx context.Context, in *types.WindowsDesktopFilter, opts ...grpc.CallOption) (*GetWindowsDesktopsResponse, error) - // CreateWindowsDesktop registers a new Windows desktop host. - CreateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) - // UpdateWindowsDesktop updates an existing Windows desktop host. - UpdateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) - // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. - UpsertWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteWindowsDesktop removes the specified Windows desktop host. - // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. - // To delete all desktops, use DeleteAllWindowsDesktops. - DeleteWindowsDesktop(ctx context.Context, in *DeleteWindowsDesktopRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. - DeleteAllWindowsDesktops(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) - // GenerateWindowsDesktopCert generates client smartcard certificate used - // by an RDP client to authenticate with Windows. - GenerateWindowsDesktopCert(ctx context.Context, in *WindowsDesktopCertRequest, opts ...grpc.CallOption) (*WindowsDesktopCertResponse, error) - // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. - GenerateCertAuthorityCRL(ctx context.Context, in *CertAuthorityRequest, opts ...grpc.CallOption) (*CRL, error) - // ChangeUserAuthentication allows a user to change their password and if enabled, - // also adds a new MFA device. After successful invocation, a new web session is created as well - // as a new set of recovery codes (if user meets the requirements to receive them), invalidating - // any existing codes the user previously had. - ChangeUserAuthentication(ctx context.Context, in *ChangeUserAuthenticationRequest, opts ...grpc.CallOption) (*ChangeUserAuthenticationResponse, error) - // StartAccountRecovery (exclusive to cloud users) is the first out of two step user - // verification needed to allow a user to recover their account. The first form of verification - // is a user's username and a recovery code. After successful verification, a recovery start - // token is created for the user which its ID will be used as part of a URL that will be emailed - // to the user (not done in this request). The user will be able to finish their second form of - // verification by clicking on this URL and following the prompts. - // - // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, - // user account gets temporarily locked from further recovery attempts and from logging in. - // - // Start tokens last RecoveryStartTokenTTL. - StartAccountRecovery(ctx context.Context, in *StartAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step - // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. - // The second form of verification is a user's password or their second factor (depending on - // what authentication they needed to recover). After successful verification, a recovery - // approved token is created which allows a user to request protected actions while not logged - // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA - // devices, and generating new recovery codes. - // - // The recovery start token to verify this request becomes deleted before - // creating a recovery approved token, which invalidates the recovery link users received - // to finish their verification. - // - // If user fails to verify themselves for MaxAccountRecoveryAttempts - // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked - // from logging in. If users still have unused recovery codes left, they still have - // opportunities to recover their account. To allow this, users recovery attempts are also - // deleted along with all user tokens which will force the user to restart the recovery process - // from step 1 (RPC StartAccountRecovery). - // - // Recovery approved tokens last RecoveryApprovedTokenTTL. - VerifyAccountRecovery(ctx context.Context, in *VerifyAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // CompleteAccountRecovery (exclusive to cloud users) is the last step in account - // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new - // password or adds a new mfa device, allowing the user to regain access to their account with - // the new credentials. When the new authentication is successfully set, any user lock is - // removed so the user can login immediately afterwards. - CompleteAccountRecovery(ctx context.Context, in *CompleteAccountRecoveryRequest, opts ...grpc.CallOption) (*empty.Empty, error) - // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a - // user, replacing and invalidating any previously owned codes. Users can only get recovery - // codes if their username is in a valid email format. - CreateAccountRecoveryCodes(ctx context.Context, in *CreateAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) - // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after - // verifying that the token requested has not expired and is of the correct recovery kind. - // Besides checking for validity of a token ID, it is also used to get basic information from - // the token e.g: username, state of recovery (started or approved) and the type of recovery - // requested (password or second factor). - GetAccountRecoveryToken(ctx context.Context, in *GetAccountRecoveryTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context - // their recovery codes. This request will not return any secrets (the values of recovery - // codes), but instead returns non-sensitive data eg. when the recovery codes were created. - GetAccountRecoveryCodes(ctx context.Context, in *GetAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) - // CreatePrivilegeToken returns a new privilege token after a logged in user successfully - // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and - // is used to gain access to privileged actions eg: deleting/adding a MFA device. - CreatePrivilegeToken(ctx context.Context, in *CreatePrivilegeTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) - // ListResources retrieves a paginated list of resources. - ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) - // GetDomainName returns local auth domain of the current auth server - GetDomainName(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetDomainNameResponse, error) - // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster - // without signing keys. If the cluster has multiple TLS certs, they will - // all be appended. - GetClusterCACert(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetClusterCACertResponse, error) +// UnstableSystemRoleAssertionSet is not a stable part of the public API. Records the sum of system +// role assertions provided by a given instance. +// DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) +type UnstableSystemRoleAssertionSet struct { + ServerID string `protobuf:"bytes,1,opt,name=ServerID,proto3" json:"server_id,omitempty"` + AssertionID string `protobuf:"bytes,2,opt,name=AssertionID,proto3" json:"assertion_id,omitempty"` + SystemRoles []github_com_gravitational_teleport_api_types.SystemRole `protobuf:"bytes,3,rep,name=SystemRoles,proto3,casttype=github.com/gravitational/teleport/api/types.SystemRole" json:"system_roles,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -type authServiceClient struct { - cc *grpc.ClientConn +func (m *UnstableSystemRoleAssertionSet) Reset() { *m = UnstableSystemRoleAssertionSet{} } +func (m *UnstableSystemRoleAssertionSet) String() string { return proto.CompactTextString(m) } +func (*UnstableSystemRoleAssertionSet) ProtoMessage() {} +func (*UnstableSystemRoleAssertionSet) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{164} } - -func NewAuthServiceClient(cc *grpc.ClientConn) AuthServiceClient { - return &authServiceClient{cc} +func (m *UnstableSystemRoleAssertionSet) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (c *authServiceClient) MaintainSessionPresence(ctx context.Context, opts ...grpc.CallOption) (AuthService_MaintainSessionPresenceClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[0], "/proto.AuthService/MaintainSessionPresence", opts...) - if err != nil { - return nil, err +func (m *UnstableSystemRoleAssertionSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UnstableSystemRoleAssertionSet.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - x := &authServiceMaintainSessionPresenceClient{stream} - return x, nil } - -type AuthService_MaintainSessionPresenceClient interface { - Send(*PresenceMFAChallengeSend) error - Recv() (*MFAAuthenticateChallenge, error) - grpc.ClientStream +func (m *UnstableSystemRoleAssertionSet) XXX_Merge(src proto.Message) { + xxx_messageInfo_UnstableSystemRoleAssertionSet.Merge(m, src) } - -type authServiceMaintainSessionPresenceClient struct { - grpc.ClientStream +func (m *UnstableSystemRoleAssertionSet) XXX_Size() int { + return m.Size() } - -func (x *authServiceMaintainSessionPresenceClient) Send(m *PresenceMFAChallengeSend) error { - return x.ClientStream.SendMsg(m) +func (m *UnstableSystemRoleAssertionSet) XXX_DiscardUnknown() { + xxx_messageInfo_UnstableSystemRoleAssertionSet.DiscardUnknown(m) } -func (x *authServiceMaintainSessionPresenceClient) Recv() (*MFAAuthenticateChallenge, error) { - m := new(MFAAuthenticateChallenge) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err +var xxx_messageInfo_UnstableSystemRoleAssertionSet proto.InternalMessageInfo + +func (m *UnstableSystemRoleAssertionSet) GetServerID() string { + if m != nil { + return m.ServerID } - return m, nil + return "" } -func (c *authServiceClient) CreateSessionTracker(ctx context.Context, in *CreateSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) { - out := new(types.SessionTrackerV1) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSessionTracker", in, out, opts...) - if err != nil { - return nil, err +func (m *UnstableSystemRoleAssertionSet) GetAssertionID() string { + if m != nil { + return m.AssertionID } - return out, nil + return "" } -func (c *authServiceClient) GetSessionTracker(ctx context.Context, in *GetSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) { - out := new(types.SessionTrackerV1) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionTracker", in, out, opts...) - if err != nil { - return nil, err +func (m *UnstableSystemRoleAssertionSet) GetSystemRoles() []github_com_gravitational_teleport_api_types.SystemRole { + if m != nil { + return m.SystemRoles } - return out, nil + return nil } -func (c *authServiceClient) GetActiveSessionTrackers(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (AuthService_GetActiveSessionTrackersClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[1], "/proto.AuthService/GetActiveSessionTrackers", opts...) - if err != nil { - return nil, err - } - x := &authServiceGetActiveSessionTrackersClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err +// UpstreamInventoryOneOf is the upstream message for the inventory control stream, +// sent from teleport instances to the auth server. +type UpstreamInventoryOneOf struct { + // Types that are valid to be assigned to Msg: + // *UpstreamInventoryOneOf_Hello + // *UpstreamInventoryOneOf_Heartbeat + // *UpstreamInventoryOneOf_Pong + Msg isUpstreamInventoryOneOf_Msg `protobuf_oneof:"Msg"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *UpstreamInventoryOneOf) Reset() { *m = UpstreamInventoryOneOf{} } +func (m *UpstreamInventoryOneOf) String() string { return proto.CompactTextString(m) } +func (*UpstreamInventoryOneOf) ProtoMessage() {} +func (*UpstreamInventoryOneOf) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{165} +} +func (m *UpstreamInventoryOneOf) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpstreamInventoryOneOf) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpstreamInventoryOneOf.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return x, nil +} +func (m *UpstreamInventoryOneOf) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpstreamInventoryOneOf.Merge(m, src) +} +func (m *UpstreamInventoryOneOf) XXX_Size() int { + return m.Size() +} +func (m *UpstreamInventoryOneOf) XXX_DiscardUnknown() { + xxx_messageInfo_UpstreamInventoryOneOf.DiscardUnknown(m) } -type AuthService_GetActiveSessionTrackersClient interface { - Recv() (*types.SessionTrackerV1, error) - grpc.ClientStream +var xxx_messageInfo_UpstreamInventoryOneOf proto.InternalMessageInfo + +type isUpstreamInventoryOneOf_Msg interface { + isUpstreamInventoryOneOf_Msg() + MarshalTo([]byte) (int, error) + Size() int } -type authServiceGetActiveSessionTrackersClient struct { - grpc.ClientStream +type UpstreamInventoryOneOf_Hello struct { + Hello *UpstreamInventoryHello `protobuf:"bytes,1,opt,name=Hello,proto3,oneof" json:"Hello,omitempty"` +} +type UpstreamInventoryOneOf_Heartbeat struct { + Heartbeat *InventoryHeartbeat `protobuf:"bytes,2,opt,name=Heartbeat,proto3,oneof" json:"Heartbeat,omitempty"` +} +type UpstreamInventoryOneOf_Pong struct { + Pong *UpstreamInventoryPong `protobuf:"bytes,3,opt,name=Pong,proto3,oneof" json:"Pong,omitempty"` } -func (x *authServiceGetActiveSessionTrackersClient) Recv() (*types.SessionTrackerV1, error) { - m := new(types.SessionTrackerV1) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err +func (*UpstreamInventoryOneOf_Hello) isUpstreamInventoryOneOf_Msg() {} +func (*UpstreamInventoryOneOf_Heartbeat) isUpstreamInventoryOneOf_Msg() {} +func (*UpstreamInventoryOneOf_Pong) isUpstreamInventoryOneOf_Msg() {} + +func (m *UpstreamInventoryOneOf) GetMsg() isUpstreamInventoryOneOf_Msg { + if m != nil { + return m.Msg } - return m, nil + return nil } -func (c *authServiceClient) RemoveSessionTracker(ctx context.Context, in *RemoveSessionTrackerRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/RemoveSessionTracker", in, out, opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryOneOf) GetHello() *UpstreamInventoryHello { + if x, ok := m.GetMsg().(*UpstreamInventoryOneOf_Hello); ok { + return x.Hello } - return out, nil + return nil } -func (c *authServiceClient) UpdateSessionTracker(ctx context.Context, in *UpdateSessionTrackerRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateSessionTracker", in, out, opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryOneOf) GetHeartbeat() *InventoryHeartbeat { + if x, ok := m.GetMsg().(*UpstreamInventoryOneOf_Heartbeat); ok { + return x.Heartbeat } - return out, nil + return nil } -func (c *authServiceClient) SendKeepAlives(ctx context.Context, opts ...grpc.CallOption) (AuthService_SendKeepAlivesClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[2], "/proto.AuthService/SendKeepAlives", opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryOneOf) GetPong() *UpstreamInventoryPong { + if x, ok := m.GetMsg().(*UpstreamInventoryOneOf_Pong); ok { + return x.Pong } - x := &authServiceSendKeepAlivesClient{stream} - return x, nil + return nil } -type AuthService_SendKeepAlivesClient interface { - Send(*types.KeepAlive) error - CloseAndRecv() (*empty.Empty, error) - grpc.ClientStream +// XXX_OneofWrappers is for the internal use of the proto package. +func (*UpstreamInventoryOneOf) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*UpstreamInventoryOneOf_Hello)(nil), + (*UpstreamInventoryOneOf_Heartbeat)(nil), + (*UpstreamInventoryOneOf_Pong)(nil), + } } -type authServiceSendKeepAlivesClient struct { - grpc.ClientStream +// DownstreamInventoryOneOf is the downstream message for the inventory control stream, +// sent from auth servers to teleport instances. +type DownstreamInventoryOneOf struct { + // Types that are valid to be assigned to Msg: + // *DownstreamInventoryOneOf_Hello + // *DownstreamInventoryOneOf_Ping + Msg isDownstreamInventoryOneOf_Msg `protobuf_oneof:"Msg"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (x *authServiceSendKeepAlivesClient) Send(m *types.KeepAlive) error { - return x.ClientStream.SendMsg(m) +func (m *DownstreamInventoryOneOf) Reset() { *m = DownstreamInventoryOneOf{} } +func (m *DownstreamInventoryOneOf) String() string { return proto.CompactTextString(m) } +func (*DownstreamInventoryOneOf) ProtoMessage() {} +func (*DownstreamInventoryOneOf) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{166} } - -func (x *authServiceSendKeepAlivesClient) CloseAndRecv() (*empty.Empty, error) { - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err - } - m := new(empty.Empty) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil +func (m *DownstreamInventoryOneOf) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (c *authServiceClient) WatchEvents(ctx context.Context, in *Watch, opts ...grpc.CallOption) (AuthService_WatchEventsClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[3], "/proto.AuthService/WatchEvents", opts...) - if err != nil { - return nil, err - } - x := &authServiceWatchEventsClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err +func (m *DownstreamInventoryOneOf) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_DownstreamInventoryOneOf.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return x, nil } - -type AuthService_WatchEventsClient interface { - Recv() (*Event, error) - grpc.ClientStream +func (m *DownstreamInventoryOneOf) XXX_Merge(src proto.Message) { + xxx_messageInfo_DownstreamInventoryOneOf.Merge(m, src) } - -type authServiceWatchEventsClient struct { - grpc.ClientStream +func (m *DownstreamInventoryOneOf) XXX_Size() int { + return m.Size() +} +func (m *DownstreamInventoryOneOf) XXX_DiscardUnknown() { + xxx_messageInfo_DownstreamInventoryOneOf.DiscardUnknown(m) } -func (x *authServiceWatchEventsClient) Recv() (*Event, error) { - m := new(Event) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil +var xxx_messageInfo_DownstreamInventoryOneOf proto.InternalMessageInfo + +type isDownstreamInventoryOneOf_Msg interface { + isDownstreamInventoryOneOf_Msg() + MarshalTo([]byte) (int, error) + Size() int } -func (c *authServiceClient) GetNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*types.ServerV2, error) { - out := new(types.ServerV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetNode", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +type DownstreamInventoryOneOf_Hello struct { + Hello *DownstreamInventoryHello `protobuf:"bytes,1,opt,name=Hello,proto3,oneof" json:"Hello,omitempty"` +} +type DownstreamInventoryOneOf_Ping struct { + Ping *DownstreamInventoryPing `protobuf:"bytes,2,opt,name=Ping,proto3,oneof" json:"Ping,omitempty"` } -func (c *authServiceClient) UpsertNode(ctx context.Context, in *types.ServerV2, opts ...grpc.CallOption) (*types.KeepAlive, error) { - out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertNode", in, out, opts...) - if err != nil { - return nil, err +func (*DownstreamInventoryOneOf_Hello) isDownstreamInventoryOneOf_Msg() {} +func (*DownstreamInventoryOneOf_Ping) isDownstreamInventoryOneOf_Msg() {} + +func (m *DownstreamInventoryOneOf) GetMsg() isDownstreamInventoryOneOf_Msg { + if m != nil { + return m.Msg } - return out, nil + return nil } -func (c *authServiceClient) DeleteNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteNode", in, out, opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryOneOf) GetHello() *DownstreamInventoryHello { + if x, ok := m.GetMsg().(*DownstreamInventoryOneOf_Hello); ok { + return x.Hello } - return out, nil + return nil } -func (c *authServiceClient) DeleteAllNodes(ctx context.Context, in *types.ResourcesInNamespaceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllNodes", in, out, opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryOneOf) GetPing() *DownstreamInventoryPing { + if x, ok := m.GetMsg().(*DownstreamInventoryOneOf_Ping); ok { + return x.Ping } - return out, nil + return nil } -func (c *authServiceClient) GenerateUserCerts(ctx context.Context, in *UserCertsRequest, opts ...grpc.CallOption) (*Certs, error) { - out := new(Certs) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateUserCerts", in, out, opts...) - if err != nil { - return nil, err +// XXX_OneofWrappers is for the internal use of the proto package. +func (*DownstreamInventoryOneOf) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*DownstreamInventoryOneOf_Hello)(nil), + (*DownstreamInventoryOneOf_Ping)(nil), } - return out, nil } -func (c *authServiceClient) GenerateHostCerts(ctx context.Context, in *HostCertsRequest, opts ...grpc.CallOption) (*Certs, error) { - out := new(Certs) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateHostCerts", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// DownstreamInventoryPing is sent down the inventory control stream for testing/debug +// purposes. +type DownstreamInventoryPing struct { + ID uint64 `protobuf:"varint,1,opt,name=ID,proto3" json:"ID,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) GenerateUserSingleUseCerts(ctx context.Context, opts ...grpc.CallOption) (AuthService_GenerateUserSingleUseCertsClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[4], "/proto.AuthService/GenerateUserSingleUseCerts", opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryPing) Reset() { *m = DownstreamInventoryPing{} } +func (m *DownstreamInventoryPing) String() string { return proto.CompactTextString(m) } +func (*DownstreamInventoryPing) ProtoMessage() {} +func (*DownstreamInventoryPing) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{167} +} +func (m *DownstreamInventoryPing) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *DownstreamInventoryPing) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_DownstreamInventoryPing.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - x := &authServiceGenerateUserSingleUseCertsClient{stream} - return x, nil } - -type AuthService_GenerateUserSingleUseCertsClient interface { - Send(*UserSingleUseCertsRequest) error - Recv() (*UserSingleUseCertsResponse, error) - grpc.ClientStream +func (m *DownstreamInventoryPing) XXX_Merge(src proto.Message) { + xxx_messageInfo_DownstreamInventoryPing.Merge(m, src) } - -type authServiceGenerateUserSingleUseCertsClient struct { - grpc.ClientStream +func (m *DownstreamInventoryPing) XXX_Size() int { + return m.Size() } - -func (x *authServiceGenerateUserSingleUseCertsClient) Send(m *UserSingleUseCertsRequest) error { - return x.ClientStream.SendMsg(m) +func (m *DownstreamInventoryPing) XXX_DiscardUnknown() { + xxx_messageInfo_DownstreamInventoryPing.DiscardUnknown(m) } -func (x *authServiceGenerateUserSingleUseCertsClient) Recv() (*UserSingleUseCertsResponse, error) { - m := new(UserSingleUseCertsResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err +var xxx_messageInfo_DownstreamInventoryPing proto.InternalMessageInfo + +func (m *DownstreamInventoryPing) GetID() uint64 { + if m != nil { + return m.ID } - return m, nil + return 0 } -func (c *authServiceClient) IsMFARequired(ctx context.Context, in *IsMFARequiredRequest, opts ...grpc.CallOption) (*IsMFARequiredResponse, error) { - out := new(IsMFARequiredResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/IsMFARequired", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// UpstreamInventoryPong is sent up the inventory control stream in response to a downstream +// ping (used for testing/debug purposes). +type UpstreamInventoryPong struct { + ID uint64 `protobuf:"varint,1,opt,name=ID,proto3" json:"ID,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) GetAccessRequests(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (*AccessRequests, error) { - out := new(AccessRequests) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccessRequests", in, out, opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryPong) Reset() { *m = UpstreamInventoryPong{} } +func (m *UpstreamInventoryPong) String() string { return proto.CompactTextString(m) } +func (*UpstreamInventoryPong) ProtoMessage() {} +func (*UpstreamInventoryPong) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{168} +} +func (m *UpstreamInventoryPong) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpstreamInventoryPong) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpstreamInventoryPong.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *UpstreamInventoryPong) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpstreamInventoryPong.Merge(m, src) +} +func (m *UpstreamInventoryPong) XXX_Size() int { + return m.Size() +} +func (m *UpstreamInventoryPong) XXX_DiscardUnknown() { + xxx_messageInfo_UpstreamInventoryPong.DiscardUnknown(m) } -func (c *authServiceClient) GetAccessRequestsV2(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (AuthService_GetAccessRequestsV2Client, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[5], "/proto.AuthService/GetAccessRequestsV2", opts...) - if err != nil { - return nil, err - } - x := &authServiceGetAccessRequestsV2Client{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err +var xxx_messageInfo_UpstreamInventoryPong proto.InternalMessageInfo + +func (m *UpstreamInventoryPong) GetID() uint64 { + if m != nil { + return m.ID } - return x, nil + return 0 } -type AuthService_GetAccessRequestsV2Client interface { - Recv() (*types.AccessRequestV3, error) - grpc.ClientStream +// UpstreamInventoryHello is the hello message sent up the inventory control stream. +type UpstreamInventoryHello struct { + // Version advertises the teleport version of the instance. + Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"Version,omitempty"` + // ServerID advertises the server ID of the instance. + ServerID string `protobuf:"bytes,2,opt,name=ServerID,proto3" json:"ServerID,omitempty"` + // Services advertises the currently live services of the instance. note: this is + // distinct from the SystemRoles associated with a certificate in that a service may + // hold a system role that is not currently in use if it was granted that role by + // its auth token. i.e. Services is the subset of SystemRoles that are currently + // active. + Services []github_com_gravitational_teleport_api_types.SystemRole `protobuf:"bytes,3,rep,name=Services,proto3,casttype=github.com/gravitational/teleport/api/types.SystemRole" json:"Services,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -type authServiceGetAccessRequestsV2Client struct { - grpc.ClientStream +func (m *UpstreamInventoryHello) Reset() { *m = UpstreamInventoryHello{} } +func (m *UpstreamInventoryHello) String() string { return proto.CompactTextString(m) } +func (*UpstreamInventoryHello) ProtoMessage() {} +func (*UpstreamInventoryHello) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{169} } - -func (x *authServiceGetAccessRequestsV2Client) Recv() (*types.AccessRequestV3, error) { - m := new(types.AccessRequestV3) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err +func (m *UpstreamInventoryHello) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpstreamInventoryHello) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpstreamInventoryHello.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return m, nil +} +func (m *UpstreamInventoryHello) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpstreamInventoryHello.Merge(m, src) +} +func (m *UpstreamInventoryHello) XXX_Size() int { + return m.Size() +} +func (m *UpstreamInventoryHello) XXX_DiscardUnknown() { + xxx_messageInfo_UpstreamInventoryHello.DiscardUnknown(m) } -func (c *authServiceClient) CreateAccessRequest(ctx context.Context, in *types.AccessRequestV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAccessRequest", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_UpstreamInventoryHello proto.InternalMessageInfo + +func (m *UpstreamInventoryHello) GetVersion() string { + if m != nil { + return m.Version } - return out, nil + return "" } -func (c *authServiceClient) DeleteAccessRequest(ctx context.Context, in *RequestID, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAccessRequest", in, out, opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryHello) GetServerID() string { + if m != nil { + return m.ServerID } - return out, nil + return "" } -func (c *authServiceClient) SetAccessRequestState(ctx context.Context, in *RequestStateSetter, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/SetAccessRequestState", in, out, opts...) - if err != nil { - return nil, err +func (m *UpstreamInventoryHello) GetServices() []github_com_gravitational_teleport_api_types.SystemRole { + if m != nil { + return m.Services } - return out, nil + return nil } -func (c *authServiceClient) SubmitAccessReview(ctx context.Context, in *types.AccessReviewSubmission, opts ...grpc.CallOption) (*types.AccessRequestV3, error) { - out := new(types.AccessRequestV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/SubmitAccessReview", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// DownstreamInventoryHello is the hello message sent down the inventory control stream. +type DownstreamInventoryHello struct { + // Version advertises the version of the auth server. + Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"Version,omitempty"` + // ServerID advertises the server ID of the auth server. + ServerID string `protobuf:"bytes,2,opt,name=ServerID,proto3" json:"ServerID,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) GetAccessCapabilities(ctx context.Context, in *types.AccessCapabilitiesRequest, opts ...grpc.CallOption) (*types.AccessCapabilities, error) { - out := new(types.AccessCapabilities) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccessCapabilities", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *DownstreamInventoryHello) Reset() { *m = DownstreamInventoryHello{} } +func (m *DownstreamInventoryHello) String() string { return proto.CompactTextString(m) } +func (*DownstreamInventoryHello) ProtoMessage() {} +func (*DownstreamInventoryHello) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{170} } - -func (c *authServiceClient) GetPluginData(ctx context.Context, in *types.PluginDataFilter, opts ...grpc.CallOption) (*PluginDataSeq, error) { - out := new(PluginDataSeq) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetPluginData", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *DownstreamInventoryHello) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (c *authServiceClient) UpdatePluginData(ctx context.Context, in *types.PluginDataUpdateParams, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdatePluginData", in, out, opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryHello) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_DownstreamInventoryHello.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil } - -func (c *authServiceClient) Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error) { - out := new(PingResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/Ping", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *DownstreamInventoryHello) XXX_Merge(src proto.Message) { + xxx_messageInfo_DownstreamInventoryHello.Merge(m, src) } - -func (c *authServiceClient) RotateResetPasswordTokenSecrets(ctx context.Context, in *RotateUserTokenSecretsRequest, opts ...grpc.CallOption) (*types.UserTokenSecretsV3, error) { - out := new(types.UserTokenSecretsV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/RotateResetPasswordTokenSecrets", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *DownstreamInventoryHello) XXX_Size() int { + return m.Size() } - -func (c *authServiceClient) GetResetPasswordToken(ctx context.Context, in *GetResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetResetPasswordToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *DownstreamInventoryHello) XXX_DiscardUnknown() { + xxx_messageInfo_DownstreamInventoryHello.DiscardUnknown(m) } -func (c *authServiceClient) CreateResetPasswordToken(ctx context.Context, in *CreateResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateResetPasswordToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} +var xxx_messageInfo_DownstreamInventoryHello proto.InternalMessageInfo -func (c *authServiceClient) CreateBot(ctx context.Context, in *CreateBotRequest, opts ...grpc.CallOption) (*CreateBotResponse, error) { - out := new(CreateBotResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateBot", in, out, opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryHello) GetVersion() string { + if m != nil { + return m.Version } - return out, nil + return "" } -func (c *authServiceClient) DeleteBot(ctx context.Context, in *DeleteBotRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteBot", in, out, opts...) - if err != nil { - return nil, err +func (m *DownstreamInventoryHello) GetServerID() string { + if m != nil { + return m.ServerID } - return out, nil + return "" } -func (c *authServiceClient) GetBotUsers(ctx context.Context, in *GetBotUsersRequest, opts ...grpc.CallOption) (AuthService_GetBotUsersClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[6], "/proto.AuthService/GetBotUsers", opts...) - if err != nil { - return nil, err - } - x := &authServiceGetBotUsersClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err - } - return x, nil +// InventoryHeartbeat announces information about instance state. +type InventoryHeartbeat struct { + // SSHServer is a complete ssh server spec to be heartbeated (note: the full spec is heartbeated + // in the interest of simple conversion from the old logic of heartbeating via UpsertNode, but + // we should be able to cut down on network usage fairly significantly by moving static values + // to the hello message and only heartbeating dynamic values here). + SSHServer *types.ServerV2 `protobuf:"bytes,1,opt,name=SSHServer,proto3" json:"SSHServer,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -type AuthService_GetBotUsersClient interface { - Recv() (*types.UserV2, error) - grpc.ClientStream +func (m *InventoryHeartbeat) Reset() { *m = InventoryHeartbeat{} } +func (m *InventoryHeartbeat) String() string { return proto.CompactTextString(m) } +func (*InventoryHeartbeat) ProtoMessage() {} +func (*InventoryHeartbeat) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{171} } - -type authServiceGetBotUsersClient struct { - grpc.ClientStream +func (m *InventoryHeartbeat) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (x *authServiceGetBotUsersClient) Recv() (*types.UserV2, error) { - m := new(types.UserV2) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err +func (m *InventoryHeartbeat) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InventoryHeartbeat.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return m, nil } - -func (c *authServiceClient) GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*types.UserV2, error) { - out := new(types.UserV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryHeartbeat) XXX_Merge(src proto.Message) { + xxx_messageInfo_InventoryHeartbeat.Merge(m, src) } - -func (c *authServiceClient) GetCurrentUser(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.UserV2, error) { - out := new(types.UserV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetCurrentUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryHeartbeat) XXX_Size() int { + return m.Size() +} +func (m *InventoryHeartbeat) XXX_DiscardUnknown() { + xxx_messageInfo_InventoryHeartbeat.DiscardUnknown(m) } -func (c *authServiceClient) GetUsers(ctx context.Context, in *GetUsersRequest, opts ...grpc.CallOption) (AuthService_GetUsersClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[7], "/proto.AuthService/GetUsers", opts...) - if err != nil { - return nil, err - } - x := &authServiceGetUsersClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err +var xxx_messageInfo_InventoryHeartbeat proto.InternalMessageInfo + +func (m *InventoryHeartbeat) GetSSHServer() *types.ServerV2 { + if m != nil { + return m.SSHServer } - return x, nil + return nil } -type AuthService_GetUsersClient interface { - Recv() (*types.UserV2, error) - grpc.ClientStream +// InventoryStatusRequest requests inventory status info. +type InventoryStatusRequest struct { + // Connected requests summary of the inventory control streams registered with + // the auth server that handles the request. + Connected bool `protobuf:"varint,1,opt,name=Connected,proto3" json:"Connected,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -type authServiceGetUsersClient struct { - grpc.ClientStream +func (m *InventoryStatusRequest) Reset() { *m = InventoryStatusRequest{} } +func (m *InventoryStatusRequest) String() string { return proto.CompactTextString(m) } +func (*InventoryStatusRequest) ProtoMessage() {} +func (*InventoryStatusRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{172} } - -func (x *authServiceGetUsersClient) Recv() (*types.UserV2, error) { - m := new(types.UserV2) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil +func (m *InventoryStatusRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (c *authServiceClient) CreateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateUser", in, out, opts...) - if err != nil { - return nil, err +func (m *InventoryStatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InventoryStatusRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil } - -func (c *authServiceClient) UpdateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryStatusRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_InventoryStatusRequest.Merge(m, src) } - -func (c *authServiceClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryStatusRequest) XXX_Size() int { + return m.Size() } - -func (c *authServiceClient) AcquireSemaphore(ctx context.Context, in *types.AcquireSemaphoreRequest, opts ...grpc.CallOption) (*types.SemaphoreLease, error) { - out := new(types.SemaphoreLease) - err := c.cc.Invoke(ctx, "/proto.AuthService/AcquireSemaphore", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryStatusRequest) XXX_DiscardUnknown() { + xxx_messageInfo_InventoryStatusRequest.DiscardUnknown(m) } -func (c *authServiceClient) KeepAliveSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/KeepAliveSemaphoreLease", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} +var xxx_messageInfo_InventoryStatusRequest proto.InternalMessageInfo -func (c *authServiceClient) CancelSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CancelSemaphoreLease", in, out, opts...) - if err != nil { - return nil, err +func (m *InventoryStatusRequest) GetConnected() bool { + if m != nil { + return m.Connected } - return out, nil + return false } -func (c *authServiceClient) GetSemaphores(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*Semaphores, error) { - out := new(Semaphores) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSemaphores", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// InventoryStatusSummary is the status summary returned by the GetInventoryStatus rpc. +type InventoryStatusSummary struct { + // Connected is a summary of the instances connected to the current auth server. Only set if + // the Connected flag in the status request is true. + Connected []UpstreamInventoryHello `protobuf:"bytes,1,rep,name=Connected,proto3" json:"Connected"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) DeleteSemaphore(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSemaphore", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryStatusSummary) Reset() { *m = InventoryStatusSummary{} } +func (m *InventoryStatusSummary) String() string { return proto.CompactTextString(m) } +func (*InventoryStatusSummary) ProtoMessage() {} +func (*InventoryStatusSummary) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{173} } - -func (c *authServiceClient) EmitAuditEvent(ctx context.Context, in *events.OneOf, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/EmitAuditEvent", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryStatusSummary) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) } - -func (c *authServiceClient) CreateAuditStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_CreateAuditStreamClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[8], "/proto.AuthService/CreateAuditStream", opts...) - if err != nil { - return nil, err +func (m *InventoryStatusSummary) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InventoryStatusSummary.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - x := &authServiceCreateAuditStreamClient{stream} - return x, nil } - -type AuthService_CreateAuditStreamClient interface { - Send(*AuditStreamRequest) error - Recv() (*events.StreamStatus, error) - grpc.ClientStream +func (m *InventoryStatusSummary) XXX_Merge(src proto.Message) { + xxx_messageInfo_InventoryStatusSummary.Merge(m, src) } - -type authServiceCreateAuditStreamClient struct { - grpc.ClientStream +func (m *InventoryStatusSummary) XXX_Size() int { + return m.Size() } - -func (x *authServiceCreateAuditStreamClient) Send(m *AuditStreamRequest) error { - return x.ClientStream.SendMsg(m) +func (m *InventoryStatusSummary) XXX_DiscardUnknown() { + xxx_messageInfo_InventoryStatusSummary.DiscardUnknown(m) } -func (x *authServiceCreateAuditStreamClient) Recv() (*events.StreamStatus, error) { - m := new(events.StreamStatus) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +var xxx_messageInfo_InventoryStatusSummary proto.InternalMessageInfo -// Deprecated: Do not use. -func (c *authServiceClient) GetApplicationServers(ctx context.Context, in *GetApplicationServersRequest, opts ...grpc.CallOption) (*GetApplicationServersResponse, error) { - out := new(GetApplicationServersResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetApplicationServers", in, out, opts...) - if err != nil { - return nil, err +func (m *InventoryStatusSummary) GetConnected() []UpstreamInventoryHello { + if m != nil { + return m.Connected } - return out, nil + return nil } -func (c *authServiceClient) UpsertApplicationServer(ctx context.Context, in *UpsertApplicationServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { - out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertApplicationServer", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// InventoryPingRequest is used to request that the specified server be sent an inventory ping +// if it has a control stream registered. +type InventoryPingRequest struct { + ServerID string `protobuf:"bytes,1,opt,name=ServerID,proto3" json:"ServerID,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) DeleteApplicationServer(ctx context.Context, in *DeleteApplicationServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteApplicationServer", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (m *InventoryPingRequest) Reset() { *m = InventoryPingRequest{} } +func (m *InventoryPingRequest) String() string { return proto.CompactTextString(m) } +func (*InventoryPingRequest) ProtoMessage() {} +func (*InventoryPingRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{174} } - -func (c *authServiceClient) DeleteAllApplicationServers(ctx context.Context, in *DeleteAllApplicationServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllApplicationServers", in, out, opts...) - if err != nil { - return nil, err +func (m *InventoryPingRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *InventoryPingRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InventoryPingRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *InventoryPingRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_InventoryPingRequest.Merge(m, src) +} +func (m *InventoryPingRequest) XXX_Size() int { + return m.Size() +} +func (m *InventoryPingRequest) XXX_DiscardUnknown() { + xxx_messageInfo_InventoryPingRequest.DiscardUnknown(m) } -// Deprecated: Do not use. -func (c *authServiceClient) GetAppServers(ctx context.Context, in *GetAppServersRequest, opts ...grpc.CallOption) (*GetAppServersResponse, error) { - out := new(GetAppServersResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppServers", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_InventoryPingRequest proto.InternalMessageInfo + +func (m *InventoryPingRequest) GetServerID() string { + if m != nil { + return m.ServerID } - return out, nil + return "" } -// Deprecated: Do not use. -func (c *authServiceClient) UpsertAppServer(ctx context.Context, in *UpsertAppServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { - out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertAppServer", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// InventoryPingResponse returns the result of an inventory ping initiated via an +// inventory ping request. +type InventoryPingResponse struct { + Duration time.Duration `protobuf:"varint,1,opt,name=Duration,proto3,casttype=time.Duration" json:"Duration,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -// Deprecated: Do not use. -func (c *authServiceClient) DeleteAppServer(ctx context.Context, in *DeleteAppServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAppServer", in, out, opts...) - if err != nil { - return nil, err +func (m *InventoryPingResponse) Reset() { *m = InventoryPingResponse{} } +func (m *InventoryPingResponse) String() string { return proto.CompactTextString(m) } +func (*InventoryPingResponse) ProtoMessage() {} +func (*InventoryPingResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{175} +} +func (m *InventoryPingResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *InventoryPingResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InventoryPingResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *InventoryPingResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_InventoryPingResponse.Merge(m, src) +} +func (m *InventoryPingResponse) XXX_Size() int { + return m.Size() +} +func (m *InventoryPingResponse) XXX_DiscardUnknown() { + xxx_messageInfo_InventoryPingResponse.DiscardUnknown(m) } -// Deprecated: Do not use. -func (c *authServiceClient) DeleteAllAppServers(ctx context.Context, in *DeleteAllAppServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllAppServers", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_InventoryPingResponse proto.InternalMessageInfo + +func (m *InventoryPingResponse) GetDuration() time.Duration { + if m != nil { + return m.Duration } - return out, nil + return 0 } -func (c *authServiceClient) GenerateAppToken(ctx context.Context, in *GenerateAppTokenRequest, opts ...grpc.CallOption) (*GenerateAppTokenResponse, error) { - out := new(GenerateAppTokenResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateAppToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// GetClusterAlertsResponse contains the result of a cluster alerts query. +type GetClusterAlertsResponse struct { + // Alerts is the list of matching alerts. + Alerts []types.ClusterAlert `protobuf:"bytes,1,rep,name=Alerts,proto3" json:"Alerts"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) GetAppSession(ctx context.Context, in *GetAppSessionRequest, opts ...grpc.CallOption) (*GetAppSessionResponse, error) { - out := new(GetAppSessionResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppSession", in, out, opts...) - if err != nil { - return nil, err +func (m *GetClusterAlertsResponse) Reset() { *m = GetClusterAlertsResponse{} } +func (m *GetClusterAlertsResponse) String() string { return proto.CompactTextString(m) } +func (*GetClusterAlertsResponse) ProtoMessage() {} +func (*GetClusterAlertsResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{176} +} +func (m *GetClusterAlertsResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetClusterAlertsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetClusterAlertsResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *GetClusterAlertsResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetClusterAlertsResponse.Merge(m, src) +} +func (m *GetClusterAlertsResponse) XXX_Size() int { + return m.Size() +} +func (m *GetClusterAlertsResponse) XXX_DiscardUnknown() { + xxx_messageInfo_GetClusterAlertsResponse.DiscardUnknown(m) } -func (c *authServiceClient) GetAppSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetAppSessionsResponse, error) { - out := new(GetAppSessionsResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppSessions", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_GetClusterAlertsResponse proto.InternalMessageInfo + +func (m *GetClusterAlertsResponse) GetAlerts() []types.ClusterAlert { + if m != nil { + return m.Alerts } - return out, nil + return nil } -func (c *authServiceClient) CreateAppSession(ctx context.Context, in *CreateAppSessionRequest, opts ...grpc.CallOption) (*CreateAppSessionResponse, error) { - out := new(CreateAppSessionResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAppSession", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// UpsertClusterAlertRequest is used to create a cluster alert. +type UpsertClusterAlertRequest struct { + // Alert is the alert being created. + Alert types.ClusterAlert `protobuf:"bytes,1,opt,name=Alert,proto3" json:"Alert"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) DeleteAppSession(ctx context.Context, in *DeleteAppSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAppSession", in, out, opts...) - if err != nil { - return nil, err +func (m *UpsertClusterAlertRequest) Reset() { *m = UpsertClusterAlertRequest{} } +func (m *UpsertClusterAlertRequest) String() string { return proto.CompactTextString(m) } +func (*UpsertClusterAlertRequest) ProtoMessage() {} +func (*UpsertClusterAlertRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{177} +} +func (m *UpsertClusterAlertRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpsertClusterAlertRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpsertClusterAlertRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *UpsertClusterAlertRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpsertClusterAlertRequest.Merge(m, src) +} +func (m *UpsertClusterAlertRequest) XXX_Size() int { + return m.Size() +} +func (m *UpsertClusterAlertRequest) XXX_DiscardUnknown() { + xxx_messageInfo_UpsertClusterAlertRequest.DiscardUnknown(m) } -func (c *authServiceClient) DeleteAllAppSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllAppSessions", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_UpsertClusterAlertRequest proto.InternalMessageInfo + +func (m *UpsertClusterAlertRequest) GetAlert() types.ClusterAlert { + if m != nil { + return m.Alert } - return out, nil + return types.ClusterAlert{} } -func (c *authServiceClient) DeleteUserAppSessions(ctx context.Context, in *DeleteUserAppSessionsRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteUserAppSessions", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// GetConnectionDiagnosticRequest is a request to return a connection diagnostic. +type GetConnectionDiagnosticRequest struct { + // Name is the name of the connection diagnostic. + Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) CreateSnowflakeSession(ctx context.Context, in *CreateSnowflakeSessionRequest, opts ...grpc.CallOption) (*CreateSnowflakeSessionResponse, error) { - out := new(CreateSnowflakeSessionResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSnowflakeSession", in, out, opts...) - if err != nil { - return nil, err +func (m *GetConnectionDiagnosticRequest) Reset() { *m = GetConnectionDiagnosticRequest{} } +func (m *GetConnectionDiagnosticRequest) String() string { return proto.CompactTextString(m) } +func (*GetConnectionDiagnosticRequest) ProtoMessage() {} +func (*GetConnectionDiagnosticRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{178} +} +func (m *GetConnectionDiagnosticRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetConnectionDiagnosticRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetConnectionDiagnosticRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *GetConnectionDiagnosticRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetConnectionDiagnosticRequest.Merge(m, src) +} +func (m *GetConnectionDiagnosticRequest) XXX_Size() int { + return m.Size() +} +func (m *GetConnectionDiagnosticRequest) XXX_DiscardUnknown() { + xxx_messageInfo_GetConnectionDiagnosticRequest.DiscardUnknown(m) } -func (c *authServiceClient) GetSnowflakeSession(ctx context.Context, in *GetSnowflakeSessionRequest, opts ...grpc.CallOption) (*GetSnowflakeSessionResponse, error) { - out := new(GetSnowflakeSessionResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSnowflakeSession", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_GetConnectionDiagnosticRequest proto.InternalMessageInfo + +func (m *GetConnectionDiagnosticRequest) GetName() string { + if m != nil { + return m.Name } - return out, nil + return "" } -func (c *authServiceClient) GetSnowflakeSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetSnowflakeSessionsResponse, error) { - out := new(GetSnowflakeSessionsResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSnowflakeSessions", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +// AppendDiagnosticTraceRequest is a request to append a trace into a DiagnosticConnection. +type AppendDiagnosticTraceRequest struct { + // Name is the name of the connection diagnostic. + Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"` + // Trace is the ConnectionDiagnosticTrace to append into the DiagnosticConnection. + Trace *types.ConnectionDiagnosticTrace `protobuf:"bytes,2,opt,name=Trace,proto3" json:"trace"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (c *authServiceClient) DeleteSnowflakeSession(ctx context.Context, in *DeleteSnowflakeSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSnowflakeSession", in, out, opts...) - if err != nil { - return nil, err +func (m *AppendDiagnosticTraceRequest) Reset() { *m = AppendDiagnosticTraceRequest{} } +func (m *AppendDiagnosticTraceRequest) String() string { return proto.CompactTextString(m) } +func (*AppendDiagnosticTraceRequest) ProtoMessage() {} +func (*AppendDiagnosticTraceRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_0ffcffcda38ae159, []int{179} +} +func (m *AppendDiagnosticTraceRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AppendDiagnosticTraceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AppendDiagnosticTraceRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil } - return out, nil +} +func (m *AppendDiagnosticTraceRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_AppendDiagnosticTraceRequest.Merge(m, src) +} +func (m *AppendDiagnosticTraceRequest) XXX_Size() int { + return m.Size() +} +func (m *AppendDiagnosticTraceRequest) XXX_DiscardUnknown() { + xxx_messageInfo_AppendDiagnosticTraceRequest.DiscardUnknown(m) } -func (c *authServiceClient) DeleteAllSnowflakeSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllSnowflakeSessions", in, out, opts...) - if err != nil { - return nil, err +var xxx_messageInfo_AppendDiagnosticTraceRequest proto.InternalMessageInfo + +func (m *AppendDiagnosticTraceRequest) GetName() string { + if m != nil { + return m.Name } - return out, nil + return "" } -func (c *authServiceClient) GetWebSession(ctx context.Context, in *types.GetWebSessionRequest, opts ...grpc.CallOption) (*GetWebSessionResponse, error) { - out := new(GetWebSessionResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebSession", in, out, opts...) - if err != nil { - return nil, err +func (m *AppendDiagnosticTraceRequest) GetTrace() *types.ConnectionDiagnosticTrace { + if m != nil { + return m.Trace } - return out, nil + return nil } -func (c *authServiceClient) GetWebSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWebSessionsResponse, error) { - out := new(GetWebSessionsResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebSessions", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteWebSession(ctx context.Context, in *types.DeleteWebSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWebSession", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteAllWebSessions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWebSessions", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetWebToken(ctx context.Context, in *types.GetWebTokenRequest, opts ...grpc.CallOption) (*GetWebTokenResponse, error) { - out := new(GetWebTokenResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetWebTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWebTokensResponse, error) { - out := new(GetWebTokensResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebTokens", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteWebToken(ctx context.Context, in *types.DeleteWebTokenRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWebToken", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteAllWebTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWebTokens", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) UpdateRemoteCluster(ctx context.Context, in *types.RemoteClusterV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateRemoteCluster", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Deprecated: Do not use. -func (c *authServiceClient) GetKubeServices(ctx context.Context, in *GetKubeServicesRequest, opts ...grpc.CallOption) (*GetKubeServicesResponse, error) { - out := new(GetKubeServicesResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetKubeServices", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Deprecated: Do not use. -func (c *authServiceClient) UpsertKubeService(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertKubeService", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) UpsertKubeServiceV2(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { - out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertKubeServiceV2", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteKubeService(ctx context.Context, in *DeleteKubeServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteKubeService", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteAllKubeServices(ctx context.Context, in *DeleteAllKubeServicesRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllKubeServices", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Deprecated: Do not use. -func (c *authServiceClient) GetDatabaseServers(ctx context.Context, in *GetDatabaseServersRequest, opts ...grpc.CallOption) (*GetDatabaseServersResponse, error) { - out := new(GetDatabaseServersResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabaseServers", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) UpsertDatabaseServer(ctx context.Context, in *UpsertDatabaseServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { - out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertDatabaseServer", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteDatabaseServer(ctx context.Context, in *DeleteDatabaseServerRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteDatabaseServer", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteAllDatabaseServers(ctx context.Context, in *DeleteAllDatabaseServersRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllDatabaseServers", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) SignDatabaseCSR(ctx context.Context, in *DatabaseCSRRequest, opts ...grpc.CallOption) (*DatabaseCSRResponse, error) { - out := new(DatabaseCSRResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/SignDatabaseCSR", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GenerateDatabaseCert(ctx context.Context, in *DatabaseCertRequest, opts ...grpc.CallOption) (*DatabaseCertResponse, error) { - out := new(DatabaseCertResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateDatabaseCert", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GenerateSnowflakeJWT(ctx context.Context, in *SnowflakeJWTRequest, opts ...grpc.CallOption) (*SnowflakeJWTResponse, error) { - out := new(SnowflakeJWTResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateSnowflakeJWT", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*types.RoleV5, error) { - out := new(types.RoleV5) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetRole", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetRoles(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetRolesResponse, error) { - out := new(GetRolesResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetRoles", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) UpsertRole(ctx context.Context, in *types.RoleV5, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertRole", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteRole", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) AddMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_AddMFADeviceClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[9], "/proto.AuthService/AddMFADevice", opts...) - if err != nil { - return nil, err - } - x := &authServiceAddMFADeviceClient{stream} - return x, nil -} - -type AuthService_AddMFADeviceClient interface { - Send(*AddMFADeviceRequest) error - Recv() (*AddMFADeviceResponse, error) - grpc.ClientStream -} - -type authServiceAddMFADeviceClient struct { - grpc.ClientStream -} - -func (x *authServiceAddMFADeviceClient) Send(m *AddMFADeviceRequest) error { - return x.ClientStream.SendMsg(m) -} - -func (x *authServiceAddMFADeviceClient) Recv() (*AddMFADeviceResponse, error) { - m := new(AddMFADeviceResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -func (c *authServiceClient) DeleteMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_DeleteMFADeviceClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[10], "/proto.AuthService/DeleteMFADevice", opts...) - if err != nil { - return nil, err - } - x := &authServiceDeleteMFADeviceClient{stream} - return x, nil -} - -type AuthService_DeleteMFADeviceClient interface { - Send(*DeleteMFADeviceRequest) error - Recv() (*DeleteMFADeviceResponse, error) - grpc.ClientStream -} - -type authServiceDeleteMFADeviceClient struct { - grpc.ClientStream -} - -func (x *authServiceDeleteMFADeviceClient) Send(m *DeleteMFADeviceRequest) error { - return x.ClientStream.SendMsg(m) -} - -func (x *authServiceDeleteMFADeviceClient) Recv() (*DeleteMFADeviceResponse, error) { - m := new(DeleteMFADeviceResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -func (c *authServiceClient) AddMFADeviceSync(ctx context.Context, in *AddMFADeviceSyncRequest, opts ...grpc.CallOption) (*AddMFADeviceSyncResponse, error) { - out := new(AddMFADeviceSyncResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/AddMFADeviceSync", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) DeleteMFADeviceSync(ctx context.Context, in *DeleteMFADeviceSyncRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteMFADeviceSync", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetMFADevices(ctx context.Context, in *GetMFADevicesRequest, opts ...grpc.CallOption) (*GetMFADevicesResponse, error) { - out := new(GetMFADevicesResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetMFADevices", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) CreateAuthenticateChallenge(ctx context.Context, in *CreateAuthenticateChallengeRequest, opts ...grpc.CallOption) (*MFAAuthenticateChallenge, error) { - out := new(MFAAuthenticateChallenge) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAuthenticateChallenge", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) CreateRegisterChallenge(ctx context.Context, in *CreateRegisterChallengeRequest, opts ...grpc.CallOption) (*MFARegisterChallenge, error) { - out := new(MFARegisterChallenge) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateRegisterChallenge", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authServiceClient) GetOIDCConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3, error) { - out := new(types.OIDCConnectorV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCConnector", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func init() { + proto.RegisterEnum("proto.Operation", Operation_name, Operation_value) + proto.RegisterEnum("proto.DeviceType", DeviceType_name, DeviceType_value) + proto.RegisterEnum("proto.DeviceUsage", DeviceUsage_name, DeviceUsage_value) + proto.RegisterEnum("proto.Order", Order_name, Order_value) + proto.RegisterEnum("proto.UserCertsRequest_CertUsage", UserCertsRequest_CertUsage_name, UserCertsRequest_CertUsage_value) + proto.RegisterEnum("proto.DatabaseCertRequest_Requester", DatabaseCertRequest_Requester_name, DatabaseCertRequest_Requester_value) + proto.RegisterType((*Event)(nil), "proto.Event") + proto.RegisterType((*Watch)(nil), "proto.Watch") + proto.RegisterType((*WatchKind)(nil), "proto.WatchKind") + proto.RegisterMapType((map[string]string)(nil), "proto.WatchKind.FilterEntry") + proto.RegisterType((*HostCertsRequest)(nil), "proto.HostCertsRequest") + proto.RegisterType((*UserCertsRequest)(nil), "proto.UserCertsRequest") + proto.RegisterType((*RouteToDatabase)(nil), "proto.RouteToDatabase") + proto.RegisterType((*RouteToWindowsDesktop)(nil), "proto.RouteToWindowsDesktop") + proto.RegisterType((*RouteToApp)(nil), "proto.RouteToApp") + proto.RegisterType((*GetUserRequest)(nil), "proto.GetUserRequest") + proto.RegisterType((*GetUsersRequest)(nil), "proto.GetUsersRequest") + proto.RegisterType((*AccessRequests)(nil), "proto.AccessRequests") + proto.RegisterType((*PluginDataSeq)(nil), "proto.PluginDataSeq") + proto.RegisterType((*RequestStateSetter)(nil), "proto.RequestStateSetter") + proto.RegisterType((*RequestID)(nil), "proto.RequestID") + proto.RegisterType((*RotateUserTokenSecretsRequest)(nil), "proto.RotateUserTokenSecretsRequest") + proto.RegisterType((*GetResetPasswordTokenRequest)(nil), "proto.GetResetPasswordTokenRequest") + proto.RegisterType((*CreateResetPasswordTokenRequest)(nil), "proto.CreateResetPasswordTokenRequest") + proto.RegisterType((*RenewableCertsRequest)(nil), "proto.RenewableCertsRequest") + proto.RegisterType((*CreateBotRequest)(nil), "proto.CreateBotRequest") + proto.RegisterType((*CreateBotResponse)(nil), "proto.CreateBotResponse") + proto.RegisterType((*DeleteBotRequest)(nil), "proto.DeleteBotRequest") + proto.RegisterType((*GetBotUsersRequest)(nil), "proto.GetBotUsersRequest") + proto.RegisterType((*PingRequest)(nil), "proto.PingRequest") + proto.RegisterType((*PingResponse)(nil), "proto.PingResponse") + proto.RegisterType((*Features)(nil), "proto.Features") + proto.RegisterType((*DeleteUserRequest)(nil), "proto.DeleteUserRequest") + proto.RegisterType((*Semaphores)(nil), "proto.Semaphores") + proto.RegisterType((*AuditStreamRequest)(nil), "proto.AuditStreamRequest") + proto.RegisterType((*AuditStreamStatus)(nil), "proto.AuditStreamStatus") + proto.RegisterType((*CreateStream)(nil), "proto.CreateStream") + proto.RegisterType((*ResumeStream)(nil), "proto.ResumeStream") + proto.RegisterType((*CompleteStream)(nil), "proto.CompleteStream") + proto.RegisterType((*FlushAndCloseStream)(nil), "proto.FlushAndCloseStream") + proto.RegisterType((*GetApplicationServersRequest)(nil), "proto.GetApplicationServersRequest") + proto.RegisterType((*GetApplicationServersResponse)(nil), "proto.GetApplicationServersResponse") + proto.RegisterType((*UpsertApplicationServerRequest)(nil), "proto.UpsertApplicationServerRequest") + proto.RegisterType((*DeleteApplicationServerRequest)(nil), "proto.DeleteApplicationServerRequest") + proto.RegisterType((*DeleteAllApplicationServersRequest)(nil), "proto.DeleteAllApplicationServersRequest") + proto.RegisterType((*GetAppServersRequest)(nil), "proto.GetAppServersRequest") + proto.RegisterType((*GetAppServersResponse)(nil), "proto.GetAppServersResponse") + proto.RegisterType((*UpsertAppServerRequest)(nil), "proto.UpsertAppServerRequest") + proto.RegisterType((*DeleteAppServerRequest)(nil), "proto.DeleteAppServerRequest") + proto.RegisterType((*DeleteAllAppServersRequest)(nil), "proto.DeleteAllAppServersRequest") + proto.RegisterType((*GenerateAppTokenRequest)(nil), "proto.GenerateAppTokenRequest") + proto.RegisterType((*GenerateAppTokenResponse)(nil), "proto.GenerateAppTokenResponse") + proto.RegisterType((*GetAppSessionRequest)(nil), "proto.GetAppSessionRequest") + proto.RegisterType((*GetAppSessionResponse)(nil), "proto.GetAppSessionResponse") + proto.RegisterType((*GetAppSessionsResponse)(nil), "proto.GetAppSessionsResponse") + proto.RegisterType((*GetSnowflakeSessionsResponse)(nil), "proto.GetSnowflakeSessionsResponse") + proto.RegisterType((*CreateAppSessionRequest)(nil), "proto.CreateAppSessionRequest") + proto.RegisterType((*CreateAppSessionResponse)(nil), "proto.CreateAppSessionResponse") + proto.RegisterType((*CreateSnowflakeSessionRequest)(nil), "proto.CreateSnowflakeSessionRequest") + proto.RegisterType((*CreateSnowflakeSessionResponse)(nil), "proto.CreateSnowflakeSessionResponse") + proto.RegisterType((*GetSnowflakeSessionRequest)(nil), "proto.GetSnowflakeSessionRequest") + proto.RegisterType((*GetSnowflakeSessionResponse)(nil), "proto.GetSnowflakeSessionResponse") + proto.RegisterType((*DeleteAppSessionRequest)(nil), "proto.DeleteAppSessionRequest") + proto.RegisterType((*DeleteSnowflakeSessionRequest)(nil), "proto.DeleteSnowflakeSessionRequest") + proto.RegisterType((*DeleteUserAppSessionsRequest)(nil), "proto.DeleteUserAppSessionsRequest") + proto.RegisterType((*GetWebSessionResponse)(nil), "proto.GetWebSessionResponse") + proto.RegisterType((*GetWebSessionsResponse)(nil), "proto.GetWebSessionsResponse") + proto.RegisterType((*GetWebTokenResponse)(nil), "proto.GetWebTokenResponse") + proto.RegisterType((*GetWebTokensResponse)(nil), "proto.GetWebTokensResponse") + proto.RegisterType((*GetKubeServicesRequest)(nil), "proto.GetKubeServicesRequest") + proto.RegisterType((*GetKubeServicesResponse)(nil), "proto.GetKubeServicesResponse") + proto.RegisterType((*UpsertKubeServiceRequest)(nil), "proto.UpsertKubeServiceRequest") + proto.RegisterType((*DeleteKubeServiceRequest)(nil), "proto.DeleteKubeServiceRequest") + proto.RegisterType((*DeleteAllKubeServicesRequest)(nil), "proto.DeleteAllKubeServicesRequest") + proto.RegisterType((*GetDatabaseServersRequest)(nil), "proto.GetDatabaseServersRequest") + proto.RegisterType((*GetDatabaseServersResponse)(nil), "proto.GetDatabaseServersResponse") + proto.RegisterType((*UpsertDatabaseServerRequest)(nil), "proto.UpsertDatabaseServerRequest") + proto.RegisterType((*DeleteDatabaseServerRequest)(nil), "proto.DeleteDatabaseServerRequest") + proto.RegisterType((*DeleteAllDatabaseServersRequest)(nil), "proto.DeleteAllDatabaseServersRequest") + proto.RegisterType((*DatabaseCSRRequest)(nil), "proto.DatabaseCSRRequest") + proto.RegisterType((*DatabaseCSRResponse)(nil), "proto.DatabaseCSRResponse") + proto.RegisterType((*DatabaseCertRequest)(nil), "proto.DatabaseCertRequest") + proto.RegisterType((*DatabaseCertResponse)(nil), "proto.DatabaseCertResponse") + proto.RegisterType((*SnowflakeJWTRequest)(nil), "proto.SnowflakeJWTRequest") + proto.RegisterType((*SnowflakeJWTResponse)(nil), "proto.SnowflakeJWTResponse") + proto.RegisterType((*GetRoleRequest)(nil), "proto.GetRoleRequest") + proto.RegisterType((*GetRolesResponse)(nil), "proto.GetRolesResponse") + proto.RegisterType((*DeleteRoleRequest)(nil), "proto.DeleteRoleRequest") + proto.RegisterType((*MFAAuthenticateChallenge)(nil), "proto.MFAAuthenticateChallenge") + proto.RegisterType((*MFAAuthenticateResponse)(nil), "proto.MFAAuthenticateResponse") + proto.RegisterType((*TOTPChallenge)(nil), "proto.TOTPChallenge") + proto.RegisterType((*TOTPResponse)(nil), "proto.TOTPResponse") + proto.RegisterType((*MFARegisterChallenge)(nil), "proto.MFARegisterChallenge") + proto.RegisterType((*MFARegisterResponse)(nil), "proto.MFARegisterResponse") + proto.RegisterType((*TOTPRegisterChallenge)(nil), "proto.TOTPRegisterChallenge") + proto.RegisterType((*TOTPRegisterResponse)(nil), "proto.TOTPRegisterResponse") + proto.RegisterType((*AddMFADeviceRequest)(nil), "proto.AddMFADeviceRequest") + proto.RegisterType((*AddMFADeviceResponse)(nil), "proto.AddMFADeviceResponse") + proto.RegisterType((*AddMFADeviceRequestInit)(nil), "proto.AddMFADeviceRequestInit") + proto.RegisterType((*AddMFADeviceResponseAck)(nil), "proto.AddMFADeviceResponseAck") + proto.RegisterType((*DeleteMFADeviceRequest)(nil), "proto.DeleteMFADeviceRequest") + proto.RegisterType((*DeleteMFADeviceResponse)(nil), "proto.DeleteMFADeviceResponse") + proto.RegisterType((*DeleteMFADeviceRequestInit)(nil), "proto.DeleteMFADeviceRequestInit") + proto.RegisterType((*DeleteMFADeviceResponseAck)(nil), "proto.DeleteMFADeviceResponseAck") + proto.RegisterType((*DeleteMFADeviceSyncRequest)(nil), "proto.DeleteMFADeviceSyncRequest") + proto.RegisterType((*AddMFADeviceSyncRequest)(nil), "proto.AddMFADeviceSyncRequest") + proto.RegisterType((*AddMFADeviceSyncResponse)(nil), "proto.AddMFADeviceSyncResponse") + proto.RegisterType((*GetMFADevicesRequest)(nil), "proto.GetMFADevicesRequest") + proto.RegisterType((*GetMFADevicesResponse)(nil), "proto.GetMFADevicesResponse") + proto.RegisterType((*UserSingleUseCertsRequest)(nil), "proto.UserSingleUseCertsRequest") + proto.RegisterType((*UserSingleUseCertsResponse)(nil), "proto.UserSingleUseCertsResponse") + proto.RegisterType((*IsMFARequiredRequest)(nil), "proto.IsMFARequiredRequest") + proto.RegisterType((*StreamSessionEventsRequest)(nil), "proto.StreamSessionEventsRequest") + proto.RegisterType((*NodeLogin)(nil), "proto.NodeLogin") + proto.RegisterType((*IsMFARequiredResponse)(nil), "proto.IsMFARequiredResponse") + proto.RegisterType((*SingleUseUserCert)(nil), "proto.SingleUseUserCert") + proto.RegisterType((*GetEventsRequest)(nil), "proto.GetEventsRequest") + proto.RegisterType((*GetSessionEventsRequest)(nil), "proto.GetSessionEventsRequest") + proto.RegisterType((*Events)(nil), "proto.Events") + proto.RegisterType((*GetLocksRequest)(nil), "proto.GetLocksRequest") + proto.RegisterType((*GetLocksResponse)(nil), "proto.GetLocksResponse") + proto.RegisterType((*GetLockRequest)(nil), "proto.GetLockRequest") + proto.RegisterType((*DeleteLockRequest)(nil), "proto.DeleteLockRequest") + proto.RegisterType((*ReplaceRemoteLocksRequest)(nil), "proto.ReplaceRemoteLocksRequest") + proto.RegisterType((*GetWindowsDesktopServicesResponse)(nil), "proto.GetWindowsDesktopServicesResponse") + proto.RegisterType((*GetWindowsDesktopServiceRequest)(nil), "proto.GetWindowsDesktopServiceRequest") + proto.RegisterType((*GetWindowsDesktopServiceResponse)(nil), "proto.GetWindowsDesktopServiceResponse") + proto.RegisterType((*DeleteWindowsDesktopServiceRequest)(nil), "proto.DeleteWindowsDesktopServiceRequest") + proto.RegisterType((*GetWindowsDesktopsResponse)(nil), "proto.GetWindowsDesktopsResponse") + proto.RegisterType((*DeleteWindowsDesktopRequest)(nil), "proto.DeleteWindowsDesktopRequest") + proto.RegisterType((*WindowsDesktopCertRequest)(nil), "proto.WindowsDesktopCertRequest") + proto.RegisterType((*WindowsDesktopCertResponse)(nil), "proto.WindowsDesktopCertResponse") + proto.RegisterType((*CertAuthorityRequest)(nil), "proto.CertAuthorityRequest") + proto.RegisterType((*CRL)(nil), "proto.CRL") + proto.RegisterType((*ChangeUserAuthenticationRequest)(nil), "proto.ChangeUserAuthenticationRequest") + proto.RegisterType((*ChangeUserAuthenticationResponse)(nil), "proto.ChangeUserAuthenticationResponse") + proto.RegisterType((*StartAccountRecoveryRequest)(nil), "proto.StartAccountRecoveryRequest") + proto.RegisterType((*VerifyAccountRecoveryRequest)(nil), "proto.VerifyAccountRecoveryRequest") + proto.RegisterType((*CompleteAccountRecoveryRequest)(nil), "proto.CompleteAccountRecoveryRequest") + proto.RegisterType((*RecoveryCodes)(nil), "proto.RecoveryCodes") + proto.RegisterType((*CreateAccountRecoveryCodesRequest)(nil), "proto.CreateAccountRecoveryCodesRequest") + proto.RegisterType((*GetAccountRecoveryTokenRequest)(nil), "proto.GetAccountRecoveryTokenRequest") + proto.RegisterType((*GetAccountRecoveryCodesRequest)(nil), "proto.GetAccountRecoveryCodesRequest") + proto.RegisterType((*UserCredentials)(nil), "proto.UserCredentials") + proto.RegisterType((*ContextUser)(nil), "proto.ContextUser") + proto.RegisterType((*Passwordless)(nil), "proto.Passwordless") + proto.RegisterType((*CreateAuthenticateChallengeRequest)(nil), "proto.CreateAuthenticateChallengeRequest") + proto.RegisterType((*CreatePrivilegeTokenRequest)(nil), "proto.CreatePrivilegeTokenRequest") + proto.RegisterType((*CreateRegisterChallengeRequest)(nil), "proto.CreateRegisterChallengeRequest") + proto.RegisterType((*PaginatedResource)(nil), "proto.PaginatedResource") + proto.RegisterType((*ListResourcesRequest)(nil), "proto.ListResourcesRequest") + proto.RegisterMapType((map[string]string)(nil), "proto.ListResourcesRequest.LabelsEntry") + proto.RegisterType((*ListResourcesResponse)(nil), "proto.ListResourcesResponse") + proto.RegisterType((*CreateSessionTrackerRequest)(nil), "proto.CreateSessionTrackerRequest") + proto.RegisterType((*GetSessionTrackerRequest)(nil), "proto.GetSessionTrackerRequest") + proto.RegisterType((*RemoveSessionTrackerRequest)(nil), "proto.RemoveSessionTrackerRequest") + proto.RegisterType((*SessionTrackerUpdateState)(nil), "proto.SessionTrackerUpdateState") + proto.RegisterType((*SessionTrackerAddParticipant)(nil), "proto.SessionTrackerAddParticipant") + proto.RegisterType((*SessionTrackerRemoveParticipant)(nil), "proto.SessionTrackerRemoveParticipant") + proto.RegisterType((*SessionTrackerUpdateExpiry)(nil), "proto.SessionTrackerUpdateExpiry") + proto.RegisterType((*UpdateSessionTrackerRequest)(nil), "proto.UpdateSessionTrackerRequest") + proto.RegisterType((*PresenceMFAChallengeRequest)(nil), "proto.PresenceMFAChallengeRequest") + proto.RegisterType((*PresenceMFAChallengeSend)(nil), "proto.PresenceMFAChallengeSend") + proto.RegisterType((*GetDomainNameResponse)(nil), "proto.GetDomainNameResponse") + proto.RegisterType((*GetClusterCACertResponse)(nil), "proto.GetClusterCACertResponse") + proto.RegisterType((*GenerateTokenRequest)(nil), "proto.GenerateTokenRequest") + proto.RegisterMapType((map[string]string)(nil), "proto.GenerateTokenRequest.LabelsEntry") + proto.RegisterType((*GenerateTokenResponse)(nil), "proto.GenerateTokenResponse") + proto.RegisterType((*GetOIDCAuthRequestRequest)(nil), "proto.GetOIDCAuthRequestRequest") + proto.RegisterType((*GetSAMLAuthRequestRequest)(nil), "proto.GetSAMLAuthRequestRequest") + proto.RegisterType((*GetGithubAuthRequestRequest)(nil), "proto.GetGithubAuthRequestRequest") + proto.RegisterType((*GetSSODiagnosticInfoRequest)(nil), "proto.GetSSODiagnosticInfoRequest") + proto.RegisterType((*UnstableSystemRoleAssertion)(nil), "proto.UnstableSystemRoleAssertion") + proto.RegisterType((*UnstableSystemRoleAssertionSet)(nil), "proto.UnstableSystemRoleAssertionSet") + proto.RegisterType((*UpstreamInventoryOneOf)(nil), "proto.UpstreamInventoryOneOf") + proto.RegisterType((*DownstreamInventoryOneOf)(nil), "proto.DownstreamInventoryOneOf") + proto.RegisterType((*DownstreamInventoryPing)(nil), "proto.DownstreamInventoryPing") + proto.RegisterType((*UpstreamInventoryPong)(nil), "proto.UpstreamInventoryPong") + proto.RegisterType((*UpstreamInventoryHello)(nil), "proto.UpstreamInventoryHello") + proto.RegisterType((*DownstreamInventoryHello)(nil), "proto.DownstreamInventoryHello") + proto.RegisterType((*InventoryHeartbeat)(nil), "proto.InventoryHeartbeat") + proto.RegisterType((*InventoryStatusRequest)(nil), "proto.InventoryStatusRequest") + proto.RegisterType((*InventoryStatusSummary)(nil), "proto.InventoryStatusSummary") + proto.RegisterType((*InventoryPingRequest)(nil), "proto.InventoryPingRequest") + proto.RegisterType((*InventoryPingResponse)(nil), "proto.InventoryPingResponse") + proto.RegisterType((*GetClusterAlertsResponse)(nil), "proto.GetClusterAlertsResponse") + proto.RegisterType((*UpsertClusterAlertRequest)(nil), "proto.UpsertClusterAlertRequest") + proto.RegisterType((*GetConnectionDiagnosticRequest)(nil), "proto.GetConnectionDiagnosticRequest") + proto.RegisterType((*AppendDiagnosticTraceRequest)(nil), "proto.AppendDiagnosticTraceRequest") } -func (c *authServiceClient) GetOIDCConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3List, error) { - out := new(types.OIDCConnectorV3List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCConnectors", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func init() { + proto.RegisterFile("teleport/legacy/client/proto/authservice.proto", fileDescriptor_0ffcffcda38ae159) } -func (c *authServiceClient) UpsertOIDCConnector(ctx context.Context, in *types.OIDCConnectorV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertOIDCConnector", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +var fileDescriptor_0ffcffcda38ae159 = []byte{ + // 11236 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x7d, 0x5b, 0x6c, 0x1c, 0x49, + 0x92, 0x98, 0xba, 0xf9, 0x0e, 0x3e, 0x44, 0xa5, 0x48, 0xb1, 0xd5, 0x92, 0xd8, 0x52, 0xcd, 0x63, + 0xa5, 0xb9, 0x5d, 0x49, 0x43, 0xce, 0x7b, 0x66, 0x67, 0xb6, 0x9b, 0xa4, 0x44, 0x4a, 0x14, 0xc5, + 0xa9, 0xa6, 0x5a, 0xb3, 0xb3, 0xb3, 0xdb, 0x5b, 0xec, 0x4e, 0x91, 0x65, 0x36, 0xab, 0x7a, 0xab, + 0xaa, 0xa5, 0x11, 0x0c, 0xbf, 0xbd, 0x67, 0xc3, 0x86, 0xe1, 0x35, 0xe0, 0x83, 0x7d, 0xf0, 0x87, + 0x0d, 0x1c, 0x60, 0xc0, 0x06, 0xec, 0x0f, 0xc3, 0x86, 0x7f, 0x0c, 0x1c, 0x0c, 0xbf, 0xd6, 0x06, + 0x0c, 0xf8, 0xe7, 0x60, 0xc0, 0x30, 0x78, 0xe7, 0xfd, 0x31, 0x40, 0xf8, 0xc7, 0x30, 0x6c, 0xc0, + 0xfb, 0x65, 0x64, 0xe4, 0xa3, 0x32, 0xeb, 0xd1, 0x4d, 0x4a, 0xf4, 0xde, 0x8f, 0xc4, 0xce, 0x8c, + 0x88, 0xcc, 0x8c, 0x8c, 0x8c, 0x8c, 0x8c, 0x8c, 0x8c, 0x82, 0xdb, 0x11, 0xed, 0xd0, 0xae, 0x1f, + 0x44, 0x77, 0x3a, 0x74, 0xcf, 0x69, 0xbd, 0xbc, 0xd3, 0xea, 0xb8, 0xd4, 0x8b, 0xee, 0x74, 0x03, + 0x3f, 0xf2, 0xef, 0x38, 0xbd, 0x68, 0x3f, 0xa4, 0xc1, 0x73, 0xb7, 0x45, 0x6f, 0x63, 0x09, 0x19, + 0xc1, 0xff, 0xca, 0x73, 0x7b, 0xfe, 0x9e, 0xcf, 0x61, 0xd8, 0x5f, 0xbc, 0xb2, 0x7c, 0x65, 0xcf, + 0xf7, 0xf7, 0x3a, 0x94, 0x23, 0xef, 0xf6, 0x9e, 0xdd, 0xa1, 0x87, 0xdd, 0xe8, 0xa5, 0xa8, 0xac, + 0x24, 0x2b, 0x23, 0xf7, 0x90, 0x86, 0x91, 0x73, 0xd8, 0x15, 0x00, 0x37, 0xfb, 0x76, 0xa5, 0x45, + 0x83, 0x28, 0x14, 0x90, 0xb7, 0x92, 0x90, 0xd1, 0xcb, 0x2e, 0x0d, 0xef, 0xd0, 0xe7, 0xd4, 0x8b, + 0xe4, 0x7f, 0x02, 0xf4, 0x46, 0x36, 0x28, 0xfe, 0x2b, 0x40, 0xbe, 0x97, 0x0d, 0xf2, 0x82, 0xee, + 0xb2, 0xe1, 0x7b, 0xea, 0x8f, 0x01, 0xe0, 0x81, 0xd3, 0xed, 0xd2, 0x20, 0xfe, 0x83, 0x83, 0x5b, + 0xff, 0x75, 0x1e, 0x46, 0xd6, 0x58, 0x8f, 0xc8, 0x47, 0x30, 0xbc, 0xf3, 0xb2, 0x4b, 0x4b, 0x85, + 0xeb, 0x85, 0x9b, 0x33, 0x4b, 0xb3, 0xbc, 0xfe, 0xf6, 0xe3, 0x2e, 0x0d, 0x9c, 0xc8, 0xf5, 0xbd, + 0x1a, 0x39, 0x3e, 0xaa, 0xcc, 0x30, 0x62, 0xdf, 0xf5, 0x0f, 0xdd, 0x08, 0x59, 0x67, 0x23, 0x06, + 0x79, 0x0a, 0x33, 0x36, 0x0d, 0xfd, 0x5e, 0xd0, 0xa2, 0xeb, 0xd4, 0x69, 0xd3, 0xa0, 0x54, 0xbc, + 0x5e, 0xb8, 0x39, 0xb9, 0x34, 0x7f, 0x9b, 0x8f, 0xc3, 0xac, 0xac, 0x5d, 0x3a, 0x3e, 0xaa, 0x90, + 0x40, 0x94, 0xc5, 0xc4, 0xd6, 0xcf, 0xd9, 0x09, 0x32, 0xe4, 0x1b, 0x98, 0x5e, 0xa1, 0x41, 0x54, + 0xed, 0x45, 0xfb, 0x7e, 0xe0, 0x46, 0x2f, 0x4b, 0x43, 0x48, 0xf7, 0x92, 0xa0, 0x6b, 0xd4, 0x35, + 0x96, 0x6a, 0x57, 0x8f, 0x8f, 0x2a, 0x25, 0x36, 0x11, 0x4d, 0x47, 0x96, 0x1a, 0xe4, 0x4d, 0x62, + 0xe4, 0x2b, 0x98, 0xaa, 0x47, 0x4e, 0xe4, 0xb6, 0x76, 0xfc, 0x03, 0xea, 0x85, 0xa5, 0x61, 0xa3, + 0xd3, 0x7a, 0x55, 0x63, 0xa9, 0x76, 0xe5, 0xf8, 0xa8, 0xb2, 0x10, 0x62, 0x59, 0x33, 0xc2, 0x42, + 0x83, 0xb4, 0x41, 0x89, 0xfc, 0x14, 0x66, 0xb6, 0x03, 0xff, 0xb9, 0x1b, 0xba, 0xbe, 0x87, 0x45, + 0xa5, 0x11, 0xa4, 0xbd, 0x20, 0x68, 0x9b, 0x95, 0x8d, 0xa5, 0xda, 0xb5, 0xe3, 0xa3, 0xca, 0xe5, + 0xae, 0x2c, 0xe5, 0x0d, 0x98, 0x9c, 0x31, 0x51, 0xc8, 0x0e, 0x4c, 0xae, 0x74, 0x7a, 0x61, 0x44, + 0x83, 0x2d, 0xe7, 0x90, 0x96, 0x46, 0x91, 0xfc, 0x9c, 0xe4, 0x4b, 0x5c, 0xd3, 0x58, 0xaa, 0x95, + 0x8f, 0x8f, 0x2a, 0x97, 0x5a, 0xbc, 0xa8, 0xe9, 0x39, 0x87, 0x26, 0xcb, 0x75, 0x32, 0xe4, 0x43, + 0x18, 0x7e, 0x12, 0xd2, 0xa0, 0x34, 0x8e, 0xe4, 0xa6, 0x05, 0x39, 0x56, 0xd4, 0x58, 0xe2, 0xf3, + 0xdf, 0x0b, 0x69, 0x60, 0xe0, 0x23, 0x02, 0x43, 0xb4, 0xfd, 0x0e, 0x2d, 0x4d, 0x18, 0x88, 0xac, + 0xa8, 0xf1, 0x3e, 0x47, 0x0c, 0xfc, 0x8e, 0xd9, 0x30, 0x22, 0x90, 0x0d, 0x98, 0x60, 0x2d, 0x87, + 0x5d, 0xa7, 0x45, 0x4b, 0x80, 0xd8, 0xb3, 0x02, 0x5b, 0x95, 0xd7, 0x16, 0x8e, 0x8f, 0x2a, 0x17, + 0x3d, 0xf9, 0xd3, 0xa0, 0x12, 0x63, 0x93, 0x2f, 0x60, 0xb4, 0x4e, 0x83, 0xe7, 0x34, 0x28, 0x4d, + 0x22, 0x9d, 0xf3, 0x72, 0x22, 0xb1, 0xb0, 0xb1, 0x54, 0x9b, 0x3b, 0x3e, 0xaa, 0xcc, 0x86, 0xf8, + 0xcb, 0xa0, 0x21, 0xd0, 0x98, 0xb4, 0xd9, 0xf4, 0x39, 0x0d, 0x42, 0xba, 0xd3, 0xf3, 0x3c, 0xda, + 0x29, 0x4d, 0x19, 0xd2, 0x66, 0xd4, 0x49, 0x69, 0x0b, 0x78, 0x61, 0x33, 0xc2, 0x52, 0x53, 0xda, + 0x0c, 0x04, 0xb2, 0x0f, 0xb3, 0xfc, 0xaf, 0x15, 0xdf, 0xf3, 0x68, 0x8b, 0x2d, 0xa9, 0xd2, 0x34, + 0x36, 0x70, 0x59, 0x34, 0x90, 0xac, 0x6e, 0x2c, 0xd5, 0x2a, 0xc7, 0x47, 0x95, 0x2b, 0x9c, 0x76, + 0xb3, 0xa5, 0x2a, 0x8c, 0x66, 0x52, 0x54, 0xd9, 0x38, 0xaa, 0xad, 0x16, 0x0d, 0x43, 0x9b, 0xfe, + 0xac, 0x47, 0xc3, 0xa8, 0x34, 0x63, 0x8c, 0xc3, 0xa8, 0x6b, 0x2c, 0xf3, 0x71, 0x38, 0x58, 0xd8, + 0x0c, 0x78, 0xa9, 0x39, 0x0e, 0x03, 0x81, 0x6c, 0x03, 0x54, 0xbb, 0xdd, 0x3a, 0x0d, 0x99, 0x30, + 0x96, 0xce, 0x23, 0xe9, 0x8b, 0x82, 0xf4, 0x53, 0xba, 0x2b, 0x2a, 0x1a, 0x4b, 0xb5, 0xcb, 0xc7, + 0x47, 0x95, 0x79, 0xa7, 0xdb, 0x6d, 0x86, 0xbc, 0xc8, 0x20, 0xaa, 0xd1, 0xe0, 0x7c, 0x3f, 0xf4, + 0x23, 0x2a, 0x44, 0xb1, 0x34, 0x9b, 0xe0, 0xbb, 0x56, 0x27, 0xfb, 0x1b, 0x60, 0x61, 0x53, 0x88, + 0x75, 0x92, 0xef, 0x1a, 0x02, 0x5b, 0x8b, 0xab, 0x4e, 0xe4, 0xec, 0x3a, 0x21, 0x15, 0xe2, 0x71, + 0xc1, 0x58, 0x8b, 0x66, 0x65, 0x63, 0x99, 0xaf, 0xc5, 0xb6, 0x28, 0x6d, 0x66, 0xc8, 0x4b, 0x82, + 0x1e, 0xe3, 0x48, 0x3c, 0xf0, 0x12, 0x19, 0xc0, 0x91, 0x17, 0x74, 0x37, 0x9b, 0x23, 0x31, 0x28, + 0x59, 0x87, 0xf1, 0xa7, 0x74, 0x97, 0x6b, 0x8e, 0x8b, 0x48, 0xef, 0x42, 0x4c, 0x8f, 0xeb, 0x8c, + 0x65, 0xbe, 0x2a, 0x18, 0xb5, 0xb4, 0xb6, 0x50, 0xd8, 0xe4, 0xe7, 0x05, 0x58, 0x90, 0x2b, 0x9c, + 0x46, 0x2f, 0xfc, 0xe0, 0xc0, 0xf5, 0xf6, 0x56, 0x7c, 0xef, 0x99, 0xbb, 0x57, 0x9a, 0x43, 0xca, + 0xd7, 0x13, 0x4a, 0x23, 0x01, 0xd5, 0x58, 0xaa, 0x7d, 0xe7, 0xf8, 0xa8, 0xf2, 0x86, 0x52, 0x20, + 0xaa, 0x9e, 0x09, 0xe4, 0x33, 0x77, 0xcf, 0x68, 0x38, 0xaf, 0x2d, 0xf2, 0xe7, 0x0a, 0x70, 0x49, + 0x8c, 0xce, 0xa6, 0x2d, 0x3f, 0x68, 0xc7, 0xdd, 0x98, 0xc7, 0x6e, 0x54, 0xd4, 0x6a, 0xcd, 0x02, + 0x6a, 0x2c, 0xd5, 0xde, 0x3e, 0x3e, 0xaa, 0x58, 0x82, 0x71, 0xcd, 0x40, 0x56, 0x67, 0x75, 0x22, + 0xa7, 0x21, 0x26, 0x09, 0x4c, 0xf9, 0x6f, 0x07, 0xf4, 0x19, 0x0d, 0xa8, 0xd7, 0xa2, 0xa5, 0x4b, + 0x86, 0x24, 0x98, 0x95, 0x52, 0x2b, 0xb3, 0xad, 0xa4, 0xd9, 0x55, 0xc5, 0xa6, 0x24, 0x98, 0x28, + 0xe4, 0x67, 0x40, 0x04, 0x03, 0xaa, 0xbd, 0xb6, 0x1b, 0x89, 0x01, 0x2e, 0x60, 0x2b, 0x57, 0x4c, + 0x3e, 0x6b, 0x00, 0x8d, 0xa5, 0x9a, 0x75, 0x7c, 0x54, 0x59, 0x94, 0x2c, 0x76, 0x58, 0x55, 0xd6, + 0xc0, 0x32, 0x88, 0x33, 0xcd, 0xbb, 0xe9, 0xb7, 0x0e, 0x4a, 0x25, 0x43, 0xf3, 0xb2, 0x22, 0xa9, + 0xb2, 0x3b, 0x7e, 0xeb, 0xc0, 0xd4, 0xbc, 0xac, 0x96, 0x44, 0x70, 0x51, 0xcc, 0x92, 0x4d, 0xc3, + 0x28, 0x70, 0x51, 0x77, 0x84, 0xa5, 0xcb, 0x48, 0xe7, 0xaa, 0xd4, 0xc1, 0x69, 0x88, 0xc6, 0x7b, + 0xbc, 0xb7, 0x42, 0x10, 0x9a, 0x81, 0x56, 0x67, 0x34, 0x93, 0x45, 0x9e, 0xfc, 0x29, 0x98, 0x7f, + 0xea, 0x7a, 0x6d, 0xff, 0x45, 0xb8, 0x4a, 0xc3, 0x83, 0xc8, 0xef, 0xd6, 0xb9, 0xf9, 0x56, 0x2a, + 0x63, 0xbb, 0x8b, 0x52, 0xcc, 0xb3, 0x60, 0x1a, 0xcb, 0xb5, 0xb7, 0x8e, 0x8f, 0x2a, 0x37, 0x5e, + 0xf0, 0xca, 0x66, 0x9b, 0xd7, 0x36, 0x85, 0x05, 0x68, 0x34, 0x9e, 0xdd, 0x0a, 0x13, 0x01, 0xb3, + 0xa2, 0x74, 0xc5, 0x10, 0x01, 0xb3, 0x52, 0x2a, 0x83, 0x44, 0x83, 0xa6, 0x08, 0x98, 0x28, 0xe4, + 0x3e, 0x8c, 0x4b, 0xf5, 0x50, 0xba, 0x6a, 0x2c, 0x5d, 0x59, 0xdc, 0x58, 0xe6, 0x16, 0x90, 0x54, + 0x31, 0xe6, 0xca, 0x95, 0x50, 0x64, 0x13, 0x26, 0x50, 0x47, 0xa2, 0xca, 0xba, 0x86, 0x94, 0x88, + 0x14, 0x54, 0x59, 0xde, 0x58, 0xae, 0x95, 0x8e, 0x8f, 0x2a, 0x73, 0x5c, 0xcb, 0xa6, 0x14, 0x55, + 0x4c, 0x80, 0x2c, 0xc3, 0x50, 0xb5, 0xdb, 0x2d, 0x2d, 0x22, 0x9d, 0xa9, 0x98, 0x4e, 0x63, 0xb9, + 0x76, 0xe1, 0xf8, 0xa8, 0x32, 0xed, 0x74, 0xcd, 0x61, 0x31, 0x68, 0xb2, 0x0b, 0xb3, 0x75, 0xcf, + 0x7f, 0xf1, 0xac, 0xe3, 0x1c, 0x50, 0xa9, 0xde, 0x2a, 0xf9, 0xea, 0x0d, 0x37, 0xab, 0x50, 0x22, + 0x64, 0x2a, 0xb9, 0x14, 0x3d, 0xf2, 0x10, 0x26, 0x36, 0xbc, 0x30, 0x72, 0x3a, 0x1d, 0x1a, 0x94, + 0x2c, 0x63, 0x98, 0xaa, 0xbc, 0xf1, 0x2e, 0x57, 0x76, 0xae, 0x2c, 0x30, 0x47, 0xa9, 0xe0, 0x6a, + 0x00, 0xe3, 0xd2, 0x82, 0x7c, 0x30, 0x3c, 0x3e, 0x36, 0x3b, 0x6e, 0xad, 0xc3, 0xc8, 0x53, 0x27, + 0x6a, 0xed, 0x93, 0x2f, 0x60, 0xe4, 0xa1, 0xeb, 0xb5, 0xc3, 0x52, 0xe1, 0xfa, 0x10, 0x1a, 0x19, + 0xdc, 0xbc, 0xc5, 0x4a, 0x56, 0x51, 0x5b, 0xf8, 0xe5, 0x51, 0xe5, 0xdc, 0xf1, 0x51, 0xe5, 0xfc, + 0x01, 0x03, 0xd3, 0x6c, 0x5c, 0x8e, 0x67, 0xfd, 0xd3, 0x22, 0x4c, 0x28, 0x68, 0x72, 0x15, 0x86, + 0xd9, 0xff, 0x68, 0x2c, 0x4f, 0xd4, 0xc6, 0x8f, 0x8f, 0x2a, 0xc3, 0x0c, 0xcf, 0xc6, 0x52, 0xb2, + 0x04, 0x93, 0x9b, 0xbe, 0xd3, 0xae, 0xd3, 0x56, 0x40, 0xa3, 0x10, 0xad, 0xe1, 0xf1, 0xda, 0xec, + 0xf1, 0x51, 0x65, 0xaa, 0xe3, 0x3b, 0xed, 0x66, 0xc8, 0xcb, 0x6d, 0x1d, 0x88, 0x51, 0x44, 0x53, + 0x6e, 0x28, 0xa6, 0xc8, 0x4c, 0x1e, 0x1b, 0x4b, 0xc9, 0x03, 0x18, 0xbd, 0xe7, 0x76, 0xd8, 0xe6, + 0x38, 0x8c, 0xfd, 0xbf, 0x9a, 0xec, 0xff, 0x6d, 0x5e, 0xbd, 0xe6, 0x45, 0xc1, 0x4b, 0x6e, 0xe9, + 0x3c, 0xc3, 0x02, 0x6d, 0x20, 0x82, 0x02, 0xb9, 0x0b, 0x63, 0xf5, 0xde, 0x2e, 0x76, 0x7f, 0x04, + 0x1b, 0x43, 0x71, 0x0c, 0x7b, 0xbb, 0x4d, 0x36, 0x04, 0x0d, 0x41, 0x82, 0x95, 0x3f, 0x86, 0x49, + 0x8d, 0x3c, 0x99, 0x85, 0xa1, 0x03, 0xfa, 0x92, 0x8f, 0xdd, 0x66, 0x7f, 0x92, 0x39, 0x18, 0x79, + 0xee, 0x74, 0x7a, 0x14, 0x87, 0x3a, 0x61, 0xf3, 0x1f, 0x9f, 0x14, 0x3f, 0x2a, 0x58, 0xff, 0x6c, + 0x14, 0x66, 0xd7, 0xfd, 0x30, 0x62, 0xa6, 0xb7, 0xb2, 0x21, 0xde, 0x80, 0x51, 0x56, 0xb6, 0xb1, + 0x2a, 0xf8, 0x37, 0x79, 0x7c, 0x54, 0x19, 0xdb, 0xf7, 0xc3, 0xa8, 0xe9, 0xb6, 0x6d, 0x51, 0x45, + 0x6e, 0xc1, 0xf8, 0x96, 0xdf, 0xa6, 0xc8, 0x14, 0x24, 0x5b, 0x9b, 0x3e, 0x3e, 0xaa, 0x4c, 0x78, + 0x7e, 0x9b, 0xa2, 0x19, 0x6b, 0xab, 0x6a, 0xd2, 0x10, 0xe6, 0x27, 0xe7, 0x5d, 0x8d, 0xf1, 0x8e, + 0xd9, 0x9b, 0xbf, 0x3e, 0xaa, 0x7c, 0xb0, 0xe7, 0x46, 0xfb, 0xbd, 0xdd, 0xdb, 0x2d, 0xff, 0xf0, + 0xce, 0x5e, 0xe0, 0x3c, 0x77, 0x23, 0x3c, 0xcc, 0x38, 0x9d, 0x3b, 0xea, 0x98, 0xe4, 0x74, 0x5d, + 0x71, 0xde, 0xaa, 0xbf, 0x0c, 0x23, 0x7a, 0xc8, 0x28, 0x09, 0xeb, 0xf4, 0x29, 0xcc, 0x55, 0xdb, + 0x6d, 0x97, 0x63, 0x6c, 0x07, 0xae, 0xd7, 0x72, 0xbb, 0x4e, 0x27, 0xc4, 0x39, 0x98, 0xa8, 0xbd, + 0x71, 0x7c, 0x54, 0xa9, 0x38, 0xaa, 0xbe, 0xd9, 0x55, 0x00, 0x1a, 0x0f, 0x33, 0x09, 0x90, 0x65, + 0x18, 0x5f, 0xdd, 0xaa, 0xa3, 0xed, 0x5a, 0x1a, 0x41, 0x62, 0x28, 0xe0, 0x6d, 0x2f, 0xc4, 0xa1, + 0xe9, 0x04, 0x14, 0x20, 0xf9, 0x00, 0xa6, 0xb6, 0x7b, 0xbb, 0x1d, 0xb7, 0xb5, 0xb3, 0x59, 0x7f, + 0x48, 0x5f, 0xa2, 0xd1, 0x3f, 0xc5, 0x75, 0x7c, 0x17, 0xcb, 0x9b, 0x51, 0x27, 0x6c, 0x1e, 0xd0, + 0x97, 0xb6, 0x01, 0x17, 0xe3, 0xd5, 0xeb, 0xeb, 0x0c, 0x6f, 0x2c, 0x85, 0x17, 0x86, 0xfb, 0x3a, + 0x1e, 0x87, 0x23, 0x77, 0x00, 0xb8, 0x29, 0x55, 0x6d, 0xb7, 0xf9, 0x99, 0x60, 0xa2, 0x76, 0xfe, + 0xf8, 0xa8, 0x32, 0x29, 0x8c, 0x2f, 0xa7, 0xdd, 0x0e, 0x6c, 0x0d, 0x84, 0xac, 0xc0, 0xb8, 0xed, + 0x73, 0x06, 0x8b, 0x93, 0xc0, 0x79, 0x75, 0x12, 0xe0, 0xc5, 0xe2, 0xec, 0x27, 0x7e, 0xe9, 0xa3, + 0x94, 0x10, 0xa4, 0x02, 0x63, 0x5b, 0xfe, 0x8a, 0xd3, 0xda, 0xe7, 0xe7, 0x81, 0xf1, 0xda, 0xc8, + 0xf1, 0x51, 0xa5, 0xf0, 0x3d, 0x5b, 0x96, 0x92, 0xe7, 0x30, 0x19, 0x4f, 0x54, 0x58, 0x9a, 0x44, + 0xf6, 0xed, 0xb0, 0x43, 0x4e, 0x88, 0xc5, 0x4d, 0x36, 0xf5, 0x1a, 0x07, 0x5f, 0x43, 0x0a, 0xf4, + 0x86, 0x48, 0x07, 0xae, 0x3d, 0x61, 0x9a, 0x66, 0xb7, 0x43, 0xe3, 0xe2, 0x6a, 0x18, 0xd2, 0x80, + 0xd1, 0xda, 0x58, 0xc5, 0xe3, 0xc2, 0x84, 0xb0, 0x53, 0xe2, 0x9e, 0x34, 0x1d, 0x09, 0xd2, 0x74, + 0xf5, 0xc5, 0xd5, 0x9f, 0x98, 0xf5, 0x7b, 0x00, 0xb3, 0xec, 0x68, 0x65, 0xac, 0x9b, 0xef, 0xc2, + 0x04, 0x9f, 0xa1, 0x87, 0x62, 0xf9, 0x4d, 0xd5, 0x66, 0x8e, 0x8f, 0x2a, 0x20, 0xa6, 0x91, 0x4d, + 0x61, 0x0c, 0x40, 0x6e, 0xc2, 0x38, 0xa3, 0xe0, 0xc5, 0x0b, 0x68, 0xea, 0xf8, 0xa8, 0x32, 0xde, + 0x13, 0x65, 0xb6, 0xaa, 0x25, 0x75, 0x18, 0x5b, 0xfb, 0xb6, 0xeb, 0x06, 0x34, 0x14, 0x27, 0xec, + 0xf2, 0x6d, 0xee, 0x0d, 0xb9, 0x2d, 0xbd, 0x21, 0xb7, 0x77, 0xa4, 0x37, 0xa4, 0x76, 0x4d, 0x28, + 0xca, 0x0b, 0x94, 0xa3, 0xc4, 0x63, 0xfa, 0xc5, 0x1f, 0x56, 0x0a, 0xb6, 0xa4, 0x44, 0xbe, 0x0b, + 0xa3, 0xf7, 0xfc, 0xe0, 0xd0, 0x89, 0xf0, 0x60, 0x3d, 0x21, 0x94, 0x12, 0x96, 0x18, 0x4a, 0x09, + 0x4b, 0xc8, 0x3d, 0x98, 0xb1, 0xfd, 0x5e, 0x44, 0x77, 0x7c, 0x79, 0x0a, 0xe0, 0xba, 0x69, 0xf1, + 0xf8, 0xa8, 0x52, 0x0e, 0x58, 0x4d, 0x33, 0xf2, 0xd3, 0xf6, 0xbe, 0x9d, 0xc0, 0x22, 0x6b, 0x30, + 0x63, 0x9c, 0x57, 0xc2, 0xd2, 0x28, 0x0a, 0x08, 0xb7, 0xe5, 0x8c, 0x53, 0x8e, 0xbe, 0xca, 0x12, + 0x48, 0x64, 0x0b, 0x2e, 0x3c, 0xec, 0xed, 0xd2, 0xc0, 0xa3, 0x11, 0x0d, 0x65, 0x8f, 0xc6, 0xb0, + 0x47, 0xd7, 0x8f, 0x8f, 0x2a, 0x57, 0x0f, 0x54, 0x65, 0x46, 0x9f, 0xd2, 0xa8, 0x84, 0xc2, 0x79, + 0xd1, 0x51, 0x65, 0x1d, 0x8c, 0x8b, 0x53, 0x0e, 0x57, 0xe4, 0x89, 0xda, 0xda, 0x1b, 0x82, 0xcb, + 0x57, 0xd4, 0xd8, 0xd3, 0xf6, 0x82, 0x9d, 0xa4, 0xc9, 0xf4, 0x8a, 0xd2, 0x99, 0x13, 0xd8, 0x5b, + 0x7e, 0x76, 0x96, 0x3a, 0x53, 0x5f, 0x71, 0x4a, 0x7b, 0x6e, 0xc2, 0xc8, 0x93, 0xd0, 0xd9, 0xe3, + 0xeb, 0x6d, 0x66, 0xe9, 0x86, 0xe8, 0x51, 0x52, 0xfa, 0xd0, 0xdd, 0x82, 0x80, 0xb5, 0x8b, 0x6c, + 0x9f, 0xec, 0xb1, 0x3f, 0xf5, 0x7d, 0x12, 0xeb, 0xc8, 0x97, 0x00, 0xa2, 0x57, 0xcc, 0xe0, 0x98, + 0x14, 0x26, 0x90, 0x31, 0xc8, 0x6a, 0xb7, 0x5b, 0x5b, 0x14, 0xe3, 0xbb, 0xa4, 0xc6, 0x67, 0x98, + 0x20, 0xb6, 0x46, 0x84, 0x7c, 0x01, 0x53, 0xb8, 0x1c, 0xe5, 0x8c, 0x4e, 0xe1, 0x8c, 0xa2, 0x47, + 0x06, 0x57, 0x58, 0xc6, 0x7c, 0x1a, 0x08, 0xe4, 0x4f, 0xc3, 0xbc, 0x20, 0x97, 0xb0, 0xfe, 0xa6, + 0x85, 0xb5, 0x6b, 0x74, 0xcf, 0x84, 0xa9, 0xbd, 0x23, 0x7a, 0x6a, 0xa9, 0x9e, 0xe6, 0xda, 0x83, + 0x76, 0x76, 0x33, 0x64, 0x03, 0xce, 0x3f, 0x09, 0xa9, 0x31, 0x86, 0x19, 0xd4, 0x6d, 0x68, 0x32, + 0xf5, 0x42, 0xda, 0xcc, 0x1b, 0x47, 0x12, 0x8f, 0xd8, 0x40, 0x56, 0x03, 0xbf, 0x9b, 0x90, 0xf1, + 0xf3, 0xc8, 0x11, 0xb4, 0xcb, 0xdb, 0x81, 0xdf, 0x6d, 0xe6, 0x0b, 0x7a, 0x06, 0x36, 0xf9, 0x09, + 0x5c, 0x8a, 0xdd, 0x07, 0xab, 0xae, 0xb3, 0xe7, 0xf9, 0x61, 0xe4, 0xb6, 0x36, 0x56, 0xf1, 0x24, + 0x2e, 0x54, 0x5a, 0xec, 0x7e, 0x68, 0xb6, 0x15, 0x88, 0xa9, 0xd2, 0x72, 0xa8, 0x58, 0x5f, 0xc1, + 0x84, 0x92, 0x1d, 0x32, 0x06, 0x43, 0xd5, 0x4e, 0x67, 0xf6, 0x1c, 0xfb, 0xa3, 0x5e, 0x5f, 0x9f, + 0x2d, 0x90, 0x19, 0x80, 0x78, 0xc1, 0xcc, 0x16, 0xc9, 0x54, 0x6c, 0x42, 0xcf, 0x0e, 0x21, 0x7c, + 0xb7, 0x3b, 0x3b, 0x4c, 0x48, 0xd2, 0x76, 0x9f, 0x1d, 0xb1, 0xfe, 0x73, 0x21, 0xb5, 0xae, 0x98, + 0xf1, 0x25, 0xcc, 0x7d, 0x5c, 0x06, 0xdc, 0xc2, 0x40, 0xe3, 0x4b, 0x1c, 0x14, 0xb8, 0xf5, 0xa0, + 0x03, 0x31, 0x55, 0xb9, 0xcd, 0x44, 0xa0, 0xe5, 0x77, 0x74, 0x55, 0xd9, 0x15, 0x65, 0xb6, 0xaa, + 0x25, 0x4b, 0x9a, 0x52, 0x1d, 0x8a, 0xad, 0x27, 0xa9, 0x54, 0xf5, 0x05, 0xa6, 0xd4, 0xeb, 0x92, + 0x76, 0x26, 0x18, 0x8e, 0x71, 0x32, 0x16, 0xb4, 0x82, 0xb3, 0x7a, 0x39, 0x22, 0x4b, 0x3e, 0x4d, + 0x1d, 0x61, 0xf8, 0x08, 0x71, 0x4d, 0x26, 0x24, 0x33, 0x75, 0x3a, 0xa9, 0xc0, 0xc8, 0xa6, 0xbf, + 0xe7, 0x7a, 0x62, 0x90, 0x13, 0xc7, 0x47, 0x95, 0x91, 0x0e, 0x2b, 0xb0, 0x79, 0xb9, 0xf5, 0x7f, + 0x0b, 0xfa, 0xf2, 0x55, 0x46, 0x69, 0x21, 0xd3, 0x28, 0xfd, 0x2e, 0x4c, 0x08, 0x33, 0x7e, 0x63, + 0x55, 0x50, 0xc4, 0xed, 0x48, 0x9e, 0xd2, 0xdd, 0xb6, 0x1d, 0x03, 0x30, 0x73, 0x82, 0xef, 0x4d, + 0x68, 0x4e, 0x0c, 0xc5, 0xe6, 0x84, 0xd8, 0xbd, 0xb8, 0x39, 0x11, 0x83, 0xb0, 0x89, 0xd4, 0x7d, + 0x9c, 0xc3, 0xf1, 0x44, 0xea, 0xde, 0x4c, 0xd3, 0x83, 0xf9, 0x09, 0x40, 0xf5, 0x69, 0x1d, 0x37, + 0x53, 0x7b, 0x4b, 0x6c, 0x21, 0xe8, 0x00, 0x75, 0x5e, 0x84, 0x62, 0x3b, 0x0e, 0x74, 0xbb, 0x43, + 0x83, 0xb6, 0x3a, 0x30, 0x73, 0x9f, 0x46, 0x6c, 0xd6, 0xe4, 0x7e, 0xdb, 0x7f, 0xf8, 0x9f, 0xc1, + 0xe4, 0x53, 0x37, 0xda, 0x37, 0xad, 0x7c, 0x6c, 0xec, 0x85, 0x1b, 0xed, 0x4b, 0x2b, 0x5f, 0x6b, + 0x4c, 0x07, 0xb7, 0xd6, 0xe0, 0xbc, 0x68, 0x4d, 0x6d, 0xef, 0x4b, 0x26, 0xc1, 0x42, 0x7c, 0x6c, + 0xd0, 0x09, 0x9a, 0x64, 0x68, 0x72, 0xbf, 0x23, 0xf5, 0xd4, 0x0e, 0xc8, 0x8f, 0x3c, 0x79, 0xfe, + 0x3f, 0x14, 0x9c, 0x84, 0xc2, 0x48, 0xee, 0x87, 0xd6, 0x13, 0x98, 0xde, 0xee, 0xf4, 0xf6, 0x5c, + 0x8f, 0x09, 0x68, 0x9d, 0xfe, 0x8c, 0xac, 0x02, 0xc4, 0x05, 0xa2, 0x05, 0x79, 0x2a, 0x8c, 0x2b, + 0x1a, 0xcb, 0x62, 0x8a, 0xb1, 0x04, 0xb7, 0x30, 0x5b, 0xc3, 0xb3, 0xfe, 0xca, 0x10, 0x10, 0xd1, + 0x46, 0x3d, 0x72, 0x22, 0x5a, 0xa7, 0x11, 0xdb, 0x2d, 0x2f, 0x41, 0x51, 0x9d, 0x0d, 0x46, 0x8f, + 0x8f, 0x2a, 0x45, 0xb7, 0x6d, 0x17, 0x37, 0x56, 0xc9, 0x7b, 0x30, 0x82, 0x60, 0xc8, 0xeb, 0x19, + 0xd5, 0x9e, 0x4e, 0x81, 0xcb, 0x74, 0xc8, 0xfe, 0xb4, 0x39, 0x30, 0x79, 0x1f, 0x26, 0x56, 0x69, + 0x87, 0xee, 0x39, 0x91, 0x2f, 0xe5, 0x8e, 0x5b, 0xdb, 0xb2, 0x50, 0x9b, 0xa2, 0x18, 0x92, 0xd9, + 0x2f, 0x36, 0x75, 0x42, 0xdf, 0xd3, 0xed, 0x97, 0x00, 0x4b, 0x74, 0xfb, 0x85, 0xc3, 0x90, 0xdf, + 0x29, 0xc0, 0x64, 0xd5, 0xf3, 0x84, 0x15, 0x1b, 0x0a, 0x87, 0xff, 0xfc, 0x6d, 0x75, 0xdd, 0xb2, + 0xe9, 0xec, 0xd2, 0x4e, 0x83, 0x9d, 0x8b, 0xc2, 0xda, 0x37, 0x6c, 0x4b, 0xf9, 0x2f, 0x47, 0x95, + 0x4f, 0x4f, 0x61, 0x97, 0xc6, 0x17, 0x37, 0x3b, 0x81, 0xe3, 0x46, 0x21, 0x7a, 0x57, 0xe3, 0x06, + 0x75, 0x31, 0xd3, 0xfa, 0x41, 0x6e, 0xc1, 0x08, 0xb7, 0x93, 0xb9, 0x19, 0x84, 0x93, 0x9d, 0x30, + 0x90, 0x6d, 0x0e, 0x61, 0xbd, 0x01, 0x13, 0x82, 0x93, 0x1b, 0xab, 0x79, 0x53, 0x60, 0xad, 0xc2, + 0x35, 0x34, 0xd5, 0x29, 0x93, 0x5c, 0xf4, 0x31, 0x0a, 0x49, 0x8c, 0xcf, 0x76, 0x63, 0x58, 0xac, + 0xb0, 0x71, 0x42, 0xd0, 0x47, 0x69, 0xcb, 0x1a, 0x6b, 0x05, 0xae, 0xde, 0xa7, 0x91, 0x4d, 0x43, + 0x1a, 0x6d, 0x3b, 0x61, 0xf8, 0xc2, 0x0f, 0xda, 0x58, 0x75, 0x2a, 0x22, 0x7f, 0xb1, 0x00, 0x95, + 0x95, 0x80, 0xb2, 0x99, 0xce, 0x25, 0xd4, 0x7f, 0x05, 0x5f, 0x15, 0x57, 0x5e, 0xc5, 0xb8, 0x96, + 0xf1, 0x5a, 0x5c, 0x6b, 0xbd, 0x05, 0x43, 0x3b, 0x3b, 0x9b, 0x28, 0x31, 0x43, 0xc8, 0xb8, 0xa1, + 0x28, 0xea, 0xfc, 0xfa, 0xa8, 0x32, 0xbe, 0xda, 0xe3, 0x57, 0x62, 0x36, 0xab, 0xb7, 0x9e, 0xc1, + 0xbc, 0x4d, 0x3d, 0xfa, 0x82, 0xd9, 0xf2, 0x86, 0xb5, 0x5e, 0x81, 0x11, 0xee, 0xc2, 0x4d, 0x0d, + 0x81, 0x97, 0x9b, 0xe6, 0x7c, 0x71, 0x80, 0x39, 0x6f, 0xfd, 0x83, 0x22, 0xcc, 0xf2, 0xe1, 0xd6, + 0xfc, 0xe8, 0x64, 0xe3, 0x13, 0x23, 0x28, 0xf6, 0x1f, 0x01, 0x79, 0x3b, 0xe6, 0xf6, 0x50, 0xbc, + 0xf9, 0x61, 0x57, 0x99, 0x0e, 0x97, 0x95, 0x6c, 0x40, 0x5c, 0x96, 0xf8, 0xf9, 0x17, 0x07, 0x84, + 0xb2, 0x24, 0x24, 0x88, 0xfc, 0x76, 0x01, 0x46, 0xb9, 0x74, 0xf6, 0x97, 0xff, 0xa7, 0x67, 0x23, + 0xff, 0xb3, 0x11, 0xfe, 0xa5, 0xaf, 0x46, 0x5e, 0x67, 0xfd, 0xa3, 0x22, 0x5c, 0xd0, 0x78, 0x15, + 0x76, 0x7d, 0x2f, 0xa4, 0xe4, 0x16, 0xdf, 0xbb, 0x35, 0x86, 0xa1, 0x47, 0x81, 0xed, 0xdd, 0xcd, + 0xf8, 0x44, 0x84, 0x9c, 0xbb, 0xc5, 0x8e, 0xb2, 0x9d, 0x94, 0xf3, 0x01, 0x77, 0x10, 0x0e, 0x2a, + 0xab, 0x4f, 0xcc, 0xbd, 0x3b, 0x30, 0x8e, 0x7f, 0xb2, 0x19, 0x19, 0xce, 0x9f, 0x11, 0x05, 0x44, + 0x5c, 0x80, 0x07, 0xbe, 0xeb, 0x3d, 0xa2, 0xd1, 0xbe, 0x2f, 0x5d, 0x35, 0x1b, 0x4c, 0x9b, 0xfe, + 0x09, 0xdf, 0xf5, 0x9a, 0x87, 0x58, 0x7c, 0xda, 0xc3, 0x6d, 0x4c, 0xd0, 0xd6, 0x88, 0x5b, 0x77, + 0x61, 0x96, 0x29, 0xbe, 0x93, 0x8b, 0x96, 0x35, 0x07, 0xe4, 0x3e, 0x8d, 0x6a, 0xbe, 0xb1, 0x83, + 0x59, 0xd3, 0x30, 0xb9, 0xed, 0x7a, 0x7b, 0xf2, 0xe7, 0x7f, 0x2f, 0xc2, 0x14, 0xff, 0x2d, 0x66, + 0x20, 0xb1, 0xa5, 0x17, 0x4e, 0xb2, 0xa5, 0x7f, 0x04, 0xd3, 0xc2, 0xdb, 0x49, 0x03, 0x74, 0x41, + 0xf2, 0xf9, 0x40, 0xff, 0x05, 0x77, 0x7a, 0x36, 0x9f, 0xf3, 0x1a, 0xdb, 0x04, 0x24, 0x9b, 0x30, + 0xc3, 0x0b, 0xee, 0x51, 0x27, 0xea, 0xc5, 0xa7, 0xdb, 0xf3, 0xc2, 0xde, 0x97, 0xc5, 0x5c, 0x2b, + 0x0a, 0x5a, 0xcf, 0x44, 0xa1, 0x9d, 0xc0, 0x25, 0x5f, 0xc0, 0xf9, 0xed, 0xc0, 0xff, 0xf6, 0xa5, + 0x66, 0xc4, 0xf0, 0x8d, 0x61, 0x9e, 0x1d, 0x86, 0xbb, 0xac, 0xaa, 0xa9, 0x9b, 0x32, 0x49, 0x68, + 0x26, 0x53, 0x1b, 0x61, 0xcd, 0x0f, 0x5c, 0x6f, 0x0f, 0x67, 0x73, 0x9c, 0xcb, 0x94, 0x1b, 0x36, + 0x77, 0xb1, 0xd0, 0x56, 0xd5, 0x09, 0xd7, 0xcb, 0xd8, 0x40, 0xd7, 0x8b, 0xf5, 0x3f, 0x86, 0x61, + 0x5c, 0xf5, 0xf4, 0xb6, 0x6e, 0x50, 0x0b, 0x33, 0x02, 0x15, 0x4b, 0x7c, 0x6a, 0xb5, 0x35, 0x08, + 0x72, 0x99, 0x3b, 0x87, 0xb9, 0x01, 0x33, 0xc6, 0x84, 0xd2, 0xe9, 0x76, 0xb9, 0x0b, 0xf8, 0x12, + 0x14, 0x57, 0x6b, 0xc8, 0xb6, 0x71, 0xbe, 0x0d, 0xb4, 0x77, 0xed, 0xe2, 0x6a, 0x8d, 0x09, 0xc7, + 0xe3, 0x8d, 0xd5, 0x15, 0xe4, 0xc0, 0x38, 0x17, 0x0e, 0xdf, 0x6d, 0xb7, 0x6c, 0x2c, 0x65, 0xb5, + 0xf5, 0xea, 0xa3, 0x4d, 0x31, 0x4a, 0xac, 0x0d, 0x9d, 0xc3, 0x8e, 0x8d, 0xa5, 0xcc, 0x82, 0xe5, + 0xd6, 0xc5, 0x8a, 0xef, 0x45, 0x81, 0xdf, 0x09, 0xd1, 0x93, 0x35, 0x6e, 0x18, 0x22, 0x2d, 0x51, + 0x65, 0x27, 0x40, 0xc9, 0x53, 0x58, 0xa8, 0xb6, 0x9f, 0x3b, 0x5e, 0x8b, 0xb6, 0x79, 0xcd, 0x53, + 0x3f, 0x38, 0x78, 0xd6, 0xf1, 0x5f, 0x84, 0xc8, 0xa6, 0x71, 0x71, 0xd0, 0x17, 0x20, 0xf2, 0x20, + 0xf4, 0x42, 0x02, 0xd9, 0x79, 0xd8, 0x4c, 0xb9, 0xad, 0x74, 0xfc, 0x5e, 0x1b, 0xcf, 0xe5, 0xe3, + 0x5c, 0xb9, 0xb5, 0x58, 0x81, 0xcd, 0xcb, 0x19, 0x97, 0xd6, 0xeb, 0x8f, 0xf0, 0x58, 0x2d, 0xb8, + 0xb4, 0x1f, 0x1e, 0xda, 0xac, 0x8c, 0xbc, 0x05, 0x63, 0xd2, 0x18, 0xe7, 0x3e, 0x2b, 0x74, 0x68, + 0x4a, 0x23, 0x5c, 0xd6, 0x91, 0x55, 0xb8, 0xf0, 0xc8, 0x6f, 0xd3, 0xc0, 0x89, 0x68, 0x5b, 0xd8, + 0xc5, 0x21, 0x9e, 0x90, 0xc7, 0xf9, 0x81, 0xe0, 0x50, 0x56, 0x4a, 0xdf, 0x79, 0x68, 0xa7, 0x11, + 0xd8, 0xae, 0xf1, 0xc8, 0x69, 0xed, 0xbb, 0x1e, 0x15, 0x3e, 0x27, 0x31, 0xb9, 0x87, 0xbc, 0x10, + 0xad, 0x6e, 0x05, 0x40, 0x76, 0xe0, 0x92, 0x74, 0x89, 0x27, 0xac, 0xc2, 0x69, 0x44, 0x15, 0xb7, + 0xa9, 0x1c, 0x22, 0x79, 0x6e, 0xb4, 0x73, 0x70, 0xad, 0x77, 0xe1, 0x02, 0xd7, 0x17, 0x27, 0xb6, + 0x96, 0xad, 0x6d, 0x80, 0x3a, 0x3d, 0x74, 0xba, 0xfb, 0x3e, 0x13, 0xd1, 0x9a, 0xfe, 0x4b, 0x98, + 0x8f, 0x44, 0x5d, 0x01, 0x8a, 0x8a, 0xc6, 0xb2, 0x3c, 0x4f, 0x48, 0x48, 0x5b, 0xc3, 0xb2, 0xfe, + 0x63, 0x11, 0x08, 0x5e, 0x85, 0xd5, 0xa3, 0x80, 0x3a, 0x87, 0xb2, 0x1b, 0x1f, 0xc3, 0x14, 0x57, + 0xfd, 0xbc, 0x18, 0xbb, 0xc3, 0x6c, 0x53, 0xbe, 0xe6, 0xf5, 0xaa, 0xf5, 0x73, 0xb6, 0x01, 0xca, + 0x50, 0x6d, 0x1a, 0xf6, 0x0e, 0x25, 0x6a, 0xd1, 0x40, 0xd5, 0xab, 0x18, 0xaa, 0xfe, 0x9b, 0x7c, + 0x01, 0x33, 0x2b, 0xfe, 0x61, 0x97, 0xf1, 0x44, 0x20, 0x0f, 0x89, 0x1d, 0x50, 0xb4, 0x6b, 0x54, + 0xae, 0x9f, 0xb3, 0x13, 0xe0, 0x64, 0x0b, 0x2e, 0xde, 0xeb, 0xf4, 0xc2, 0xfd, 0xaa, 0xd7, 0x5e, + 0xe9, 0xf8, 0xa1, 0xa4, 0x32, 0x2c, 0xfc, 0x71, 0x42, 0x63, 0xa5, 0x21, 0xd6, 0xcf, 0xd9, 0x59, + 0x88, 0xe4, 0x2d, 0x11, 0xd7, 0x23, 0x76, 0xe2, 0xe9, 0xdb, 0x22, 0xee, 0xe8, 0xb1, 0x47, 0x1f, + 0x3f, 0x5b, 0x3f, 0x67, 0xf3, 0xda, 0xda, 0x04, 0x8c, 0x49, 0x6d, 0x7d, 0x07, 0x2e, 0x68, 0xec, + 0x64, 0xb6, 0x73, 0x2f, 0x24, 0x65, 0x18, 0x7f, 0xd2, 0xed, 0xf8, 0x4e, 0x5b, 0x9a, 0x62, 0xb6, + 0xfa, 0x6d, 0x7d, 0xd7, 0xe4, 0x34, 0xb9, 0xaa, 0x9f, 0x07, 0x39, 0x70, 0x5c, 0x60, 0xad, 0x9b, + 0xcc, 0xed, 0x0f, 0x6d, 0xb4, 0x5b, 0x4c, 0xb4, 0x3b, 0x9b, 0xe4, 0xb5, 0x35, 0x9f, 0xc9, 0x3c, + 0xeb, 0x21, 0x9a, 0x99, 0xd5, 0x6e, 0xb7, 0xe3, 0xb6, 0x70, 0x53, 0xe4, 0x2a, 0x5d, 0x59, 0x68, + 0xbf, 0xa5, 0x47, 0x9f, 0x68, 0x16, 0x81, 0x8a, 0x35, 0xd1, 0xe2, 0x4b, 0xac, 0xaf, 0xe1, 0x5a, + 0x0e, 0x31, 0xb1, 0xb9, 0x7d, 0x0c, 0x63, 0xa2, 0x28, 0x21, 0xd0, 0xfa, 0x7d, 0x1d, 0x6a, 0x86, + 0x50, 0x60, 0x4a, 0x78, 0xeb, 0x2b, 0x58, 0x7c, 0xd2, 0x0d, 0x69, 0x90, 0x26, 0x2f, 0xbb, 0xfa, + 0x81, 0x8a, 0x6e, 0x29, 0xe4, 0xde, 0x05, 0xc2, 0xf1, 0x51, 0x65, 0x94, 0xd3, 0x96, 0x41, 0x2d, + 0xd6, 0x2f, 0x0a, 0xb0, 0xc8, 0x97, 0x6a, 0x2e, 0xe9, 0xd3, 0x70, 0x41, 0xbb, 0xba, 0x29, 0xe6, + 0x5f, 0xdd, 0xf4, 0xbd, 0xcb, 0xb2, 0xbe, 0x04, 0x4b, 0xf4, 0xa8, 0xd3, 0x39, 0xa3, 0xb9, 0xf9, + 0xf3, 0x05, 0x98, 0xe3, 0x93, 0xf3, 0x1a, 0x54, 0xc8, 0xf7, 0x61, 0xa6, 0x7e, 0xe0, 0x76, 0x1b, + 0x4e, 0xc7, 0x6d, 0xf3, 0x5b, 0x0c, 0xbe, 0x25, 0xce, 0xa3, 0x79, 0x70, 0xe0, 0x76, 0x9b, 0xcf, + 0xe3, 0xaa, 0x82, 0x9d, 0x00, 0xb6, 0x1e, 0xc3, 0x7c, 0xa2, 0x0f, 0x42, 0x30, 0x3e, 0x48, 0x0a, + 0x46, 0x2a, 0x34, 0x29, 0x5b, 0x2a, 0x1e, 0xc1, 0x25, 0x25, 0x15, 0xe6, 0x94, 0x2d, 0x27, 0xa4, + 0x21, 0x45, 0x30, 0x4b, 0x14, 0x5a, 0x70, 0x49, 0x49, 0xc2, 0x6b, 0x48, 0x80, 0x9c, 0xdc, 0x62, + 0xe6, 0xe4, 0x6e, 0x40, 0x59, 0x9f, 0xdc, 0xd7, 0x99, 0xd4, 0xff, 0x50, 0x80, 0x85, 0xfb, 0xd4, + 0xc3, 0xed, 0xaf, 0xda, 0xed, 0x1a, 0xe7, 0x3a, 0xfd, 0x6e, 0xa3, 0xd0, 0xf7, 0x6e, 0x43, 0x1d, + 0x5a, 0x8a, 0x39, 0x87, 0x96, 0xcb, 0x30, 0xf4, 0xc4, 0xde, 0x10, 0xb2, 0x8a, 0xfb, 0x7a, 0x2f, + 0x70, 0x6d, 0x56, 0x46, 0x36, 0xe2, 0x7b, 0x91, 0xe1, 0x81, 0xf7, 0x22, 0x17, 0x85, 0x9f, 0x78, + 0x4c, 0xdc, 0x8b, 0x18, 0xb7, 0x21, 0xd6, 0xa7, 0x50, 0x4a, 0x8f, 0x45, 0xc8, 0xc7, 0xa0, 0x83, + 0xa2, 0xb5, 0x1a, 0x4b, 0xb7, 0x88, 0x6c, 0x51, 0xf7, 0x41, 0x09, 0x15, 0xda, 0xc7, 0x01, 0x67, + 0xd5, 0x63, 0xf9, 0x14, 0x54, 0x44, 0xfb, 0x9f, 0x30, 0xf9, 0xe4, 0xd7, 0xfb, 0x85, 0xfc, 0xeb, + 0x7d, 0x21, 0xa3, 0x1c, 0x55, 0x22, 0x58, 0x4f, 0xe1, 0x92, 0x41, 0x34, 0x96, 0xfa, 0xef, 0xc3, + 0xb8, 0x32, 0x72, 0x4c, 0xff, 0x90, 0x41, 0x16, 0xe7, 0x4d, 0xd9, 0x3b, 0x0a, 0xc5, 0xfa, 0x31, + 0xea, 0xee, 0x64, 0xbc, 0xc0, 0x99, 0x91, 0xff, 0xa3, 0x02, 0x2c, 0xf0, 0xcd, 0x2b, 0xcd, 0xd6, + 0x93, 0x0b, 0xd7, 0x6f, 0xc4, 0xa7, 0x79, 0x37, 0xc3, 0xa7, 0x89, 0x28, 0xba, 0x4f, 0x53, 0xf7, + 0x64, 0x3e, 0x18, 0x1e, 0x2f, 0xce, 0x0e, 0x59, 0x0d, 0x28, 0xa5, 0x47, 0x78, 0x06, 0x53, 0xfe, + 0xcf, 0x0b, 0x70, 0x4d, 0xec, 0xfb, 0x89, 0xd9, 0x39, 0x3d, 0x03, 0xdf, 0x87, 0x29, 0x81, 0xcb, + 0x57, 0x00, 0x57, 0x2a, 0x18, 0x92, 0x22, 0x85, 0x98, 0xaf, 0x04, 0x03, 0x8c, 0xbc, 0xaf, 0x9d, + 0xa5, 0xb9, 0x7f, 0xe6, 0x32, 0x53, 0x23, 0xfc, 0xd0, 0x9d, 0x7b, 0xa2, 0xb6, 0xbe, 0x81, 0xc5, + 0xbc, 0x8e, 0x9f, 0x01, 0x5f, 0x1e, 0x40, 0x39, 0x43, 0x62, 0x5f, 0x6d, 0xad, 0xfe, 0x10, 0xae, + 0x64, 0xd2, 0x3a, 0x83, 0x6e, 0xde, 0x87, 0x05, 0x6d, 0x1b, 0x78, 0x8d, 0x3e, 0x3e, 0x82, 0x6b, + 0x9c, 0xd0, 0xd9, 0x0c, 0x79, 0x1d, 0xae, 0xc6, 0x67, 0x0a, 0x43, 0xa1, 0x9c, 0x52, 0xa8, 0x84, + 0xa2, 0x8b, 0x59, 0x71, 0x86, 0x8a, 0x2e, 0x06, 0x3c, 0x33, 0x4d, 0xb4, 0x01, 0x17, 0x39, 0x61, + 0x73, 0x53, 0x58, 0xd2, 0x37, 0x85, 0xcc, 0x00, 0xd0, 0xf4, 0x3e, 0xf1, 0x08, 0xf7, 0x09, 0x09, + 0x12, 0xf7, 0xf0, 0x7d, 0x18, 0x15, 0x31, 0xee, 0xbc, 0x7f, 0x19, 0xc4, 0xd0, 0x60, 0xe0, 0x81, + 0xed, 0xb6, 0x00, 0xb6, 0x4a, 0x38, 0xe4, 0x87, 0xbd, 0x5d, 0x2a, 0xee, 0xca, 0x94, 0x9f, 0xe7, + 0x4b, 0xb6, 0x33, 0x27, 0x6a, 0x5e, 0xd3, 0xd8, 0x79, 0x0c, 0x25, 0x6e, 0xec, 0x68, 0x54, 0x5f, + 0xcb, 0xdc, 0xf9, 0x08, 0x4a, 0x5c, 0x9e, 0x32, 0x08, 0xf6, 0xb7, 0x61, 0x16, 0xa5, 0x24, 0x56, + 0x3b, 0x9d, 0xac, 0xd1, 0xff, 0xa5, 0x02, 0x5c, 0xbe, 0x4f, 0x23, 0x33, 0x0c, 0xf8, 0x8f, 0xc5, + 0xe4, 0xfc, 0x06, 0x55, 0x4e, 0xaa, 0x23, 0x62, 0x2a, 0x3e, 0x4f, 0x4e, 0x45, 0x6e, 0xcc, 0x73, + 0xf6, 0x94, 0x7c, 0x0d, 0x57, 0xf8, 0x94, 0x98, 0xf0, 0x72, 0xa0, 0x9f, 0x26, 0x66, 0x25, 0x97, + 0x7a, 0xd6, 0xec, 0xfc, 0xb5, 0x02, 0x5c, 0xe1, 0x4c, 0xce, 0x26, 0xfe, 0x9b, 0x3e, 0x94, 0x6c, + 0x41, 0x45, 0xcd, 0xf9, 0x19, 0x4c, 0xac, 0xf5, 0x8f, 0x0b, 0x40, 0x24, 0x9d, 0x95, 0xba, 0x2d, + 0x69, 0x5c, 0x86, 0xa1, 0x95, 0xba, 0x2d, 0x62, 0x77, 0xd0, 0xd8, 0x6c, 0x85, 0x81, 0xcd, 0xca, + 0x92, 0xa6, 0x41, 0xf1, 0x24, 0xa6, 0xc1, 0x06, 0x90, 0xba, 0xbb, 0xe7, 0x3d, 0x75, 0xa3, 0x7d, + 0xd5, 0x58, 0x55, 0xb8, 0xeb, 0x30, 0xda, 0x3c, 0x74, 0xf7, 0xbc, 0x26, 0xde, 0x1e, 0xaa, 0x88, + 0xf6, 0x96, 0x63, 0x67, 0x20, 0x59, 0x3f, 0x82, 0x8b, 0x46, 0x7f, 0x85, 0x0c, 0x5d, 0x85, 0xe1, + 0x15, 0x1a, 0x44, 0xa2, 0xc7, 0xc8, 0xb5, 0x16, 0x0d, 0x22, 0x1b, 0x4b, 0xc9, 0xdb, 0x30, 0xb6, + 0x52, 0xc5, 0x4b, 0x0f, 0x34, 0xaf, 0xa7, 0xb8, 0x92, 0x6b, 0x39, 0x4d, 0x7c, 0x0e, 0x65, 0xcb, + 0x4a, 0xeb, 0xdf, 0x16, 0x35, 0xea, 0x0c, 0x7d, 0x30, 0x3b, 0xde, 0x05, 0xe0, 0xfc, 0xd7, 0xb8, + 0xc1, 0xec, 0x82, 0x49, 0xe1, 0xa7, 0xe5, 0xfb, 0x80, 0xad, 0x01, 0x9d, 0xf0, 0xc2, 0x46, 0x06, + 0x08, 0x70, 0x24, 0x79, 0x99, 0xa1, 0x02, 0x04, 0x04, 0xe9, 0xd0, 0xd6, 0x81, 0xc8, 0x4f, 0x60, + 0x5a, 0xf4, 0x59, 0x74, 0x68, 0x04, 0x6f, 0x20, 0xdf, 0x14, 0x7e, 0x99, 0x8c, 0xb1, 0xdd, 0x56, + 0xf0, 0xe2, 0x01, 0x8c, 0xfc, 0xc9, 0xa7, 0xd1, 0x24, 0x67, 0xbd, 0xad, 0xee, 0xde, 0x68, 0x40, + 0xce, 0xc3, 0xe4, 0x93, 0xad, 0xfa, 0xf6, 0xda, 0xca, 0xc6, 0xbd, 0x8d, 0xb5, 0xd5, 0xd9, 0x73, + 0x64, 0x1c, 0x86, 0x77, 0x56, 0x76, 0x36, 0x67, 0x0b, 0xd6, 0x37, 0x30, 0x67, 0xb6, 0x75, 0xa6, + 0xd3, 0x14, 0xc1, 0x45, 0xb5, 0x97, 0x3f, 0x78, 0xba, 0xa3, 0xdd, 0x4b, 0x57, 0x5b, 0x2d, 0xbf, + 0xe7, 0x45, 0x49, 0xaf, 0xbd, 0xc3, 0x8b, 0x85, 0x64, 0x6a, 0x40, 0xc6, 0x5d, 0x4b, 0xb1, 0xef, + 0x5d, 0x8b, 0xf5, 0x21, 0xcc, 0x99, 0xad, 0x9e, 0xf4, 0x58, 0xf4, 0x26, 0x5e, 0xd8, 0x6b, 0xe1, + 0x31, 0x84, 0xe8, 0x2e, 0x48, 0xb1, 0xb2, 0x3f, 0x84, 0x59, 0x01, 0x15, 0x6b, 0xc6, 0x37, 0xe4, + 0xa1, 0x90, 0xeb, 0x45, 0xf3, 0xc1, 0x92, 0xbc, 0x0f, 0xfd, 0x8e, 0x74, 0x72, 0x0e, 0x6a, 0xe1, + 0x6f, 0x15, 0xa0, 0xf4, 0xe8, 0x5e, 0xb5, 0xda, 0x8b, 0xf6, 0xa9, 0x17, 0xb9, 0x2d, 0x27, 0xa2, + 0x2b, 0xfb, 0x4e, 0xa7, 0x43, 0xbd, 0x3d, 0x4a, 0x6e, 0xc2, 0xf0, 0xce, 0xe3, 0x9d, 0x6d, 0xe1, + 0x4b, 0x9c, 0x13, 0x02, 0xc3, 0x8a, 0x14, 0x8c, 0x8d, 0x10, 0xe4, 0x21, 0x5c, 0x78, 0x2a, 0xde, + 0xf2, 0xa9, 0x2a, 0xe1, 0x45, 0xbc, 0x76, 0x5b, 0xbd, 0xf2, 0x5b, 0x09, 0x68, 0x9b, 0xb5, 0xe2, + 0x74, 0x54, 0xb8, 0xa0, 0x9d, 0xc6, 0x7b, 0x30, 0x3c, 0x5e, 0x98, 0x2d, 0x5a, 0xbf, 0x53, 0x80, + 0x85, 0x44, 0xcf, 0xb4, 0xdb, 0x30, 0xbd, 0x63, 0x17, 0xb5, 0x8e, 0x49, 0x90, 0xf5, 0x73, 0xa2, + 0x67, 0x2b, 0xf8, 0x1e, 0x05, 0x5b, 0x10, 0x1d, 0x7a, 0xab, 0x7f, 0x87, 0x62, 0x02, 0x0a, 0x51, + 0x04, 0x67, 0x63, 0xb9, 0x75, 0x1e, 0xa6, 0x0d, 0x0e, 0x58, 0x16, 0x4c, 0xe9, 0x2d, 0x33, 0x36, + 0xaf, 0xf8, 0x6d, 0xc5, 0x66, 0xf6, 0xb7, 0xf5, 0x37, 0x0a, 0x30, 0xf7, 0xe8, 0x5e, 0xd5, 0xa6, + 0x7b, 0x2e, 0x5b, 0x26, 0x31, 0x8b, 0x97, 0x8c, 0x91, 0x5c, 0x35, 0x46, 0x92, 0x80, 0x55, 0x43, + 0xfa, 0x24, 0x35, 0xa4, 0xab, 0x59, 0x43, 0xc2, 0xe3, 0x82, 0xeb, 0x7b, 0xc6, 0x48, 0x34, 0x9f, + 0xe9, 0xdf, 0x2e, 0xc0, 0x45, 0xad, 0x4f, 0xaa, 0xff, 0xef, 0x1a, 0x5d, 0xba, 0x92, 0xd1, 0xa5, + 0x14, 0x93, 0x6b, 0xa9, 0x1e, 0xbd, 0xd9, 0xaf, 0x47, 0x03, 0x79, 0xfc, 0x07, 0x05, 0x98, 0xcf, + 0xe4, 0x01, 0xb9, 0xc4, 0x36, 0xee, 0x56, 0x40, 0x23, 0xc1, 0x5e, 0xf1, 0x8b, 0x95, 0x6f, 0x84, + 0x61, 0x4f, 0xbc, 0xdf, 0x9c, 0xb0, 0xc5, 0x2f, 0xf2, 0x26, 0x4c, 0x6f, 0xd3, 0xc0, 0xf5, 0xdb, + 0x75, 0xda, 0xf2, 0xbd, 0x36, 0xbf, 0x46, 0x9b, 0xb6, 0xcd, 0x42, 0x72, 0x15, 0x26, 0xaa, 0x9d, + 0x3d, 0x3f, 0x70, 0xa3, 0x7d, 0xee, 0xb6, 0x9e, 0xb0, 0xe3, 0x02, 0x46, 0x7b, 0xd5, 0xdd, 0x93, + 0x37, 0xc3, 0xd3, 0xb6, 0xf8, 0x45, 0x4a, 0x30, 0x26, 0xd4, 0x06, 0xde, 0x02, 0x4d, 0xd8, 0xf2, + 0x27, 0xc3, 0xf8, 0xd2, 0x46, 0x21, 0xc0, 0x80, 0x65, 0x5b, 0xfc, 0xb2, 0xde, 0x81, 0xb9, 0x2c, + 0x3e, 0x66, 0x8a, 0xcc, 0x9f, 0x2d, 0xc2, 0xc5, 0x6a, 0xbb, 0xfd, 0xe8, 0x5e, 0x75, 0x95, 0xea, + 0xf6, 0xdf, 0x7b, 0x30, 0xbc, 0xe1, 0xb9, 0x91, 0x30, 0x5c, 0x16, 0xc5, 0xf4, 0x64, 0x40, 0x32, + 0x28, 0x36, 0x43, 0xec, 0x7f, 0x62, 0xc3, 0xc5, 0xb5, 0x6f, 0xdd, 0x30, 0x72, 0xbd, 0x3d, 0x9c, + 0x73, 0xde, 0xb0, 0x98, 0x63, 0x49, 0x24, 0x67, 0xb9, 0xad, 0x9f, 0xb3, 0xb3, 0x90, 0xc9, 0x0e, + 0x5c, 0xda, 0xa2, 0x2f, 0x32, 0x44, 0x48, 0x45, 0xe2, 0x2a, 0xb2, 0x19, 0x92, 0x93, 0x83, 0xab, + 0x4b, 0xe8, 0x6f, 0x17, 0x31, 0x88, 0x5d, 0x1b, 0x98, 0x68, 0xf9, 0x09, 0xcc, 0x69, 0x1d, 0x8a, + 0x35, 0x4e, 0x41, 0xbc, 0xc7, 0xca, 0x1c, 0x8e, 0xbe, 0x90, 0x32, 0xd1, 0xc9, 0x53, 0x58, 0x30, + 0x3b, 0x15, 0x53, 0x36, 0x17, 0x43, 0x16, 0xc8, 0xfa, 0x39, 0x3b, 0x0f, 0x9b, 0x2c, 0xc1, 0x50, + 0xb5, 0x75, 0x20, 0xd8, 0x92, 0x3d, 0x65, 0x7c, 0x64, 0xd5, 0xd6, 0x01, 0xbe, 0x60, 0x69, 0x1d, + 0x18, 0xeb, 0xe1, 0x5f, 0x17, 0x60, 0x21, 0x67, 0x86, 0xc9, 0x22, 0x00, 0x2f, 0xd4, 0x74, 0xbb, + 0x56, 0xc2, 0x8c, 0x11, 0xfe, 0x0b, 0xc3, 0x45, 0x86, 0x70, 0xef, 0x97, 0x41, 0xad, 0x71, 0x85, + 0xad, 0x01, 0x91, 0x6d, 0x98, 0xe4, 0xbf, 0x78, 0x6c, 0xed, 0x30, 0xe2, 0x10, 0x03, 0x87, 0x07, + 0xd3, 0x62, 0xc4, 0x58, 0x1b, 0x0b, 0x9a, 0xc9, 0x98, 0x5a, 0x9d, 0x84, 0xf0, 0xea, 0xac, 0x24, + 0x47, 0xa1, 0x06, 0x4d, 0x6e, 0xc2, 0x28, 0x2f, 0x14, 0x73, 0x28, 0x5f, 0xd2, 0xc6, 0xc0, 0xa2, + 0xde, 0xfa, 0x7b, 0x05, 0xe9, 0x0b, 0x4e, 0x2d, 0x8d, 0x0f, 0x8d, 0xa5, 0x71, 0x43, 0x75, 0x38, + 0x0b, 0xd8, 0x58, 0x1d, 0x35, 0x98, 0x7c, 0x95, 0x55, 0xa1, 0x23, 0xe9, 0x72, 0xfb, 0x7b, 0x05, + 0xe9, 0xa7, 0x48, 0x8b, 0xee, 0x1a, 0x4c, 0xbd, 0x9a, 0xc8, 0x1a, 0x68, 0xe4, 0x7d, 0x2e, 0x51, + 0xc5, 0xfe, 0x23, 0xed, 0x2b, 0x54, 0x9f, 0x49, 0x77, 0xf7, 0xab, 0x88, 0x95, 0x75, 0x2f, 0x03, + 0xfb, 0x55, 0xa6, 0xb3, 0x97, 0xa2, 0x53, 0x7f, 0xe9, 0xb5, 0xe4, 0x8c, 0xbe, 0x9d, 0x0c, 0xa6, + 0xca, 0x0d, 0x50, 0xd1, 0x7b, 0x5b, 0x8c, 0x9d, 0x99, 0x42, 0x38, 0xd1, 0x6c, 0xd3, 0xbb, 0xff, + 0x2f, 0x8a, 0xa6, 0x2c, 0xbe, 0x4a, 0xa3, 0x2b, 0x30, 0xbd, 0x45, 0x5f, 0xa4, 0xda, 0xc5, 0x5b, + 0x7c, 0x8f, 0xbe, 0x68, 0x6a, 0x6d, 0x6b, 0xeb, 0xc2, 0xc4, 0x21, 0xbb, 0x30, 0x23, 0xb5, 0xc6, + 0x49, 0x95, 0x27, 0x7f, 0x58, 0xc0, 0x5a, 0x38, 0x7c, 0xe6, 0x34, 0x03, 0x51, 0xaa, 0xbf, 0x08, + 0x30, 0x29, 0x9e, 0xfd, 0x7a, 0xb6, 0xb6, 0xa1, 0x94, 0xe6, 0x9e, 0x68, 0xed, 0xbd, 0x41, 0x73, + 0xcf, 0x0f, 0xd5, 0x6d, 0x53, 0x0e, 0xd6, 0xd1, 0xff, 0xa3, 0x60, 0xd4, 0xc9, 0xf5, 0x6e, 0x72, + 0x32, 0x30, 0xdc, 0x40, 0x4e, 0x86, 0xfe, 0xe2, 0x2b, 0x0e, 0xd0, 0x9b, 0x4f, 0x50, 0x12, 0x1d, + 0x7b, 0x07, 0xc6, 0x44, 0x91, 0x7a, 0x49, 0x97, 0x94, 0x4a, 0x09, 0x60, 0xfd, 0x6e, 0x01, 0x2e, + 0x33, 0x2b, 0xbf, 0xee, 0x7a, 0x7b, 0x1d, 0xfa, 0x24, 0x34, 0xc3, 0xe3, 0xbe, 0x67, 0x28, 0x9a, + 0x85, 0x9c, 0x57, 0x07, 0xff, 0xbf, 0xd4, 0xcb, 0xdf, 0x2d, 0x40, 0x39, 0xab, 0x6f, 0x67, 0xab, + 0x61, 0x6e, 0x8b, 0x63, 0x19, 0xef, 0x6d, 0x49, 0xa0, 0xab, 0x36, 0xe5, 0x60, 0xd9, 0x20, 0xd9, + 0xff, 0x86, 0x6a, 0xf9, 0x3f, 0x05, 0x98, 0xdb, 0x08, 0xb1, 0xfb, 0x3f, 0xeb, 0xb9, 0x01, 0x6d, + 0x4b, 0xc6, 0xdd, 0xce, 0x7a, 0x9b, 0x82, 0xf3, 0xba, 0x7e, 0x2e, 0xeb, 0xed, 0xc9, 0x7b, 0x5a, + 0xf8, 0x79, 0xb1, 0xdf, 0xa3, 0x13, 0xe3, 0xfd, 0xe9, 0xdb, 0x30, 0xbc, 0xc5, 0xcc, 0xa9, 0x21, + 0x21, 0x7f, 0x1c, 0x83, 0x15, 0x61, 0xa4, 0x38, 0xeb, 0x32, 0xfb, 0x41, 0xee, 0xa5, 0xe2, 0xd1, + 0x87, 0x07, 0x3f, 0xaa, 0x48, 0x3f, 0x9c, 0xad, 0x8d, 0xc3, 0xe8, 0x8e, 0x13, 0xec, 0xd1, 0xc8, + 0xfa, 0x1a, 0xca, 0x22, 0x04, 0x81, 0xbb, 0x48, 0x31, 0x50, 0x21, 0x8c, 0x5d, 0x77, 0xfd, 0xc2, + 0x06, 0x16, 0x01, 0xea, 0x91, 0x13, 0x44, 0x1b, 0x5e, 0x9b, 0x7e, 0x8b, 0xa3, 0x1d, 0xb1, 0xb5, + 0x12, 0xeb, 0x7d, 0x98, 0x50, 0x43, 0xc0, 0xb3, 0x9c, 0x66, 0x31, 0xe2, 0x70, 0xe6, 0x8c, 0x08, + 0x79, 0x19, 0x16, 0xbf, 0x0c, 0xf3, 0x89, 0xa9, 0x10, 0x72, 0x52, 0x66, 0x13, 0xc6, 0xcb, 0x78, + 0xa0, 0x95, 0xad, 0x7e, 0x5b, 0x2b, 0x70, 0x21, 0x35, 0xd3, 0x84, 0xe0, 0xab, 0x07, 0x7e, 0x4e, + 0x67, 0x1b, 0x4a, 0xbd, 0xbe, 0xce, 0xca, 0x76, 0x36, 0xeb, 0x3c, 0x02, 0x94, 0x95, 0xed, 0x6c, + 0xd6, 0x6b, 0xa3, 0x5c, 0x72, 0xac, 0x7f, 0x58, 0xc4, 0xe3, 0x6b, 0x8a, 0x07, 0x09, 0x4f, 0x94, + 0xee, 0x0d, 0xab, 0xc1, 0x04, 0x8e, 0x78, 0x55, 0x46, 0x4a, 0xf7, 0xbf, 0xb7, 0x1c, 0xff, 0xe5, + 0x51, 0xe5, 0x1c, 0x5e, 0x56, 0xc6, 0x68, 0xe4, 0x73, 0x18, 0x5b, 0xf3, 0xda, 0x48, 0x61, 0xe8, + 0x14, 0x14, 0x24, 0x12, 0x9b, 0x07, 0xec, 0x32, 0x33, 0x85, 0x84, 0x8b, 0xc5, 0xd6, 0x4a, 0x90, + 0xcd, 0xee, 0xa1, 0xcb, 0xa3, 0x53, 0x46, 0x6c, 0xfe, 0x83, 0x71, 0x13, 0xbb, 0x20, 0x5f, 0x37, + 0x4e, 0xd8, 0xea, 0x37, 0xb1, 0x60, 0xe4, 0x71, 0xd0, 0x16, 0xaf, 0xb0, 0x66, 0x96, 0xa6, 0x64, + 0x7e, 0x1a, 0x56, 0x66, 0xf3, 0x2a, 0xeb, 0x7f, 0xe1, 0x8d, 0x71, 0x94, 0x29, 0x37, 0x06, 0x57, + 0x0a, 0xaf, 0xcd, 0x95, 0xe2, 0xab, 0x70, 0x45, 0x8d, 0x7a, 0x28, 0x6f, 0xd4, 0xc3, 0x79, 0xa3, + 0x1e, 0xc9, 0x1f, 0xf5, 0x7d, 0x18, 0xe5, 0x43, 0x25, 0x6f, 0xc0, 0xc8, 0x46, 0x44, 0x0f, 0x63, + 0xb7, 0x86, 0x1e, 0xf3, 0x63, 0xf3, 0x3a, 0x76, 0xe2, 0xda, 0x74, 0xc2, 0x48, 0xc6, 0x1c, 0x4f, + 0xd8, 0xf2, 0xa7, 0xf5, 0x53, 0x7c, 0x92, 0xb0, 0xe9, 0xb7, 0x0e, 0x34, 0x9f, 0xe7, 0x18, 0x5f, + 0x95, 0xc9, 0xab, 0x03, 0x06, 0xc5, 0x6b, 0x6c, 0x09, 0x41, 0xae, 0xc3, 0xe4, 0x86, 0x77, 0xcf, + 0x0f, 0x5a, 0xf4, 0xb1, 0xd7, 0xe1, 0xd4, 0xc7, 0x6d, 0xbd, 0x48, 0xf8, 0x62, 0x44, 0x0b, 0xb1, + 0x2f, 0x06, 0x0b, 0x12, 0xbe, 0x18, 0x9e, 0xc2, 0xc0, 0xe6, 0x75, 0xc2, 0xd5, 0xc3, 0xfe, 0xee, + 0xe7, 0x88, 0x51, 0x1e, 0x9b, 0x41, 0x80, 0xbb, 0x70, 0xd9, 0xa6, 0xdd, 0x8e, 0xc3, 0x0c, 0xae, + 0x43, 0x9f, 0xc3, 0xab, 0x31, 0x5f, 0xcf, 0x08, 0x52, 0x35, 0xdd, 0xae, 0xaa, 0xcb, 0xc5, 0x3e, + 0x5d, 0x3e, 0x84, 0x1b, 0xf7, 0x69, 0x94, 0x99, 0x87, 0x20, 0x1e, 0xfc, 0x3a, 0x8c, 0x8b, 0x57, + 0x49, 0x72, 0xfc, 0x83, 0x52, 0x20, 0x88, 0x6b, 0x24, 0x41, 0x47, 0xfd, 0x65, 0x7d, 0x01, 0x95, + 0xbc, 0xe6, 0x4e, 0x16, 0xa0, 0xe7, 0xc2, 0xf5, 0x7c, 0x02, 0x6a, 0x5b, 0x1c, 0x13, 0x0d, 0xaa, + 0xa3, 0x73, 0xff, 0xde, 0xaa, 0x8b, 0x05, 0x34, 0x0c, 0xc4, 0x1f, 0x56, 0x4d, 0x46, 0x00, 0xbd, + 0x46, 0x77, 0x9b, 0x78, 0xf5, 0x61, 0x12, 0x88, 0xf9, 0x5a, 0x85, 0x71, 0x59, 0x96, 0xb8, 0xfb, + 0x48, 0xa5, 0x78, 0x40, 0x86, 0xb6, 0x25, 0x01, 0x85, 0x66, 0xfd, 0x54, 0x5e, 0x50, 0x98, 0x18, + 0x27, 0x8b, 0xbc, 0x3f, 0xc9, 0x8d, 0x84, 0xe5, 0xc3, 0x65, 0x93, 0xb6, 0xee, 0x1a, 0x9f, 0xd5, + 0x5c, 0xe3, 0xdc, 0x23, 0xce, 0xe4, 0xd2, 0xde, 0x5c, 0xf3, 0xda, 0x5d, 0xdf, 0xf5, 0x22, 0xb1, + 0x78, 0xf5, 0x22, 0xb2, 0xa8, 0x3b, 0xc0, 0xa7, 0xd2, 0x4f, 0x15, 0xee, 0x42, 0x39, 0xab, 0x41, + 0xcd, 0x81, 0xa2, 0x7c, 0xc8, 0xdc, 0x20, 0xb1, 0xf6, 0x61, 0xce, 0x48, 0x9a, 0x15, 0x67, 0x01, + 0x8a, 0x93, 0x85, 0x4d, 0xd4, 0x3e, 0xfb, 0xf5, 0x51, 0xe5, 0xa3, 0xd3, 0x84, 0xa1, 0x4b, 0x9a, + 0x3b, 0xea, 0xb5, 0x85, 0xb5, 0x00, 0x43, 0x2b, 0xf6, 0x26, 0x0e, 0xdb, 0xde, 0x54, 0xc3, 0xb6, + 0x37, 0xad, 0xdf, 0x2f, 0x42, 0x65, 0x65, 0xdf, 0xf1, 0xf6, 0xf8, 0xc5, 0x70, 0x6c, 0x77, 0x69, + 0x37, 0xcd, 0x27, 0x3d, 0x6d, 0x2c, 0xc1, 0xe4, 0x16, 0x7d, 0x21, 0x5f, 0x8a, 0x88, 0x37, 0x17, + 0xe8, 0xc9, 0x66, 0x27, 0x81, 0xae, 0x28, 0xb7, 0x75, 0x20, 0xf2, 0x27, 0x5f, 0xdd, 0x43, 0xc3, + 0x53, 0xe7, 0xc4, 0x87, 0x0c, 0x5e, 0x9b, 0x75, 0xda, 0xc8, 0x69, 0x22, 0x7d, 0x3c, 0x1a, 0x3e, + 0xfd, 0xf1, 0xc8, 0xfa, 0x27, 0x05, 0xb8, 0x9e, 0xcf, 0x41, 0xd1, 0xd2, 0xaa, 0x91, 0xc5, 0xa8, + 0xcf, 0xf5, 0x38, 0x1e, 0x09, 0xb5, 0x2c, 0x46, 0xc9, 0xcc, 0x45, 0x36, 0x6d, 0xf9, 0xcf, 0x69, + 0xf0, 0x32, 0xe1, 0xf1, 0x96, 0xc5, 0x2b, 0x7e, 0x9b, 0x86, 0x32, 0x07, 0x1c, 0x2f, 0x32, 0xf2, + 0x00, 0x88, 0x32, 0xeb, 0xdf, 0x17, 0xe0, 0x0a, 0x6e, 0x83, 0xc2, 0x1f, 0x28, 0x2b, 0x5e, 0x29, + 0xc6, 0x44, 0x6f, 0x5c, 0xcc, 0x3a, 0xc6, 0x98, 0xc8, 0x1e, 0x34, 0x5b, 0x7e, 0x9b, 0xda, 0x06, + 0x18, 0xd9, 0x80, 0x49, 0xf1, 0x5b, 0x73, 0xfa, 0xcc, 0x6b, 0x39, 0xd1, 0x50, 0xa8, 0xf8, 0x99, + 0x0f, 0x45, 0x48, 0x10, 0x6b, 0xe2, 0x13, 0x22, 0x1d, 0xd7, 0xfa, 0x55, 0x11, 0xae, 0x36, 0x68, + 0xe0, 0x3e, 0x7b, 0x99, 0x33, 0x98, 0xc7, 0x30, 0x27, 0x8b, 0x70, 0xcc, 0xa6, 0x30, 0xf3, 0x97, + 0xce, 0xb2, 0xab, 0x21, 0x03, 0x68, 0x2a, 0xd9, 0xce, 0x44, 0x3c, 0xc5, 0xdb, 0xff, 0xf7, 0x60, + 0x5c, 0xad, 0x87, 0x21, 0xe4, 0x0c, 0xce, 0x8d, 0x5c, 0x0b, 0x66, 0x76, 0x1a, 0xb5, 0x28, 0xfe, + 0x42, 0xfe, 0xc5, 0x82, 0xb0, 0xff, 0x07, 0x1c, 0xcd, 0xf8, 0xd2, 0x60, 0xcb, 0xc2, 0xd1, 0x6a, + 0x33, 0x96, 0xc6, 0xfa, 0x39, 0x3b, 0xaf, 0xa5, 0xda, 0x24, 0x4c, 0x54, 0xf1, 0xda, 0x83, 0x99, + 0xdb, 0xff, 0xbb, 0x08, 0x8b, 0x32, 0x2c, 0x38, 0x87, 0xcd, 0x5f, 0xc1, 0x82, 0x2c, 0xaa, 0x76, + 0xbb, 0x81, 0xff, 0x9c, 0xb6, 0x4d, 0x4e, 0xf3, 0x6c, 0x03, 0x92, 0xd3, 0x8e, 0x80, 0x89, 0x99, + 0x9d, 0x87, 0x7e, 0x36, 0x6e, 0x8c, 0xcf, 0x4d, 0xed, 0xc4, 0x67, 0x03, 0xdd, 0x09, 0xba, 0x76, + 0x32, 0xd3, 0xf7, 0xe9, 0x9a, 0xaa, 0x9d, 0x72, 0x83, 0x0c, 0xbf, 0xae, 0x1b, 0x84, 0x1d, 0xd4, + 0x4c, 0x9a, 0xb5, 0x19, 0x98, 0xda, 0xa2, 0x2f, 0x62, 0xbe, 0xff, 0xbc, 0x00, 0xd3, 0xc6, 0xe2, + 0x26, 0xb7, 0x60, 0x04, 0xff, 0xc0, 0x9d, 0x57, 0xbc, 0x39, 0x64, 0x0b, 0xcc, 0x78, 0x73, 0xc8, + 0x41, 0x37, 0x60, 0x8c, 0x47, 0x64, 0xb5, 0x4f, 0x60, 0x51, 0xab, 0x08, 0xcb, 0x16, 0x47, 0xe1, + 0xc6, 0xb5, 0xc0, 0xb7, 0x1e, 0xc2, 0x0d, 0x11, 0xee, 0x66, 0x4e, 0x3e, 0x36, 0x74, 0xca, 0x8d, + 0xc2, 0x72, 0x60, 0xf1, 0x3e, 0x4d, 0xaa, 0x1e, 0x23, 0x02, 0xf5, 0x0b, 0x38, 0x6f, 0x94, 0x2b, + 0x8a, 0xf8, 0x1c, 0x48, 0xc9, 0x90, 0x22, 0x9d, 0x84, 0xb6, 0xae, 0x67, 0x35, 0xa1, 0x77, 0xd6, + 0xa2, 0x98, 0x36, 0x20, 0x88, 0xef, 0x7e, 0xc2, 0x53, 0x68, 0xbd, 0x9b, 0xda, 0xba, 0xe6, 0x1a, + 0x8f, 0x3f, 0x69, 0x97, 0x7b, 0x9c, 0xaa, 0xb5, 0xa6, 0x61, 0x72, 0xc5, 0xf7, 0x22, 0xfa, 0x2d, + 0xbe, 0xe5, 0xb2, 0x66, 0x60, 0x4a, 0x56, 0x75, 0x68, 0x18, 0x5a, 0x7f, 0x67, 0x08, 0x2c, 0xc1, + 0xd8, 0x2c, 0x9f, 0x87, 0xe4, 0xc7, 0x6e, 0xaa, 0xb3, 0x62, 0x13, 0xb9, 0xa4, 0x7b, 0x76, 0xe2, + 0x5a, 0x2e, 0x79, 0x78, 0x1f, 0xdc, 0x8a, 0x4b, 0x0d, 0xc9, 0x4b, 0x8d, 0xfe, 0x47, 0x39, 0x6a, + 0x92, 0x2f, 0x36, 0x4c, 0x0e, 0x96, 0xa3, 0x26, 0x0d, 0xba, 0xd9, 0x2a, 0xd3, 0x36, 0xd8, 0x20, + 0x36, 0x77, 0xa2, 0x9e, 0x6f, 0xa8, 0x1a, 0x91, 0x50, 0x93, 0x17, 0x34, 0x53, 0x09, 0x31, 0x75, + 0x22, 0xe4, 0x89, 0xc9, 0x4b, 0xb1, 0x1e, 0xe5, 0x5d, 0xab, 0x5e, 0xc5, 0xa9, 0x76, 0xb5, 0x12, + 0x33, 0xbf, 0xa8, 0x01, 0xab, 0xf9, 0xb1, 0xfe, 0x66, 0x01, 0xae, 0xf0, 0xd9, 0xd9, 0x0e, 0xdc, + 0xe7, 0x6e, 0x87, 0xee, 0x51, 0x43, 0x4c, 0x7b, 0xd9, 0x77, 0x56, 0x85, 0x13, 0xe9, 0x68, 0xcc, + 0x70, 0x44, 0x05, 0x7a, 0x9e, 0xa3, 0x34, 0x8b, 0xbe, 0x75, 0x54, 0x90, 0xa1, 0x96, 0xa9, 0x8b, + 0x9c, 0xd3, 0xda, 0x6c, 0x35, 0xe3, 0xee, 0xa5, 0x98, 0x73, 0xf7, 0x62, 0x78, 0xaa, 0xa3, 0x01, + 0x97, 0x31, 0x43, 0xaf, 0xef, 0xbc, 0xfd, 0xc3, 0x61, 0xb8, 0xb0, 0xed, 0xec, 0xb9, 0x1e, 0xd3, + 0x3d, 0xf2, 0x95, 0x14, 0xa9, 0xa6, 0x92, 0x4d, 0xf6, 0x0f, 0x8d, 0xca, 0xc8, 0x26, 0xb9, 0xa4, + 0xe7, 0x7d, 0x2b, 0xe6, 0xbd, 0xf5, 0x30, 0xb3, 0xbb, 0x7d, 0x6c, 0xf8, 0xea, 0x52, 0xd1, 0x71, + 0x18, 0x7f, 0xe2, 0xf9, 0xed, 0x44, 0x02, 0x56, 0xf4, 0x77, 0x3d, 0x86, 0x49, 0x2d, 0xc4, 0x4d, + 0x08, 0x68, 0x8a, 0x02, 0xb2, 0xe5, 0xa0, 0xb7, 0x4b, 0x33, 0x93, 0xed, 0xe9, 0x14, 0x32, 0x52, + 0xec, 0x8d, 0x9c, 0x71, 0x8a, 0xbd, 0xaf, 0x79, 0x97, 0xa5, 0xe7, 0x73, 0x54, 0xec, 0x1b, 0x9c, + 0x7c, 0xca, 0xfd, 0xd9, 0x58, 0xd6, 0x7a, 0x9f, 0x95, 0x2f, 0x54, 0x27, 0x96, 0x9f, 0x9f, 0x70, + 0xfc, 0x37, 0x91, 0x9f, 0xb0, 0x06, 0x30, 0x2e, 0xdf, 0xe2, 0x59, 0xff, 0x73, 0x14, 0xe6, 0x36, + 0xdd, 0x30, 0x92, 0xc2, 0x15, 0xc6, 0x3b, 0xcf, 0x94, 0x2c, 0xd3, 0xce, 0x60, 0xc2, 0x48, 0x14, + 0x0f, 0xf9, 0x12, 0x79, 0x9a, 0x0d, 0x04, 0xf2, 0xbe, 0xee, 0x3e, 0x2c, 0x6a, 0x69, 0x82, 0xd2, + 0x29, 0x76, 0x75, 0xbf, 0xe2, 0x2d, 0xc3, 0x7b, 0xc5, 0xb7, 0xf5, 0x0e, 0x2b, 0xd0, 0xb7, 0x75, + 0xee, 0xd2, 0x5a, 0x4e, 0xba, 0xb4, 0x78, 0x03, 0x5c, 0x27, 0x1f, 0x50, 0xc3, 0xe2, 0x57, 0xbe, + 0xae, 0x27, 0x30, 0x8a, 0x8f, 0xc4, 0x79, 0x4a, 0xb4, 0xc9, 0xa5, 0xef, 0x88, 0xf5, 0x99, 0xc5, + 0x04, 0xfe, 0x9c, 0x3c, 0xd4, 0xd2, 0xdd, 0x75, 0xb0, 0x40, 0x7f, 0x0b, 0xce, 0x41, 0xc8, 0x0e, + 0x5c, 0xdc, 0x0e, 0x68, 0x1b, 0x35, 0xdb, 0xda, 0xb7, 0xdd, 0x40, 0x9c, 0x70, 0xd0, 0xbf, 0xc8, + 0x53, 0xe6, 0x74, 0x65, 0x75, 0x93, 0xaa, 0x7a, 0x5d, 0xc1, 0x65, 0xa0, 0x93, 0x35, 0x98, 0xa9, + 0x53, 0x27, 0x68, 0xed, 0x3f, 0xa4, 0x2f, 0x99, 0x5e, 0x0e, 0x4b, 0x63, 0x71, 0x9e, 0xa9, 0x10, + 0x6b, 0xd8, 0x40, 0xb1, 0x4a, 0xbf, 0x55, 0x32, 0x91, 0xc8, 0x0f, 0x60, 0xb4, 0xee, 0x07, 0x51, + 0xed, 0x65, 0x22, 0xe7, 0x32, 0x2f, 0xac, 0x5d, 0x96, 0xb9, 0xb6, 0x42, 0x3f, 0x88, 0x9a, 0xbb, + 0x3a, 0xdf, 0x04, 0x1e, 0xb9, 0xc7, 0x8c, 0x3e, 0x66, 0x88, 0x46, 0x4e, 0x67, 0x05, 0xe3, 0x28, + 0xf8, 0x0b, 0x55, 0x61, 0xd8, 0xa1, 0xf5, 0x1a, 0x39, 0x9d, 0x26, 0x9a, 0x19, 0xe6, 0xfd, 0x96, + 0x8e, 0x45, 0x5e, 0xc2, 0x9c, 0x29, 0x93, 0x22, 0xdf, 0x20, 0x18, 0xd9, 0x4b, 0xb3, 0x40, 0x6a, + 0x37, 0x45, 0x2f, 0xaf, 0x27, 0x25, 0x3f, 0x95, 0x82, 0x30, 0xb3, 0x09, 0xf2, 0x08, 0x53, 0x9d, + 0x71, 0xce, 0x54, 0x43, 0x99, 0xd6, 0x8d, 0x0d, 0xe2, 0xc6, 0xf1, 0x51, 0xe5, 0x5a, 0x0f, 0xd3, + 0xf0, 0x22, 0x47, 0x9d, 0x30, 0x99, 0xdd, 0xcd, 0x4e, 0xa1, 0x96, 0x3f, 0x86, 0x49, 0x4d, 0x3a, + 0x4e, 0x95, 0xad, 0xf0, 0x0f, 0x0a, 0x30, 0x9f, 0x10, 0x37, 0x71, 0x3c, 0x7e, 0x0c, 0x13, 0xaa, + 0x50, 0x78, 0x94, 0x4a, 0x6a, 0x1b, 0x4f, 0x6c, 0x03, 0x5c, 0xd8, 0xe5, 0x5a, 0xd4, 0x3b, 0x1b, + 0xd3, 0x20, 0x77, 0x61, 0x6c, 0x8b, 0x7e, 0x1b, 0xbb, 0x61, 0xf9, 0xb1, 0xcb, 0x63, 0x36, 0x85, + 0xb9, 0x40, 0x24, 0x18, 0xf9, 0x18, 0x40, 0x9b, 0x65, 0xbe, 0x08, 0x31, 0xc8, 0x33, 0x7b, 0x82, + 0x35, 0x60, 0xeb, 0xf7, 0xc7, 0xa4, 0x95, 0x20, 0x9f, 0x51, 0x04, 0x4e, 0xeb, 0x20, 0x8e, 0xb6, + 0x7d, 0x3f, 0x1d, 0xda, 0x7a, 0x12, 0x8d, 0xf0, 0xb6, 0x91, 0x3f, 0x23, 0x3f, 0x41, 0x7c, 0x9c, + 0x4a, 0x65, 0xe8, 0x04, 0xa9, 0x54, 0xee, 0xc0, 0xd8, 0x86, 0xf7, 0xdc, 0x65, 0x67, 0x02, 0x1e, + 0x9b, 0x89, 0x16, 0xb5, 0xcb, 0x8b, 0x74, 0xc6, 0x08, 0x28, 0xf2, 0x31, 0x8c, 0xaf, 0xfb, 0x61, + 0xe4, 0xc9, 0xb8, 0x4c, 0xb1, 0x0a, 0x23, 0x74, 0x4b, 0x37, 0xf7, 0x45, 0x95, 0xae, 0x73, 0x24, + 0x38, 0xf9, 0x00, 0xc6, 0xaa, 0xed, 0x36, 0x5b, 0xd4, 0x42, 0x21, 0xe0, 0x7b, 0x68, 0x81, 0xe9, + 0xf0, 0x1a, 0xbd, 0x49, 0x01, 0x4c, 0x3e, 0x33, 0x7d, 0xc4, 0x63, 0x71, 0xa2, 0xa1, 0xec, 0x4c, + 0xeb, 0xa6, 0xff, 0xf8, 0x96, 0xbc, 0x64, 0x1a, 0x8f, 0x53, 0x37, 0x61, 0x1a, 0x26, 0x43, 0x93, + 0xe2, 0x1d, 0xd5, 0x06, 0x4c, 0x6c, 0x78, 0x6e, 0xe4, 0x62, 0xf2, 0x9a, 0x09, 0xc3, 0x1c, 0xd8, + 0x76, 0x82, 0xc8, 0x6d, 0xb9, 0x5d, 0xc7, 0x8b, 0x64, 0x7e, 0x54, 0x01, 0xa8, 0xcf, 0x96, 0xc2, + 0xd6, 0xb3, 0xfc, 0xc1, 0x99, 0x65, 0xf9, 0xcb, 0x4c, 0x94, 0x37, 0xf9, 0xea, 0x89, 0xf2, 0x96, + 0xf9, 0x5c, 0xa2, 0x09, 0x3e, 0x15, 0x0b, 0x22, 0xba, 0x4e, 0x4d, 0x5b, 0xdb, 0x56, 0x80, 0xe4, + 0x3a, 0x26, 0xab, 0x99, 0x8e, 0xe3, 0x52, 0x8d, 0x4b, 0xed, 0xe2, 0xc6, 0x2a, 0x69, 0xc2, 0x14, + 0x83, 0xde, 0xf6, 0x3b, 0x6e, 0xcb, 0xa5, 0x61, 0x69, 0xc6, 0xf0, 0xb5, 0x9b, 0x8b, 0x02, 0x81, + 0x5e, 0xd6, 0x69, 0xc4, 0xf7, 0x54, 0x6c, 0xba, 0x2b, 0x10, 0xf5, 0x3d, 0x55, 0x27, 0x48, 0x7e, + 0xc2, 0xf6, 0x03, 0x9d, 0x8a, 0x48, 0x8d, 0xbe, 0x90, 0xd9, 0x44, 0xe3, 0x5d, 0xb9, 0x51, 0x88, + 0x37, 0x4e, 0xbc, 0xd8, 0xdc, 0x28, 0x74, 0x04, 0xcb, 0x86, 0x52, 0x7c, 0xb3, 0x95, 0x58, 0xbd, + 0x1f, 0xa4, 0xdf, 0xd9, 0x60, 0x5a, 0xe0, 0xf8, 0x9d, 0x8d, 0x2e, 0x10, 0xf1, 0x8b, 0x9b, 0x27, + 0x70, 0xc5, 0xa6, 0x87, 0xfe, 0x73, 0x7a, 0xb6, 0x64, 0x7f, 0x04, 0x97, 0x4d, 0x82, 0x4f, 0xba, + 0x6d, 0x7c, 0x24, 0xce, 0xaf, 0xd0, 0x32, 0x53, 0x38, 0x09, 0x04, 0x9e, 0xc2, 0x89, 0xa7, 0xe3, + 0x60, 0x7f, 0xea, 0xeb, 0x01, 0xeb, 0x2c, 0x1f, 0xae, 0x9a, 0xc4, 0xab, 0xed, 0xb6, 0xb6, 0x10, + 0x98, 0x3d, 0xab, 0xfd, 0x4c, 0x18, 0xd0, 0xfa, 0x8a, 0x41, 0xcd, 0xd9, 0x8d, 0x0b, 0xf4, 0xb5, + 0xaa, 0xc1, 0x59, 0x14, 0x2a, 0x49, 0xf6, 0x30, 0x96, 0xe9, 0x6d, 0xd6, 0x60, 0x5a, 0xfb, 0xa9, + 0xce, 0xa3, 0xa8, 0x4a, 0xb4, 0x16, 0x4c, 0x86, 0x99, 0x28, 0x56, 0x0b, 0xca, 0x59, 0x4c, 0xc3, + 0x65, 0xf6, 0x92, 0xac, 0xc5, 0x4b, 0x77, 0xf0, 0xd5, 0xe5, 0xf9, 0xdc, 0x47, 0xa8, 0x7f, 0x7d, + 0x18, 0xae, 0x88, 0xc9, 0x38, 0xcb, 0x19, 0x27, 0x3f, 0x85, 0x49, 0x6d, 0x8e, 0x05, 0xd3, 0xaf, + 0xcb, 0x68, 0x87, 0x3c, 0x59, 0xe0, 0xfa, 0xb2, 0x87, 0x05, 0xcd, 0xc4, 0x74, 0x33, 0xbb, 0x5c, + 0x17, 0x9b, 0x0e, 0xcc, 0x98, 0x13, 0x2d, 0xce, 0x3a, 0x6f, 0x64, 0x36, 0x62, 0x82, 0xca, 0x94, + 0x20, 0xed, 0x66, 0xe6, 0x74, 0x63, 0x1e, 0x77, 0x53, 0x88, 0xbe, 0x85, 0x0b, 0xa9, 0x59, 0x16, + 0x47, 0xa3, 0xb7, 0x33, 0x1b, 0x4c, 0x41, 0x73, 0xe5, 0x17, 0x60, 0x71, 0x6e, 0xb3, 0xe9, 0x46, + 0x48, 0x1b, 0xa6, 0xf4, 0x89, 0x17, 0x67, 0xa7, 0x1b, 0x7d, 0x58, 0xc9, 0x01, 0xb9, 0xaa, 0x12, + 0xbc, 0xc4, 0xb9, 0x37, 0x3f, 0x7d, 0x62, 0x50, 0xad, 0x8d, 0xc3, 0x28, 0xff, 0xcd, 0x54, 0xc0, + 0x76, 0x40, 0x43, 0xea, 0xb5, 0xa8, 0x1e, 0xb8, 0xf2, 0xba, 0x2a, 0xe0, 0xdf, 0x15, 0xa0, 0x94, + 0x45, 0xb7, 0x4e, 0xbd, 0x36, 0xd9, 0x86, 0xd9, 0x64, 0x43, 0x42, 0xaa, 0x2d, 0x69, 0x51, 0xe5, + 0x77, 0x69, 0xfd, 0x9c, 0x9d, 0xc2, 0x66, 0x9b, 0x90, 0x56, 0x76, 0xca, 0x08, 0xa1, 0x34, 0xaa, + 0xee, 0x5f, 0x59, 0xc7, 0x40, 0xa8, 0x55, 0xff, 0xd0, 0x71, 0x3d, 0xb6, 0x77, 0x2b, 0x83, 0xf0, + 0x0e, 0x40, 0x5c, 0x2a, 0x78, 0xc3, 0x7d, 0x10, 0x58, 0x2a, 0xa3, 0xe5, 0x14, 0x88, 0xf5, 0x19, + 0x6a, 0x70, 0xb1, 0xcf, 0xf1, 0x17, 0x17, 0x8a, 0xd8, 0x75, 0x18, 0xd9, 0xd9, 0xac, 0xaf, 0x54, + 0xc5, 0xfb, 0x0d, 0xfe, 0x18, 0xaf, 0x13, 0x36, 0x5b, 0x8e, 0xcd, 0x2b, 0xac, 0x7f, 0x59, 0x84, + 0x39, 0xf9, 0x80, 0xdc, 0x70, 0xf0, 0x0c, 0xcc, 0x32, 0xf6, 0x43, 0xf3, 0x01, 0xfc, 0x8a, 0x7a, + 0x00, 0xff, 0x1a, 0x89, 0x91, 0xc5, 0xd3, 0xf9, 0x13, 0x3e, 0xb8, 0x79, 0xa8, 0x0e, 0x76, 0xc3, + 0xc6, 0xc1, 0x2e, 0x6b, 0x3c, 0xc6, 0xc1, 0x0e, 0xf9, 0xc0, 0x0f, 0x76, 0xf2, 0x38, 0xf7, 0x3a, + 0xd6, 0xfd, 0x47, 0x6c, 0x2e, 0x8d, 0x26, 0x4f, 0xfa, 0xd2, 0x64, 0x13, 0x1f, 0xfc, 0x3d, 0xde, + 0x58, 0x5d, 0x61, 0x42, 0x24, 0xba, 0x2a, 0x67, 0xe0, 0x0e, 0xc6, 0x1c, 0x09, 0x9a, 0xba, 0x24, + 0xa0, 0x4e, 0x13, 0xef, 0x97, 0x35, 0x10, 0x6b, 0x19, 0xa9, 0xd5, 0xab, 0x8f, 0x36, 0x33, 0xa8, + 0xe5, 0x25, 0xde, 0xdb, 0xc2, 0x17, 0xc1, 0xf7, 0x71, 0xbe, 0xce, 0xa2, 0x13, 0xbf, 0x5b, 0xe0, + 0x4f, 0x8c, 0xeb, 0x8f, 0xb5, 0x5c, 0xad, 0xde, 0x33, 0x5f, 0xf3, 0x6f, 0x6b, 0xcd, 0x68, 0xc9, + 0xee, 0xd1, 0x1a, 0xc7, 0xaf, 0x62, 0x88, 0x27, 0x4d, 0x98, 0x36, 0xde, 0x4e, 0x42, 0x93, 0x8f, + 0x61, 0x5a, 0x2b, 0x52, 0xbb, 0x22, 0xcf, 0xf2, 0xa4, 0xa3, 0xbb, 0x6d, 0xdb, 0x84, 0xb4, 0x7e, + 0x5e, 0x84, 0x2b, 0x7d, 0xd2, 0x63, 0xa3, 0x7b, 0x01, 0x5d, 0x53, 0x8a, 0x53, 0xdc, 0xbd, 0xc0, + 0x9f, 0x6f, 0x19, 0x4a, 0x49, 0x01, 0x32, 0x93, 0x5d, 0xcf, 0xd6, 0x5d, 0xd4, 0x72, 0x83, 0x66, + 0x67, 0xe8, 0xd6, 0xc1, 0x49, 0x08, 0x10, 0xf7, 0x44, 0x1c, 0x63, 0xea, 0xf8, 0xc2, 0x2e, 0x4e, + 0xf5, 0x7d, 0x26, 0x39, 0xc7, 0xb5, 0x66, 0xac, 0xbf, 0x5a, 0x84, 0xc5, 0x3e, 0x7c, 0xa8, 0xd3, + 0xe8, 0x8f, 0x83, 0x15, 0x89, 0x04, 0xec, 0x43, 0xbf, 0xa1, 0x04, 0xec, 0xd6, 0xbf, 0x29, 0x60, + 0x3e, 0x14, 0x0c, 0x0d, 0xdc, 0xf0, 0x9e, 0x53, 0x2f, 0xf2, 0x83, 0x97, 0x18, 0xda, 0x44, 0xde, + 0x87, 0x91, 0x75, 0xda, 0xe9, 0xf8, 0x62, 0x1f, 0xb9, 0x26, 0xaf, 0x1c, 0x92, 0xd0, 0x08, 0xb4, + 0x7e, 0xce, 0xe6, 0xd0, 0xe4, 0x63, 0x98, 0x58, 0xa7, 0x4e, 0x10, 0xed, 0x52, 0x47, 0x9a, 0x8a, + 0x97, 0x05, 0xaa, 0x86, 0x22, 0x00, 0xd6, 0xcf, 0xd9, 0x31, 0x34, 0x59, 0x82, 0xe1, 0x6d, 0xdf, + 0xdb, 0x53, 0x6f, 0x87, 0x72, 0x1a, 0x64, 0x30, 0xeb, 0xe7, 0x6c, 0x84, 0xad, 0x8d, 0xc0, 0xd0, + 0xa3, 0x70, 0xcf, 0xfa, 0x45, 0x01, 0x4a, 0xab, 0xfe, 0x0b, 0x2f, 0x73, 0x24, 0x1f, 0x9a, 0x23, + 0x91, 0x11, 0xa7, 0x19, 0xf0, 0x89, 0xb1, 0xbc, 0x07, 0xc3, 0xdb, 0xae, 0xb7, 0x97, 0xd8, 0xf6, + 0x32, 0xf0, 0x18, 0x14, 0x76, 0xc9, 0x8d, 0xbb, 0x74, 0x0b, 0x16, 0x72, 0x20, 0xc9, 0x8c, 0xd2, + 0x47, 0xc3, 0xa8, 0x87, 0xbe, 0x03, 0xf3, 0x99, 0xa3, 0x4c, 0x01, 0xfe, 0xfd, 0xac, 0xe9, 0xe2, + 0x7d, 0x2d, 0xc1, 0x98, 0x4c, 0xe6, 0xc7, 0x15, 0xb7, 0xfc, 0x89, 0xb1, 0x70, 0x52, 0x9c, 0x45, + 0xda, 0x27, 0x25, 0xb5, 0x0d, 0x5e, 0x87, 0xb1, 0x52, 0x5c, 0xe8, 0x3e, 0x79, 0x0d, 0xd1, 0x52, + 0xb4, 0xac, 0xed, 0xcc, 0xe9, 0x78, 0x8d, 0x9e, 0x5a, 0x2b, 0x40, 0xd2, 0xf2, 0x43, 0xbe, 0x07, + 0x13, 0xf5, 0xfa, 0x7a, 0xdf, 0x87, 0xec, 0x76, 0x0c, 0x61, 0x7d, 0x00, 0x97, 0x14, 0x11, 0x9e, + 0x8c, 0x4b, 0x0b, 0xff, 0x14, 0x99, 0xb6, 0x55, 0xd4, 0x69, 0x5c, 0x60, 0xfd, 0x28, 0x85, 0x57, + 0xef, 0x1d, 0x1e, 0x3a, 0xc1, 0x4b, 0x52, 0x35, 0xf1, 0x86, 0x06, 0xae, 0x94, 0xda, 0xf0, 0x2f, + 0x8f, 0x2a, 0xe7, 0x74, 0xe2, 0x4b, 0x30, 0x67, 0x88, 0x87, 0xec, 0x52, 0x39, 0xa9, 0x86, 0x34, + 0x6e, 0xdc, 0x83, 0xf9, 0x04, 0x8e, 0xd8, 0x76, 0xbf, 0x07, 0xca, 0x50, 0x40, 0xa4, 0xa1, 0xda, + 0x85, 0x5f, 0x1f, 0x55, 0xa6, 0x23, 0xf7, 0x90, 0xde, 0x8e, 0xb3, 0x77, 0xc8, 0xbf, 0xac, 0x47, + 0xba, 0x01, 0x55, 0xed, 0x18, 0xf1, 0xda, 0xef, 0xc2, 0x28, 0x2f, 0x49, 0x64, 0x60, 0xd0, 0xa1, + 0xc5, 0x68, 0x04, 0x20, 0xdb, 0xd3, 0xf9, 0xeb, 0x76, 0x1d, 0x26, 0xde, 0x4e, 0x47, 0xf0, 0x77, + 0x22, 0x10, 0x26, 0x83, 0x1c, 0x87, 0xb3, 0x3e, 0xc7, 0xdb, 0xdc, 0xac, 0x04, 0xe8, 0x27, 0x0b, + 0x67, 0xfb, 0x33, 0x70, 0xb5, 0xda, 0xed, 0x52, 0xaf, 0x1d, 0x23, 0x32, 0x33, 0xff, 0x64, 0xc1, + 0x70, 0xa4, 0x0a, 0x23, 0x08, 0xad, 0x8e, 0x5e, 0xa2, 0xbb, 0x19, 0xdd, 0x41, 0x38, 0x61, 0xe2, + 0x60, 0x03, 0x1c, 0xf3, 0x9d, 0x77, 0x60, 0x42, 0x7d, 0xeb, 0x91, 0x8c, 0xc3, 0xf0, 0xc6, 0xd6, + 0xc6, 0x0e, 0xcf, 0xd2, 0xbe, 0xfd, 0x64, 0x67, 0xb6, 0x40, 0x00, 0x46, 0x57, 0xd7, 0x36, 0xd7, + 0x76, 0xd6, 0x66, 0x8b, 0xef, 0x34, 0xf5, 0x2b, 0x39, 0x72, 0x05, 0x16, 0x56, 0xd7, 0x1a, 0x1b, + 0x2b, 0x6b, 0xcd, 0x9d, 0x1f, 0x6e, 0xaf, 0x35, 0xcd, 0xa7, 0xcb, 0x73, 0x30, 0xab, 0x57, 0xee, + 0x3c, 0xde, 0xd9, 0x9e, 0x2d, 0x90, 0x12, 0xcc, 0xe9, 0xa5, 0x4f, 0xd7, 0x6a, 0xd5, 0x27, 0x3b, + 0xeb, 0x5b, 0xb3, 0x43, 0xd6, 0xf0, 0x78, 0x71, 0xb6, 0xf8, 0xce, 0x4f, 0x8d, 0xfb, 0x3a, 0x72, + 0x15, 0x4a, 0x02, 0xfc, 0x49, 0xbd, 0x7a, 0x3f, 0xbf, 0x09, 0x5e, 0xfb, 0xe8, 0x5e, 0x75, 0xb6, + 0x40, 0xae, 0xc1, 0x65, 0xa3, 0x74, 0xbb, 0x5a, 0xaf, 0x3f, 0x7d, 0x6c, 0xaf, 0x6e, 0xae, 0xd5, + 0xeb, 0xb3, 0xc5, 0x77, 0xde, 0x16, 0x81, 0xb5, 0x64, 0x06, 0x60, 0x75, 0xad, 0xbe, 0xb2, 0xb6, + 0xb5, 0xba, 0xb1, 0x75, 0x7f, 0xf6, 0x1c, 0x99, 0x86, 0x89, 0xaa, 0xfa, 0x59, 0x58, 0xfa, 0x57, + 0x3d, 0x98, 0x64, 0xc6, 0x89, 0xbc, 0xde, 0xfa, 0x46, 0x5b, 0x5d, 0x22, 0x29, 0xa5, 0xc8, 0x67, + 0x97, 0xbb, 0x94, 0x50, 0xb1, 0x97, 0xfb, 0x68, 0x72, 0x04, 0xb8, 0x59, 0xb8, 0x5b, 0x20, 0x36, + 0x66, 0x55, 0x4d, 0x2c, 0x5f, 0x45, 0x39, 0x5b, 0x1d, 0x94, 0x73, 0xaa, 0xe5, 0xaa, 0x7f, 0x00, + 0xd3, 0x6c, 0xd5, 0xa9, 0x5a, 0x72, 0x25, 0x09, 0xaf, 0x2d, 0xe4, 0xf2, 0xd5, 0xec, 0x4a, 0xb1, + 0xcc, 0xea, 0x18, 0xbf, 0x6b, 0x2c, 0x41, 0x22, 0x9d, 0x68, 0xe9, 0xb5, 0xc9, 0x29, 0x56, 0x94, + 0xb5, 0x9f, 0xb3, 0x76, 0xb7, 0x80, 0xa4, 0x17, 0x22, 0xb9, 0x1e, 0xb3, 0x33, 0x7b, 0x8d, 0x96, + 0x2f, 0xa5, 0x7c, 0x20, 0x6b, 0xcc, 0xdc, 0x20, 0x4d, 0x58, 0x78, 0xe4, 0xb8, 0x5e, 0xe4, 0xb8, + 0x9e, 0x38, 0x91, 0xca, 0xf3, 0x24, 0xa9, 0xf4, 0x39, 0x60, 0xb2, 0xb3, 0x69, 0x79, 0xd0, 0x0b, + 0x0f, 0x9c, 0xa5, 0x3a, 0xcc, 0x65, 0x39, 0xd3, 0x89, 0x65, 0xe6, 0x98, 0xcc, 0x72, 0xb1, 0x94, + 0xf3, 0xfc, 0x81, 0xe4, 0x11, 0x5c, 0x48, 0x39, 0xf8, 0x88, 0xc6, 0xbb, 0x53, 0x93, 0x2b, 0x61, + 0x74, 0x49, 0xe4, 0x26, 0xdd, 0x7b, 0x21, 0xc9, 0x61, 0x5c, 0x2e, 0x31, 0x14, 0xcc, 0xb9, 0x2c, + 0x57, 0xa1, 0x1a, 0x72, 0x1f, 0x3f, 0x62, 0xee, 0x3c, 0xd9, 0x30, 0x97, 0xe5, 0x8c, 0x52, 0x34, + 0xfb, 0x78, 0xaa, 0x72, 0x69, 0x7e, 0x06, 0x33, 0x6c, 0x1e, 0x1f, 0x52, 0xda, 0xad, 0x76, 0xdc, + 0xe7, 0x34, 0x24, 0xf2, 0x7d, 0x92, 0x2a, 0xca, 0xc3, 0xbd, 0x59, 0x20, 0xbf, 0x05, 0x93, 0xf8, + 0x41, 0x2d, 0x11, 0x4e, 0x3f, 0xa5, 0x7f, 0x64, 0xab, 0x2c, 0x7f, 0x61, 0xe5, 0xdd, 0x02, 0xf9, + 0x3e, 0x8c, 0xdd, 0xa7, 0x11, 0x5e, 0xa2, 0xdf, 0x48, 0x7c, 0xe8, 0x76, 0xc3, 0x53, 0x77, 0x24, + 0xb2, 0xc3, 0xc9, 0x9d, 0x9e, 0x1d, 0xd8, 0xb8, 0x68, 0x23, 0x85, 0x64, 0x75, 0x39, 0xd5, 0x6d, + 0x72, 0x9f, 0x29, 0xdd, 0x0e, 0x8d, 0xe8, 0x49, 0x9b, 0xcc, 0xe3, 0xd1, 0x26, 0xcc, 0xa8, 0x54, + 0x27, 0x5b, 0x18, 0x85, 0x65, 0x25, 0x88, 0x85, 0xa7, 0xa0, 0xf6, 0x09, 0x93, 0x5b, 0x7e, 0xa8, + 0x56, 0x6f, 0xb7, 0x48, 0xde, 0x6b, 0x2e, 0xc5, 0x44, 0x0e, 0xa6, 0xe1, 0xaa, 0x6f, 0x84, 0x29, + 0xdc, 0xe4, 0x57, 0xc3, 0x12, 0xb8, 0x14, 0xca, 0x7a, 0xbb, 0xe6, 0x3b, 0xae, 0x58, 0x7b, 0xe4, + 0x3d, 0x3f, 0x2b, 0xdf, 0xe8, 0x03, 0xc1, 0x15, 0x13, 0xae, 0xf5, 0x07, 0x30, 0x6d, 0xbc, 0xfc, + 0x89, 0xb5, 0x67, 0xc6, 0xd3, 0xac, 0x58, 0x7b, 0x66, 0x3e, 0x16, 0xba, 0x87, 0x4b, 0x3c, 0xf1, + 0xb9, 0x86, 0x72, 0xd6, 0x67, 0x19, 0xf8, 0xc5, 0x68, 0x59, 0x26, 0x8f, 0x4d, 0xa0, 0x3c, 0xc4, + 0x8c, 0x51, 0x66, 0x61, 0x63, 0xa9, 0x2f, 0xa5, 0x9c, 0x8f, 0x3f, 0xdc, 0x2d, 0x90, 0x35, 0xb8, + 0xa8, 0xc2, 0xe6, 0xb4, 0xcf, 0xbc, 0xe6, 0x20, 0xe4, 0x8a, 0xc1, 0x17, 0x70, 0x51, 0x08, 0x95, + 0x41, 0x66, 0x56, 0xe9, 0x07, 0x71, 0xb6, 0xcf, 0x25, 0xf0, 0x00, 0xe6, 0xeb, 0x89, 0x41, 0x71, + 0xd7, 0xef, 0x65, 0x93, 0x84, 0xf6, 0x9d, 0x88, 0x5c, 0x5a, 0x0f, 0x81, 0xd4, 0x7b, 0xbb, 0x87, + 0xae, 0x22, 0xf7, 0xdc, 0xa5, 0x2f, 0xc8, 0xb5, 0xc4, 0x90, 0x58, 0x21, 0x82, 0xa1, 0x82, 0xc9, + 0x63, 0x11, 0xd9, 0xe1, 0x69, 0x13, 0x79, 0x1a, 0x6a, 0xa7, 0xeb, 0xec, 0xba, 0x1d, 0x37, 0x72, + 0x29, 0x93, 0x31, 0x1d, 0x41, 0xaf, 0x92, 0xe2, 0x70, 0x39, 0x17, 0x82, 0x7c, 0x0e, 0xd3, 0xf7, + 0x69, 0x14, 0x7f, 0x0a, 0x83, 0x2c, 0xa4, 0x3e, 0x9e, 0x21, 0xa6, 0x4e, 0x06, 0x50, 0x9b, 0xdf, + 0xdf, 0xd8, 0x80, 0x59, 0xae, 0x1f, 0x35, 0x12, 0xd7, 0x52, 0x24, 0x04, 0x88, 0x13, 0x38, 0x87, + 0x61, 0x2e, 0xb7, 0xee, 0xf0, 0x93, 0x23, 0x91, 0xf1, 0x50, 0xba, 0x39, 0x70, 0xd1, 0x28, 0x13, + 0x72, 0xbc, 0x0b, 0x15, 0xfe, 0x0d, 0x88, 0xf4, 0x77, 0x17, 0xe4, 0xd7, 0x0c, 0xdf, 0x54, 0xaf, + 0xff, 0xfa, 0x7c, 0x2b, 0x42, 0xf1, 0x27, 0x59, 0xdf, 0x58, 0x26, 0xdb, 0xc8, 0xf5, 0x74, 0x03, + 0xe4, 0x8d, 0x78, 0x4b, 0xcc, 0xfd, 0xec, 0x43, 0x99, 0x24, 0x09, 0x37, 0x96, 0x89, 0x4a, 0x87, + 0x98, 0x41, 0xf4, 0x6d, 0x63, 0xe7, 0x3e, 0x1d, 0xdd, 0xcf, 0x61, 0x42, 0x7d, 0x6a, 0x40, 0x29, + 0xaf, 0xe4, 0x87, 0x1a, 0xca, 0xa5, 0x74, 0x85, 0xe0, 0xe6, 0x67, 0xfc, 0xf3, 0x24, 0x26, 0x7e, + 0x32, 0x1b, 0x7f, 0xee, 0xe4, 0x7d, 0x0c, 0x93, 0x5a, 0x1e, 0x7e, 0xb5, 0x58, 0xd2, 0xb9, 0xf9, + 0xcb, 0xe6, 0xe7, 0xbc, 0xef, 0x16, 0xc8, 0x1d, 0xdc, 0xc0, 0xf0, 0x02, 0x75, 0x3e, 0x46, 0xd3, + 0x32, 0x7a, 0x27, 0x50, 0xc8, 0x87, 0xf8, 0x08, 0x6b, 0xa5, 0x17, 0x04, 0xd4, 0xe3, 0x78, 0x79, + 0x96, 0x44, 0x02, 0xf1, 0x73, 0x54, 0x58, 0x1a, 0x22, 0x77, 0x1f, 0x0f, 0xc2, 0xe6, 0xe9, 0x78, + 0xee, 0x16, 0xc8, 0x32, 0x8c, 0xcb, 0x6f, 0xe5, 0x90, 0x4b, 0x66, 0x57, 0xf3, 0x87, 0xb7, 0x0c, + 0xc0, 0x99, 0x8d, 0x3d, 0x35, 0xab, 0x73, 0xd9, 0xb9, 0xcc, 0x76, 0xe5, 0xf6, 0x29, 0x91, 0x3e, + 0x97, 0x3b, 0x33, 0x22, 0x95, 0x8c, 0x29, 0xd4, 0xd9, 0x99, 0x87, 0xbf, 0x01, 0xb3, 0xd5, 0x16, + 0xee, 0x15, 0x2a, 0xbb, 0xb9, 0xb2, 0xaa, 0x93, 0x15, 0x92, 0xd6, 0x7c, 0x32, 0x59, 0xfa, 0x26, + 0x75, 0xf0, 0x3d, 0xd9, 0x82, 0xb2, 0x18, 0x12, 0x55, 0xd9, 0x18, 0xb9, 0x9d, 0x5a, 0x83, 0xb9, + 0x15, 0xc7, 0x6b, 0xd1, 0xce, 0xeb, 0x91, 0xf9, 0x04, 0xf5, 0x9c, 0x96, 0xf9, 0xfd, 0x52, 0x12, + 0x5f, 0xa8, 0xb9, 0x0b, 0xea, 0x8e, 0x4b, 0x81, 0x56, 0xe1, 0xbc, 0x48, 0x30, 0xa9, 0xd8, 0x92, + 0x87, 0x9d, 0xd7, 0xfc, 0x87, 0x30, 0xb3, 0xc6, 0xf6, 0x81, 0x5e, 0xdb, 0xe5, 0x6f, 0x68, 0x89, + 0xf9, 0x28, 0x32, 0x17, 0x71, 0x5d, 0x7e, 0x40, 0x44, 0x4b, 0x89, 0xae, 0x56, 0x57, 0x3a, 0xeb, + 0x7c, 0x79, 0x4e, 0x92, 0xd5, 0xb3, 0xa7, 0xa3, 0x05, 0xb1, 0x27, 0xd3, 0xee, 0x26, 0x12, 0x5d, + 0xeb, 0x9a, 0x2c, 0x37, 0x0d, 0x76, 0xf9, 0xcd, 0xfe, 0x40, 0x22, 0xdc, 0x76, 0xe8, 0x2f, 0x17, + 0x99, 0x8d, 0xbe, 0x90, 0x93, 0x44, 0x9c, 0xbc, 0x65, 0x1c, 0xa6, 0xf2, 0x32, 0x81, 0x67, 0x18, + 0x9d, 0x5f, 0x69, 0xc9, 0x42, 0x73, 0x68, 0xf6, 0xcf, 0x2e, 0x9e, 0xcb, 0x60, 0xf5, 0xbc, 0x2e, + 0x33, 0x0b, 0x38, 0xb9, 0x65, 0x52, 0xef, 0x93, 0x29, 0x3c, 0xb7, 0x85, 0xc7, 0x28, 0x7a, 0x71, + 0x12, 0x6a, 0x65, 0xba, 0x65, 0x65, 0x0a, 0x57, 0xa6, 0x5b, 0x66, 0x0a, 0x6f, 0xce, 0xe0, 0xfb, + 0x70, 0x3e, 0x91, 0x8f, 0x5b, 0x3f, 0xf4, 0x67, 0xe4, 0xe9, 0x4e, 0x33, 0x94, 0x13, 0x7a, 0x24, + 0x05, 0x3b, 0x4d, 0x28, 0x3b, 0x43, 0x77, 0xde, 0x18, 0x39, 0xb9, 0x27, 0xca, 0xf6, 0xd2, 0x73, + 0x6e, 0x93, 0x1b, 0x19, 0x2c, 0x3c, 0x19, 0xeb, 0x38, 0x59, 0x3c, 0xec, 0x9b, 0x29, 0xab, 0xc9, + 0x62, 0xe2, 0xea, 0x2e, 0x91, 0x97, 0x5b, 0x3b, 0xec, 0xe7, 0xe4, 0xba, 0x7e, 0x10, 0x4f, 0x0a, + 0x0f, 0xa4, 0x4c, 0x4e, 0x8a, 0x9e, 0x41, 0x36, 0x35, 0x29, 0x66, 0x3a, 0xd7, 0xfb, 0xb8, 0x1f, + 0x69, 0xa9, 0x62, 0x73, 0x77, 0x94, 0x6b, 0x59, 0x74, 0x42, 0xdd, 0xad, 0x91, 0xcc, 0x94, 0xac, + 0x46, 0x9a, 0x93, 0x24, 0x5a, 0x8d, 0x34, 0x37, 0xc5, 0xf2, 0x03, 0xf9, 0x4d, 0x9d, 0x0c, 0xa2, + 0x39, 0x09, 0x78, 0x73, 0x45, 0xf9, 0x1e, 0xcc, 0x99, 0xb3, 0x38, 0x60, 0xbc, 0x79, 0x74, 0x76, + 0x60, 0x3e, 0x33, 0xc7, 0xae, 0xd2, 0x45, 0xfd, 0x32, 0xf0, 0xe6, 0x52, 0xa5, 0x70, 0x29, 0x3b, + 0xad, 0xb2, 0x32, 0x03, 0xfb, 0xa6, 0x8b, 0x2e, 0xbf, 0x35, 0x00, 0x4a, 0x30, 0xf4, 0x1b, 0xb4, + 0x22, 0x52, 0x6d, 0xdc, 0xd0, 0x7c, 0x24, 0x39, 0x0d, 0x58, 0xfd, 0x40, 0x94, 0x0c, 0xcc, 0x65, + 0xe5, 0x1b, 0xcf, 0x65, 0xf1, 0x1b, 0xf9, 0x34, 0x63, 0xc1, 0x6a, 0xc8, 0x34, 0x4b, 0xb9, 0x9c, + 0xe9, 0x9b, 0x41, 0xb9, 0xcf, 0x11, 0x3e, 0xce, 0xb2, 0x7f, 0xf2, 0x2e, 0xe7, 0x1f, 0xbd, 0xa6, + 0x8d, 0xd4, 0xc6, 0xe4, 0x4a, 0xec, 0xd2, 0xd3, 0xb3, 0x28, 0xa7, 0xd6, 0x64, 0x46, 0x8a, 0x65, + 0xbe, 0x26, 0xb5, 0x34, 0xc9, 0x27, 0x59, 0x93, 0x59, 0x59, 0x95, 0xd5, 0xf2, 0xd1, 0xfa, 0x25, + 0x8d, 0xa2, 0x64, 0xc5, 0x69, 0x96, 0xcf, 0x49, 0xba, 0x96, 0x47, 0x67, 0x15, 0x8d, 0x6d, 0x99, + 0x35, 0x99, 0x5c, 0x36, 0xd8, 0x64, 0xe8, 0xc1, 0xb2, 0x31, 0x38, 0x53, 0x05, 0xae, 0xc0, 0x94, + 0x9e, 0xa5, 0x39, 0xb7, 0x17, 0x57, 0xd2, 0x34, 0x42, 0xcd, 0x97, 0x30, 0xa3, 0xb8, 0xc0, 0x7b, + 0x73, 0x35, 0xc9, 0x1c, 0xa3, 0x43, 0xf9, 0x43, 0x22, 0x3a, 0x6b, 0x06, 0x74, 0x29, 0xdf, 0x58, + 0xbc, 0xc8, 0xcd, 0x66, 0x9e, 0x4e, 0x41, 0x06, 0x73, 0x5e, 0x52, 0x7e, 0x25, 0xad, 0xb4, 0x8f, + 0x13, 0xe1, 0x09, 0x26, 0xa0, 0xd0, 0x53, 0x2e, 0x13, 0x4d, 0x4a, 0x32, 0x52, 0x31, 0x97, 0x17, + 0xf3, 0xaa, 0xf5, 0x7d, 0xfb, 0x4b, 0xb8, 0x90, 0x4a, 0x2d, 0xad, 0x5c, 0xab, 0x79, 0x49, 0xa7, + 0xfb, 0xef, 0x8d, 0xeb, 0x6c, 0xc0, 0x09, 0xc4, 0xc6, 0xd2, 0x60, 0xa2, 0x69, 0x0b, 0x6b, 0x53, + 0xe6, 0xac, 0xc8, 0xea, 0x5c, 0x5e, 0x02, 0xeb, 0xc1, 0x0a, 0x3e, 0x91, 0xba, 0x3a, 0xa1, 0xe0, + 0xb3, 0x13, 0x5b, 0xe7, 0x52, 0xfd, 0x09, 0x5e, 0x4b, 0x24, 0xd2, 0x22, 0x2b, 0x1f, 0x5b, 0x6e, + 0x2a, 0xec, 0xf2, 0x8d, 0x3e, 0x10, 0xfa, 0x04, 0x6d, 0xc2, 0x5c, 0x56, 0xa2, 0x69, 0xcd, 0x13, + 0x9c, 0x9b, 0x85, 0x3a, 0x83, 0xa3, 0xb6, 0x5c, 0xed, 0x39, 0xd4, 0xfa, 0xa4, 0x9d, 0xce, 0xe5, + 0xc0, 0xd7, 0x32, 0x99, 0x78, 0x3a, 0x3d, 0xb4, 0x72, 0x1e, 0x0c, 0xc8, 0x1f, 0xdd, 0xe7, 0xa8, + 0x71, 0xbe, 0xee, 0xee, 0x79, 0x5a, 0xf6, 0x65, 0x75, 0xd0, 0x48, 0x67, 0x90, 0x56, 0x9a, 0x25, + 0x2b, 0x59, 0xf3, 0xe3, 0x38, 0x46, 0x4c, 0xcf, 0x12, 0x4c, 0xca, 0xf9, 0x69, 0x8a, 0x95, 0x96, + 0xc9, 0x4c, 0x2b, 0xac, 0x11, 0xd4, 0x53, 0xf4, 0x2a, 0x82, 0x19, 0xd9, 0x82, 0x15, 0xc1, 0xcc, + 0x9c, 0xbe, 0xdc, 0xe7, 0xc0, 0x0e, 0xf6, 0xba, 0xcf, 0x41, 0x4b, 0xb0, 0x9b, 0x38, 0xfc, 0x93, + 0x4f, 0xf1, 0xe8, 0xdf, 0xdf, 0x5f, 0xb0, 0x60, 0x52, 0x8a, 0x95, 0xe4, 0xb2, 0xf4, 0xb1, 0x63, + 0x83, 0x26, 0xe5, 0xc1, 0xa7, 0x79, 0x44, 0x32, 0x4f, 0xf3, 0x7a, 0x47, 0xf3, 0x9d, 0x8f, 0x53, + 0x7a, 0x5a, 0x37, 0xc5, 0xab, 0x8c, 0xdc, 0x93, 0x8a, 0x57, 0x59, 0x19, 0x1d, 0xf1, 0xf0, 0xb8, + 0x23, 0x4f, 0x0a, 0x31, 0xbd, 0x6b, 0x7d, 0x53, 0x32, 0x96, 0x17, 0xfb, 0xe7, 0x31, 0x14, 0x17, + 0x58, 0xb3, 0xc9, 0xcc, 0x73, 0x24, 0x2b, 0xa3, 0xa6, 0x96, 0xd0, 0x4f, 0xd9, 0xbb, 0xb9, 0x29, + 0xeb, 0xb6, 0xe5, 0x29, 0xc4, 0xa4, 0x9b, 0x93, 0x57, 0x51, 0x27, 0xdd, 0xdf, 0x2e, 0x89, 0x93, + 0xd0, 0xe9, 0x67, 0x85, 0x54, 0x92, 0x3b, 0xdd, 0x2e, 0xc9, 0xc8, 0x5b, 0xe7, 0xca, 0x07, 0x30, + 0xd9, 0x59, 0x9a, 0x6f, 0x99, 0xd6, 0x7c, 0x9f, 0x87, 0xce, 0x03, 0xaf, 0x08, 0xc9, 0x8f, 0xe5, + 0x97, 0x65, 0xd2, 0x39, 0x4c, 0xdf, 0x4a, 0xf8, 0x19, 0xb3, 0x9f, 0xc6, 0x96, 0xfb, 0xa5, 0x48, + 0x25, 0x8f, 0xf0, 0x0e, 0xf6, 0xf1, 0xc6, 0xea, 0x8a, 0xb8, 0xde, 0xf7, 0x83, 0xd4, 0x6d, 0x90, + 0xf6, 0x85, 0xe8, 0x98, 0xc9, 0x1c, 0xc4, 0x40, 0x6c, 0x2c, 0x93, 0x3a, 0x5e, 0x4a, 0x18, 0xa5, + 0x19, 0x17, 0x42, 0x19, 0x04, 0xcb, 0xd9, 0x04, 0x37, 0xdd, 0x30, 0xe2, 0xf6, 0x00, 0x5b, 0x78, + 0x66, 0x37, 0x73, 0xfa, 0xd0, 0xcf, 0xac, 0xe0, 0x62, 0x93, 0x4d, 0x46, 0xf6, 0x6e, 0x90, 0x1c, + 0xdd, 0x87, 0x79, 0xce, 0xf0, 0x44, 0x00, 0xa7, 0xd1, 0x1f, 0xad, 0xbc, 0x9c, 0x53, 0x4e, 0xb6, + 0x70, 0x1f, 0x4c, 0x96, 0x6a, 0xfb, 0x60, 0x76, 0x84, 0x68, 0x2e, 0x3d, 0x3e, 0x95, 0xf5, 0xea, + 0xa3, 0xcd, 0x57, 0x9a, 0x4a, 0x03, 0xb1, 0xb1, 0x24, 0xa6, 0xd2, 0x28, 0x3d, 0xdd, 0x54, 0x26, + 0x08, 0x9a, 0x53, 0x69, 0x76, 0x33, 0xa7, 0x0f, 0x83, 0xa7, 0x32, 0x9b, 0xcc, 0xa9, 0xa7, 0x32, + 0x11, 0x3d, 0x6b, 0xf4, 0x27, 0x6b, 0x2a, 0x93, 0xf0, 0x7c, 0x2a, 0x93, 0xa5, 0xda, 0x54, 0x66, + 0x87, 0xe7, 0xe6, 0xd2, 0xfb, 0x12, 0xe9, 0xf1, 0xf0, 0xdc, 0x53, 0x4d, 0x66, 0x49, 0x1e, 0x22, + 0x4c, 0xd4, 0xc6, 0x32, 0x79, 0x8a, 0xe7, 0xdd, 0x44, 0xf9, 0xc9, 0x26, 0xf4, 0x6a, 0x1e, 0x51, + 0x9c, 0xd2, 0x0d, 0x0c, 0xe1, 0xa3, 0x41, 0xaa, 0xbb, 0xb9, 0x7d, 0xe9, 0x37, 0x1f, 0x7c, 0x5a, + 0x93, 0xa4, 0x4e, 0x3b, 0xb1, 0x8f, 0xa4, 0xd2, 0x4c, 0x45, 0x38, 0x27, 0x7a, 0xa5, 0x4f, 0x6e, + 0x6e, 0x0d, 0xd9, 0xc1, 0xd3, 0x7c, 0xba, 0x5c, 0xf3, 0x04, 0xe4, 0x85, 0x52, 0x0f, 0xa4, 0x9a, + 0x0a, 0x99, 0xd6, 0xa9, 0xe6, 0xc5, 0x53, 0x2b, 0xaa, 0x69, 0xec, 0x55, 0x5c, 0xb6, 0x3b, 0x01, + 0x3b, 0x1d, 0xb5, 0xd3, 0x47, 0x27, 0x93, 0x7f, 0xf2, 0x9a, 0xd0, 0x04, 0x6f, 0x2c, 0x91, 0x0d, + 0x14, 0x40, 0xb3, 0xb8, 0xdf, 0xd9, 0x32, 0x9b, 0x0c, 0xca, 0xc7, 0xba, 0x34, 0xc7, 0x13, 0x7d, + 0xca, 0x6b, 0x3b, 0xbf, 0x53, 0xea, 0xe0, 0x7d, 0xc2, 0xd1, 0xe5, 0x49, 0x07, 0xb7, 0x02, 0xf9, + 0x39, 0x77, 0x10, 0x67, 0xb6, 0x03, 0xff, 0xb9, 0xab, 0x3e, 0x15, 0xd6, 0x58, 0x22, 0x3f, 0x80, + 0x09, 0x89, 0x3c, 0x98, 0x21, 0x49, 0x6c, 0x64, 0xc8, 0xe7, 0x30, 0x29, 0x18, 0x82, 0x3d, 0xc8, + 0x6b, 0xa9, 0x8f, 0x49, 0x39, 0xc9, 0x85, 0xfb, 0x15, 0xf1, 0xd1, 0x10, 0xd2, 0x1e, 0x2e, 0x68, + 0x86, 0x50, 0xfa, 0x05, 0x85, 0x66, 0x08, 0x65, 0xbd, 0x75, 0xf8, 0x3e, 0x4c, 0x8a, 0x29, 0xe9, + 0xcb, 0xcd, 0x7c, 0xcf, 0xd3, 0xbc, 0x16, 0xc8, 0xd5, 0x6b, 0xbb, 0xd1, 0x8a, 0xef, 0x3d, 0x73, + 0xf7, 0x06, 0x32, 0x36, 0x8d, 0xd2, 0x58, 0x22, 0x0d, 0x4c, 0xe2, 0x27, 0x9f, 0xc6, 0xd2, 0xe8, + 0x85, 0x1f, 0x1c, 0xb8, 0xde, 0xde, 0x00, 0x92, 0xd7, 0x4d, 0x92, 0x49, 0x3c, 0x4e, 0xb7, 0x9e, + 0x4f, 0x77, 0x20, 0x7e, 0xee, 0xe8, 0xb7, 0xe0, 0x2a, 0x5e, 0x0e, 0x9f, 0xb6, 0xc7, 0xf9, 0xc7, + 0xf5, 0xcb, 0x71, 0x68, 0x97, 0x4d, 0x5b, 0x7e, 0xd0, 0x1e, 0x4c, 0xac, 0x62, 0x86, 0x69, 0x25, + 0xd0, 0x1a, 0x4b, 0x8c, 0x6a, 0x3d, 0x97, 0xea, 0x20, 0xec, 0x3e, 0x1a, 0xfa, 0x0a, 0x8e, 0xfd, + 0x94, 0xbd, 0xcd, 0x77, 0x3c, 0x61, 0x30, 0x4c, 0x2f, 0xda, 0xdf, 0x0e, 0xe8, 0x33, 0x1a, 0x60, + 0x7c, 0xde, 0xa0, 0xc8, 0x34, 0x13, 0xbc, 0xb1, 0xc4, 0xa8, 0xd4, 0x53, 0x54, 0xf2, 0xa0, 0xfb, + 0x19, 0x27, 0x38, 0xb4, 0x13, 0xf6, 0x26, 0xff, 0xf2, 0x78, 0x42, 0xa5, 0xea, 0x25, 0xda, 0xa1, + 0xd4, 0x48, 0x44, 0x5b, 0x9e, 0xd6, 0xe3, 0xc8, 0x42, 0x52, 0xe5, 0x36, 0xa0, 0x9e, 0xb2, 0x56, + 0xbb, 0x65, 0xc9, 0xcc, 0x65, 0x9b, 0x24, 0xc1, 0x0f, 0xd5, 0x9b, 0x7e, 0xeb, 0x40, 0x3f, 0x54, + 0x6b, 0x39, 0x50, 0xcb, 0x66, 0x86, 0x52, 0xa1, 0x4e, 0x31, 0x4d, 0xa9, 0x7e, 0x9f, 0xae, 0x67, + 0x41, 0xd5, 0x0f, 0xd5, 0x66, 0xbe, 0x56, 0x75, 0xa8, 0xc6, 0x06, 0x4d, 0xca, 0x83, 0x0f, 0xd5, + 0x88, 0x64, 0x1e, 0xaa, 0xf5, 0x8e, 0xe6, 0x2f, 0x3c, 0x92, 0x4e, 0xd8, 0xaa, 0xcc, 0xb5, 0xdc, + 0x5c, 0xae, 0x7d, 0xae, 0xdc, 0x2f, 0x66, 0xe4, 0x98, 0x56, 0x87, 0xd5, 0xfc, 0xfc, 0xd3, 0x65, + 0xf3, 0xfe, 0xf8, 0x6e, 0x81, 0x6c, 0xe1, 0x57, 0xf2, 0x84, 0x2a, 0xb0, 0x69, 0x18, 0x05, 0x2e, + 0x86, 0x5c, 0xe7, 0xef, 0x35, 0xd2, 0x3a, 0xcb, 0xc0, 0x69, 0xbc, 0xc7, 0xe8, 0xd5, 0xb3, 0xe9, + 0xf5, 0xc5, 0xeb, 0xe3, 0x8f, 0xb8, 0x2c, 0xe2, 0x06, 0x4f, 0xd1, 0xc5, 0x7c, 0x11, 0x1f, 0xe3, + 0x77, 0x68, 0xf9, 0xa8, 0xb3, 0x71, 0xb6, 0x22, 0x61, 0x6f, 0xde, 0x86, 0x51, 0x8e, 0x94, 0xbb, + 0xdb, 0x4c, 0xe9, 0x38, 0xe4, 0x5d, 0x19, 0x51, 0xc3, 0x50, 0x8c, 0xaa, 0xdc, 0x7e, 0xbd, 0x0b, + 0x13, 0xdc, 0x01, 0x7d, 0x72, 0x94, 0x4f, 0x65, 0xdc, 0x4d, 0xbf, 0x8e, 0xe5, 0x87, 0xbb, 0x4d, + 0xeb, 0x17, 0x72, 0xa7, 0x67, 0xe4, 0xf7, 0xf1, 0x12, 0x40, 0x3a, 0xdd, 0xf2, 0xf1, 0xe7, 0x13, + 0x99, 0xa3, 0x04, 0x4b, 0x3f, 0xc2, 0x9b, 0x08, 0x95, 0xac, 0x3d, 0xaf, 0xfb, 0x17, 0x52, 0xd8, + 0xe4, 0x53, 0x98, 0xe1, 0xcc, 0x55, 0xc8, 0x69, 0xa0, 0x3e, 0x3c, 0x9b, 0xe1, 0x6c, 0x7e, 0x15, + 0xe4, 0x1f, 0xc8, 0x2b, 0x8b, 0x81, 0xdd, 0x3e, 0xc9, 0x65, 0xc5, 0x60, 0xd6, 0xe5, 0x51, 0xf9, + 0x31, 0x6e, 0xba, 0xd9, 0x89, 0x99, 0x73, 0x89, 0xdd, 0xd4, 0x2e, 0x63, 0xfa, 0xa7, 0x74, 0x3e, + 0xc0, 0xc8, 0xeb, 0x4c, 0x20, 0xe5, 0x2a, 0x1e, 0x90, 0xa9, 0xb9, 0xfc, 0x9d, 0x81, 0x70, 0xca, + 0x41, 0x2b, 0x3e, 0xd1, 0x98, 0xdd, 0xde, 0x80, 0x7c, 0x55, 0x19, 0xce, 0xf3, 0x9c, 0xac, 0xc7, + 0x92, 0xa0, 0x19, 0x96, 0xd1, 0x77, 0x0c, 0x79, 0xec, 0xff, 0x52, 0xfb, 0xd2, 0xe2, 0x29, 0x27, + 0x21, 0xdf, 0x8c, 0x22, 0xe9, 0x5c, 0xd0, 0xa4, 0x5f, 0xce, 0x22, 0xfd, 0x6a, 0x22, 0x2f, 0x87, + 0xf4, 0x7d, 0x19, 0xe6, 0x9f, 0xc8, 0x3f, 0x96, 0x97, 0xc9, 0xac, 0xcf, 0x21, 0x59, 0x04, 0xba, + 0x9f, 0x09, 0xa1, 0xf4, 0x6c, 0x9f, 0x9e, 0x90, 0xba, 0x22, 0x49, 0x10, 0xb2, 0xfa, 0x4c, 0xef, + 0x60, 0x6f, 0x6d, 0x29, 0x67, 0x5e, 0x4f, 0x3f, 0xa1, 0x4e, 0x1c, 0xdc, 0x9d, 0x4e, 0x58, 0xad, + 0xb6, 0xfd, 0xdc, 0xe4, 0xd9, 0x6a, 0x76, 0xfb, 0x64, 0xbb, 0x5e, 0x89, 0x3f, 0xc8, 0x6e, 0x64, + 0xb8, 0x5e, 0xb1, 0x37, 0xd5, 0xf1, 0x2a, 0x2b, 0xf5, 0x75, 0x19, 0x64, 0xa5, 0xbd, 0x49, 0xea, + 0x50, 0xe6, 0x22, 0x92, 0xf5, 0xd2, 0x4a, 0xc5, 0xe3, 0x66, 0x55, 0x36, 0xde, 0xcd, 0x1d, 0x7c, + 0x1d, 0xca, 0x5c, 0x5c, 0xce, 0x92, 0x68, 0x13, 0xbf, 0x8c, 0x90, 0x49, 0xf1, 0x2d, 0xed, 0x81, + 0x4e, 0xfe, 0xfb, 0xb5, 0x72, 0xff, 0x86, 0xc9, 0x8f, 0x60, 0x3e, 0xf3, 0x01, 0x9b, 0xba, 0x79, + 0xec, 0xf7, 0xbc, 0x6d, 0x10, 0xf1, 0x03, 0x28, 0xe5, 0x25, 0xb0, 0x8e, 0x63, 0x77, 0xfb, 0xe7, + 0x08, 0x57, 0x3a, 0x75, 0x60, 0x26, 0xec, 0x2d, 0x98, 0xcb, 0x4a, 0x3c, 0xad, 0x16, 0x47, 0x9f, + 0xac, 0xd4, 0x99, 0x01, 0xc2, 0xdb, 0x30, 0x9f, 0x99, 0xfc, 0x59, 0x71, 0xa6, 0x5f, 0x6a, 0xe8, + 0x4c, 0x8a, 0x5f, 0xc1, 0x42, 0x4e, 0xa6, 0xe3, 0xf8, 0x86, 0xa1, 0x6f, 0x26, 0xe4, 0x5c, 0x31, + 0xf9, 0x46, 0x0a, 0x74, 0x56, 0x5e, 0x5a, 0x72, 0xd3, 0xbc, 0x25, 0xc9, 0x4f, 0x5d, 0x5b, 0xce, + 0xcc, 0xfa, 0x4d, 0x76, 0x50, 0x08, 0xb3, 0xb2, 0xea, 0xea, 0x42, 0xd8, 0x27, 0xeb, 0x6e, 0x4e, + 0x60, 0xf7, 0x42, 0x4e, 0x22, 0xdd, 0x3e, 0x54, 0x4f, 0xd0, 0xdb, 0x2d, 0xa9, 0xff, 0xcd, 0xcc, + 0xaa, 0x89, 0x67, 0x5e, 0x99, 0x69, 0x57, 0x33, 0xfb, 0xf9, 0x09, 0x9a, 0x7c, 0x1b, 0x5e, 0x18, + 0x39, 0x9d, 0x4e, 0x1f, 0x27, 0x98, 0xc4, 0x55, 0x90, 0x8d, 0x77, 0x99, 0xbd, 0xa9, 0xe3, 0xf6, + 0xd3, 0xa8, 0x29, 0x64, 0x34, 0x18, 0x3f, 0x81, 0xa9, 0xba, 0xde, 0x78, 0x46, 0x23, 0xb9, 0x42, + 0xa1, 0xe2, 0x70, 0x07, 0xf7, 0x7d, 0xa0, 0xfb, 0xbf, 0xda, 0xe9, 0x9c, 0x68, 0x14, 0xb9, 0x8e, + 0x30, 0x23, 0x3d, 0x9f, 0xd2, 0xd4, 0x59, 0x39, 0x22, 0x95, 0x23, 0x2c, 0x3b, 0xa3, 0xdf, 0x1a, + 0xb2, 0x34, 0x4e, 0xd0, 0xd2, 0xe7, 0xb8, 0x16, 0x47, 0x31, 0xa4, 0xf3, 0xc0, 0x3c, 0xd4, 0x9f, + 0x44, 0xf2, 0xb4, 0x2e, 0x7d, 0x3c, 0x37, 0xc9, 0xa7, 0x90, 0x89, 0x3c, 0x30, 0x0d, 0x28, 0xc9, + 0x7c, 0x0f, 0x3c, 0xe3, 0x42, 0xfc, 0x60, 0x3d, 0x0e, 0x86, 0xc8, 0x4f, 0x08, 0x91, 0xc7, 0xb7, + 0xda, 0xea, 0x2f, 0xff, 0xdb, 0x62, 0xe1, 0x97, 0xbf, 0x5a, 0x2c, 0xfc, 0xa7, 0x5f, 0x2d, 0x16, + 0xfe, 0xe8, 0x57, 0x8b, 0x85, 0xaf, 0x97, 0x4e, 0xf6, 0x6c, 0xbe, 0xd5, 0x71, 0xa9, 0x17, 0xdd, + 0xe1, 0xe4, 0x46, 0xf1, 0xbf, 0xe5, 0xff, 0x17, 0x00, 0x00, 0xff, 0xff, 0x63, 0x2a, 0x14, 0xbe, + 0x95, 0xaf, 0x00, 0x00, } -func (c *authServiceClient) DeleteOIDCConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteOIDCConnector", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn -func (c *authServiceClient) CreateOIDCAuthRequest(ctx context.Context, in *types.OIDCAuthRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) { - out := new(types.OIDCAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateOIDCAuthRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 -func (c *authServiceClient) GetOIDCAuthRequest(ctx context.Context, in *GetOIDCAuthRequestRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) { - out := new(types.OIDCAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCAuthRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} +// AuthServiceClient is the client API for AuthService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type AuthServiceClient interface { + // InventoryControlStream is the per-instance stream used to advertise teleport instance + // presence/version/etc to the auth server. + InventoryControlStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_InventoryControlStreamClient, error) + // GetInventoryStatus gets information about current instance inventory. + GetInventoryStatus(ctx context.Context, in *InventoryStatusRequest, opts ...grpc.CallOption) (*InventoryStatusSummary, error) + // PingInventory attempts to trigger a downstream inventory ping (used in testing/debug). + PingInventory(ctx context.Context, in *InventoryPingRequest, opts ...grpc.CallOption) (*InventoryPingResponse, error) + // GetClusterAlerts loads cluster-level alert messages. + GetClusterAlerts(ctx context.Context, in *types.GetClusterAlertsRequest, opts ...grpc.CallOption) (*GetClusterAlertsResponse, error) + // UpsertClusterAlert creates a cluster alert. + UpsertClusterAlert(ctx context.Context, in *UpsertClusterAlertRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // MaintainSessionPresence establishes a channel used to continously verify the presence for a + // session. + MaintainSessionPresence(ctx context.Context, opts ...grpc.CallOption) (AuthService_MaintainSessionPresenceClient, error) + // CreateSessionTracker creates a new session tracker resource. + CreateSessionTracker(ctx context.Context, in *CreateSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) + // GetSessionTracker fetches a session tracker resource. + GetSessionTracker(ctx context.Context, in *GetSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) + // GetActiveSessionTrackers returns a list of active sessions. + GetActiveSessionTrackers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (AuthService_GetActiveSessionTrackersClient, error) + // RemoveSessionTracker removes a session tracker resource. + RemoveSessionTracker(ctx context.Context, in *RemoveSessionTrackerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateSessionTracker updates some state of a session tracker. + UpdateSessionTracker(ctx context.Context, in *UpdateSessionTrackerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // SendKeepAlives allows node to send a stream of keep alive requests + SendKeepAlives(ctx context.Context, opts ...grpc.CallOption) (AuthService_SendKeepAlivesClient, error) + // WatchEvents returns a new stream of cluster events + WatchEvents(ctx context.Context, in *Watch, opts ...grpc.CallOption) (AuthService_WatchEventsClient, error) + // GetNode retrieves a node described by the given request. + GetNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*types.ServerV2, error) + // UpsertNode upserts a node in a backend. + UpsertNode(ctx context.Context, in *types.ServerV2, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteNode deletes an existing node in a backend described by the given request. + DeleteNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllNodes deletes all nodes. + DeleteAllNodes(ctx context.Context, in *types.ResourcesInNamespaceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GenerateUserCerts generates a set of user certificates. + GenerateUserCerts(ctx context.Context, in *UserCertsRequest, opts ...grpc.CallOption) (*Certs, error) + // GenerateHostCerts generates a set of host certificates. + GenerateHostCerts(ctx context.Context, in *HostCertsRequest, opts ...grpc.CallOption) (*Certs, error) + // GenerateUserSingleUseCerts generates a set of single-use user + // certificates. + GenerateUserSingleUseCerts(ctx context.Context, opts ...grpc.CallOption) (AuthService_GenerateUserSingleUseCertsClient, error) + // IsMFARequired checks whether MFA is required to access the specified + // target. + IsMFARequired(ctx context.Context, in *IsMFARequiredRequest, opts ...grpc.CallOption) (*IsMFARequiredResponse, error) + // GetAccessRequests gets all pending access requests. + // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. + GetAccessRequests(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (*AccessRequests, error) + // GetAccessRequestsV2 gets all pending access requests. + GetAccessRequestsV2(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (AuthService_GetAccessRequestsV2Client, error) + // CreateAccessRequest creates a new access request. + CreateAccessRequest(ctx context.Context, in *types.AccessRequestV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAccessRequest deletes an access request. + DeleteAccessRequest(ctx context.Context, in *RequestID, opts ...grpc.CallOption) (*emptypb.Empty, error) + // SetAccessRequestState sets the state of an access request. + SetAccessRequestState(ctx context.Context, in *RequestStateSetter, opts ...grpc.CallOption) (*emptypb.Empty, error) + // SubmitAccessReview applies a review to a request and returns the post-application state. + SubmitAccessReview(ctx context.Context, in *types.AccessReviewSubmission, opts ...grpc.CallOption) (*types.AccessRequestV3, error) + // GetAccessCapabilities requests the access capabilites of a user. + GetAccessCapabilities(ctx context.Context, in *types.AccessCapabilitiesRequest, opts ...grpc.CallOption) (*types.AccessCapabilities, error) + // GetPluginData gets all plugin data matching the supplied filter. + GetPluginData(ctx context.Context, in *types.PluginDataFilter, opts ...grpc.CallOption) (*PluginDataSeq, error) + // UpdatePluginData updates a plugin's resource-specific datastore. + UpdatePluginData(ctx context.Context, in *types.PluginDataUpdateParams, opts ...grpc.CallOption) (*emptypb.Empty, error) + // Ping gets basic info about the auth server. This method is intended + // to mimic the behavior of the proxy's Ping method, and may be used by + // clients for verification or configuration on startup. + Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error) + // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. + // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. + RotateResetPasswordTokenSecrets(ctx context.Context, in *RotateUserTokenSecretsRequest, opts ...grpc.CallOption) (*types.UserTokenSecretsV3, error) + // GetResetPasswordToken returns a reset password token. + GetResetPasswordToken(ctx context.Context, in *GetResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // CreateResetPasswordToken resets users current password and second factors and creates a reset + // password token. + CreateResetPasswordToken(ctx context.Context, in *CreateResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // CreateBot creates a new bot user. + CreateBot(ctx context.Context, in *CreateBotRequest, opts ...grpc.CallOption) (*CreateBotResponse, error) + // DeleteBot deletes a bot user. + DeleteBot(ctx context.Context, in *DeleteBotRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetBotUsers gets all users with bot labels. + GetBotUsers(ctx context.Context, in *GetBotUsersRequest, opts ...grpc.CallOption) (AuthService_GetBotUsersClient, error) + // GetUser gets a user resource by name. + GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*types.UserV2, error) + // GetCurrentUser returns current user as seen by the server. + // Useful especially in the context of remote clusters which perform role and trait mapping. + GetCurrentUser(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.UserV2, error) + // GetCurrentUserRoles returns current user's roles. + GetCurrentUserRoles(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (AuthService_GetCurrentUserRolesClient, error) + // GetUsers gets all current user resources. + GetUsers(ctx context.Context, in *GetUsersRequest, opts ...grpc.CallOption) (AuthService_GetUsersClient, error) + // CreateUser inserts a new user entry to a backend. + CreateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateUser updates an existing user in a backend. + UpdateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteUser deletes an existing user in a backend by username. + DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // AcquireSemaphore acquires lease with requested resources from semaphore. + AcquireSemaphore(ctx context.Context, in *types.AcquireSemaphoreRequest, opts ...grpc.CallOption) (*types.SemaphoreLease, error) + // KeepAliveSemaphoreLease updates semaphore lease. + KeepAliveSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CancelSemaphoreLease cancels semaphore lease early. + CancelSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetSemaphores returns a list of all semaphores matching the supplied filter. + GetSemaphores(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*Semaphores, error) + // DeleteSemaphore deletes a semaphore matching the supplied filter. + DeleteSemaphore(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*emptypb.Empty, error) + // EmitAuditEvent emits audit event + EmitAuditEvent(ctx context.Context, in *events.OneOf, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateAuditStream creates or resumes audit events streams + CreateAuditStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_CreateAuditStreamClient, error) + // GetApplicationServers gets all application servers. + // DELETE IN 10.0. Deprecated, use ListResources. + GetApplicationServers(ctx context.Context, in *GetApplicationServersRequest, opts ...grpc.CallOption) (*GetApplicationServersResponse, error) + // UpsertApplicationServer adds an application server. + UpsertApplicationServer(ctx context.Context, in *UpsertApplicationServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteApplicationServer removes an application server. + DeleteApplicationServer(ctx context.Context, in *DeleteApplicationServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllApplicationServers removes all application servers. + DeleteAllApplicationServers(ctx context.Context, in *DeleteAllApplicationServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetAppServers gets all application servers. + // + // DELETE IN 9.0. Deprecated, use GetApplicationServers. + GetAppServers(ctx context.Context, in *GetAppServersRequest, opts ...grpc.CallOption) (*GetAppServersResponse, error) + // UpsertAppServer adds an application server. + // + // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. + UpsertAppServer(ctx context.Context, in *UpsertAppServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteAppServer removes an application server. + // + // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. + DeleteAppServer(ctx context.Context, in *DeleteAppServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllAppServers removes all application servers. + // + // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. + DeleteAllAppServers(ctx context.Context, in *DeleteAllAppServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GenerateAppToken will generate a JWT token for application access. + GenerateAppToken(ctx context.Context, in *GenerateAppTokenRequest, opts ...grpc.CallOption) (*GenerateAppTokenResponse, error) + // GetAppSession gets an application web session. + GetAppSession(ctx context.Context, in *GetAppSessionRequest, opts ...grpc.CallOption) (*GetAppSessionResponse, error) + // GetAppSessions gets all application web sessions. + GetAppSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetAppSessionsResponse, error) + // CreateAppSession creates an application web session. Application web + // sessions represent a browser session the client holds. + CreateAppSession(ctx context.Context, in *CreateAppSessionRequest, opts ...grpc.CallOption) (*CreateAppSessionResponse, error) + // DeleteAppSession removes an application web session. + DeleteAppSession(ctx context.Context, in *DeleteAppSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllAppSessions removes all application web sessions. + DeleteAllAppSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteUserAppSessions deletes all user’s application sessions. + DeleteUserAppSessions(ctx context.Context, in *DeleteUserAppSessionsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access + // Snowflake integration. + CreateSnowflakeSession(ctx context.Context, in *CreateSnowflakeSessionRequest, opts ...grpc.CallOption) (*CreateSnowflakeSessionResponse, error) + // GetSnowflakeSession returns a web session with sub kind Snowflake. + GetSnowflakeSession(ctx context.Context, in *GetSnowflakeSessionRequest, opts ...grpc.CallOption) (*GetSnowflakeSessionResponse, error) + // GetSnowflakeSessions gets all Snowflake web sessions. + GetSnowflakeSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetSnowflakeSessionsResponse, error) + // DeleteSnowflakeSession removes a Snowflake web session. + DeleteSnowflakeSession(ctx context.Context, in *DeleteSnowflakeSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllSnowflakeSessions removes all Snowflake web sessions. + DeleteAllSnowflakeSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetWebSession gets a web session. + GetWebSession(ctx context.Context, in *types.GetWebSessionRequest, opts ...grpc.CallOption) (*GetWebSessionResponse, error) + // GetWebSessions gets all web sessions. + GetWebSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWebSessionsResponse, error) + // DeleteWebSession deletes a web session. + DeleteWebSession(ctx context.Context, in *types.DeleteWebSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllWebSessions deletes all web sessions. + DeleteAllWebSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetWebToken gets a web token. + GetWebToken(ctx context.Context, in *types.GetWebTokenRequest, opts ...grpc.CallOption) (*GetWebTokenResponse, error) + // GetWebTokens gets all web tokens. + GetWebTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWebTokensResponse, error) + // DeleteWebToken deletes a web token. + DeleteWebToken(ctx context.Context, in *types.DeleteWebTokenRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllWebTokens deletes all web tokens. + DeleteAllWebTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateRemoteCluster updates remote cluster + UpdateRemoteCluster(ctx context.Context, in *types.RemoteClusterV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetKubeServices gets all kubernetes services. + // DELETE IN 10.0. Deprecated, use ListResources. + GetKubeServices(ctx context.Context, in *GetKubeServicesRequest, opts ...grpc.CallOption) (*GetKubeServicesResponse, error) + // UpsertKubeService adds or updates a kubernetes service. + // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 + UpsertKubeService(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpsertKubeServiceV2 adds or updates a kubernetes service. + UpsertKubeServiceV2(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteKubeService removes a kubernetes service. + DeleteKubeService(ctx context.Context, in *DeleteKubeServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllKubeServices removes all kubernetes services. + DeleteAllKubeServices(ctx context.Context, in *DeleteAllKubeServicesRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetDatabaseServers returns all registered database proxy servers. + // DELETE IN 10.0. Deprecated, use ListResources. + GetDatabaseServers(ctx context.Context, in *GetDatabaseServersRequest, opts ...grpc.CallOption) (*GetDatabaseServersResponse, error) + // UpsertDatabaseServer registers a new database proxy server. + UpsertDatabaseServer(ctx context.Context, in *UpsertDatabaseServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteDatabaseServer removes the specified database proxy server. + DeleteDatabaseServer(ctx context.Context, in *DeleteDatabaseServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllDatabaseServers removes all registered database proxy servers. + DeleteAllDatabaseServers(ctx context.Context, in *DeleteAllDatabaseServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // SignDatabaseCSR generates client certificate used by proxy to + // authenticate with a remote database service. + SignDatabaseCSR(ctx context.Context, in *DatabaseCSRRequest, opts ...grpc.CallOption) (*DatabaseCSRResponse, error) + // GenerateDatabaseCert generates client certificate used by a database + // service to authenticate with the database instance. + GenerateDatabaseCert(ctx context.Context, in *DatabaseCertRequest, opts ...grpc.CallOption) (*DatabaseCertResponse, error) + /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. + GenerateSnowflakeJWT(ctx context.Context, in *SnowflakeJWTRequest, opts ...grpc.CallOption) (*SnowflakeJWTResponse, error) + // GetRole retrieves a role described by the given request. + GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*types.RoleV5, error) + // GetRole retrieves all roles. + GetRoles(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetRolesResponse, error) + // UpsertRole upserts a role in a backend. + UpsertRole(ctx context.Context, in *types.RoleV5, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteRole deletes an existing role in a backend described by the given request. + DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // AddMFADevice adds an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- ExistingMFAChallenge + // -> ExistingMFAResponse + // <- NewMFARegisterChallenge + // -> NewMFARegisterResponse + // <- Ack + AddMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_AddMFADeviceClient, error) + // DeleteMFADevice deletes an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- MFAChallenge + // -> MFAResponse + // <- Ack + DeleteMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_DeleteMFADeviceClient, error) + // AddMFADeviceSync adds a new MFA device (nonstream). + AddMFADeviceSync(ctx context.Context, in *AddMFADeviceSyncRequest, opts ...grpc.CallOption) (*AddMFADeviceSyncResponse, error) + // DeleteMFADeviceSync deletes a users MFA device (nonstream). + DeleteMFADeviceSync(ctx context.Context, in *DeleteMFADeviceSyncRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetMFADevices returns all MFA devices registered for the user calling + // this RPC. + GetMFADevices(ctx context.Context, in *GetMFADevicesRequest, opts ...grpc.CallOption) (*GetMFADevicesResponse, error) + // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA + // devices. + CreateAuthenticateChallenge(ctx context.Context, in *CreateAuthenticateChallengeRequest, opts ...grpc.CallOption) (*MFAAuthenticateChallenge, error) + // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. + CreateRegisterChallenge(ctx context.Context, in *CreateRegisterChallengeRequest, opts ...grpc.CallOption) (*MFARegisterChallenge, error) + // GetOIDCConnector gets an OIDC connector resource by name. + GetOIDCConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3, error) + // GetOIDCConnectors gets all current OIDC connector resources. + GetOIDCConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3List, error) + // UpsertOIDCConnector upserts an OIDC connector in a backend. + UpsertOIDCConnector(ctx context.Context, in *types.OIDCConnectorV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. + DeleteOIDCConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateOIDCAuthRequest creates OIDCAuthRequest. + CreateOIDCAuthRequest(ctx context.Context, in *types.OIDCAuthRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) + // GetOIDCAuthRequest returns OIDC auth request if found. + GetOIDCAuthRequest(ctx context.Context, in *GetOIDCAuthRequestRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) + // GetSAMLConnector gets a SAML connector resource by name. + GetSAMLConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2, error) + // GetSAMLConnectors gets all current SAML connector resources. + GetSAMLConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2List, error) + // UpsertSAMLConnector upserts a SAML connector in a backend. + UpsertSAMLConnector(ctx context.Context, in *types.SAMLConnectorV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. + DeleteSAMLConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateSAMLAuthRequest creates SAMLAuthRequest. + CreateSAMLAuthRequest(ctx context.Context, in *types.SAMLAuthRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) + // GetSAMLAuthRequest returns SAML auth request if found. + GetSAMLAuthRequest(ctx context.Context, in *GetSAMLAuthRequestRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) + // GetGithubConnector gets a Github connector resource by name. + GetGithubConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3, error) + // GetGithubConnectors gets all current Github connector resources. + GetGithubConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3List, error) + // UpsertGithubConnector upserts a Github connector in a backend. + UpsertGithubConnector(ctx context.Context, in *types.GithubConnectorV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteGithubConnector deletes an existing Github connector in a backend by name. + DeleteGithubConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateGithubAuthRequest creates GithubAuthRequest. + CreateGithubAuthRequest(ctx context.Context, in *types.GithubAuthRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) + // GetGithubAuthRequest returns Github auth request if found. + GetGithubAuthRequest(ctx context.Context, in *GetGithubAuthRequestRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) + // GetSSODiagnosticInfo returns SSO diagnostic info records. + GetSSODiagnosticInfo(ctx context.Context, in *GetSSODiagnosticInfoRequest, opts ...grpc.CallOption) (*types.SSODiagnosticInfo, error) + // GetTrustedCluster gets a Trusted Cluster resource by name. + GetTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) + // GetTrustedClusters gets all current Trusted Cluster resources. + GetTrustedClusters(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.TrustedClusterV2List, error) + // UpsertTrustedCluster upserts a Trusted Cluster in a backend. + UpsertTrustedCluster(ctx context.Context, in *types.TrustedClusterV2, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) + // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. + DeleteTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetToken retrieves a token described by the given request. + GetToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.ProvisionTokenV2, error) + // GetToken retrieves all tokens. + GetTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ProvisionTokenV2List, error) + // UpsertToken upserts a token in a backend. + UpsertToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateToken creates a token in a backend. + CreateToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GenerateToken generates a new auth token. + GenerateToken(ctx context.Context, in *GenerateTokenRequest, opts ...grpc.CallOption) (*GenerateTokenResponse, error) + // DeleteToken deletes an existing token in a backend described by the given request. + DeleteToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetClusterAuditConfig gets cluster audit configuration. + GetClusterAuditConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ClusterAuditConfigV2, error) + // GetClusterNetworkingConfig gets cluster networking configuration. + GetClusterNetworkingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ClusterNetworkingConfigV2, error) + // SetClusterNetworkingConfig sets cluster networking configuration. + SetClusterNetworkingConfig(ctx context.Context, in *types.ClusterNetworkingConfigV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. + ResetClusterNetworkingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetSessionRecordingConfig gets session recording configuration. + GetSessionRecordingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.SessionRecordingConfigV2, error) + // SetSessionRecordingConfig sets session recording configuration. + SetSessionRecordingConfig(ctx context.Context, in *types.SessionRecordingConfigV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // ResetSessionRecordingConfig resets session recording configuration to defaults. + ResetSessionRecordingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetAuthPreference gets cluster auth preference. + GetAuthPreference(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.AuthPreferenceV2, error) + // SetAuthPreference sets cluster auth preference. + SetAuthPreference(ctx context.Context, in *types.AuthPreferenceV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // ResetAuthPreference resets cluster auth preference to defaults. + ResetAuthPreference(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetEvents gets events from the audit log. + GetEvents(ctx context.Context, in *GetEventsRequest, opts ...grpc.CallOption) (*Events, error) + // GetSessionEvents gets completed session events from the audit log. + GetSessionEvents(ctx context.Context, in *GetSessionEventsRequest, opts ...grpc.CallOption) (*Events, error) + // GetLock gets a lock by name. + GetLock(ctx context.Context, in *GetLockRequest, opts ...grpc.CallOption) (*types.LockV2, error) + // GetLocks gets all/in-force locks that match at least one of the targets when specified. + GetLocks(ctx context.Context, in *GetLocksRequest, opts ...grpc.CallOption) (*GetLocksResponse, error) + // UpsertLock upserts a lock. + UpsertLock(ctx context.Context, in *types.LockV2, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteLock deletes a lock. + DeleteLock(ctx context.Context, in *DeleteLockRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. + ReplaceRemoteLocks(ctx context.Context, in *ReplaceRemoteLocksRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // StreamSessionEvents streams audit events from a given session recording. + StreamSessionEvents(ctx context.Context, in *StreamSessionEventsRequest, opts ...grpc.CallOption) (AuthService_StreamSessionEventsClient, error) + // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). + GetNetworkRestrictions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.NetworkRestrictionsV4, error) + // SetNetworkRestrictions updates the network restrictions. + SetNetworkRestrictions(ctx context.Context, in *types.NetworkRestrictionsV4, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteNetworkRestrictions delete the network restrictions. + DeleteNetworkRestrictions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetApps returns all registered applications. + GetApps(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.AppV3List, error) + // GetApp returns an application by name. + GetApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.AppV3, error) + // CreateApp creates a new application resource. + CreateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateApp updates existing application resource. + UpdateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteApp removes specified application resource. + DeleteApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllApps removes all application resources. + DeleteAllApps(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetDatabases returns all registered databases. + GetDatabases(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.DatabaseV3List, error) + // GetDatabase returns a database by name. + GetDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.DatabaseV3, error) + // CreateDatabase creates a new database resource. + CreateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateDatabase updates existing database resource. + UpdateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteDatabase removes specified database resource. + DeleteDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllDatabases removes all database resources. + DeleteAllDatabases(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetWindowsDesktopServices returns all registered Windows desktop services. + GetWindowsDesktopServices(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWindowsDesktopServicesResponse, error) + // TODO(zmb3): Document me. + GetWindowsDesktopService(ctx context.Context, in *GetWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*GetWindowsDesktopServiceResponse, error) + // UpsertWindowsDesktopService registers a new Windows desktop service. + UpsertWindowsDesktopService(ctx context.Context, in *types.WindowsDesktopServiceV3, opts ...grpc.CallOption) (*types.KeepAlive, error) + // DeleteWindowsDesktopService removes the specified Windows desktop service. + DeleteWindowsDesktopService(ctx context.Context, in *DeleteWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. + DeleteAllWindowsDesktopServices(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. + GetWindowsDesktops(ctx context.Context, in *types.WindowsDesktopFilter, opts ...grpc.CallOption) (*GetWindowsDesktopsResponse, error) + // CreateWindowsDesktop registers a new Windows desktop host. + CreateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateWindowsDesktop updates an existing Windows desktop host. + UpdateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. + UpsertWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteWindowsDesktop removes the specified Windows desktop host. + // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. + // To delete all desktops, use DeleteAllWindowsDesktops. + DeleteWindowsDesktop(ctx context.Context, in *DeleteWindowsDesktopRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. + DeleteAllWindowsDesktops(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GenerateWindowsDesktopCert generates client smartcard certificate used + // by an RDP client to authenticate with Windows. + GenerateWindowsDesktopCert(ctx context.Context, in *WindowsDesktopCertRequest, opts ...grpc.CallOption) (*WindowsDesktopCertResponse, error) + // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. + GenerateCertAuthorityCRL(ctx context.Context, in *CertAuthorityRequest, opts ...grpc.CallOption) (*CRL, error) + // CreateConnectionDiagnostic creates a new connection diagnostic. + CreateConnectionDiagnostic(ctx context.Context, in *types.ConnectionDiagnosticV1, opts ...grpc.CallOption) (*emptypb.Empty, error) + // UpdateConnectionDiagnostic updates a connection diagnostic. + UpdateConnectionDiagnostic(ctx context.Context, in *types.ConnectionDiagnosticV1, opts ...grpc.CallOption) (*emptypb.Empty, error) + // GetConnectionDiagnostic reads a connection diagnostic. + GetConnectionDiagnostic(ctx context.Context, in *GetConnectionDiagnosticRequest, opts ...grpc.CallOption) (*types.ConnectionDiagnosticV1, error) + // AppendDiagnosticTrace appends a Trace to the ConnectionDiagnostic. + AppendDiagnosticTrace(ctx context.Context, in *AppendDiagnosticTraceRequest, opts ...grpc.CallOption) (*types.ConnectionDiagnosticV1, error) + // ChangeUserAuthentication allows a user to change their password and if enabled, + // also adds a new MFA device. After successful invocation, a new web session is created as well + // as a new set of recovery codes (if user meets the requirements to receive them), invalidating + // any existing codes the user previously had. + ChangeUserAuthentication(ctx context.Context, in *ChangeUserAuthenticationRequest, opts ...grpc.CallOption) (*ChangeUserAuthenticationResponse, error) + // StartAccountRecovery (exclusive to cloud users) is the first out of two step user + // verification needed to allow a user to recover their account. The first form of verification + // is a user's username and a recovery code. After successful verification, a recovery start + // token is created for the user which its ID will be used as part of a URL that will be emailed + // to the user (not done in this request). The user will be able to finish their second form of + // verification by clicking on this URL and following the prompts. + // + // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, + // user account gets temporarily locked from further recovery attempts and from logging in. + // + // Start tokens last RecoveryStartTokenTTL. + StartAccountRecovery(ctx context.Context, in *StartAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step + // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. + // The second form of verification is a user's password or their second factor (depending on + // what authentication they needed to recover). After successful verification, a recovery + // approved token is created which allows a user to request protected actions while not logged + // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA + // devices, and generating new recovery codes. + // + // The recovery start token to verify this request becomes deleted before + // creating a recovery approved token, which invalidates the recovery link users received + // to finish their verification. + // + // If user fails to verify themselves for MaxAccountRecoveryAttempts + // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked + // from logging in. If users still have unused recovery codes left, they still have + // opportunities to recover their account. To allow this, users recovery attempts are also + // deleted along with all user tokens which will force the user to restart the recovery process + // from step 1 (RPC StartAccountRecovery). + // + // Recovery approved tokens last RecoveryApprovedTokenTTL. + VerifyAccountRecovery(ctx context.Context, in *VerifyAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // CompleteAccountRecovery (exclusive to cloud users) is the last step in account + // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new + // password or adds a new mfa device, allowing the user to regain access to their account with + // the new credentials. When the new authentication is successfully set, any user lock is + // removed so the user can login immediately afterwards. + CompleteAccountRecovery(ctx context.Context, in *CompleteAccountRecoveryRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a + // user, replacing and invalidating any previously owned codes. Users can only get recovery + // codes if their username is in a valid email format. + CreateAccountRecoveryCodes(ctx context.Context, in *CreateAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) + // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after + // verifying that the token requested has not expired and is of the correct recovery kind. + // Besides checking for validity of a token ID, it is also used to get basic information from + // the token e.g: username, state of recovery (started or approved) and the type of recovery + // requested (password or second factor). + GetAccountRecoveryToken(ctx context.Context, in *GetAccountRecoveryTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context + // their recovery codes. This request will not return any secrets (the values of recovery + // codes), but instead returns non-sensitive data eg. when the recovery codes were created. + GetAccountRecoveryCodes(ctx context.Context, in *GetAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) + // CreatePrivilegeToken returns a new privilege token after a logged in user successfully + // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and + // is used to gain access to privileged actions eg: deleting/adding a MFA device. + CreatePrivilegeToken(ctx context.Context, in *CreatePrivilegeTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) + // GetInstaller retrieves the installer script resource + GetInstaller(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.InstallerV1, error) + // GetInstallers retrieves all of installer script resources. + GetInstallers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.InstallerV1List, error) + // SetInstaller sets the installer script resource + SetInstaller(ctx context.Context, in *types.InstallerV1, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteInstaller removes the specified installer script resource + DeleteInstaller(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllInstallers removes all installer script resources + DeleteAllInstallers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) + // ListResources retrieves a paginated list of resources. + ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) + // GetDomainName returns local auth domain of the current auth server + GetDomainName(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetDomainNameResponse, error) + // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster + // without signing keys. If the cluster has multiple TLS certs, they will + // all be appended. + GetClusterCACert(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetClusterCACertResponse, error) + // UnstableAssertSystemRole is not a stable part of the public API. Used by older + // instances to prove that they hold a given system role. + // DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) + UnstableAssertSystemRole(ctx context.Context, in *UnstableSystemRoleAssertion, opts ...grpc.CallOption) (*emptypb.Empty, error) +} -func (c *authServiceClient) GetSAMLConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2, error) { - out := new(types.SAMLConnectorV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLConnector", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +type authServiceClient struct { + cc *grpc.ClientConn } -func (c *authServiceClient) GetSAMLConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2List, error) { - out := new(types.SAMLConnectorV2List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLConnectors", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func NewAuthServiceClient(cc *grpc.ClientConn) AuthServiceClient { + return &authServiceClient{cc} } -func (c *authServiceClient) UpsertSAMLConnector(ctx context.Context, in *types.SAMLConnectorV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertSAMLConnector", in, out, opts...) +func (c *authServiceClient) InventoryControlStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_InventoryControlStreamClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[0], "/proto.AuthService/InventoryControlStream", opts...) if err != nil { return nil, err } - return out, nil + x := &authServiceInventoryControlStreamClient{stream} + return x, nil } -func (c *authServiceClient) DeleteSAMLConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSAMLConnector", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +type AuthService_InventoryControlStreamClient interface { + Send(*UpstreamInventoryOneOf) error + Recv() (*DownstreamInventoryOneOf, error) + grpc.ClientStream } -func (c *authServiceClient) CreateSAMLAuthRequest(ctx context.Context, in *types.SAMLAuthRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) { - out := new(types.SAMLAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSAMLAuthRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +type authServiceInventoryControlStreamClient struct { + grpc.ClientStream } -func (c *authServiceClient) GetSAMLAuthRequest(ctx context.Context, in *GetSAMLAuthRequestRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) { - out := new(types.SAMLAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLAuthRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +func (x *authServiceInventoryControlStreamClient) Send(m *UpstreamInventoryOneOf) error { + return x.ClientStream.SendMsg(m) } -func (c *authServiceClient) GetGithubConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3, error) { - out := new(types.GithubConnectorV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubConnector", in, out, opts...) - if err != nil { +func (x *authServiceInventoryControlStreamClient) Recv() (*DownstreamInventoryOneOf, error) { + m := new(DownstreamInventoryOneOf) + if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err } - return out, nil + return m, nil } -func (c *authServiceClient) GetGithubConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3List, error) { - out := new(types.GithubConnectorV3List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubConnectors", in, out, opts...) +func (c *authServiceClient) GetInventoryStatus(ctx context.Context, in *InventoryStatusRequest, opts ...grpc.CallOption) (*InventoryStatusSummary, error) { + out := new(InventoryStatusSummary) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetInventoryStatus", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertGithubConnector(ctx context.Context, in *types.GithubConnectorV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertGithubConnector", in, out, opts...) +func (c *authServiceClient) PingInventory(ctx context.Context, in *InventoryPingRequest, opts ...grpc.CallOption) (*InventoryPingResponse, error) { + out := new(InventoryPingResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/PingInventory", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteGithubConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteGithubConnector", in, out, opts...) +func (c *authServiceClient) GetClusterAlerts(ctx context.Context, in *types.GetClusterAlertsRequest, opts ...grpc.CallOption) (*GetClusterAlertsResponse, error) { + out := new(GetClusterAlertsResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterAlerts", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreateGithubAuthRequest(ctx context.Context, in *types.GithubAuthRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) { - out := new(types.GithubAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateGithubAuthRequest", in, out, opts...) +func (c *authServiceClient) UpsertClusterAlert(ctx context.Context, in *UpsertClusterAlertRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertClusterAlert", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetGithubAuthRequest(ctx context.Context, in *GetGithubAuthRequestRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) { - out := new(types.GithubAuthRequest) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubAuthRequest", in, out, opts...) +func (c *authServiceClient) MaintainSessionPresence(ctx context.Context, opts ...grpc.CallOption) (AuthService_MaintainSessionPresenceClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[1], "/proto.AuthService/MaintainSessionPresence", opts...) if err != nil { return nil, err } - return out, nil + x := &authServiceMaintainSessionPresenceClient{stream} + return x, nil } -func (c *authServiceClient) GetSSODiagnosticInfo(ctx context.Context, in *GetSSODiagnosticInfoRequest, opts ...grpc.CallOption) (*types.SSODiagnosticInfo, error) { - out := new(types.SSODiagnosticInfo) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSSODiagnosticInfo", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil +type AuthService_MaintainSessionPresenceClient interface { + Send(*PresenceMFAChallengeSend) error + Recv() (*MFAAuthenticateChallenge, error) + grpc.ClientStream } -func (c *authServiceClient) GetTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) { - out := new(types.TrustedClusterV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetTrustedCluster", in, out, opts...) - if err != nil { +type authServiceMaintainSessionPresenceClient struct { + grpc.ClientStream +} + +func (x *authServiceMaintainSessionPresenceClient) Send(m *PresenceMFAChallengeSend) error { + return x.ClientStream.SendMsg(m) +} + +func (x *authServiceMaintainSessionPresenceClient) Recv() (*MFAAuthenticateChallenge, error) { + m := new(MFAAuthenticateChallenge) + if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err } - return out, nil + return m, nil } -func (c *authServiceClient) GetTrustedClusters(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.TrustedClusterV2List, error) { - out := new(types.TrustedClusterV2List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetTrustedClusters", in, out, opts...) +func (c *authServiceClient) CreateSessionTracker(ctx context.Context, in *CreateSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) { + out := new(types.SessionTrackerV1) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSessionTracker", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertTrustedCluster(ctx context.Context, in *types.TrustedClusterV2, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) { - out := new(types.TrustedClusterV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertTrustedCluster", in, out, opts...) +func (c *authServiceClient) GetSessionTracker(ctx context.Context, in *GetSessionTrackerRequest, opts ...grpc.CallOption) (*types.SessionTrackerV1, error) { + out := new(types.SessionTrackerV1) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionTracker", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteTrustedCluster", in, out, opts...) +func (c *authServiceClient) GetActiveSessionTrackers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (AuthService_GetActiveSessionTrackersClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[2], "/proto.AuthService/GetActiveSessionTrackers", opts...) if err != nil { return nil, err } - return out, nil + x := &authServiceGetActiveSessionTrackersClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil } -func (c *authServiceClient) GetToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.ProvisionTokenV2, error) { - out := new(types.ProvisionTokenV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetToken", in, out, opts...) - if err != nil { +type AuthService_GetActiveSessionTrackersClient interface { + Recv() (*types.SessionTrackerV1, error) + grpc.ClientStream +} + +type authServiceGetActiveSessionTrackersClient struct { + grpc.ClientStream +} + +func (x *authServiceGetActiveSessionTrackersClient) Recv() (*types.SessionTrackerV1, error) { + m := new(types.SessionTrackerV1) + if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err } - return out, nil + return m, nil } -func (c *authServiceClient) GetTokens(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ProvisionTokenV2List, error) { - out := new(types.ProvisionTokenV2List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetTokens", in, out, opts...) +func (c *authServiceClient) RemoveSessionTracker(ctx context.Context, in *RemoveSessionTrackerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/RemoveSessionTracker", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertToken", in, out, opts...) +func (c *authServiceClient) UpdateSessionTracker(ctx context.Context, in *UpdateSessionTrackerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateSessionTracker", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GenerateToken(ctx context.Context, in *GenerateTokenRequest, opts ...grpc.CallOption) (*GenerateTokenResponse, error) { - out := new(GenerateTokenResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateToken", in, out, opts...) +func (c *authServiceClient) SendKeepAlives(ctx context.Context, opts ...grpc.CallOption) (AuthService_SendKeepAlivesClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[3], "/proto.AuthService/SendKeepAlives", opts...) if err != nil { return nil, err } - return out, nil -} + x := &authServiceSendKeepAlivesClient{stream} + return x, nil +} -func (c *authServiceClient) DeleteToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteToken", in, out, opts...) +type AuthService_SendKeepAlivesClient interface { + Send(*types.KeepAlive) error + CloseAndRecv() (*emptypb.Empty, error) + grpc.ClientStream +} + +type authServiceSendKeepAlivesClient struct { + grpc.ClientStream +} + +func (x *authServiceSendKeepAlivesClient) Send(m *types.KeepAlive) error { + return x.ClientStream.SendMsg(m) +} + +func (x *authServiceSendKeepAlivesClient) CloseAndRecv() (*emptypb.Empty, error) { + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + m := new(emptypb.Empty) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) WatchEvents(ctx context.Context, in *Watch, opts ...grpc.CallOption) (AuthService_WatchEventsClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[4], "/proto.AuthService/WatchEvents", opts...) + if err != nil { + return nil, err + } + x := &authServiceWatchEventsClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type AuthService_WatchEventsClient interface { + Recv() (*Event, error) + grpc.ClientStream +} + +type authServiceWatchEventsClient struct { + grpc.ClientStream +} + +func (x *authServiceWatchEventsClient) Recv() (*Event, error) { + m := new(Event) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) GetNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*types.ServerV2, error) { + out := new(types.ServerV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetNode", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetClusterAuditConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ClusterAuditConfigV2, error) { - out := new(types.ClusterAuditConfigV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterAuditConfig", in, out, opts...) +func (c *authServiceClient) UpsertNode(ctx context.Context, in *types.ServerV2, opts ...grpc.CallOption) (*types.KeepAlive, error) { + out := new(types.KeepAlive) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertNode", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetClusterNetworkingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.ClusterNetworkingConfigV2, error) { - out := new(types.ClusterNetworkingConfigV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterNetworkingConfig", in, out, opts...) +func (c *authServiceClient) DeleteNode(ctx context.Context, in *types.ResourceInNamespaceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteNode", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) SetClusterNetworkingConfig(ctx context.Context, in *types.ClusterNetworkingConfigV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/SetClusterNetworkingConfig", in, out, opts...) +func (c *authServiceClient) DeleteAllNodes(ctx context.Context, in *types.ResourcesInNamespaceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllNodes", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ResetClusterNetworkingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/ResetClusterNetworkingConfig", in, out, opts...) +func (c *authServiceClient) GenerateUserCerts(ctx context.Context, in *UserCertsRequest, opts ...grpc.CallOption) (*Certs, error) { + out := new(Certs) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateUserCerts", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetSessionRecordingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.SessionRecordingConfigV2, error) { - out := new(types.SessionRecordingConfigV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionRecordingConfig", in, out, opts...) +func (c *authServiceClient) GenerateHostCerts(ctx context.Context, in *HostCertsRequest, opts ...grpc.CallOption) (*Certs, error) { + out := new(Certs) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateHostCerts", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) SetSessionRecordingConfig(ctx context.Context, in *types.SessionRecordingConfigV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/SetSessionRecordingConfig", in, out, opts...) +func (c *authServiceClient) GenerateUserSingleUseCerts(ctx context.Context, opts ...grpc.CallOption) (AuthService_GenerateUserSingleUseCertsClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[5], "/proto.AuthService/GenerateUserSingleUseCerts", opts...) + if err != nil { + return nil, err + } + x := &authServiceGenerateUserSingleUseCertsClient{stream} + return x, nil +} + +type AuthService_GenerateUserSingleUseCertsClient interface { + Send(*UserSingleUseCertsRequest) error + Recv() (*UserSingleUseCertsResponse, error) + grpc.ClientStream +} + +type authServiceGenerateUserSingleUseCertsClient struct { + grpc.ClientStream +} + +func (x *authServiceGenerateUserSingleUseCertsClient) Send(m *UserSingleUseCertsRequest) error { + return x.ClientStream.SendMsg(m) +} + +func (x *authServiceGenerateUserSingleUseCertsClient) Recv() (*UserSingleUseCertsResponse, error) { + m := new(UserSingleUseCertsResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) IsMFARequired(ctx context.Context, in *IsMFARequiredRequest, opts ...grpc.CallOption) (*IsMFARequiredResponse, error) { + out := new(IsMFARequiredResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/IsMFARequired", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ResetSessionRecordingConfig(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/ResetSessionRecordingConfig", in, out, opts...) +func (c *authServiceClient) GetAccessRequests(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (*AccessRequests, error) { + out := new(AccessRequests) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccessRequests", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetAuthPreference(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.AuthPreferenceV2, error) { - out := new(types.AuthPreferenceV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAuthPreference", in, out, opts...) +func (c *authServiceClient) GetAccessRequestsV2(ctx context.Context, in *types.AccessRequestFilter, opts ...grpc.CallOption) (AuthService_GetAccessRequestsV2Client, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[6], "/proto.AuthService/GetAccessRequestsV2", opts...) + if err != nil { + return nil, err + } + x := &authServiceGetAccessRequestsV2Client{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type AuthService_GetAccessRequestsV2Client interface { + Recv() (*types.AccessRequestV3, error) + grpc.ClientStream +} + +type authServiceGetAccessRequestsV2Client struct { + grpc.ClientStream +} + +func (x *authServiceGetAccessRequestsV2Client) Recv() (*types.AccessRequestV3, error) { + m := new(types.AccessRequestV3) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) CreateAccessRequest(ctx context.Context, in *types.AccessRequestV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAccessRequest", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) SetAuthPreference(ctx context.Context, in *types.AuthPreferenceV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/SetAuthPreference", in, out, opts...) +func (c *authServiceClient) DeleteAccessRequest(ctx context.Context, in *RequestID, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAccessRequest", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ResetAuthPreference(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/ResetAuthPreference", in, out, opts...) +func (c *authServiceClient) SetAccessRequestState(ctx context.Context, in *RequestStateSetter, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetAccessRequestState", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetEvents(ctx context.Context, in *GetEventsRequest, opts ...grpc.CallOption) (*Events, error) { - out := new(Events) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetEvents", in, out, opts...) +func (c *authServiceClient) SubmitAccessReview(ctx context.Context, in *types.AccessReviewSubmission, opts ...grpc.CallOption) (*types.AccessRequestV3, error) { + out := new(types.AccessRequestV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/SubmitAccessReview", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetSessionEvents(ctx context.Context, in *GetSessionEventsRequest, opts ...grpc.CallOption) (*Events, error) { - out := new(Events) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionEvents", in, out, opts...) +func (c *authServiceClient) GetAccessCapabilities(ctx context.Context, in *types.AccessCapabilitiesRequest, opts ...grpc.CallOption) (*types.AccessCapabilities, error) { + out := new(types.AccessCapabilities) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccessCapabilities", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetLock(ctx context.Context, in *GetLockRequest, opts ...grpc.CallOption) (*types.LockV2, error) { - out := new(types.LockV2) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetLock", in, out, opts...) +func (c *authServiceClient) GetPluginData(ctx context.Context, in *types.PluginDataFilter, opts ...grpc.CallOption) (*PluginDataSeq, error) { + out := new(PluginDataSeq) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetPluginData", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetLocks(ctx context.Context, in *GetLocksRequest, opts ...grpc.CallOption) (*GetLocksResponse, error) { - out := new(GetLocksResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetLocks", in, out, opts...) +func (c *authServiceClient) UpdatePluginData(ctx context.Context, in *types.PluginDataUpdateParams, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdatePluginData", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertLock(ctx context.Context, in *types.LockV2, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertLock", in, out, opts...) +func (c *authServiceClient) Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error) { + out := new(PingResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/Ping", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteLock(ctx context.Context, in *DeleteLockRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteLock", in, out, opts...) +func (c *authServiceClient) RotateResetPasswordTokenSecrets(ctx context.Context, in *RotateUserTokenSecretsRequest, opts ...grpc.CallOption) (*types.UserTokenSecretsV3, error) { + out := new(types.UserTokenSecretsV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/RotateResetPasswordTokenSecrets", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ReplaceRemoteLocks(ctx context.Context, in *ReplaceRemoteLocksRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/ReplaceRemoteLocks", in, out, opts...) +func (c *authServiceClient) GetResetPasswordToken(ctx context.Context, in *GetResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetResetPasswordToken", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) StreamSessionEvents(ctx context.Context, in *StreamSessionEventsRequest, opts ...grpc.CallOption) (AuthService_StreamSessionEventsClient, error) { - stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[11], "/proto.AuthService/StreamSessionEvents", opts...) +func (c *authServiceClient) CreateResetPasswordToken(ctx context.Context, in *CreateResetPasswordTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateResetPasswordToken", in, out, opts...) if err != nil { return nil, err } - x := &authServiceStreamSessionEventsClient{stream} + return out, nil +} + +func (c *authServiceClient) CreateBot(ctx context.Context, in *CreateBotRequest, opts ...grpc.CallOption) (*CreateBotResponse, error) { + out := new(CreateBotResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateBot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *authServiceClient) DeleteBot(ctx context.Context, in *DeleteBotRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteBot", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *authServiceClient) GetBotUsers(ctx context.Context, in *GetBotUsersRequest, opts ...grpc.CallOption) (AuthService_GetBotUsersClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[7], "/proto.AuthService/GetBotUsers", opts...) + if err != nil { + return nil, err + } + x := &authServiceGetBotUsersClient{stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -13949,4747 +14140,6419 @@ func (c *authServiceClient) StreamSessionEvents(ctx context.Context, in *StreamS return x, nil } -type AuthService_StreamSessionEventsClient interface { - Recv() (*events.OneOf, error) +type AuthService_GetBotUsersClient interface { + Recv() (*types.UserV2, error) grpc.ClientStream } -type authServiceStreamSessionEventsClient struct { +type authServiceGetBotUsersClient struct { grpc.ClientStream } -func (x *authServiceStreamSessionEventsClient) Recv() (*events.OneOf, error) { - m := new(events.OneOf) +func (x *authServiceGetBotUsersClient) Recv() (*types.UserV2, error) { + m := new(types.UserV2) if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err } return m, nil } -func (c *authServiceClient) GetNetworkRestrictions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.NetworkRestrictionsV4, error) { - out := new(types.NetworkRestrictionsV4) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetNetworkRestrictions", in, out, opts...) +func (c *authServiceClient) GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*types.UserV2, error) { + out := new(types.UserV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetUser", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) SetNetworkRestrictions(ctx context.Context, in *types.NetworkRestrictionsV4, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/SetNetworkRestrictions", in, out, opts...) +func (c *authServiceClient) GetCurrentUser(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.UserV2, error) { + out := new(types.UserV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetCurrentUser", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteNetworkRestrictions(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteNetworkRestrictions", in, out, opts...) +func (c *authServiceClient) GetCurrentUserRoles(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (AuthService_GetCurrentUserRolesClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[8], "/proto.AuthService/GetCurrentUserRoles", opts...) if err != nil { return nil, err } - return out, nil + x := &authServiceGetCurrentUserRolesClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil } -func (c *authServiceClient) GetApps(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.AppV3List, error) { - out := new(types.AppV3List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetApps", in, out, opts...) +type AuthService_GetCurrentUserRolesClient interface { + Recv() (*types.RoleV5, error) + grpc.ClientStream +} + +type authServiceGetCurrentUserRolesClient struct { + grpc.ClientStream +} + +func (x *authServiceGetCurrentUserRolesClient) Recv() (*types.RoleV5, error) { + m := new(types.RoleV5) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) GetUsers(ctx context.Context, in *GetUsersRequest, opts ...grpc.CallOption) (AuthService_GetUsersClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[9], "/proto.AuthService/GetUsers", opts...) + if err != nil { + return nil, err + } + x := &authServiceGetUsersClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type AuthService_GetUsersClient interface { + Recv() (*types.UserV2, error) + grpc.ClientStream +} + +type authServiceGetUsersClient struct { + grpc.ClientStream +} + +func (x *authServiceGetUsersClient) Recv() (*types.UserV2, error) { + m := new(types.UserV2) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func (c *authServiceClient) CreateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateUser", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.AppV3, error) { - out := new(types.AppV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetApp", in, out, opts...) +func (c *authServiceClient) UpdateUser(ctx context.Context, in *types.UserV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateUser", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateApp", in, out, opts...) +func (c *authServiceClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteUser", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpdateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateApp", in, out, opts...) +func (c *authServiceClient) AcquireSemaphore(ctx context.Context, in *types.AcquireSemaphoreRequest, opts ...grpc.CallOption) (*types.SemaphoreLease, error) { + out := new(types.SemaphoreLease) + err := c.cc.Invoke(ctx, "/proto.AuthService/AcquireSemaphore", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteApp", in, out, opts...) +func (c *authServiceClient) KeepAliveSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/KeepAliveSemaphoreLease", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteAllApps(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllApps", in, out, opts...) +func (c *authServiceClient) CancelSemaphoreLease(ctx context.Context, in *types.SemaphoreLease, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CancelSemaphoreLease", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetDatabases(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*types.DatabaseV3List, error) { - out := new(types.DatabaseV3List) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabases", in, out, opts...) +func (c *authServiceClient) GetSemaphores(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*Semaphores, error) { + out := new(Semaphores) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSemaphores", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.DatabaseV3, error) { - out := new(types.DatabaseV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabase", in, out, opts...) +func (c *authServiceClient) DeleteSemaphore(ctx context.Context, in *types.SemaphoreFilter, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSemaphore", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateDatabase", in, out, opts...) +func (c *authServiceClient) EmitAuditEvent(ctx context.Context, in *events.OneOf, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/EmitAuditEvent", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpdateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateDatabase", in, out, opts...) +func (c *authServiceClient) CreateAuditStream(ctx context.Context, opts ...grpc.CallOption) (AuthService_CreateAuditStreamClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[10], "/proto.AuthService/CreateAuditStream", opts...) + if err != nil { + return nil, err + } + x := &authServiceCreateAuditStreamClient{stream} + return x, nil +} + +type AuthService_CreateAuditStreamClient interface { + Send(*AuditStreamRequest) error + Recv() (*events.StreamStatus, error) + grpc.ClientStream +} + +type authServiceCreateAuditStreamClient struct { + grpc.ClientStream +} + +func (x *authServiceCreateAuditStreamClient) Send(m *AuditStreamRequest) error { + return x.ClientStream.SendMsg(m) +} + +func (x *authServiceCreateAuditStreamClient) Recv() (*events.StreamStatus, error) { + m := new(events.StreamStatus) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// Deprecated: Do not use. +func (c *authServiceClient) GetApplicationServers(ctx context.Context, in *GetApplicationServersRequest, opts ...grpc.CallOption) (*GetApplicationServersResponse, error) { + out := new(GetApplicationServersResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetApplicationServers", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteDatabase", in, out, opts...) +func (c *authServiceClient) UpsertApplicationServer(ctx context.Context, in *UpsertApplicationServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { + out := new(types.KeepAlive) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertApplicationServer", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteAllDatabases(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllDatabases", in, out, opts...) +func (c *authServiceClient) DeleteApplicationServer(ctx context.Context, in *DeleteApplicationServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteApplicationServer", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetWindowsDesktopServices(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetWindowsDesktopServicesResponse, error) { - out := new(GetWindowsDesktopServicesResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktopServices", in, out, opts...) +func (c *authServiceClient) DeleteAllApplicationServers(ctx context.Context, in *DeleteAllApplicationServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllApplicationServers", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetWindowsDesktopService(ctx context.Context, in *GetWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*GetWindowsDesktopServiceResponse, error) { - out := new(GetWindowsDesktopServiceResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktopService", in, out, opts...) +// Deprecated: Do not use. +func (c *authServiceClient) GetAppServers(ctx context.Context, in *GetAppServersRequest, opts ...grpc.CallOption) (*GetAppServersResponse, error) { + out := new(GetAppServersResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppServers", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertWindowsDesktopService(ctx context.Context, in *types.WindowsDesktopServiceV3, opts ...grpc.CallOption) (*types.KeepAlive, error) { +// Deprecated: Do not use. +func (c *authServiceClient) UpsertAppServer(ctx context.Context, in *UpsertAppServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { out := new(types.KeepAlive) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertWindowsDesktopService", in, out, opts...) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertAppServer", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteWindowsDesktopService(ctx context.Context, in *DeleteWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWindowsDesktopService", in, out, opts...) +// Deprecated: Do not use. +func (c *authServiceClient) DeleteAppServer(ctx context.Context, in *DeleteAppServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAppServer", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteAllWindowsDesktopServices(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWindowsDesktopServices", in, out, opts...) +// Deprecated: Do not use. +func (c *authServiceClient) DeleteAllAppServers(ctx context.Context, in *DeleteAllAppServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllAppServers", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetWindowsDesktops(ctx context.Context, in *types.WindowsDesktopFilter, opts ...grpc.CallOption) (*GetWindowsDesktopsResponse, error) { - out := new(GetWindowsDesktopsResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktops", in, out, opts...) +func (c *authServiceClient) GenerateAppToken(ctx context.Context, in *GenerateAppTokenRequest, opts ...grpc.CallOption) (*GenerateAppTokenResponse, error) { + out := new(GenerateAppTokenResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateAppToken", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateWindowsDesktop", in, out, opts...) +func (c *authServiceClient) GetAppSession(ctx context.Context, in *GetAppSessionRequest, opts ...grpc.CallOption) (*GetAppSessionResponse, error) { + out := new(GetAppSessionResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpdateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateWindowsDesktop", in, out, opts...) +func (c *authServiceClient) GetAppSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetAppSessionsResponse, error) { + out := new(GetAppSessionsResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAppSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) UpsertWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertWindowsDesktop", in, out, opts...) +func (c *authServiceClient) CreateAppSession(ctx context.Context, in *CreateAppSessionRequest, opts ...grpc.CallOption) (*CreateAppSessionResponse, error) { + out := new(CreateAppSessionResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAppSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteWindowsDesktop(ctx context.Context, in *DeleteWindowsDesktopRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWindowsDesktop", in, out, opts...) +func (c *authServiceClient) DeleteAppSession(ctx context.Context, in *DeleteAppSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAppSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) DeleteAllWindowsDesktops(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWindowsDesktops", in, out, opts...) +func (c *authServiceClient) DeleteAllAppSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllAppSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GenerateWindowsDesktopCert(ctx context.Context, in *WindowsDesktopCertRequest, opts ...grpc.CallOption) (*WindowsDesktopCertResponse, error) { - out := new(WindowsDesktopCertResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateWindowsDesktopCert", in, out, opts...) +func (c *authServiceClient) DeleteUserAppSessions(ctx context.Context, in *DeleteUserAppSessionsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteUserAppSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GenerateCertAuthorityCRL(ctx context.Context, in *CertAuthorityRequest, opts ...grpc.CallOption) (*CRL, error) { - out := new(CRL) - err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateCertAuthorityCRL", in, out, opts...) +func (c *authServiceClient) CreateSnowflakeSession(ctx context.Context, in *CreateSnowflakeSessionRequest, opts ...grpc.CallOption) (*CreateSnowflakeSessionResponse, error) { + out := new(CreateSnowflakeSessionResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSnowflakeSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ChangeUserAuthentication(ctx context.Context, in *ChangeUserAuthenticationRequest, opts ...grpc.CallOption) (*ChangeUserAuthenticationResponse, error) { - out := new(ChangeUserAuthenticationResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/ChangeUserAuthentication", in, out, opts...) +func (c *authServiceClient) GetSnowflakeSession(ctx context.Context, in *GetSnowflakeSessionRequest, opts ...grpc.CallOption) (*GetSnowflakeSessionResponse, error) { + out := new(GetSnowflakeSessionResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSnowflakeSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) StartAccountRecovery(ctx context.Context, in *StartAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/StartAccountRecovery", in, out, opts...) +func (c *authServiceClient) GetSnowflakeSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetSnowflakeSessionsResponse, error) { + out := new(GetSnowflakeSessionsResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSnowflakeSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) VerifyAccountRecovery(ctx context.Context, in *VerifyAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/VerifyAccountRecovery", in, out, opts...) +func (c *authServiceClient) DeleteSnowflakeSession(ctx context.Context, in *DeleteSnowflakeSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSnowflakeSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CompleteAccountRecovery(ctx context.Context, in *CompleteAccountRecoveryRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) - err := c.cc.Invoke(ctx, "/proto.AuthService/CompleteAccountRecovery", in, out, opts...) +func (c *authServiceClient) DeleteAllSnowflakeSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllSnowflakeSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreateAccountRecoveryCodes(ctx context.Context, in *CreateAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) { - out := new(RecoveryCodes) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAccountRecoveryCodes", in, out, opts...) +func (c *authServiceClient) GetWebSession(ctx context.Context, in *types.GetWebSessionRequest, opts ...grpc.CallOption) (*GetWebSessionResponse, error) { + out := new(GetWebSessionResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetAccountRecoveryToken(ctx context.Context, in *GetAccountRecoveryTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccountRecoveryToken", in, out, opts...) +func (c *authServiceClient) GetWebSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWebSessionsResponse, error) { + out := new(GetWebSessionsResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetAccountRecoveryCodes(ctx context.Context, in *GetAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) { - out := new(RecoveryCodes) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccountRecoveryCodes", in, out, opts...) +func (c *authServiceClient) DeleteWebSession(ctx context.Context, in *types.DeleteWebSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWebSession", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) CreatePrivilegeToken(ctx context.Context, in *CreatePrivilegeTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { - out := new(types.UserTokenV3) - err := c.cc.Invoke(ctx, "/proto.AuthService/CreatePrivilegeToken", in, out, opts...) +func (c *authServiceClient) DeleteAllWebSessions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWebSessions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) { - out := new(ListResourcesResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/ListResources", in, out, opts...) +func (c *authServiceClient) GetWebToken(ctx context.Context, in *types.GetWebTokenRequest, opts ...grpc.CallOption) (*GetWebTokenResponse, error) { + out := new(GetWebTokenResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebToken", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetDomainName(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetDomainNameResponse, error) { - out := new(GetDomainNameResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetDomainName", in, out, opts...) +func (c *authServiceClient) GetWebTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWebTokensResponse, error) { + out := new(GetWebTokensResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWebTokens", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *authServiceClient) GetClusterCACert(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*GetClusterCACertResponse, error) { - out := new(GetClusterCACertResponse) - err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterCACert", in, out, opts...) +func (c *authServiceClient) DeleteWebToken(ctx context.Context, in *types.DeleteWebTokenRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWebToken", in, out, opts...) if err != nil { return nil, err } return out, nil } -// AuthServiceServer is the server API for AuthService service. -type AuthServiceServer interface { - // MaintainSessionPresence establishes a channel used to continously verify the presence for a - // session. - MaintainSessionPresence(AuthService_MaintainSessionPresenceServer) error - // CreateSessionTracker creates a new session tracker resource. - CreateSessionTracker(context.Context, *CreateSessionTrackerRequest) (*types.SessionTrackerV1, error) - // GetSessionTracker fetches a session tracker resource. - GetSessionTracker(context.Context, *GetSessionTrackerRequest) (*types.SessionTrackerV1, error) - // GetActiveSessionTrackers returns a list of active sessions. - GetActiveSessionTrackers(*empty.Empty, AuthService_GetActiveSessionTrackersServer) error - // RemoveSessionTracker removes a session tracker resource. - RemoveSessionTracker(context.Context, *RemoveSessionTrackerRequest) (*empty.Empty, error) - // UpdateSessionTracker updates some state of a session tracker. - UpdateSessionTracker(context.Context, *UpdateSessionTrackerRequest) (*empty.Empty, error) - // SendKeepAlives allows node to send a stream of keep alive requests - SendKeepAlives(AuthService_SendKeepAlivesServer) error - // WatchEvents returns a new stream of cluster events - WatchEvents(*Watch, AuthService_WatchEventsServer) error - // GetNode retrieves a node described by the given request. - GetNode(context.Context, *types.ResourceInNamespaceRequest) (*types.ServerV2, error) - // UpsertNode upserts a node in a backend. - UpsertNode(context.Context, *types.ServerV2) (*types.KeepAlive, error) - // DeleteNode deletes an existing node in a backend described by the given request. - DeleteNode(context.Context, *types.ResourceInNamespaceRequest) (*empty.Empty, error) - // DeleteAllNodes deletes all nodes. - DeleteAllNodes(context.Context, *types.ResourcesInNamespaceRequest) (*empty.Empty, error) - // GenerateUserCerts generates a set of user certificates. - GenerateUserCerts(context.Context, *UserCertsRequest) (*Certs, error) - // GenerateHostCerts generates a set of host certificates. - GenerateHostCerts(context.Context, *HostCertsRequest) (*Certs, error) - // GenerateUserSingleUseCerts generates a set of single-use user - // certificates. - GenerateUserSingleUseCerts(AuthService_GenerateUserSingleUseCertsServer) error - // IsMFARequired checks whether MFA is required to access the specified - // target. - IsMFARequired(context.Context, *IsMFARequiredRequest) (*IsMFARequiredResponse, error) - // GetAccessRequests gets all pending access requests. - // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. - GetAccessRequests(context.Context, *types.AccessRequestFilter) (*AccessRequests, error) - // GetAccessRequestsV2 gets all pending access requests. - GetAccessRequestsV2(*types.AccessRequestFilter, AuthService_GetAccessRequestsV2Server) error - // CreateAccessRequest creates a new access request. - CreateAccessRequest(context.Context, *types.AccessRequestV3) (*empty.Empty, error) - // DeleteAccessRequest deletes an access request. - DeleteAccessRequest(context.Context, *RequestID) (*empty.Empty, error) - // SetAccessRequestState sets the state of an access request. - SetAccessRequestState(context.Context, *RequestStateSetter) (*empty.Empty, error) - // SubmitAccessReview applies a review to a request and returns the post-application state. - SubmitAccessReview(context.Context, *types.AccessReviewSubmission) (*types.AccessRequestV3, error) - // GetAccessCapabilities requests the access capabilites of a user. - GetAccessCapabilities(context.Context, *types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error) - // GetPluginData gets all plugin data matching the supplied filter. - GetPluginData(context.Context, *types.PluginDataFilter) (*PluginDataSeq, error) - // UpdatePluginData updates a plugin's resource-specific datastore. - UpdatePluginData(context.Context, *types.PluginDataUpdateParams) (*empty.Empty, error) - // Ping gets basic info about the auth server. This method is intended - // to mimic the behavior of the proxy's Ping method, and may be used by - // clients for verification or configuration on startup. - Ping(context.Context, *PingRequest) (*PingResponse, error) - // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. - // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. - RotateResetPasswordTokenSecrets(context.Context, *RotateUserTokenSecretsRequest) (*types.UserTokenSecretsV3, error) - // GetResetPasswordToken returns a reset password token. - GetResetPasswordToken(context.Context, *GetResetPasswordTokenRequest) (*types.UserTokenV3, error) - // CreateResetPasswordToken resets users current password and second factors and creates a reset - // password token. - CreateResetPasswordToken(context.Context, *CreateResetPasswordTokenRequest) (*types.UserTokenV3, error) - // CreateBot creates a new bot user. - CreateBot(context.Context, *CreateBotRequest) (*CreateBotResponse, error) - // DeleteBot deletes a bot user. - DeleteBot(context.Context, *DeleteBotRequest) (*empty.Empty, error) - // GetBotUsers gets all users with bot labels. - GetBotUsers(*GetBotUsersRequest, AuthService_GetBotUsersServer) error - // GetUser gets a user resource by name. - GetUser(context.Context, *GetUserRequest) (*types.UserV2, error) - // GetCurrentUser returns current user as seen by the server. - // Useful especially in the context of remote clusters which perform role and trait mapping. - GetCurrentUser(context.Context, *empty.Empty) (*types.UserV2, error) - // GetUsers gets all current user resources. - GetUsers(*GetUsersRequest, AuthService_GetUsersServer) error - // CreateUser inserts a new user entry to a backend. - CreateUser(context.Context, *types.UserV2) (*empty.Empty, error) - // UpdateUser updates an existing user in a backend. - UpdateUser(context.Context, *types.UserV2) (*empty.Empty, error) - // DeleteUser deletes an existing user in a backend by username. - DeleteUser(context.Context, *DeleteUserRequest) (*empty.Empty, error) - // AcquireSemaphore acquires lease with requested resources from semaphore. - AcquireSemaphore(context.Context, *types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) - // KeepAliveSemaphoreLease updates semaphore lease. - KeepAliveSemaphoreLease(context.Context, *types.SemaphoreLease) (*empty.Empty, error) - // CancelSemaphoreLease cancels semaphore lease early. - CancelSemaphoreLease(context.Context, *types.SemaphoreLease) (*empty.Empty, error) - // GetSemaphores returns a list of all semaphores matching the supplied filter. - GetSemaphores(context.Context, *types.SemaphoreFilter) (*Semaphores, error) - // DeleteSemaphore deletes a semaphore matching the supplied filter. - DeleteSemaphore(context.Context, *types.SemaphoreFilter) (*empty.Empty, error) - // EmitAuditEvent emits audit event - EmitAuditEvent(context.Context, *events.OneOf) (*empty.Empty, error) - // CreateAuditStream creates or resumes audit events streams - CreateAuditStream(AuthService_CreateAuditStreamServer) error - // GetApplicationServers gets all application servers. - // DELETE IN 10.0. Deprecated, use ListResources. - GetApplicationServers(context.Context, *GetApplicationServersRequest) (*GetApplicationServersResponse, error) - // UpsertApplicationServer adds an application server. - UpsertApplicationServer(context.Context, *UpsertApplicationServerRequest) (*types.KeepAlive, error) - // DeleteApplicationServer removes an application server. - DeleteApplicationServer(context.Context, *DeleteApplicationServerRequest) (*empty.Empty, error) - // DeleteAllApplicationServers removes all application servers. - DeleteAllApplicationServers(context.Context, *DeleteAllApplicationServersRequest) (*empty.Empty, error) - // GetAppServers gets all application servers. - // - // DELETE IN 9.0. Deprecated, use GetApplicationServers. - GetAppServers(context.Context, *GetAppServersRequest) (*GetAppServersResponse, error) - // UpsertAppServer adds an application server. - // - // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. - UpsertAppServer(context.Context, *UpsertAppServerRequest) (*types.KeepAlive, error) - // DeleteAppServer removes an application server. - // - // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. - DeleteAppServer(context.Context, *DeleteAppServerRequest) (*empty.Empty, error) - // DeleteAllAppServers removes all application servers. - // - // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. - DeleteAllAppServers(context.Context, *DeleteAllAppServersRequest) (*empty.Empty, error) - // GenerateAppToken will generate a JWT token for application access. - GenerateAppToken(context.Context, *GenerateAppTokenRequest) (*GenerateAppTokenResponse, error) - // GetAppSession gets an application web session. - GetAppSession(context.Context, *GetAppSessionRequest) (*GetAppSessionResponse, error) - // GetAppSessions gets all application web sessions. - GetAppSessions(context.Context, *empty.Empty) (*GetAppSessionsResponse, error) - // CreateAppSession creates an application web session. Application web - // sessions represent a browser session the client holds. - CreateAppSession(context.Context, *CreateAppSessionRequest) (*CreateAppSessionResponse, error) - // DeleteAppSession removes an application web session. - DeleteAppSession(context.Context, *DeleteAppSessionRequest) (*empty.Empty, error) - // DeleteAllAppSessions removes all application web sessions. - DeleteAllAppSessions(context.Context, *empty.Empty) (*empty.Empty, error) - // DeleteUserAppSessions deletes all user’s application sessions. - DeleteUserAppSessions(context.Context, *DeleteUserAppSessionsRequest) (*empty.Empty, error) - // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access - // Snowflake integration. - CreateSnowflakeSession(context.Context, *CreateSnowflakeSessionRequest) (*CreateSnowflakeSessionResponse, error) - // GetSnowflakeSession returns a web session with sub kind Snowflake. - GetSnowflakeSession(context.Context, *GetSnowflakeSessionRequest) (*GetSnowflakeSessionResponse, error) - // GetSnowflakeSessions gets all Snowflake web sessions. - GetSnowflakeSessions(context.Context, *empty.Empty) (*GetSnowflakeSessionsResponse, error) - // DeleteSnowflakeSession removes a Snowflake web session. - DeleteSnowflakeSession(context.Context, *DeleteSnowflakeSessionRequest) (*empty.Empty, error) - // DeleteAllSnowflakeSessions removes all Snowflake web sessions. - DeleteAllSnowflakeSessions(context.Context, *empty.Empty) (*empty.Empty, error) - // GetWebSession gets a web session. - GetWebSession(context.Context, *types.GetWebSessionRequest) (*GetWebSessionResponse, error) - // GetWebSessions gets all web sessions. - GetWebSessions(context.Context, *empty.Empty) (*GetWebSessionsResponse, error) - // DeleteWebSession deletes a web session. - DeleteWebSession(context.Context, *types.DeleteWebSessionRequest) (*empty.Empty, error) - // DeleteAllWebSessions deletes all web sessions. - DeleteAllWebSessions(context.Context, *empty.Empty) (*empty.Empty, error) - // GetWebToken gets a web token. - GetWebToken(context.Context, *types.GetWebTokenRequest) (*GetWebTokenResponse, error) - // GetWebTokens gets all web tokens. - GetWebTokens(context.Context, *empty.Empty) (*GetWebTokensResponse, error) - // DeleteWebToken deletes a web token. - DeleteWebToken(context.Context, *types.DeleteWebTokenRequest) (*empty.Empty, error) - // DeleteAllWebTokens deletes all web tokens. - DeleteAllWebTokens(context.Context, *empty.Empty) (*empty.Empty, error) - // UpdateRemoteCluster updates remote cluster - UpdateRemoteCluster(context.Context, *types.RemoteClusterV3) (*empty.Empty, error) - // GetKubeServices gets all kubernetes services. - // DELETE IN 10.0. Deprecated, use ListResources. - GetKubeServices(context.Context, *GetKubeServicesRequest) (*GetKubeServicesResponse, error) - // UpsertKubeService adds or updates a kubernetes service. - // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 - UpsertKubeService(context.Context, *UpsertKubeServiceRequest) (*empty.Empty, error) - // UpsertKubeServiceV2 adds or updates a kubernetes service. - UpsertKubeServiceV2(context.Context, *UpsertKubeServiceRequest) (*types.KeepAlive, error) - // DeleteKubeService removes a kubernetes service. - DeleteKubeService(context.Context, *DeleteKubeServiceRequest) (*empty.Empty, error) - // DeleteAllKubeServices removes all kubernetes services. - DeleteAllKubeServices(context.Context, *DeleteAllKubeServicesRequest) (*empty.Empty, error) - // GetDatabaseServers returns all registered database proxy servers. - // DELETE IN 10.0. Deprecated, use ListResources. - GetDatabaseServers(context.Context, *GetDatabaseServersRequest) (*GetDatabaseServersResponse, error) - // UpsertDatabaseServer registers a new database proxy server. - UpsertDatabaseServer(context.Context, *UpsertDatabaseServerRequest) (*types.KeepAlive, error) - // DeleteDatabaseServer removes the specified database proxy server. - DeleteDatabaseServer(context.Context, *DeleteDatabaseServerRequest) (*empty.Empty, error) - // DeleteAllDatabaseServers removes all registered database proxy servers. - DeleteAllDatabaseServers(context.Context, *DeleteAllDatabaseServersRequest) (*empty.Empty, error) - // SignDatabaseCSR generates client certificate used by proxy to - // authenticate with a remote database service. - SignDatabaseCSR(context.Context, *DatabaseCSRRequest) (*DatabaseCSRResponse, error) - // GenerateDatabaseCert generates client certificate used by a database - // service to authenticate with the database instance. - GenerateDatabaseCert(context.Context, *DatabaseCertRequest) (*DatabaseCertResponse, error) - /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. - GenerateSnowflakeJWT(context.Context, *SnowflakeJWTRequest) (*SnowflakeJWTResponse, error) - // GetRole retrieves a role described by the given request. - GetRole(context.Context, *GetRoleRequest) (*types.RoleV5, error) - // GetRole retrieves all roles. - GetRoles(context.Context, *empty.Empty) (*GetRolesResponse, error) - // UpsertRole upserts a role in a backend. - UpsertRole(context.Context, *types.RoleV5) (*empty.Empty, error) - // DeleteRole deletes an existing role in a backend described by the given request. - DeleteRole(context.Context, *DeleteRoleRequest) (*empty.Empty, error) - // AddMFADevice adds an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- ExistingMFAChallenge - // -> ExistingMFAResponse - // <- NewMFARegisterChallenge - // -> NewMFARegisterResponse - // <- Ack - AddMFADevice(AuthService_AddMFADeviceServer) error - // DeleteMFADevice deletes an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- MFAChallenge - // -> MFAResponse - // <- Ack - DeleteMFADevice(AuthService_DeleteMFADeviceServer) error - // AddMFADeviceSync adds a new MFA device (nonstream). - AddMFADeviceSync(context.Context, *AddMFADeviceSyncRequest) (*AddMFADeviceSyncResponse, error) - // DeleteMFADeviceSync deletes a users MFA device (nonstream). - DeleteMFADeviceSync(context.Context, *DeleteMFADeviceSyncRequest) (*empty.Empty, error) - // GetMFADevices returns all MFA devices registered for the user calling - // this RPC. - GetMFADevices(context.Context, *GetMFADevicesRequest) (*GetMFADevicesResponse, error) - // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA - // devices. - CreateAuthenticateChallenge(context.Context, *CreateAuthenticateChallengeRequest) (*MFAAuthenticateChallenge, error) - // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. - CreateRegisterChallenge(context.Context, *CreateRegisterChallengeRequest) (*MFARegisterChallenge, error) - // GetOIDCConnector gets an OIDC connector resource by name. - GetOIDCConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.OIDCConnectorV3, error) - // GetOIDCConnectors gets all current OIDC connector resources. - GetOIDCConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.OIDCConnectorV3List, error) - // UpsertOIDCConnector upserts an OIDC connector in a backend. - UpsertOIDCConnector(context.Context, *types.OIDCConnectorV3) (*empty.Empty, error) - // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. - DeleteOIDCConnector(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // CreateOIDCAuthRequest creates OIDCAuthRequest. - CreateOIDCAuthRequest(context.Context, *types.OIDCAuthRequest) (*types.OIDCAuthRequest, error) - // GetOIDCAuthRequest returns OIDC auth request if found. - GetOIDCAuthRequest(context.Context, *GetOIDCAuthRequestRequest) (*types.OIDCAuthRequest, error) - // GetSAMLConnector gets a SAML connector resource by name. - GetSAMLConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.SAMLConnectorV2, error) - // GetSAMLConnectors gets all current SAML connector resources. - GetSAMLConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.SAMLConnectorV2List, error) - // UpsertSAMLConnector upserts a SAML connector in a backend. - UpsertSAMLConnector(context.Context, *types.SAMLConnectorV2) (*empty.Empty, error) - // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. - DeleteSAMLConnector(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // CreateSAMLAuthRequest creates SAMLAuthRequest. - CreateSAMLAuthRequest(context.Context, *types.SAMLAuthRequest) (*types.SAMLAuthRequest, error) - // GetSAMLAuthRequest returns SAML auth request if found. - GetSAMLAuthRequest(context.Context, *GetSAMLAuthRequestRequest) (*types.SAMLAuthRequest, error) - // GetGithubConnector gets a Github connector resource by name. - GetGithubConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.GithubConnectorV3, error) - // GetGithubConnectors gets all current Github connector resources. - GetGithubConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.GithubConnectorV3List, error) - // UpsertGithubConnector upserts a Github connector in a backend. - UpsertGithubConnector(context.Context, *types.GithubConnectorV3) (*empty.Empty, error) - // DeleteGithubConnector deletes an existing Github connector in a backend by name. - DeleteGithubConnector(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // CreateGithubAuthRequest creates GithubAuthRequest. - CreateGithubAuthRequest(context.Context, *types.GithubAuthRequest) (*types.GithubAuthRequest, error) - // GetGithubAuthRequest returns Github auth request if found. - GetGithubAuthRequest(context.Context, *GetGithubAuthRequestRequest) (*types.GithubAuthRequest, error) - // GetSSODiagnosticInfo returns SSO diagnostic info records. - GetSSODiagnosticInfo(context.Context, *GetSSODiagnosticInfoRequest) (*types.SSODiagnosticInfo, error) - // GetTrustedCluster gets a Trusted Cluster resource by name. - GetTrustedCluster(context.Context, *types.ResourceRequest) (*types.TrustedClusterV2, error) - // GetTrustedClusters gets all current Trusted Cluster resources. - GetTrustedClusters(context.Context, *empty.Empty) (*types.TrustedClusterV2List, error) - // UpsertTrustedCluster upserts a Trusted Cluster in a backend. - UpsertTrustedCluster(context.Context, *types.TrustedClusterV2) (*types.TrustedClusterV2, error) - // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. - DeleteTrustedCluster(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // GetToken retrieves a token described by the given request. - GetToken(context.Context, *types.ResourceRequest) (*types.ProvisionTokenV2, error) - // GetToken retrieves all tokens. - GetTokens(context.Context, *empty.Empty) (*types.ProvisionTokenV2List, error) - // UpsertToken upserts a token in a backend. - UpsertToken(context.Context, *types.ProvisionTokenV2) (*empty.Empty, error) - // GenerateToken generates a new auth token. - GenerateToken(context.Context, *GenerateTokenRequest) (*GenerateTokenResponse, error) - // DeleteToken deletes an existing token in a backend described by the given request. - DeleteToken(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // GetClusterAuditConfig gets cluster audit configuration. - GetClusterAuditConfig(context.Context, *empty.Empty) (*types.ClusterAuditConfigV2, error) - // GetClusterNetworkingConfig gets cluster networking configuration. - GetClusterNetworkingConfig(context.Context, *empty.Empty) (*types.ClusterNetworkingConfigV2, error) - // SetClusterNetworkingConfig sets cluster networking configuration. - SetClusterNetworkingConfig(context.Context, *types.ClusterNetworkingConfigV2) (*empty.Empty, error) - // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. - ResetClusterNetworkingConfig(context.Context, *empty.Empty) (*empty.Empty, error) - // GetSessionRecordingConfig gets session recording configuration. - GetSessionRecordingConfig(context.Context, *empty.Empty) (*types.SessionRecordingConfigV2, error) - // SetSessionRecordingConfig sets session recording configuration. - SetSessionRecordingConfig(context.Context, *types.SessionRecordingConfigV2) (*empty.Empty, error) - // ResetSessionRecordingConfig resets session recording configuration to defaults. - ResetSessionRecordingConfig(context.Context, *empty.Empty) (*empty.Empty, error) - // GetAuthPreference gets cluster auth preference. - GetAuthPreference(context.Context, *empty.Empty) (*types.AuthPreferenceV2, error) - // SetAuthPreference sets cluster auth preference. - SetAuthPreference(context.Context, *types.AuthPreferenceV2) (*empty.Empty, error) - // ResetAuthPreference resets cluster auth preference to defaults. - ResetAuthPreference(context.Context, *empty.Empty) (*empty.Empty, error) - // GetEvents gets events from the audit log. - GetEvents(context.Context, *GetEventsRequest) (*Events, error) - // GetSessionEvents gets completed session events from the audit log. - GetSessionEvents(context.Context, *GetSessionEventsRequest) (*Events, error) - // GetLock gets a lock by name. - GetLock(context.Context, *GetLockRequest) (*types.LockV2, error) - // GetLocks gets all/in-force locks that match at least one of the targets when specified. - GetLocks(context.Context, *GetLocksRequest) (*GetLocksResponse, error) - // UpsertLock upserts a lock. - UpsertLock(context.Context, *types.LockV2) (*empty.Empty, error) - // DeleteLock deletes a lock. - DeleteLock(context.Context, *DeleteLockRequest) (*empty.Empty, error) - // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. - ReplaceRemoteLocks(context.Context, *ReplaceRemoteLocksRequest) (*empty.Empty, error) - // StreamSessionEvents streams audit events from a given session recording. - StreamSessionEvents(*StreamSessionEventsRequest, AuthService_StreamSessionEventsServer) error - // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). - GetNetworkRestrictions(context.Context, *empty.Empty) (*types.NetworkRestrictionsV4, error) - // SetNetworkRestrictions updates the network restrictions. - SetNetworkRestrictions(context.Context, *types.NetworkRestrictionsV4) (*empty.Empty, error) - // DeleteNetworkRestrictions delete the network restrictions. - DeleteNetworkRestrictions(context.Context, *empty.Empty) (*empty.Empty, error) - // GetApps returns all registered applications. - GetApps(context.Context, *empty.Empty) (*types.AppV3List, error) - // GetApp returns an application by name. - GetApp(context.Context, *types.ResourceRequest) (*types.AppV3, error) - // CreateApp creates a new application resource. - CreateApp(context.Context, *types.AppV3) (*empty.Empty, error) - // UpdateApp updates existing application resource. - UpdateApp(context.Context, *types.AppV3) (*empty.Empty, error) - // DeleteApp removes specified application resource. - DeleteApp(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // DeleteAllApps removes all application resources. - DeleteAllApps(context.Context, *empty.Empty) (*empty.Empty, error) - // GetDatabases returns all registered databases. - GetDatabases(context.Context, *empty.Empty) (*types.DatabaseV3List, error) - // GetDatabase returns a database by name. - GetDatabase(context.Context, *types.ResourceRequest) (*types.DatabaseV3, error) - // CreateDatabase creates a new database resource. - CreateDatabase(context.Context, *types.DatabaseV3) (*empty.Empty, error) - // UpdateDatabase updates existing database resource. - UpdateDatabase(context.Context, *types.DatabaseV3) (*empty.Empty, error) - // DeleteDatabase removes specified database resource. - DeleteDatabase(context.Context, *types.ResourceRequest) (*empty.Empty, error) - // DeleteAllDatabases removes all database resources. - DeleteAllDatabases(context.Context, *empty.Empty) (*empty.Empty, error) - // GetWindowsDesktopServices returns all registered Windows desktop services. - GetWindowsDesktopServices(context.Context, *empty.Empty) (*GetWindowsDesktopServicesResponse, error) - GetWindowsDesktopService(context.Context, *GetWindowsDesktopServiceRequest) (*GetWindowsDesktopServiceResponse, error) - // UpsertWindowsDesktopService registers a new Windows desktop service. - UpsertWindowsDesktopService(context.Context, *types.WindowsDesktopServiceV3) (*types.KeepAlive, error) - // DeleteWindowsDesktopService removes the specified Windows desktop service. - DeleteWindowsDesktopService(context.Context, *DeleteWindowsDesktopServiceRequest) (*empty.Empty, error) - // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. - DeleteAllWindowsDesktopServices(context.Context, *empty.Empty) (*empty.Empty, error) - // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. - GetWindowsDesktops(context.Context, *types.WindowsDesktopFilter) (*GetWindowsDesktopsResponse, error) - // CreateWindowsDesktop registers a new Windows desktop host. - CreateWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*empty.Empty, error) - // UpdateWindowsDesktop updates an existing Windows desktop host. - UpdateWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*empty.Empty, error) - // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. - UpsertWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*empty.Empty, error) - // DeleteWindowsDesktop removes the specified Windows desktop host. - // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. - // To delete all desktops, use DeleteAllWindowsDesktops. - DeleteWindowsDesktop(context.Context, *DeleteWindowsDesktopRequest) (*empty.Empty, error) - // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. - DeleteAllWindowsDesktops(context.Context, *empty.Empty) (*empty.Empty, error) - // GenerateWindowsDesktopCert generates client smartcard certificate used - // by an RDP client to authenticate with Windows. - GenerateWindowsDesktopCert(context.Context, *WindowsDesktopCertRequest) (*WindowsDesktopCertResponse, error) - // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. - GenerateCertAuthorityCRL(context.Context, *CertAuthorityRequest) (*CRL, error) - // ChangeUserAuthentication allows a user to change their password and if enabled, - // also adds a new MFA device. After successful invocation, a new web session is created as well - // as a new set of recovery codes (if user meets the requirements to receive them), invalidating - // any existing codes the user previously had. - ChangeUserAuthentication(context.Context, *ChangeUserAuthenticationRequest) (*ChangeUserAuthenticationResponse, error) - // StartAccountRecovery (exclusive to cloud users) is the first out of two step user - // verification needed to allow a user to recover their account. The first form of verification - // is a user's username and a recovery code. After successful verification, a recovery start - // token is created for the user which its ID will be used as part of a URL that will be emailed - // to the user (not done in this request). The user will be able to finish their second form of - // verification by clicking on this URL and following the prompts. - // - // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, - // user account gets temporarily locked from further recovery attempts and from logging in. - // - // Start tokens last RecoveryStartTokenTTL. - StartAccountRecovery(context.Context, *StartAccountRecoveryRequest) (*types.UserTokenV3, error) - // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step - // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. - // The second form of verification is a user's password or their second factor (depending on - // what authentication they needed to recover). After successful verification, a recovery - // approved token is created which allows a user to request protected actions while not logged - // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA - // devices, and generating new recovery codes. - // - // The recovery start token to verify this request becomes deleted before - // creating a recovery approved token, which invalidates the recovery link users received - // to finish their verification. - // - // If user fails to verify themselves for MaxAccountRecoveryAttempts - // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked - // from logging in. If users still have unused recovery codes left, they still have - // opportunities to recover their account. To allow this, users recovery attempts are also - // deleted along with all user tokens which will force the user to restart the recovery process - // from step 1 (RPC StartAccountRecovery). - // - // Recovery approved tokens last RecoveryApprovedTokenTTL. - VerifyAccountRecovery(context.Context, *VerifyAccountRecoveryRequest) (*types.UserTokenV3, error) - // CompleteAccountRecovery (exclusive to cloud users) is the last step in account - // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new - // password or adds a new mfa device, allowing the user to regain access to their account with - // the new credentials. When the new authentication is successfully set, any user lock is - // removed so the user can login immediately afterwards. - CompleteAccountRecovery(context.Context, *CompleteAccountRecoveryRequest) (*empty.Empty, error) - // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a - // user, replacing and invalidating any previously owned codes. Users can only get recovery - // codes if their username is in a valid email format. - CreateAccountRecoveryCodes(context.Context, *CreateAccountRecoveryCodesRequest) (*RecoveryCodes, error) - // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after - // verifying that the token requested has not expired and is of the correct recovery kind. - // Besides checking for validity of a token ID, it is also used to get basic information from - // the token e.g: username, state of recovery (started or approved) and the type of recovery - // requested (password or second factor). - GetAccountRecoveryToken(context.Context, *GetAccountRecoveryTokenRequest) (*types.UserTokenV3, error) - // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context - // their recovery codes. This request will not return any secrets (the values of recovery - // codes), but instead returns non-sensitive data eg. when the recovery codes were created. - GetAccountRecoveryCodes(context.Context, *GetAccountRecoveryCodesRequest) (*RecoveryCodes, error) - // CreatePrivilegeToken returns a new privilege token after a logged in user successfully - // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and - // is used to gain access to privileged actions eg: deleting/adding a MFA device. - CreatePrivilegeToken(context.Context, *CreatePrivilegeTokenRequest) (*types.UserTokenV3, error) - // ListResources retrieves a paginated list of resources. - ListResources(context.Context, *ListResourcesRequest) (*ListResourcesResponse, error) - // GetDomainName returns local auth domain of the current auth server - GetDomainName(context.Context, *empty.Empty) (*GetDomainNameResponse, error) - // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster - // without signing keys. If the cluster has multiple TLS certs, they will - // all be appended. - GetClusterCACert(context.Context, *empty.Empty) (*GetClusterCACertResponse, error) +func (c *authServiceClient) DeleteAllWebTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWebTokens", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -// UnimplementedAuthServiceServer can be embedded to have forward compatible implementations. -type UnimplementedAuthServiceServer struct { +func (c *authServiceClient) UpdateRemoteCluster(ctx context.Context, in *types.RemoteClusterV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateRemoteCluster", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) MaintainSessionPresence(srv AuthService_MaintainSessionPresenceServer) error { - return status.Errorf(codes.Unimplemented, "method MaintainSessionPresence not implemented") -} -func (*UnimplementedAuthServiceServer) CreateSessionTracker(ctx context.Context, req *CreateSessionTrackerRequest) (*types.SessionTrackerV1, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateSessionTracker not implemented") +// Deprecated: Do not use. +func (c *authServiceClient) GetKubeServices(ctx context.Context, in *GetKubeServicesRequest, opts ...grpc.CallOption) (*GetKubeServicesResponse, error) { + out := new(GetKubeServicesResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetKubeServices", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetSessionTracker(ctx context.Context, req *GetSessionTrackerRequest) (*types.SessionTrackerV1, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSessionTracker not implemented") + +// Deprecated: Do not use. +func (c *authServiceClient) UpsertKubeService(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertKubeService", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetActiveSessionTrackers(req *empty.Empty, srv AuthService_GetActiveSessionTrackersServer) error { - return status.Errorf(codes.Unimplemented, "method GetActiveSessionTrackers not implemented") + +func (c *authServiceClient) UpsertKubeServiceV2(ctx context.Context, in *UpsertKubeServiceRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { + out := new(types.KeepAlive) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertKubeServiceV2", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) RemoveSessionTracker(ctx context.Context, req *RemoveSessionTrackerRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method RemoveSessionTracker not implemented") + +func (c *authServiceClient) DeleteKubeService(ctx context.Context, in *DeleteKubeServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteKubeService", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpdateSessionTracker(ctx context.Context, req *UpdateSessionTrackerRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateSessionTracker not implemented") + +func (c *authServiceClient) DeleteAllKubeServices(ctx context.Context, in *DeleteAllKubeServicesRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllKubeServices", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) SendKeepAlives(srv AuthService_SendKeepAlivesServer) error { - return status.Errorf(codes.Unimplemented, "method SendKeepAlives not implemented") + +// Deprecated: Do not use. +func (c *authServiceClient) GetDatabaseServers(ctx context.Context, in *GetDatabaseServersRequest, opts ...grpc.CallOption) (*GetDatabaseServersResponse, error) { + out := new(GetDatabaseServersResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabaseServers", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) WatchEvents(req *Watch, srv AuthService_WatchEventsServer) error { - return status.Errorf(codes.Unimplemented, "method WatchEvents not implemented") + +func (c *authServiceClient) UpsertDatabaseServer(ctx context.Context, in *UpsertDatabaseServerRequest, opts ...grpc.CallOption) (*types.KeepAlive, error) { + out := new(types.KeepAlive) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertDatabaseServer", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetNode(ctx context.Context, req *types.ResourceInNamespaceRequest) (*types.ServerV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetNode not implemented") + +func (c *authServiceClient) DeleteDatabaseServer(ctx context.Context, in *DeleteDatabaseServerRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteDatabaseServer", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertNode(ctx context.Context, req *types.ServerV2) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertNode not implemented") + +func (c *authServiceClient) DeleteAllDatabaseServers(ctx context.Context, in *DeleteAllDatabaseServersRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllDatabaseServers", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteNode(ctx context.Context, req *types.ResourceInNamespaceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteNode not implemented") + +func (c *authServiceClient) SignDatabaseCSR(ctx context.Context, in *DatabaseCSRRequest, opts ...grpc.CallOption) (*DatabaseCSRResponse, error) { + out := new(DatabaseCSRResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/SignDatabaseCSR", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllNodes(ctx context.Context, req *types.ResourcesInNamespaceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllNodes not implemented") + +func (c *authServiceClient) GenerateDatabaseCert(ctx context.Context, in *DatabaseCertRequest, opts ...grpc.CallOption) (*DatabaseCertResponse, error) { + out := new(DatabaseCertResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateDatabaseCert", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GenerateUserCerts(ctx context.Context, req *UserCertsRequest) (*Certs, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateUserCerts not implemented") + +func (c *authServiceClient) GenerateSnowflakeJWT(ctx context.Context, in *SnowflakeJWTRequest, opts ...grpc.CallOption) (*SnowflakeJWTResponse, error) { + out := new(SnowflakeJWTResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateSnowflakeJWT", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GenerateHostCerts(ctx context.Context, req *HostCertsRequest) (*Certs, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateHostCerts not implemented") + +func (c *authServiceClient) GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*types.RoleV5, error) { + out := new(types.RoleV5) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetRole", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GenerateUserSingleUseCerts(srv AuthService_GenerateUserSingleUseCertsServer) error { - return status.Errorf(codes.Unimplemented, "method GenerateUserSingleUseCerts not implemented") + +func (c *authServiceClient) GetRoles(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetRolesResponse, error) { + out := new(GetRolesResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetRoles", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) IsMFARequired(ctx context.Context, req *IsMFARequiredRequest) (*IsMFARequiredResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method IsMFARequired not implemented") + +func (c *authServiceClient) UpsertRole(ctx context.Context, in *types.RoleV5, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertRole", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetAccessRequests(ctx context.Context, req *types.AccessRequestFilter) (*AccessRequests, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAccessRequests not implemented") + +func (c *authServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteRole", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetAccessRequestsV2(req *types.AccessRequestFilter, srv AuthService_GetAccessRequestsV2Server) error { - return status.Errorf(codes.Unimplemented, "method GetAccessRequestsV2 not implemented") + +func (c *authServiceClient) AddMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_AddMFADeviceClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[11], "/proto.AuthService/AddMFADevice", opts...) + if err != nil { + return nil, err + } + x := &authServiceAddMFADeviceClient{stream} + return x, nil } -func (*UnimplementedAuthServiceServer) CreateAccessRequest(ctx context.Context, req *types.AccessRequestV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateAccessRequest not implemented") + +type AuthService_AddMFADeviceClient interface { + Send(*AddMFADeviceRequest) error + Recv() (*AddMFADeviceResponse, error) + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) DeleteAccessRequest(ctx context.Context, req *RequestID) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAccessRequest not implemented") + +type authServiceAddMFADeviceClient struct { + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) SetAccessRequestState(ctx context.Context, req *RequestStateSetter) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetAccessRequestState not implemented") + +func (x *authServiceAddMFADeviceClient) Send(m *AddMFADeviceRequest) error { + return x.ClientStream.SendMsg(m) } -func (*UnimplementedAuthServiceServer) SubmitAccessReview(ctx context.Context, req *types.AccessReviewSubmission) (*types.AccessRequestV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method SubmitAccessReview not implemented") + +func (x *authServiceAddMFADeviceClient) Recv() (*AddMFADeviceResponse, error) { + m := new(AddMFADeviceResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil } -func (*UnimplementedAuthServiceServer) GetAccessCapabilities(ctx context.Context, req *types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAccessCapabilities not implemented") + +func (c *authServiceClient) DeleteMFADevice(ctx context.Context, opts ...grpc.CallOption) (AuthService_DeleteMFADeviceClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[12], "/proto.AuthService/DeleteMFADevice", opts...) + if err != nil { + return nil, err + } + x := &authServiceDeleteMFADeviceClient{stream} + return x, nil } -func (*UnimplementedAuthServiceServer) GetPluginData(ctx context.Context, req *types.PluginDataFilter) (*PluginDataSeq, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetPluginData not implemented") -} -func (*UnimplementedAuthServiceServer) UpdatePluginData(ctx context.Context, req *types.PluginDataUpdateParams) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdatePluginData not implemented") -} -func (*UnimplementedAuthServiceServer) Ping(ctx context.Context, req *PingRequest) (*PingResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Ping not implemented") + +type AuthService_DeleteMFADeviceClient interface { + Send(*DeleteMFADeviceRequest) error + Recv() (*DeleteMFADeviceResponse, error) + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) RotateResetPasswordTokenSecrets(ctx context.Context, req *RotateUserTokenSecretsRequest) (*types.UserTokenSecretsV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method RotateResetPasswordTokenSecrets not implemented") + +type authServiceDeleteMFADeviceClient struct { + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) GetResetPasswordToken(ctx context.Context, req *GetResetPasswordTokenRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetResetPasswordToken not implemented") + +func (x *authServiceDeleteMFADeviceClient) Send(m *DeleteMFADeviceRequest) error { + return x.ClientStream.SendMsg(m) } -func (*UnimplementedAuthServiceServer) CreateResetPasswordToken(ctx context.Context, req *CreateResetPasswordTokenRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateResetPasswordToken not implemented") + +func (x *authServiceDeleteMFADeviceClient) Recv() (*DeleteMFADeviceResponse, error) { + m := new(DeleteMFADeviceResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil } -func (*UnimplementedAuthServiceServer) CreateBot(ctx context.Context, req *CreateBotRequest) (*CreateBotResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateBot not implemented") + +func (c *authServiceClient) AddMFADeviceSync(ctx context.Context, in *AddMFADeviceSyncRequest, opts ...grpc.CallOption) (*AddMFADeviceSyncResponse, error) { + out := new(AddMFADeviceSyncResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/AddMFADeviceSync", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteBot(ctx context.Context, req *DeleteBotRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteBot not implemented") + +func (c *authServiceClient) DeleteMFADeviceSync(ctx context.Context, in *DeleteMFADeviceSyncRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteMFADeviceSync", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetBotUsers(req *GetBotUsersRequest, srv AuthService_GetBotUsersServer) error { - return status.Errorf(codes.Unimplemented, "method GetBotUsers not implemented") + +func (c *authServiceClient) GetMFADevices(ctx context.Context, in *GetMFADevicesRequest, opts ...grpc.CallOption) (*GetMFADevicesResponse, error) { + out := new(GetMFADevicesResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetMFADevices", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetUser(ctx context.Context, req *GetUserRequest) (*types.UserV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetUser not implemented") + +func (c *authServiceClient) CreateAuthenticateChallenge(ctx context.Context, in *CreateAuthenticateChallengeRequest, opts ...grpc.CallOption) (*MFAAuthenticateChallenge, error) { + out := new(MFAAuthenticateChallenge) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAuthenticateChallenge", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetCurrentUser(ctx context.Context, req *empty.Empty) (*types.UserV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetCurrentUser not implemented") + +func (c *authServiceClient) CreateRegisterChallenge(ctx context.Context, in *CreateRegisterChallengeRequest, opts ...grpc.CallOption) (*MFARegisterChallenge, error) { + out := new(MFARegisterChallenge) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateRegisterChallenge", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetUsers(req *GetUsersRequest, srv AuthService_GetUsersServer) error { - return status.Errorf(codes.Unimplemented, "method GetUsers not implemented") + +func (c *authServiceClient) GetOIDCConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3, error) { + out := new(types.OIDCConnectorV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) CreateUser(ctx context.Context, req *types.UserV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") + +func (c *authServiceClient) GetOIDCConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.OIDCConnectorV3List, error) { + out := new(types.OIDCConnectorV3List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCConnectors", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpdateUser(ctx context.Context, req *types.UserV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateUser not implemented") + +func (c *authServiceClient) UpsertOIDCConnector(ctx context.Context, in *types.OIDCConnectorV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertOIDCConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteUser(ctx context.Context, req *DeleteUserRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteUser not implemented") + +func (c *authServiceClient) DeleteOIDCConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteOIDCConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) AcquireSemaphore(ctx context.Context, req *types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) { - return nil, status.Errorf(codes.Unimplemented, "method AcquireSemaphore not implemented") + +func (c *authServiceClient) CreateOIDCAuthRequest(ctx context.Context, in *types.OIDCAuthRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) { + out := new(types.OIDCAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateOIDCAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) KeepAliveSemaphoreLease(ctx context.Context, req *types.SemaphoreLease) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method KeepAliveSemaphoreLease not implemented") + +func (c *authServiceClient) GetOIDCAuthRequest(ctx context.Context, in *GetOIDCAuthRequestRequest, opts ...grpc.CallOption) (*types.OIDCAuthRequest, error) { + out := new(types.OIDCAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetOIDCAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) CancelSemaphoreLease(ctx context.Context, req *types.SemaphoreLease) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CancelSemaphoreLease not implemented") + +func (c *authServiceClient) GetSAMLConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2, error) { + out := new(types.SAMLConnectorV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetSemaphores(ctx context.Context, req *types.SemaphoreFilter) (*Semaphores, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSemaphores not implemented") + +func (c *authServiceClient) GetSAMLConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.SAMLConnectorV2List, error) { + out := new(types.SAMLConnectorV2List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLConnectors", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteSemaphore(ctx context.Context, req *types.SemaphoreFilter) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteSemaphore not implemented") + +func (c *authServiceClient) UpsertSAMLConnector(ctx context.Context, in *types.SAMLConnectorV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertSAMLConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) EmitAuditEvent(ctx context.Context, req *events.OneOf) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method EmitAuditEvent not implemented") + +func (c *authServiceClient) DeleteSAMLConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteSAMLConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) CreateAuditStream(srv AuthService_CreateAuditStreamServer) error { - return status.Errorf(codes.Unimplemented, "method CreateAuditStream not implemented") + +func (c *authServiceClient) CreateSAMLAuthRequest(ctx context.Context, in *types.SAMLAuthRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) { + out := new(types.SAMLAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateSAMLAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetApplicationServers(ctx context.Context, req *GetApplicationServersRequest) (*GetApplicationServersResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetApplicationServers not implemented") + +func (c *authServiceClient) GetSAMLAuthRequest(ctx context.Context, in *GetSAMLAuthRequestRequest, opts ...grpc.CallOption) (*types.SAMLAuthRequest, error) { + out := new(types.SAMLAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSAMLAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertApplicationServer(ctx context.Context, req *UpsertApplicationServerRequest) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertApplicationServer not implemented") + +func (c *authServiceClient) GetGithubConnector(ctx context.Context, in *types.ResourceWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3, error) { + out := new(types.GithubConnectorV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteApplicationServer(ctx context.Context, req *DeleteApplicationServerRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteApplicationServer not implemented") + +func (c *authServiceClient) GetGithubConnectors(ctx context.Context, in *types.ResourcesWithSecretsRequest, opts ...grpc.CallOption) (*types.GithubConnectorV3List, error) { + out := new(types.GithubConnectorV3List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubConnectors", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllApplicationServers(ctx context.Context, req *DeleteAllApplicationServersRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllApplicationServers not implemented") + +func (c *authServiceClient) UpsertGithubConnector(ctx context.Context, in *types.GithubConnectorV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertGithubConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetAppServers(ctx context.Context, req *GetAppServersRequest) (*GetAppServersResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAppServers not implemented") + +func (c *authServiceClient) DeleteGithubConnector(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteGithubConnector", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertAppServer(ctx context.Context, req *UpsertAppServerRequest) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertAppServer not implemented") + +func (c *authServiceClient) CreateGithubAuthRequest(ctx context.Context, in *types.GithubAuthRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) { + out := new(types.GithubAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateGithubAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAppServer(ctx context.Context, req *DeleteAppServerRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAppServer not implemented") + +func (c *authServiceClient) GetGithubAuthRequest(ctx context.Context, in *GetGithubAuthRequestRequest, opts ...grpc.CallOption) (*types.GithubAuthRequest, error) { + out := new(types.GithubAuthRequest) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetGithubAuthRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllAppServers(ctx context.Context, req *DeleteAllAppServersRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllAppServers not implemented") + +func (c *authServiceClient) GetSSODiagnosticInfo(ctx context.Context, in *GetSSODiagnosticInfoRequest, opts ...grpc.CallOption) (*types.SSODiagnosticInfo, error) { + out := new(types.SSODiagnosticInfo) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSSODiagnosticInfo", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GenerateAppToken(ctx context.Context, req *GenerateAppTokenRequest) (*GenerateAppTokenResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateAppToken not implemented") + +func (c *authServiceClient) GetTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) { + out := new(types.TrustedClusterV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetTrustedCluster", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetAppSession(ctx context.Context, req *GetAppSessionRequest) (*GetAppSessionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAppSession not implemented") + +func (c *authServiceClient) GetTrustedClusters(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.TrustedClusterV2List, error) { + out := new(types.TrustedClusterV2List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetTrustedClusters", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetAppSessions(ctx context.Context, req *empty.Empty) (*GetAppSessionsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAppSessions not implemented") + +func (c *authServiceClient) UpsertTrustedCluster(ctx context.Context, in *types.TrustedClusterV2, opts ...grpc.CallOption) (*types.TrustedClusterV2, error) { + out := new(types.TrustedClusterV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertTrustedCluster", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) CreateAppSession(ctx context.Context, req *CreateAppSessionRequest) (*CreateAppSessionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateAppSession not implemented") + +func (c *authServiceClient) DeleteTrustedCluster(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteTrustedCluster", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAppSession(ctx context.Context, req *DeleteAppSessionRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAppSession not implemented") + +func (c *authServiceClient) GetToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.ProvisionTokenV2, error) { + out := new(types.ProvisionTokenV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetToken", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllAppSessions(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllAppSessions not implemented") + +func (c *authServiceClient) GetTokens(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ProvisionTokenV2List, error) { + out := new(types.ProvisionTokenV2List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetTokens", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteUserAppSessions(ctx context.Context, req *DeleteUserAppSessionsRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteUserAppSessions not implemented") + +func (c *authServiceClient) UpsertToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertToken", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) CreateSnowflakeSession(ctx context.Context, req *CreateSnowflakeSessionRequest) (*CreateSnowflakeSessionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateSnowflakeSession not implemented") + +func (c *authServiceClient) CreateToken(ctx context.Context, in *types.ProvisionTokenV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateToken", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetSnowflakeSession(ctx context.Context, req *GetSnowflakeSessionRequest) (*GetSnowflakeSessionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSnowflakeSession not implemented") + +func (c *authServiceClient) GenerateToken(ctx context.Context, in *GenerateTokenRequest, opts ...grpc.CallOption) (*GenerateTokenResponse, error) { + out := new(GenerateTokenResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateToken", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetSnowflakeSessions(ctx context.Context, req *empty.Empty) (*GetSnowflakeSessionsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSnowflakeSessions not implemented") + +func (c *authServiceClient) DeleteToken(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteToken", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteSnowflakeSession(ctx context.Context, req *DeleteSnowflakeSessionRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteSnowflakeSession not implemented") + +func (c *authServiceClient) GetClusterAuditConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ClusterAuditConfigV2, error) { + out := new(types.ClusterAuditConfigV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterAuditConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllSnowflakeSessions(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllSnowflakeSessions not implemented") + +func (c *authServiceClient) GetClusterNetworkingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.ClusterNetworkingConfigV2, error) { + out := new(types.ClusterNetworkingConfigV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterNetworkingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetWebSession(ctx context.Context, req *types.GetWebSessionRequest) (*GetWebSessionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWebSession not implemented") + +func (c *authServiceClient) SetClusterNetworkingConfig(ctx context.Context, in *types.ClusterNetworkingConfigV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetClusterNetworkingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetWebSessions(ctx context.Context, req *empty.Empty) (*GetWebSessionsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWebSessions not implemented") + +func (c *authServiceClient) ResetClusterNetworkingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/ResetClusterNetworkingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteWebSession(ctx context.Context, req *types.DeleteWebSessionRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteWebSession not implemented") + +func (c *authServiceClient) GetSessionRecordingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.SessionRecordingConfigV2, error) { + out := new(types.SessionRecordingConfigV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionRecordingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllWebSessions(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWebSessions not implemented") + +func (c *authServiceClient) SetSessionRecordingConfig(ctx context.Context, in *types.SessionRecordingConfigV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetSessionRecordingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetWebToken(ctx context.Context, req *types.GetWebTokenRequest) (*GetWebTokenResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWebToken not implemented") + +func (c *authServiceClient) ResetSessionRecordingConfig(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/ResetSessionRecordingConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetWebTokens(ctx context.Context, req *empty.Empty) (*GetWebTokensResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWebTokens not implemented") + +func (c *authServiceClient) GetAuthPreference(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.AuthPreferenceV2, error) { + out := new(types.AuthPreferenceV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAuthPreference", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteWebToken(ctx context.Context, req *types.DeleteWebTokenRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteWebToken not implemented") + +func (c *authServiceClient) SetAuthPreference(ctx context.Context, in *types.AuthPreferenceV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetAuthPreference", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllWebTokens(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWebTokens not implemented") + +func (c *authServiceClient) ResetAuthPreference(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/ResetAuthPreference", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpdateRemoteCluster(ctx context.Context, req *types.RemoteClusterV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateRemoteCluster not implemented") + +func (c *authServiceClient) GetEvents(ctx context.Context, in *GetEventsRequest, opts ...grpc.CallOption) (*Events, error) { + out := new(Events) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetEvents", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetKubeServices(ctx context.Context, req *GetKubeServicesRequest) (*GetKubeServicesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetKubeServices not implemented") + +func (c *authServiceClient) GetSessionEvents(ctx context.Context, in *GetSessionEventsRequest, opts ...grpc.CallOption) (*Events, error) { + out := new(Events) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetSessionEvents", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertKubeService(ctx context.Context, req *UpsertKubeServiceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertKubeService not implemented") + +func (c *authServiceClient) GetLock(ctx context.Context, in *GetLockRequest, opts ...grpc.CallOption) (*types.LockV2, error) { + out := new(types.LockV2) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetLock", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertKubeServiceV2(ctx context.Context, req *UpsertKubeServiceRequest) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertKubeServiceV2 not implemented") + +func (c *authServiceClient) GetLocks(ctx context.Context, in *GetLocksRequest, opts ...grpc.CallOption) (*GetLocksResponse, error) { + out := new(GetLocksResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetLocks", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteKubeService(ctx context.Context, req *DeleteKubeServiceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteKubeService not implemented") + +func (c *authServiceClient) UpsertLock(ctx context.Context, in *types.LockV2, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertLock", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) DeleteAllKubeServices(ctx context.Context, req *DeleteAllKubeServicesRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllKubeServices not implemented") + +func (c *authServiceClient) DeleteLock(ctx context.Context, in *DeleteLockRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteLock", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GetDatabaseServers(ctx context.Context, req *GetDatabaseServersRequest) (*GetDatabaseServersResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetDatabaseServers not implemented") + +func (c *authServiceClient) ReplaceRemoteLocks(ctx context.Context, in *ReplaceRemoteLocksRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/ReplaceRemoteLocks", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) UpsertDatabaseServer(ctx context.Context, req *UpsertDatabaseServerRequest) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertDatabaseServer not implemented") + +func (c *authServiceClient) StreamSessionEvents(ctx context.Context, in *StreamSessionEventsRequest, opts ...grpc.CallOption) (AuthService_StreamSessionEventsClient, error) { + stream, err := c.cc.NewStream(ctx, &_AuthService_serviceDesc.Streams[13], "/proto.AuthService/StreamSessionEvents", opts...) + if err != nil { + return nil, err + } + x := &authServiceStreamSessionEventsClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil } -func (*UnimplementedAuthServiceServer) DeleteDatabaseServer(ctx context.Context, req *DeleteDatabaseServerRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteDatabaseServer not implemented") + +type AuthService_StreamSessionEventsClient interface { + Recv() (*events.OneOf, error) + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) DeleteAllDatabaseServers(ctx context.Context, req *DeleteAllDatabaseServersRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllDatabaseServers not implemented") + +type authServiceStreamSessionEventsClient struct { + grpc.ClientStream } -func (*UnimplementedAuthServiceServer) SignDatabaseCSR(ctx context.Context, req *DatabaseCSRRequest) (*DatabaseCSRResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method SignDatabaseCSR not implemented") + +func (x *authServiceStreamSessionEventsClient) Recv() (*events.OneOf, error) { + m := new(events.OneOf) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil } -func (*UnimplementedAuthServiceServer) GenerateDatabaseCert(ctx context.Context, req *DatabaseCertRequest) (*DatabaseCertResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateDatabaseCert not implemented") + +func (c *authServiceClient) GetNetworkRestrictions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.NetworkRestrictionsV4, error) { + out := new(types.NetworkRestrictionsV4) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetNetworkRestrictions", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (*UnimplementedAuthServiceServer) GenerateSnowflakeJWT(ctx context.Context, req *SnowflakeJWTRequest) (*SnowflakeJWTResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateSnowflakeJWT not implemented") -} -func (*UnimplementedAuthServiceServer) GetRole(ctx context.Context, req *GetRoleRequest) (*types.RoleV5, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetRole not implemented") -} -func (*UnimplementedAuthServiceServer) GetRoles(ctx context.Context, req *empty.Empty) (*GetRolesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetRoles not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertRole(ctx context.Context, req *types.RoleV5) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertRole not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteRole(ctx context.Context, req *DeleteRoleRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteRole not implemented") -} -func (*UnimplementedAuthServiceServer) AddMFADevice(srv AuthService_AddMFADeviceServer) error { - return status.Errorf(codes.Unimplemented, "method AddMFADevice not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteMFADevice(srv AuthService_DeleteMFADeviceServer) error { - return status.Errorf(codes.Unimplemented, "method DeleteMFADevice not implemented") -} -func (*UnimplementedAuthServiceServer) AddMFADeviceSync(ctx context.Context, req *AddMFADeviceSyncRequest) (*AddMFADeviceSyncResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method AddMFADeviceSync not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteMFADeviceSync(ctx context.Context, req *DeleteMFADeviceSyncRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteMFADeviceSync not implemented") -} -func (*UnimplementedAuthServiceServer) GetMFADevices(ctx context.Context, req *GetMFADevicesRequest) (*GetMFADevicesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetMFADevices not implemented") -} -func (*UnimplementedAuthServiceServer) CreateAuthenticateChallenge(ctx context.Context, req *CreateAuthenticateChallengeRequest) (*MFAAuthenticateChallenge, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateAuthenticateChallenge not implemented") -} -func (*UnimplementedAuthServiceServer) CreateRegisterChallenge(ctx context.Context, req *CreateRegisterChallengeRequest) (*MFARegisterChallenge, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateRegisterChallenge not implemented") -} -func (*UnimplementedAuthServiceServer) GetOIDCConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.OIDCConnectorV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetOIDCConnector not implemented") -} -func (*UnimplementedAuthServiceServer) GetOIDCConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.OIDCConnectorV3List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetOIDCConnectors not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertOIDCConnector(ctx context.Context, req *types.OIDCConnectorV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertOIDCConnector not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteOIDCConnector(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteOIDCConnector not implemented") -} -func (*UnimplementedAuthServiceServer) CreateOIDCAuthRequest(ctx context.Context, req *types.OIDCAuthRequest) (*types.OIDCAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateOIDCAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetOIDCAuthRequest(ctx context.Context, req *GetOIDCAuthRequestRequest) (*types.OIDCAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetOIDCAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetSAMLConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.SAMLConnectorV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSAMLConnector not implemented") -} -func (*UnimplementedAuthServiceServer) GetSAMLConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.SAMLConnectorV2List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSAMLConnectors not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertSAMLConnector(ctx context.Context, req *types.SAMLConnectorV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertSAMLConnector not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteSAMLConnector(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteSAMLConnector not implemented") -} -func (*UnimplementedAuthServiceServer) CreateSAMLAuthRequest(ctx context.Context, req *types.SAMLAuthRequest) (*types.SAMLAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateSAMLAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetSAMLAuthRequest(ctx context.Context, req *GetSAMLAuthRequestRequest) (*types.SAMLAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSAMLAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetGithubConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.GithubConnectorV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetGithubConnector not implemented") -} -func (*UnimplementedAuthServiceServer) GetGithubConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.GithubConnectorV3List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetGithubConnectors not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertGithubConnector(ctx context.Context, req *types.GithubConnectorV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertGithubConnector not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteGithubConnector(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteGithubConnector not implemented") -} -func (*UnimplementedAuthServiceServer) CreateGithubAuthRequest(ctx context.Context, req *types.GithubAuthRequest) (*types.GithubAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateGithubAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetGithubAuthRequest(ctx context.Context, req *GetGithubAuthRequestRequest) (*types.GithubAuthRequest, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetGithubAuthRequest not implemented") -} -func (*UnimplementedAuthServiceServer) GetSSODiagnosticInfo(ctx context.Context, req *GetSSODiagnosticInfoRequest) (*types.SSODiagnosticInfo, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSSODiagnosticInfo not implemented") -} -func (*UnimplementedAuthServiceServer) GetTrustedCluster(ctx context.Context, req *types.ResourceRequest) (*types.TrustedClusterV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetTrustedCluster not implemented") -} -func (*UnimplementedAuthServiceServer) GetTrustedClusters(ctx context.Context, req *empty.Empty) (*types.TrustedClusterV2List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetTrustedClusters not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertTrustedCluster(ctx context.Context, req *types.TrustedClusterV2) (*types.TrustedClusterV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertTrustedCluster not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteTrustedCluster(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteTrustedCluster not implemented") -} -func (*UnimplementedAuthServiceServer) GetToken(ctx context.Context, req *types.ResourceRequest) (*types.ProvisionTokenV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetToken not implemented") -} -func (*UnimplementedAuthServiceServer) GetTokens(ctx context.Context, req *empty.Empty) (*types.ProvisionTokenV2List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetTokens not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertToken(ctx context.Context, req *types.ProvisionTokenV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertToken not implemented") -} -func (*UnimplementedAuthServiceServer) GenerateToken(ctx context.Context, req *GenerateTokenRequest) (*GenerateTokenResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateToken not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteToken(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteToken not implemented") -} -func (*UnimplementedAuthServiceServer) GetClusterAuditConfig(ctx context.Context, req *empty.Empty) (*types.ClusterAuditConfigV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetClusterAuditConfig not implemented") -} -func (*UnimplementedAuthServiceServer) GetClusterNetworkingConfig(ctx context.Context, req *empty.Empty) (*types.ClusterNetworkingConfigV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetClusterNetworkingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) SetClusterNetworkingConfig(ctx context.Context, req *types.ClusterNetworkingConfigV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetClusterNetworkingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) ResetClusterNetworkingConfig(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResetClusterNetworkingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) GetSessionRecordingConfig(ctx context.Context, req *empty.Empty) (*types.SessionRecordingConfigV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSessionRecordingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) SetSessionRecordingConfig(ctx context.Context, req *types.SessionRecordingConfigV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetSessionRecordingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) ResetSessionRecordingConfig(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResetSessionRecordingConfig not implemented") -} -func (*UnimplementedAuthServiceServer) GetAuthPreference(ctx context.Context, req *empty.Empty) (*types.AuthPreferenceV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAuthPreference not implemented") -} -func (*UnimplementedAuthServiceServer) SetAuthPreference(ctx context.Context, req *types.AuthPreferenceV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetAuthPreference not implemented") -} -func (*UnimplementedAuthServiceServer) ResetAuthPreference(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResetAuthPreference not implemented") -} -func (*UnimplementedAuthServiceServer) GetEvents(ctx context.Context, req *GetEventsRequest) (*Events, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetEvents not implemented") -} -func (*UnimplementedAuthServiceServer) GetSessionEvents(ctx context.Context, req *GetSessionEventsRequest) (*Events, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetSessionEvents not implemented") -} -func (*UnimplementedAuthServiceServer) GetLock(ctx context.Context, req *GetLockRequest) (*types.LockV2, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetLock not implemented") -} -func (*UnimplementedAuthServiceServer) GetLocks(ctx context.Context, req *GetLocksRequest) (*GetLocksResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetLocks not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertLock(ctx context.Context, req *types.LockV2) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertLock not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteLock(ctx context.Context, req *DeleteLockRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteLock not implemented") -} -func (*UnimplementedAuthServiceServer) ReplaceRemoteLocks(ctx context.Context, req *ReplaceRemoteLocksRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method ReplaceRemoteLocks not implemented") -} -func (*UnimplementedAuthServiceServer) StreamSessionEvents(req *StreamSessionEventsRequest, srv AuthService_StreamSessionEventsServer) error { - return status.Errorf(codes.Unimplemented, "method StreamSessionEvents not implemented") -} -func (*UnimplementedAuthServiceServer) GetNetworkRestrictions(ctx context.Context, req *empty.Empty) (*types.NetworkRestrictionsV4, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetNetworkRestrictions not implemented") -} -func (*UnimplementedAuthServiceServer) SetNetworkRestrictions(ctx context.Context, req *types.NetworkRestrictionsV4) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetNetworkRestrictions not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteNetworkRestrictions(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteNetworkRestrictions not implemented") -} -func (*UnimplementedAuthServiceServer) GetApps(ctx context.Context, req *empty.Empty) (*types.AppV3List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetApps not implemented") -} -func (*UnimplementedAuthServiceServer) GetApp(ctx context.Context, req *types.ResourceRequest) (*types.AppV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetApp not implemented") -} -func (*UnimplementedAuthServiceServer) CreateApp(ctx context.Context, req *types.AppV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateApp not implemented") -} -func (*UnimplementedAuthServiceServer) UpdateApp(ctx context.Context, req *types.AppV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateApp not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteApp(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteApp not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteAllApps(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllApps not implemented") -} -func (*UnimplementedAuthServiceServer) GetDatabases(ctx context.Context, req *empty.Empty) (*types.DatabaseV3List, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetDatabases not implemented") -} -func (*UnimplementedAuthServiceServer) GetDatabase(ctx context.Context, req *types.ResourceRequest) (*types.DatabaseV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetDatabase not implemented") -} -func (*UnimplementedAuthServiceServer) CreateDatabase(ctx context.Context, req *types.DatabaseV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateDatabase not implemented") -} -func (*UnimplementedAuthServiceServer) UpdateDatabase(ctx context.Context, req *types.DatabaseV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateDatabase not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteDatabase(ctx context.Context, req *types.ResourceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteDatabase not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteAllDatabases(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllDatabases not implemented") -} -func (*UnimplementedAuthServiceServer) GetWindowsDesktopServices(ctx context.Context, req *empty.Empty) (*GetWindowsDesktopServicesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktopServices not implemented") -} -func (*UnimplementedAuthServiceServer) GetWindowsDesktopService(ctx context.Context, req *GetWindowsDesktopServiceRequest) (*GetWindowsDesktopServiceResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktopService not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertWindowsDesktopService(ctx context.Context, req *types.WindowsDesktopServiceV3) (*types.KeepAlive, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertWindowsDesktopService not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteWindowsDesktopService(ctx context.Context, req *DeleteWindowsDesktopServiceRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteWindowsDesktopService not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteAllWindowsDesktopServices(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWindowsDesktopServices not implemented") -} -func (*UnimplementedAuthServiceServer) GetWindowsDesktops(ctx context.Context, req *types.WindowsDesktopFilter) (*GetWindowsDesktopsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktops not implemented") -} -func (*UnimplementedAuthServiceServer) CreateWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateWindowsDesktop not implemented") -} -func (*UnimplementedAuthServiceServer) UpdateWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateWindowsDesktop not implemented") -} -func (*UnimplementedAuthServiceServer) UpsertWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpsertWindowsDesktop not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteWindowsDesktop(ctx context.Context, req *DeleteWindowsDesktopRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteWindowsDesktop not implemented") -} -func (*UnimplementedAuthServiceServer) DeleteAllWindowsDesktops(ctx context.Context, req *empty.Empty) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWindowsDesktops not implemented") -} -func (*UnimplementedAuthServiceServer) GenerateWindowsDesktopCert(ctx context.Context, req *WindowsDesktopCertRequest) (*WindowsDesktopCertResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateWindowsDesktopCert not implemented") -} -func (*UnimplementedAuthServiceServer) GenerateCertAuthorityCRL(ctx context.Context, req *CertAuthorityRequest) (*CRL, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateCertAuthorityCRL not implemented") -} -func (*UnimplementedAuthServiceServer) ChangeUserAuthentication(ctx context.Context, req *ChangeUserAuthenticationRequest) (*ChangeUserAuthenticationResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ChangeUserAuthentication not implemented") -} -func (*UnimplementedAuthServiceServer) StartAccountRecovery(ctx context.Context, req *StartAccountRecoveryRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method StartAccountRecovery not implemented") -} -func (*UnimplementedAuthServiceServer) VerifyAccountRecovery(ctx context.Context, req *VerifyAccountRecoveryRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method VerifyAccountRecovery not implemented") -} -func (*UnimplementedAuthServiceServer) CompleteAccountRecovery(ctx context.Context, req *CompleteAccountRecoveryRequest) (*empty.Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method CompleteAccountRecovery not implemented") -} -func (*UnimplementedAuthServiceServer) CreateAccountRecoveryCodes(ctx context.Context, req *CreateAccountRecoveryCodesRequest) (*RecoveryCodes, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateAccountRecoveryCodes not implemented") -} -func (*UnimplementedAuthServiceServer) GetAccountRecoveryToken(ctx context.Context, req *GetAccountRecoveryTokenRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAccountRecoveryToken not implemented") -} -func (*UnimplementedAuthServiceServer) GetAccountRecoveryCodes(ctx context.Context, req *GetAccountRecoveryCodesRequest) (*RecoveryCodes, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetAccountRecoveryCodes not implemented") -} -func (*UnimplementedAuthServiceServer) CreatePrivilegeToken(ctx context.Context, req *CreatePrivilegeTokenRequest) (*types.UserTokenV3, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreatePrivilegeToken not implemented") -} -func (*UnimplementedAuthServiceServer) ListResources(ctx context.Context, req *ListResourcesRequest) (*ListResourcesResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListResources not implemented") -} -func (*UnimplementedAuthServiceServer) GetDomainName(ctx context.Context, req *empty.Empty) (*GetDomainNameResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetDomainName not implemented") -} -func (*UnimplementedAuthServiceServer) GetClusterCACert(ctx context.Context, req *empty.Empty) (*GetClusterCACertResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetClusterCACert not implemented") + +func (c *authServiceClient) SetNetworkRestrictions(ctx context.Context, in *types.NetworkRestrictionsV4, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetNetworkRestrictions", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) { - s.RegisterService(&_AuthService_serviceDesc, srv) +func (c *authServiceClient) DeleteNetworkRestrictions(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteNetworkRestrictions", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func _AuthService_MaintainSessionPresence_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).MaintainSessionPresence(&authServiceMaintainSessionPresenceServer{stream}) +func (c *authServiceClient) GetApps(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.AppV3List, error) { + out := new(types.AppV3List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetApps", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type AuthService_MaintainSessionPresenceServer interface { - Send(*MFAAuthenticateChallenge) error - Recv() (*PresenceMFAChallengeSend, error) - grpc.ServerStream +func (c *authServiceClient) GetApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.AppV3, error) { + out := new(types.AppV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetApp", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type authServiceMaintainSessionPresenceServer struct { - grpc.ServerStream +func (c *authServiceClient) CreateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateApp", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceMaintainSessionPresenceServer) Send(m *MFAAuthenticateChallenge) error { - return x.ServerStream.SendMsg(m) +func (c *authServiceClient) UpdateApp(ctx context.Context, in *types.AppV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateApp", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceMaintainSessionPresenceServer) Recv() (*PresenceMFAChallengeSend, error) { - m := new(PresenceMFAChallengeSend) - if err := x.ServerStream.RecvMsg(m); err != nil { +func (c *authServiceClient) DeleteApp(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteApp", in, out, opts...) + if err != nil { return nil, err } - return m, nil + return out, nil } -func _AuthService_CreateSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateSessionTrackerRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) DeleteAllApps(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllApps", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).CreateSessionTracker(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CreateSessionTracker", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateSessionTracker(ctx, req.(*CreateSessionTrackerRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetSessionTrackerRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetDatabases(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.DatabaseV3List, error) { + out := new(types.DatabaseV3List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabases", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetSessionTracker(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetSessionTracker", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSessionTracker(ctx, req.(*GetSessionTrackerRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetActiveSessionTrackers_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(empty.Empty) - if err := stream.RecvMsg(m); err != nil { - return err +func (c *authServiceClient) GetDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.DatabaseV3, error) { + out := new(types.DatabaseV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetDatabase", in, out, opts...) + if err != nil { + return nil, err } - return srv.(AuthServiceServer).GetActiveSessionTrackers(m, &authServiceGetActiveSessionTrackersServer{stream}) + return out, nil } -type AuthService_GetActiveSessionTrackersServer interface { - Send(*types.SessionTrackerV1) error - grpc.ServerStream +func (c *authServiceClient) CreateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateDatabase", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type authServiceGetActiveSessionTrackersServer struct { - grpc.ServerStream +func (c *authServiceClient) UpdateDatabase(ctx context.Context, in *types.DatabaseV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateDatabase", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceGetActiveSessionTrackersServer) Send(m *types.SessionTrackerV1) error { - return x.ServerStream.SendMsg(m) +func (c *authServiceClient) DeleteDatabase(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteDatabase", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func _AuthService_RemoveSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RemoveSessionTrackerRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) DeleteAllDatabases(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllDatabases", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).RemoveSessionTracker(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/RemoveSessionTracker", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).RemoveSessionTracker(ctx, req.(*RemoveSessionTrackerRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_UpdateSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpdateSessionTrackerRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetWindowsDesktopServices(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetWindowsDesktopServicesResponse, error) { + out := new(GetWindowsDesktopServicesResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktopServices", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).UpdateSessionTracker(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/UpdateSessionTracker", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateSessionTracker(ctx, req.(*UpdateSessionTrackerRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_SendKeepAlives_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).SendKeepAlives(&authServiceSendKeepAlivesServer{stream}) +func (c *authServiceClient) GetWindowsDesktopService(ctx context.Context, in *GetWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*GetWindowsDesktopServiceResponse, error) { + out := new(GetWindowsDesktopServiceResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktopService", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type AuthService_SendKeepAlivesServer interface { - SendAndClose(*empty.Empty) error - Recv() (*types.KeepAlive, error) - grpc.ServerStream +func (c *authServiceClient) UpsertWindowsDesktopService(ctx context.Context, in *types.WindowsDesktopServiceV3, opts ...grpc.CallOption) (*types.KeepAlive, error) { + out := new(types.KeepAlive) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertWindowsDesktopService", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type authServiceSendKeepAlivesServer struct { - grpc.ServerStream +func (c *authServiceClient) DeleteWindowsDesktopService(ctx context.Context, in *DeleteWindowsDesktopServiceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWindowsDesktopService", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceSendKeepAlivesServer) SendAndClose(m *empty.Empty) error { - return x.ServerStream.SendMsg(m) +func (c *authServiceClient) DeleteAllWindowsDesktopServices(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWindowsDesktopServices", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceSendKeepAlivesServer) Recv() (*types.KeepAlive, error) { - m := new(types.KeepAlive) - if err := x.ServerStream.RecvMsg(m); err != nil { +func (c *authServiceClient) GetWindowsDesktops(ctx context.Context, in *types.WindowsDesktopFilter, opts ...grpc.CallOption) (*GetWindowsDesktopsResponse, error) { + out := new(GetWindowsDesktopsResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetWindowsDesktops", in, out, opts...) + if err != nil { return nil, err } - return m, nil + return out, nil } -func _AuthService_WatchEvents_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(Watch) - if err := stream.RecvMsg(m); err != nil { - return err +func (c *authServiceClient) CreateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateWindowsDesktop", in, out, opts...) + if err != nil { + return nil, err } - return srv.(AuthServiceServer).WatchEvents(m, &authServiceWatchEventsServer{stream}) + return out, nil } -type AuthService_WatchEventsServer interface { - Send(*Event) error - grpc.ServerStream +func (c *authServiceClient) UpdateWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateWindowsDesktop", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -type authServiceWatchEventsServer struct { - grpc.ServerStream +func (c *authServiceClient) UpsertWindowsDesktop(ctx context.Context, in *types.WindowsDesktopV3, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpsertWindowsDesktop", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func (x *authServiceWatchEventsServer) Send(m *Event) error { - return x.ServerStream.SendMsg(m) +func (c *authServiceClient) DeleteWindowsDesktop(ctx context.Context, in *DeleteWindowsDesktopRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteWindowsDesktop", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil } -func _AuthService_GetNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceInNamespaceRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) DeleteAllWindowsDesktops(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllWindowsDesktops", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetNode(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetNode", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetNode(ctx, req.(*types.ResourceInNamespaceRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_UpsertNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ServerV2) - if err := dec(in); err != nil { +func (c *authServiceClient) GenerateWindowsDesktopCert(ctx context.Context, in *WindowsDesktopCertRequest, opts ...grpc.CallOption) (*WindowsDesktopCertResponse, error) { + out := new(WindowsDesktopCertResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateWindowsDesktopCert", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).UpsertNode(ctx, in) + return out, nil +} + +func (c *authServiceClient) GenerateCertAuthorityCRL(ctx context.Context, in *CertAuthorityRequest, opts ...grpc.CallOption) (*CRL, error) { + out := new(CRL) + err := c.cc.Invoke(ctx, "/proto.AuthService/GenerateCertAuthorityCRL", in, out, opts...) + if err != nil { + return nil, err } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/UpsertNode", + return out, nil +} + +func (c *authServiceClient) CreateConnectionDiagnostic(ctx context.Context, in *types.ConnectionDiagnosticV1, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateConnectionDiagnostic", in, out, opts...) + if err != nil { + return nil, err } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertNode(ctx, req.(*types.ServerV2)) + return out, nil +} + +func (c *authServiceClient) UpdateConnectionDiagnostic(ctx context.Context, in *types.ConnectionDiagnosticV1, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UpdateConnectionDiagnostic", in, out, opts...) + if err != nil { + return nil, err } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_DeleteNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceInNamespaceRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetConnectionDiagnostic(ctx context.Context, in *GetConnectionDiagnosticRequest, opts ...grpc.CallOption) (*types.ConnectionDiagnosticV1, error) { + out := new(types.ConnectionDiagnosticV1) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetConnectionDiagnostic", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteNode(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteNode", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteNode(ctx, req.(*types.ResourceInNamespaceRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_DeleteAllNodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourcesInNamespaceRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllNodes(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteAllNodes", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllNodes(ctx, req.(*types.ResourcesInNamespaceRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GenerateUserCerts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UserCertsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GenerateUserCerts(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GenerateUserCerts", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateUserCerts(ctx, req.(*UserCertsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GenerateHostCerts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(HostCertsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GenerateHostCerts(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GenerateHostCerts", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateHostCerts(ctx, req.(*HostCertsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GenerateUserSingleUseCerts_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).GenerateUserSingleUseCerts(&authServiceGenerateUserSingleUseCertsServer{stream}) -} - -type AuthService_GenerateUserSingleUseCertsServer interface { - Send(*UserSingleUseCertsResponse) error - Recv() (*UserSingleUseCertsRequest, error) - grpc.ServerStream -} - -type authServiceGenerateUserSingleUseCertsServer struct { - grpc.ServerStream -} - -func (x *authServiceGenerateUserSingleUseCertsServer) Send(m *UserSingleUseCertsResponse) error { - return x.ServerStream.SendMsg(m) -} - -func (x *authServiceGenerateUserSingleUseCertsServer) Recv() (*UserSingleUseCertsRequest, error) { - m := new(UserSingleUseCertsRequest) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -func _AuthService_IsMFARequired_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(IsMFARequiredRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).IsMFARequired(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/IsMFARequired", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).IsMFARequired(ctx, req.(*IsMFARequiredRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetAccessRequests_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AccessRequestFilter) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GetAccessRequests(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetAccessRequests", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAccessRequests(ctx, req.(*types.AccessRequestFilter)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetAccessRequestsV2_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(types.AccessRequestFilter) - if err := stream.RecvMsg(m); err != nil { - return err - } - return srv.(AuthServiceServer).GetAccessRequestsV2(m, &authServiceGetAccessRequestsV2Server{stream}) -} - -type AuthService_GetAccessRequestsV2Server interface { - Send(*types.AccessRequestV3) error - grpc.ServerStream -} - -type authServiceGetAccessRequestsV2Server struct { - grpc.ServerStream -} - -func (x *authServiceGetAccessRequestsV2Server) Send(m *types.AccessRequestV3) error { - return x.ServerStream.SendMsg(m) + return out, nil } -func _AuthService_CreateAccessRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AccessRequestV3) - if err := dec(in); err != nil { +func (c *authServiceClient) AppendDiagnosticTrace(ctx context.Context, in *AppendDiagnosticTraceRequest, opts ...grpc.CallOption) (*types.ConnectionDiagnosticV1, error) { + out := new(types.ConnectionDiagnosticV1) + err := c.cc.Invoke(ctx, "/proto.AuthService/AppendDiagnosticTrace", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).CreateAccessRequest(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CreateAccessRequest", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateAccessRequest(ctx, req.(*types.AccessRequestV3)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_DeleteAccessRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RequestID) - if err := dec(in); err != nil { +func (c *authServiceClient) ChangeUserAuthentication(ctx context.Context, in *ChangeUserAuthenticationRequest, opts ...grpc.CallOption) (*ChangeUserAuthenticationResponse, error) { + out := new(ChangeUserAuthenticationResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/ChangeUserAuthentication", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteAccessRequest(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteAccessRequest", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAccessRequest(ctx, req.(*RequestID)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_SetAccessRequestState_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RequestStateSetter) - if err := dec(in); err != nil { +func (c *authServiceClient) StartAccountRecovery(ctx context.Context, in *StartAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/StartAccountRecovery", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).SetAccessRequestState(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/SetAccessRequestState", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SetAccessRequestState(ctx, req.(*RequestStateSetter)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_SubmitAccessReview_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AccessReviewSubmission) - if err := dec(in); err != nil { +func (c *authServiceClient) VerifyAccountRecovery(ctx context.Context, in *VerifyAccountRecoveryRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/VerifyAccountRecovery", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).SubmitAccessReview(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/SubmitAccessReview", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SubmitAccessReview(ctx, req.(*types.AccessReviewSubmission)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetAccessCapabilities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AccessCapabilitiesRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) CompleteAccountRecovery(ctx context.Context, in *CompleteAccountRecoveryRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/CompleteAccountRecovery", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetAccessCapabilities(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetAccessCapabilities", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAccessCapabilities(ctx, req.(*types.AccessCapabilitiesRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetPluginData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.PluginDataFilter) - if err := dec(in); err != nil { +func (c *authServiceClient) CreateAccountRecoveryCodes(ctx context.Context, in *CreateAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) { + out := new(RecoveryCodes) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreateAccountRecoveryCodes", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetPluginData(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetPluginData", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetPluginData(ctx, req.(*types.PluginDataFilter)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_UpdatePluginData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.PluginDataUpdateParams) - if err := dec(in); err != nil { +func (c *authServiceClient) GetAccountRecoveryToken(ctx context.Context, in *GetAccountRecoveryTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccountRecoveryToken", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).UpdatePluginData(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/UpdatePluginData", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdatePluginData(ctx, req.(*types.PluginDataUpdateParams)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_Ping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(PingRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetAccountRecoveryCodes(ctx context.Context, in *GetAccountRecoveryCodesRequest, opts ...grpc.CallOption) (*RecoveryCodes, error) { + out := new(RecoveryCodes) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetAccountRecoveryCodes", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).Ping(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/Ping", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).Ping(ctx, req.(*PingRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_RotateResetPasswordTokenSecrets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RotateUserTokenSecretsRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) CreatePrivilegeToken(ctx context.Context, in *CreatePrivilegeTokenRequest, opts ...grpc.CallOption) (*types.UserTokenV3, error) { + out := new(types.UserTokenV3) + err := c.cc.Invoke(ctx, "/proto.AuthService/CreatePrivilegeToken", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).RotateResetPasswordTokenSecrets(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/RotateResetPasswordTokenSecrets", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).RotateResetPasswordTokenSecrets(ctx, req.(*RotateUserTokenSecretsRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetResetPasswordToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetResetPasswordTokenRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetInstaller(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*types.InstallerV1, error) { + out := new(types.InstallerV1) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetInstaller", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetResetPasswordToken(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetResetPasswordToken", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetResetPasswordToken(ctx, req.(*GetResetPasswordTokenRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_CreateResetPasswordToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateResetPasswordTokenRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) GetInstallers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*types.InstallerV1List, error) { + out := new(types.InstallerV1List) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetInstallers", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).CreateResetPasswordToken(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CreateResetPasswordToken", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateResetPasswordToken(ctx, req.(*CreateResetPasswordTokenRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_CreateBot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateBotRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) SetInstaller(ctx context.Context, in *types.InstallerV1, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/SetInstaller", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).CreateBot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CreateBot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateBot(ctx, req.(*CreateBotRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_DeleteBot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteBotRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) DeleteInstaller(ctx context.Context, in *types.ResourceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteInstaller", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteBot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteBot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteBot(ctx, req.(*DeleteBotRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetBotUsers_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(GetBotUsersRequest) - if err := stream.RecvMsg(m); err != nil { - return err - } - return srv.(AuthServiceServer).GetBotUsers(m, &authServiceGetBotUsersServer{stream}) -} - -type AuthService_GetBotUsersServer interface { - Send(*types.UserV2) error - grpc.ServerStream -} - -type authServiceGetBotUsersServer struct { - grpc.ServerStream -} - -func (x *authServiceGetBotUsersServer) Send(m *types.UserV2) error { - return x.ServerStream.SendMsg(m) + return out, nil } -func _AuthService_GetUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetUserRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) DeleteAllInstallers(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/DeleteAllInstallers", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetUser(ctx, req.(*GetUserRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_GetCurrentUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) - if err := dec(in); err != nil { +func (c *authServiceClient) ListResources(ctx context.Context, in *ListResourcesRequest, opts ...grpc.CallOption) (*ListResourcesResponse, error) { + out := new(ListResourcesResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/ListResources", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).GetCurrentUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetCurrentUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetCurrentUser(ctx, req.(*empty.Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetUsers_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(GetUsersRequest) - if err := stream.RecvMsg(m); err != nil { - return err - } - return srv.(AuthServiceServer).GetUsers(m, &authServiceGetUsersServer{stream}) -} - -type AuthService_GetUsersServer interface { - Send(*types.UserV2) error - grpc.ServerStream -} - -type authServiceGetUsersServer struct { - grpc.ServerStream -} - -func (x *authServiceGetUsersServer) Send(m *types.UserV2) error { - return x.ServerStream.SendMsg(m) + return out, nil } -func _AuthService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.UserV2) - if err := dec(in); err != nil { +func (c *authServiceClient) GetDomainName(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetDomainNameResponse, error) { + out := new(GetDomainNameResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetDomainName", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).CreateUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CreateUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateUser(ctx, req.(*types.UserV2)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.UserV2) - if err := dec(in); err != nil { +func (c *authServiceClient) GetClusterCACert(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*GetClusterCACertResponse, error) { + out := new(GetClusterCACertResponse) + err := c.cc.Invoke(ctx, "/proto.AuthService/GetClusterCACert", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).UpdateUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/UpdateUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateUser(ctx, req.(*types.UserV2)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteUserRequest) - if err := dec(in); err != nil { +func (c *authServiceClient) UnstableAssertSystemRole(ctx context.Context, in *UnstableSystemRoleAssertion, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, "/proto.AuthService/UnstableAssertSystemRole", in, out, opts...) + if err != nil { return nil, err } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteUser(ctx, req.(*DeleteUserRequest)) - } - return interceptor(ctx, in, info, handler) + return out, nil } -func _AuthService_AcquireSemaphore_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AcquireSemaphoreRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).AcquireSemaphore(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/AcquireSemaphore", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).AcquireSemaphore(ctx, req.(*types.AcquireSemaphoreRequest)) - } - return interceptor(ctx, in, info, handler) +// AuthServiceServer is the server API for AuthService service. +type AuthServiceServer interface { + // InventoryControlStream is the per-instance stream used to advertise teleport instance + // presence/version/etc to the auth server. + InventoryControlStream(AuthService_InventoryControlStreamServer) error + // GetInventoryStatus gets information about current instance inventory. + GetInventoryStatus(context.Context, *InventoryStatusRequest) (*InventoryStatusSummary, error) + // PingInventory attempts to trigger a downstream inventory ping (used in testing/debug). + PingInventory(context.Context, *InventoryPingRequest) (*InventoryPingResponse, error) + // GetClusterAlerts loads cluster-level alert messages. + GetClusterAlerts(context.Context, *types.GetClusterAlertsRequest) (*GetClusterAlertsResponse, error) + // UpsertClusterAlert creates a cluster alert. + UpsertClusterAlert(context.Context, *UpsertClusterAlertRequest) (*emptypb.Empty, error) + // MaintainSessionPresence establishes a channel used to continously verify the presence for a + // session. + MaintainSessionPresence(AuthService_MaintainSessionPresenceServer) error + // CreateSessionTracker creates a new session tracker resource. + CreateSessionTracker(context.Context, *CreateSessionTrackerRequest) (*types.SessionTrackerV1, error) + // GetSessionTracker fetches a session tracker resource. + GetSessionTracker(context.Context, *GetSessionTrackerRequest) (*types.SessionTrackerV1, error) + // GetActiveSessionTrackers returns a list of active sessions. + GetActiveSessionTrackers(*emptypb.Empty, AuthService_GetActiveSessionTrackersServer) error + // RemoveSessionTracker removes a session tracker resource. + RemoveSessionTracker(context.Context, *RemoveSessionTrackerRequest) (*emptypb.Empty, error) + // UpdateSessionTracker updates some state of a session tracker. + UpdateSessionTracker(context.Context, *UpdateSessionTrackerRequest) (*emptypb.Empty, error) + // SendKeepAlives allows node to send a stream of keep alive requests + SendKeepAlives(AuthService_SendKeepAlivesServer) error + // WatchEvents returns a new stream of cluster events + WatchEvents(*Watch, AuthService_WatchEventsServer) error + // GetNode retrieves a node described by the given request. + GetNode(context.Context, *types.ResourceInNamespaceRequest) (*types.ServerV2, error) + // UpsertNode upserts a node in a backend. + UpsertNode(context.Context, *types.ServerV2) (*types.KeepAlive, error) + // DeleteNode deletes an existing node in a backend described by the given request. + DeleteNode(context.Context, *types.ResourceInNamespaceRequest) (*emptypb.Empty, error) + // DeleteAllNodes deletes all nodes. + DeleteAllNodes(context.Context, *types.ResourcesInNamespaceRequest) (*emptypb.Empty, error) + // GenerateUserCerts generates a set of user certificates. + GenerateUserCerts(context.Context, *UserCertsRequest) (*Certs, error) + // GenerateHostCerts generates a set of host certificates. + GenerateHostCerts(context.Context, *HostCertsRequest) (*Certs, error) + // GenerateUserSingleUseCerts generates a set of single-use user + // certificates. + GenerateUserSingleUseCerts(AuthService_GenerateUserSingleUseCertsServer) error + // IsMFARequired checks whether MFA is required to access the specified + // target. + IsMFARequired(context.Context, *IsMFARequiredRequest) (*IsMFARequiredResponse, error) + // GetAccessRequests gets all pending access requests. + // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. + GetAccessRequests(context.Context, *types.AccessRequestFilter) (*AccessRequests, error) + // GetAccessRequestsV2 gets all pending access requests. + GetAccessRequestsV2(*types.AccessRequestFilter, AuthService_GetAccessRequestsV2Server) error + // CreateAccessRequest creates a new access request. + CreateAccessRequest(context.Context, *types.AccessRequestV3) (*emptypb.Empty, error) + // DeleteAccessRequest deletes an access request. + DeleteAccessRequest(context.Context, *RequestID) (*emptypb.Empty, error) + // SetAccessRequestState sets the state of an access request. + SetAccessRequestState(context.Context, *RequestStateSetter) (*emptypb.Empty, error) + // SubmitAccessReview applies a review to a request and returns the post-application state. + SubmitAccessReview(context.Context, *types.AccessReviewSubmission) (*types.AccessRequestV3, error) + // GetAccessCapabilities requests the access capabilites of a user. + GetAccessCapabilities(context.Context, *types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error) + // GetPluginData gets all plugin data matching the supplied filter. + GetPluginData(context.Context, *types.PluginDataFilter) (*PluginDataSeq, error) + // UpdatePluginData updates a plugin's resource-specific datastore. + UpdatePluginData(context.Context, *types.PluginDataUpdateParams) (*emptypb.Empty, error) + // Ping gets basic info about the auth server. This method is intended + // to mimic the behavior of the proxy's Ping method, and may be used by + // clients for verification or configuration on startup. + Ping(context.Context, *PingRequest) (*PingResponse, error) + // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. + // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. + RotateResetPasswordTokenSecrets(context.Context, *RotateUserTokenSecretsRequest) (*types.UserTokenSecretsV3, error) + // GetResetPasswordToken returns a reset password token. + GetResetPasswordToken(context.Context, *GetResetPasswordTokenRequest) (*types.UserTokenV3, error) + // CreateResetPasswordToken resets users current password and second factors and creates a reset + // password token. + CreateResetPasswordToken(context.Context, *CreateResetPasswordTokenRequest) (*types.UserTokenV3, error) + // CreateBot creates a new bot user. + CreateBot(context.Context, *CreateBotRequest) (*CreateBotResponse, error) + // DeleteBot deletes a bot user. + DeleteBot(context.Context, *DeleteBotRequest) (*emptypb.Empty, error) + // GetBotUsers gets all users with bot labels. + GetBotUsers(*GetBotUsersRequest, AuthService_GetBotUsersServer) error + // GetUser gets a user resource by name. + GetUser(context.Context, *GetUserRequest) (*types.UserV2, error) + // GetCurrentUser returns current user as seen by the server. + // Useful especially in the context of remote clusters which perform role and trait mapping. + GetCurrentUser(context.Context, *emptypb.Empty) (*types.UserV2, error) + // GetCurrentUserRoles returns current user's roles. + GetCurrentUserRoles(*emptypb.Empty, AuthService_GetCurrentUserRolesServer) error + // GetUsers gets all current user resources. + GetUsers(*GetUsersRequest, AuthService_GetUsersServer) error + // CreateUser inserts a new user entry to a backend. + CreateUser(context.Context, *types.UserV2) (*emptypb.Empty, error) + // UpdateUser updates an existing user in a backend. + UpdateUser(context.Context, *types.UserV2) (*emptypb.Empty, error) + // DeleteUser deletes an existing user in a backend by username. + DeleteUser(context.Context, *DeleteUserRequest) (*emptypb.Empty, error) + // AcquireSemaphore acquires lease with requested resources from semaphore. + AcquireSemaphore(context.Context, *types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) + // KeepAliveSemaphoreLease updates semaphore lease. + KeepAliveSemaphoreLease(context.Context, *types.SemaphoreLease) (*emptypb.Empty, error) + // CancelSemaphoreLease cancels semaphore lease early. + CancelSemaphoreLease(context.Context, *types.SemaphoreLease) (*emptypb.Empty, error) + // GetSemaphores returns a list of all semaphores matching the supplied filter. + GetSemaphores(context.Context, *types.SemaphoreFilter) (*Semaphores, error) + // DeleteSemaphore deletes a semaphore matching the supplied filter. + DeleteSemaphore(context.Context, *types.SemaphoreFilter) (*emptypb.Empty, error) + // EmitAuditEvent emits audit event + EmitAuditEvent(context.Context, *events.OneOf) (*emptypb.Empty, error) + // CreateAuditStream creates or resumes audit events streams + CreateAuditStream(AuthService_CreateAuditStreamServer) error + // GetApplicationServers gets all application servers. + // DELETE IN 10.0. Deprecated, use ListResources. + GetApplicationServers(context.Context, *GetApplicationServersRequest) (*GetApplicationServersResponse, error) + // UpsertApplicationServer adds an application server. + UpsertApplicationServer(context.Context, *UpsertApplicationServerRequest) (*types.KeepAlive, error) + // DeleteApplicationServer removes an application server. + DeleteApplicationServer(context.Context, *DeleteApplicationServerRequest) (*emptypb.Empty, error) + // DeleteAllApplicationServers removes all application servers. + DeleteAllApplicationServers(context.Context, *DeleteAllApplicationServersRequest) (*emptypb.Empty, error) + // GetAppServers gets all application servers. + // + // DELETE IN 9.0. Deprecated, use GetApplicationServers. + GetAppServers(context.Context, *GetAppServersRequest) (*GetAppServersResponse, error) + // UpsertAppServer adds an application server. + // + // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. + UpsertAppServer(context.Context, *UpsertAppServerRequest) (*types.KeepAlive, error) + // DeleteAppServer removes an application server. + // + // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. + DeleteAppServer(context.Context, *DeleteAppServerRequest) (*emptypb.Empty, error) + // DeleteAllAppServers removes all application servers. + // + // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. + DeleteAllAppServers(context.Context, *DeleteAllAppServersRequest) (*emptypb.Empty, error) + // GenerateAppToken will generate a JWT token for application access. + GenerateAppToken(context.Context, *GenerateAppTokenRequest) (*GenerateAppTokenResponse, error) + // GetAppSession gets an application web session. + GetAppSession(context.Context, *GetAppSessionRequest) (*GetAppSessionResponse, error) + // GetAppSessions gets all application web sessions. + GetAppSessions(context.Context, *emptypb.Empty) (*GetAppSessionsResponse, error) + // CreateAppSession creates an application web session. Application web + // sessions represent a browser session the client holds. + CreateAppSession(context.Context, *CreateAppSessionRequest) (*CreateAppSessionResponse, error) + // DeleteAppSession removes an application web session. + DeleteAppSession(context.Context, *DeleteAppSessionRequest) (*emptypb.Empty, error) + // DeleteAllAppSessions removes all application web sessions. + DeleteAllAppSessions(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // DeleteUserAppSessions deletes all user’s application sessions. + DeleteUserAppSessions(context.Context, *DeleteUserAppSessionsRequest) (*emptypb.Empty, error) + // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access + // Snowflake integration. + CreateSnowflakeSession(context.Context, *CreateSnowflakeSessionRequest) (*CreateSnowflakeSessionResponse, error) + // GetSnowflakeSession returns a web session with sub kind Snowflake. + GetSnowflakeSession(context.Context, *GetSnowflakeSessionRequest) (*GetSnowflakeSessionResponse, error) + // GetSnowflakeSessions gets all Snowflake web sessions. + GetSnowflakeSessions(context.Context, *emptypb.Empty) (*GetSnowflakeSessionsResponse, error) + // DeleteSnowflakeSession removes a Snowflake web session. + DeleteSnowflakeSession(context.Context, *DeleteSnowflakeSessionRequest) (*emptypb.Empty, error) + // DeleteAllSnowflakeSessions removes all Snowflake web sessions. + DeleteAllSnowflakeSessions(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetWebSession gets a web session. + GetWebSession(context.Context, *types.GetWebSessionRequest) (*GetWebSessionResponse, error) + // GetWebSessions gets all web sessions. + GetWebSessions(context.Context, *emptypb.Empty) (*GetWebSessionsResponse, error) + // DeleteWebSession deletes a web session. + DeleteWebSession(context.Context, *types.DeleteWebSessionRequest) (*emptypb.Empty, error) + // DeleteAllWebSessions deletes all web sessions. + DeleteAllWebSessions(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetWebToken gets a web token. + GetWebToken(context.Context, *types.GetWebTokenRequest) (*GetWebTokenResponse, error) + // GetWebTokens gets all web tokens. + GetWebTokens(context.Context, *emptypb.Empty) (*GetWebTokensResponse, error) + // DeleteWebToken deletes a web token. + DeleteWebToken(context.Context, *types.DeleteWebTokenRequest) (*emptypb.Empty, error) + // DeleteAllWebTokens deletes all web tokens. + DeleteAllWebTokens(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // UpdateRemoteCluster updates remote cluster + UpdateRemoteCluster(context.Context, *types.RemoteClusterV3) (*emptypb.Empty, error) + // GetKubeServices gets all kubernetes services. + // DELETE IN 10.0. Deprecated, use ListResources. + GetKubeServices(context.Context, *GetKubeServicesRequest) (*GetKubeServicesResponse, error) + // UpsertKubeService adds or updates a kubernetes service. + // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 + UpsertKubeService(context.Context, *UpsertKubeServiceRequest) (*emptypb.Empty, error) + // UpsertKubeServiceV2 adds or updates a kubernetes service. + UpsertKubeServiceV2(context.Context, *UpsertKubeServiceRequest) (*types.KeepAlive, error) + // DeleteKubeService removes a kubernetes service. + DeleteKubeService(context.Context, *DeleteKubeServiceRequest) (*emptypb.Empty, error) + // DeleteAllKubeServices removes all kubernetes services. + DeleteAllKubeServices(context.Context, *DeleteAllKubeServicesRequest) (*emptypb.Empty, error) + // GetDatabaseServers returns all registered database proxy servers. + // DELETE IN 10.0. Deprecated, use ListResources. + GetDatabaseServers(context.Context, *GetDatabaseServersRequest) (*GetDatabaseServersResponse, error) + // UpsertDatabaseServer registers a new database proxy server. + UpsertDatabaseServer(context.Context, *UpsertDatabaseServerRequest) (*types.KeepAlive, error) + // DeleteDatabaseServer removes the specified database proxy server. + DeleteDatabaseServer(context.Context, *DeleteDatabaseServerRequest) (*emptypb.Empty, error) + // DeleteAllDatabaseServers removes all registered database proxy servers. + DeleteAllDatabaseServers(context.Context, *DeleteAllDatabaseServersRequest) (*emptypb.Empty, error) + // SignDatabaseCSR generates client certificate used by proxy to + // authenticate with a remote database service. + SignDatabaseCSR(context.Context, *DatabaseCSRRequest) (*DatabaseCSRResponse, error) + // GenerateDatabaseCert generates client certificate used by a database + // service to authenticate with the database instance. + GenerateDatabaseCert(context.Context, *DatabaseCertRequest) (*DatabaseCertResponse, error) + /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. + GenerateSnowflakeJWT(context.Context, *SnowflakeJWTRequest) (*SnowflakeJWTResponse, error) + // GetRole retrieves a role described by the given request. + GetRole(context.Context, *GetRoleRequest) (*types.RoleV5, error) + // GetRole retrieves all roles. + GetRoles(context.Context, *emptypb.Empty) (*GetRolesResponse, error) + // UpsertRole upserts a role in a backend. + UpsertRole(context.Context, *types.RoleV5) (*emptypb.Empty, error) + // DeleteRole deletes an existing role in a backend described by the given request. + DeleteRole(context.Context, *DeleteRoleRequest) (*emptypb.Empty, error) + // AddMFADevice adds an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- ExistingMFAChallenge + // -> ExistingMFAResponse + // <- NewMFARegisterChallenge + // -> NewMFARegisterResponse + // <- Ack + AddMFADevice(AuthService_AddMFADeviceServer) error + // DeleteMFADevice deletes an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- MFAChallenge + // -> MFAResponse + // <- Ack + DeleteMFADevice(AuthService_DeleteMFADeviceServer) error + // AddMFADeviceSync adds a new MFA device (nonstream). + AddMFADeviceSync(context.Context, *AddMFADeviceSyncRequest) (*AddMFADeviceSyncResponse, error) + // DeleteMFADeviceSync deletes a users MFA device (nonstream). + DeleteMFADeviceSync(context.Context, *DeleteMFADeviceSyncRequest) (*emptypb.Empty, error) + // GetMFADevices returns all MFA devices registered for the user calling + // this RPC. + GetMFADevices(context.Context, *GetMFADevicesRequest) (*GetMFADevicesResponse, error) + // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA + // devices. + CreateAuthenticateChallenge(context.Context, *CreateAuthenticateChallengeRequest) (*MFAAuthenticateChallenge, error) + // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. + CreateRegisterChallenge(context.Context, *CreateRegisterChallengeRequest) (*MFARegisterChallenge, error) + // GetOIDCConnector gets an OIDC connector resource by name. + GetOIDCConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.OIDCConnectorV3, error) + // GetOIDCConnectors gets all current OIDC connector resources. + GetOIDCConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.OIDCConnectorV3List, error) + // UpsertOIDCConnector upserts an OIDC connector in a backend. + UpsertOIDCConnector(context.Context, *types.OIDCConnectorV3) (*emptypb.Empty, error) + // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. + DeleteOIDCConnector(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // CreateOIDCAuthRequest creates OIDCAuthRequest. + CreateOIDCAuthRequest(context.Context, *types.OIDCAuthRequest) (*types.OIDCAuthRequest, error) + // GetOIDCAuthRequest returns OIDC auth request if found. + GetOIDCAuthRequest(context.Context, *GetOIDCAuthRequestRequest) (*types.OIDCAuthRequest, error) + // GetSAMLConnector gets a SAML connector resource by name. + GetSAMLConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.SAMLConnectorV2, error) + // GetSAMLConnectors gets all current SAML connector resources. + GetSAMLConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.SAMLConnectorV2List, error) + // UpsertSAMLConnector upserts a SAML connector in a backend. + UpsertSAMLConnector(context.Context, *types.SAMLConnectorV2) (*emptypb.Empty, error) + // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. + DeleteSAMLConnector(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // CreateSAMLAuthRequest creates SAMLAuthRequest. + CreateSAMLAuthRequest(context.Context, *types.SAMLAuthRequest) (*types.SAMLAuthRequest, error) + // GetSAMLAuthRequest returns SAML auth request if found. + GetSAMLAuthRequest(context.Context, *GetSAMLAuthRequestRequest) (*types.SAMLAuthRequest, error) + // GetGithubConnector gets a Github connector resource by name. + GetGithubConnector(context.Context, *types.ResourceWithSecretsRequest) (*types.GithubConnectorV3, error) + // GetGithubConnectors gets all current Github connector resources. + GetGithubConnectors(context.Context, *types.ResourcesWithSecretsRequest) (*types.GithubConnectorV3List, error) + // UpsertGithubConnector upserts a Github connector in a backend. + UpsertGithubConnector(context.Context, *types.GithubConnectorV3) (*emptypb.Empty, error) + // DeleteGithubConnector deletes an existing Github connector in a backend by name. + DeleteGithubConnector(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // CreateGithubAuthRequest creates GithubAuthRequest. + CreateGithubAuthRequest(context.Context, *types.GithubAuthRequest) (*types.GithubAuthRequest, error) + // GetGithubAuthRequest returns Github auth request if found. + GetGithubAuthRequest(context.Context, *GetGithubAuthRequestRequest) (*types.GithubAuthRequest, error) + // GetSSODiagnosticInfo returns SSO diagnostic info records. + GetSSODiagnosticInfo(context.Context, *GetSSODiagnosticInfoRequest) (*types.SSODiagnosticInfo, error) + // GetTrustedCluster gets a Trusted Cluster resource by name. + GetTrustedCluster(context.Context, *types.ResourceRequest) (*types.TrustedClusterV2, error) + // GetTrustedClusters gets all current Trusted Cluster resources. + GetTrustedClusters(context.Context, *emptypb.Empty) (*types.TrustedClusterV2List, error) + // UpsertTrustedCluster upserts a Trusted Cluster in a backend. + UpsertTrustedCluster(context.Context, *types.TrustedClusterV2) (*types.TrustedClusterV2, error) + // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. + DeleteTrustedCluster(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // GetToken retrieves a token described by the given request. + GetToken(context.Context, *types.ResourceRequest) (*types.ProvisionTokenV2, error) + // GetToken retrieves all tokens. + GetTokens(context.Context, *emptypb.Empty) (*types.ProvisionTokenV2List, error) + // UpsertToken upserts a token in a backend. + UpsertToken(context.Context, *types.ProvisionTokenV2) (*emptypb.Empty, error) + // CreateToken creates a token in a backend. + CreateToken(context.Context, *types.ProvisionTokenV2) (*emptypb.Empty, error) + // GenerateToken generates a new auth token. + GenerateToken(context.Context, *GenerateTokenRequest) (*GenerateTokenResponse, error) + // DeleteToken deletes an existing token in a backend described by the given request. + DeleteToken(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // GetClusterAuditConfig gets cluster audit configuration. + GetClusterAuditConfig(context.Context, *emptypb.Empty) (*types.ClusterAuditConfigV2, error) + // GetClusterNetworkingConfig gets cluster networking configuration. + GetClusterNetworkingConfig(context.Context, *emptypb.Empty) (*types.ClusterNetworkingConfigV2, error) + // SetClusterNetworkingConfig sets cluster networking configuration. + SetClusterNetworkingConfig(context.Context, *types.ClusterNetworkingConfigV2) (*emptypb.Empty, error) + // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. + ResetClusterNetworkingConfig(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetSessionRecordingConfig gets session recording configuration. + GetSessionRecordingConfig(context.Context, *emptypb.Empty) (*types.SessionRecordingConfigV2, error) + // SetSessionRecordingConfig sets session recording configuration. + SetSessionRecordingConfig(context.Context, *types.SessionRecordingConfigV2) (*emptypb.Empty, error) + // ResetSessionRecordingConfig resets session recording configuration to defaults. + ResetSessionRecordingConfig(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetAuthPreference gets cluster auth preference. + GetAuthPreference(context.Context, *emptypb.Empty) (*types.AuthPreferenceV2, error) + // SetAuthPreference sets cluster auth preference. + SetAuthPreference(context.Context, *types.AuthPreferenceV2) (*emptypb.Empty, error) + // ResetAuthPreference resets cluster auth preference to defaults. + ResetAuthPreference(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetEvents gets events from the audit log. + GetEvents(context.Context, *GetEventsRequest) (*Events, error) + // GetSessionEvents gets completed session events from the audit log. + GetSessionEvents(context.Context, *GetSessionEventsRequest) (*Events, error) + // GetLock gets a lock by name. + GetLock(context.Context, *GetLockRequest) (*types.LockV2, error) + // GetLocks gets all/in-force locks that match at least one of the targets when specified. + GetLocks(context.Context, *GetLocksRequest) (*GetLocksResponse, error) + // UpsertLock upserts a lock. + UpsertLock(context.Context, *types.LockV2) (*emptypb.Empty, error) + // DeleteLock deletes a lock. + DeleteLock(context.Context, *DeleteLockRequest) (*emptypb.Empty, error) + // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. + ReplaceRemoteLocks(context.Context, *ReplaceRemoteLocksRequest) (*emptypb.Empty, error) + // StreamSessionEvents streams audit events from a given session recording. + StreamSessionEvents(*StreamSessionEventsRequest, AuthService_StreamSessionEventsServer) error + // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). + GetNetworkRestrictions(context.Context, *emptypb.Empty) (*types.NetworkRestrictionsV4, error) + // SetNetworkRestrictions updates the network restrictions. + SetNetworkRestrictions(context.Context, *types.NetworkRestrictionsV4) (*emptypb.Empty, error) + // DeleteNetworkRestrictions delete the network restrictions. + DeleteNetworkRestrictions(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetApps returns all registered applications. + GetApps(context.Context, *emptypb.Empty) (*types.AppV3List, error) + // GetApp returns an application by name. + GetApp(context.Context, *types.ResourceRequest) (*types.AppV3, error) + // CreateApp creates a new application resource. + CreateApp(context.Context, *types.AppV3) (*emptypb.Empty, error) + // UpdateApp updates existing application resource. + UpdateApp(context.Context, *types.AppV3) (*emptypb.Empty, error) + // DeleteApp removes specified application resource. + DeleteApp(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // DeleteAllApps removes all application resources. + DeleteAllApps(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetDatabases returns all registered databases. + GetDatabases(context.Context, *emptypb.Empty) (*types.DatabaseV3List, error) + // GetDatabase returns a database by name. + GetDatabase(context.Context, *types.ResourceRequest) (*types.DatabaseV3, error) + // CreateDatabase creates a new database resource. + CreateDatabase(context.Context, *types.DatabaseV3) (*emptypb.Empty, error) + // UpdateDatabase updates existing database resource. + UpdateDatabase(context.Context, *types.DatabaseV3) (*emptypb.Empty, error) + // DeleteDatabase removes specified database resource. + DeleteDatabase(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // DeleteAllDatabases removes all database resources. + DeleteAllDatabases(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetWindowsDesktopServices returns all registered Windows desktop services. + GetWindowsDesktopServices(context.Context, *emptypb.Empty) (*GetWindowsDesktopServicesResponse, error) + // TODO(zmb3): Document me. + GetWindowsDesktopService(context.Context, *GetWindowsDesktopServiceRequest) (*GetWindowsDesktopServiceResponse, error) + // UpsertWindowsDesktopService registers a new Windows desktop service. + UpsertWindowsDesktopService(context.Context, *types.WindowsDesktopServiceV3) (*types.KeepAlive, error) + // DeleteWindowsDesktopService removes the specified Windows desktop service. + DeleteWindowsDesktopService(context.Context, *DeleteWindowsDesktopServiceRequest) (*emptypb.Empty, error) + // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. + DeleteAllWindowsDesktopServices(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. + GetWindowsDesktops(context.Context, *types.WindowsDesktopFilter) (*GetWindowsDesktopsResponse, error) + // CreateWindowsDesktop registers a new Windows desktop host. + CreateWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*emptypb.Empty, error) + // UpdateWindowsDesktop updates an existing Windows desktop host. + UpdateWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*emptypb.Empty, error) + // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. + UpsertWindowsDesktop(context.Context, *types.WindowsDesktopV3) (*emptypb.Empty, error) + // DeleteWindowsDesktop removes the specified Windows desktop host. + // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. + // To delete all desktops, use DeleteAllWindowsDesktops. + DeleteWindowsDesktop(context.Context, *DeleteWindowsDesktopRequest) (*emptypb.Empty, error) + // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. + DeleteAllWindowsDesktops(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // GenerateWindowsDesktopCert generates client smartcard certificate used + // by an RDP client to authenticate with Windows. + GenerateWindowsDesktopCert(context.Context, *WindowsDesktopCertRequest) (*WindowsDesktopCertResponse, error) + // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. + GenerateCertAuthorityCRL(context.Context, *CertAuthorityRequest) (*CRL, error) + // CreateConnectionDiagnostic creates a new connection diagnostic. + CreateConnectionDiagnostic(context.Context, *types.ConnectionDiagnosticV1) (*emptypb.Empty, error) + // UpdateConnectionDiagnostic updates a connection diagnostic. + UpdateConnectionDiagnostic(context.Context, *types.ConnectionDiagnosticV1) (*emptypb.Empty, error) + // GetConnectionDiagnostic reads a connection diagnostic. + GetConnectionDiagnostic(context.Context, *GetConnectionDiagnosticRequest) (*types.ConnectionDiagnosticV1, error) + // AppendDiagnosticTrace appends a Trace to the ConnectionDiagnostic. + AppendDiagnosticTrace(context.Context, *AppendDiagnosticTraceRequest) (*types.ConnectionDiagnosticV1, error) + // ChangeUserAuthentication allows a user to change their password and if enabled, + // also adds a new MFA device. After successful invocation, a new web session is created as well + // as a new set of recovery codes (if user meets the requirements to receive them), invalidating + // any existing codes the user previously had. + ChangeUserAuthentication(context.Context, *ChangeUserAuthenticationRequest) (*ChangeUserAuthenticationResponse, error) + // StartAccountRecovery (exclusive to cloud users) is the first out of two step user + // verification needed to allow a user to recover their account. The first form of verification + // is a user's username and a recovery code. After successful verification, a recovery start + // token is created for the user which its ID will be used as part of a URL that will be emailed + // to the user (not done in this request). The user will be able to finish their second form of + // verification by clicking on this URL and following the prompts. + // + // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, + // user account gets temporarily locked from further recovery attempts and from logging in. + // + // Start tokens last RecoveryStartTokenTTL. + StartAccountRecovery(context.Context, *StartAccountRecoveryRequest) (*types.UserTokenV3, error) + // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step + // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. + // The second form of verification is a user's password or their second factor (depending on + // what authentication they needed to recover). After successful verification, a recovery + // approved token is created which allows a user to request protected actions while not logged + // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA + // devices, and generating new recovery codes. + // + // The recovery start token to verify this request becomes deleted before + // creating a recovery approved token, which invalidates the recovery link users received + // to finish their verification. + // + // If user fails to verify themselves for MaxAccountRecoveryAttempts + // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked + // from logging in. If users still have unused recovery codes left, they still have + // opportunities to recover their account. To allow this, users recovery attempts are also + // deleted along with all user tokens which will force the user to restart the recovery process + // from step 1 (RPC StartAccountRecovery). + // + // Recovery approved tokens last RecoveryApprovedTokenTTL. + VerifyAccountRecovery(context.Context, *VerifyAccountRecoveryRequest) (*types.UserTokenV3, error) + // CompleteAccountRecovery (exclusive to cloud users) is the last step in account + // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new + // password or adds a new mfa device, allowing the user to regain access to their account with + // the new credentials. When the new authentication is successfully set, any user lock is + // removed so the user can login immediately afterwards. + CompleteAccountRecovery(context.Context, *CompleteAccountRecoveryRequest) (*emptypb.Empty, error) + // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a + // user, replacing and invalidating any previously owned codes. Users can only get recovery + // codes if their username is in a valid email format. + CreateAccountRecoveryCodes(context.Context, *CreateAccountRecoveryCodesRequest) (*RecoveryCodes, error) + // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after + // verifying that the token requested has not expired and is of the correct recovery kind. + // Besides checking for validity of a token ID, it is also used to get basic information from + // the token e.g: username, state of recovery (started or approved) and the type of recovery + // requested (password or second factor). + GetAccountRecoveryToken(context.Context, *GetAccountRecoveryTokenRequest) (*types.UserTokenV3, error) + // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context + // their recovery codes. This request will not return any secrets (the values of recovery + // codes), but instead returns non-sensitive data eg. when the recovery codes were created. + GetAccountRecoveryCodes(context.Context, *GetAccountRecoveryCodesRequest) (*RecoveryCodes, error) + // CreatePrivilegeToken returns a new privilege token after a logged in user successfully + // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and + // is used to gain access to privileged actions eg: deleting/adding a MFA device. + CreatePrivilegeToken(context.Context, *CreatePrivilegeTokenRequest) (*types.UserTokenV3, error) + // GetInstaller retrieves the installer script resource + GetInstaller(context.Context, *types.ResourceRequest) (*types.InstallerV1, error) + // GetInstallers retrieves all of installer script resources. + GetInstallers(context.Context, *emptypb.Empty) (*types.InstallerV1List, error) + // SetInstaller sets the installer script resource + SetInstaller(context.Context, *types.InstallerV1) (*emptypb.Empty, error) + // DeleteInstaller removes the specified installer script resource + DeleteInstaller(context.Context, *types.ResourceRequest) (*emptypb.Empty, error) + // DeleteAllInstallers removes all installer script resources + DeleteAllInstallers(context.Context, *emptypb.Empty) (*emptypb.Empty, error) + // ListResources retrieves a paginated list of resources. + ListResources(context.Context, *ListResourcesRequest) (*ListResourcesResponse, error) + // GetDomainName returns local auth domain of the current auth server + GetDomainName(context.Context, *emptypb.Empty) (*GetDomainNameResponse, error) + // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster + // without signing keys. If the cluster has multiple TLS certs, they will + // all be appended. + GetClusterCACert(context.Context, *emptypb.Empty) (*GetClusterCACertResponse, error) + // UnstableAssertSystemRole is not a stable part of the public API. Used by older + // instances to prove that they hold a given system role. + // DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) + UnstableAssertSystemRole(context.Context, *UnstableSystemRoleAssertion) (*emptypb.Empty, error) } -func _AuthService_KeepAliveSemaphoreLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SemaphoreLease) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).KeepAliveSemaphoreLease(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/KeepAliveSemaphoreLease", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).KeepAliveSemaphoreLease(ctx, req.(*types.SemaphoreLease)) - } - return interceptor(ctx, in, info, handler) +// UnimplementedAuthServiceServer can be embedded to have forward compatible implementations. +type UnimplementedAuthServiceServer struct { } -func _AuthService_CancelSemaphoreLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SemaphoreLease) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).CancelSemaphoreLease(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/CancelSemaphoreLease", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CancelSemaphoreLease(ctx, req.(*types.SemaphoreLease)) - } - return interceptor(ctx, in, info, handler) +func (*UnimplementedAuthServiceServer) InventoryControlStream(srv AuthService_InventoryControlStreamServer) error { + return status.Errorf(codes.Unimplemented, "method InventoryControlStream not implemented") } - -func _AuthService_GetSemaphores_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SemaphoreFilter) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GetSemaphores(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetSemaphores", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSemaphores(ctx, req.(*types.SemaphoreFilter)) - } - return interceptor(ctx, in, info, handler) +func (*UnimplementedAuthServiceServer) GetInventoryStatus(ctx context.Context, req *InventoryStatusRequest) (*InventoryStatusSummary, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetInventoryStatus not implemented") } - -func _AuthService_DeleteSemaphore_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SemaphoreFilter) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteSemaphore(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteSemaphore", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteSemaphore(ctx, req.(*types.SemaphoreFilter)) - } - return interceptor(ctx, in, info, handler) +func (*UnimplementedAuthServiceServer) PingInventory(ctx context.Context, req *InventoryPingRequest) (*InventoryPingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method PingInventory not implemented") } - -func _AuthService_EmitAuditEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(events.OneOf) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).EmitAuditEvent(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/EmitAuditEvent", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).EmitAuditEvent(ctx, req.(*events.OneOf)) - } - return interceptor(ctx, in, info, handler) +func (*UnimplementedAuthServiceServer) GetClusterAlerts(ctx context.Context, req *types.GetClusterAlertsRequest) (*GetClusterAlertsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetClusterAlerts not implemented") } - -func _AuthService_CreateAuditStream_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).CreateAuditStream(&authServiceCreateAuditStreamServer{stream}) +func (*UnimplementedAuthServiceServer) UpsertClusterAlert(ctx context.Context, req *UpsertClusterAlertRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertClusterAlert not implemented") } - -type AuthService_CreateAuditStreamServer interface { - Send(*events.StreamStatus) error - Recv() (*AuditStreamRequest, error) - grpc.ServerStream +func (*UnimplementedAuthServiceServer) MaintainSessionPresence(srv AuthService_MaintainSessionPresenceServer) error { + return status.Errorf(codes.Unimplemented, "method MaintainSessionPresence not implemented") } - -type authServiceCreateAuditStreamServer struct { - grpc.ServerStream +func (*UnimplementedAuthServiceServer) CreateSessionTracker(ctx context.Context, req *CreateSessionTrackerRequest) (*types.SessionTrackerV1, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateSessionTracker not implemented") } - -func (x *authServiceCreateAuditStreamServer) Send(m *events.StreamStatus) error { - return x.ServerStream.SendMsg(m) +func (*UnimplementedAuthServiceServer) GetSessionTracker(ctx context.Context, req *GetSessionTrackerRequest) (*types.SessionTrackerV1, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSessionTracker not implemented") } - -func (x *authServiceCreateAuditStreamServer) Recv() (*AuditStreamRequest, error) { - m := new(AuditStreamRequest) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil +func (*UnimplementedAuthServiceServer) GetActiveSessionTrackers(req *emptypb.Empty, srv AuthService_GetActiveSessionTrackersServer) error { + return status.Errorf(codes.Unimplemented, "method GetActiveSessionTrackers not implemented") } - -func _AuthService_GetApplicationServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetApplicationServersRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GetApplicationServers(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetApplicationServers", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetApplicationServers(ctx, req.(*GetApplicationServersRequest)) - } - return interceptor(ctx, in, info, handler) +func (*UnimplementedAuthServiceServer) RemoveSessionTracker(ctx context.Context, req *RemoveSessionTrackerRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method RemoveSessionTracker not implemented") } - -func _AuthService_UpsertApplicationServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpsertApplicationServerRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).UpsertApplicationServer(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/UpsertApplicationServer", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertApplicationServer(ctx, req.(*UpsertApplicationServerRequest)) +func (*UnimplementedAuthServiceServer) UpdateSessionTracker(ctx context.Context, req *UpdateSessionTrackerRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateSessionTracker not implemented") +} +func (*UnimplementedAuthServiceServer) SendKeepAlives(srv AuthService_SendKeepAlivesServer) error { + return status.Errorf(codes.Unimplemented, "method SendKeepAlives not implemented") +} +func (*UnimplementedAuthServiceServer) WatchEvents(req *Watch, srv AuthService_WatchEventsServer) error { + return status.Errorf(codes.Unimplemented, "method WatchEvents not implemented") +} +func (*UnimplementedAuthServiceServer) GetNode(ctx context.Context, req *types.ResourceInNamespaceRequest) (*types.ServerV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetNode not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertNode(ctx context.Context, req *types.ServerV2) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertNode not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteNode(ctx context.Context, req *types.ResourceInNamespaceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteNode not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllNodes(ctx context.Context, req *types.ResourcesInNamespaceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllNodes not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateUserCerts(ctx context.Context, req *UserCertsRequest) (*Certs, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateUserCerts not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateHostCerts(ctx context.Context, req *HostCertsRequest) (*Certs, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateHostCerts not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateUserSingleUseCerts(srv AuthService_GenerateUserSingleUseCertsServer) error { + return status.Errorf(codes.Unimplemented, "method GenerateUserSingleUseCerts not implemented") +} +func (*UnimplementedAuthServiceServer) IsMFARequired(ctx context.Context, req *IsMFARequiredRequest) (*IsMFARequiredResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method IsMFARequired not implemented") +} +func (*UnimplementedAuthServiceServer) GetAccessRequests(ctx context.Context, req *types.AccessRequestFilter) (*AccessRequests, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAccessRequests not implemented") +} +func (*UnimplementedAuthServiceServer) GetAccessRequestsV2(req *types.AccessRequestFilter, srv AuthService_GetAccessRequestsV2Server) error { + return status.Errorf(codes.Unimplemented, "method GetAccessRequestsV2 not implemented") +} +func (*UnimplementedAuthServiceServer) CreateAccessRequest(ctx context.Context, req *types.AccessRequestV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateAccessRequest not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAccessRequest(ctx context.Context, req *RequestID) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAccessRequest not implemented") +} +func (*UnimplementedAuthServiceServer) SetAccessRequestState(ctx context.Context, req *RequestStateSetter) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetAccessRequestState not implemented") +} +func (*UnimplementedAuthServiceServer) SubmitAccessReview(ctx context.Context, req *types.AccessReviewSubmission) (*types.AccessRequestV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method SubmitAccessReview not implemented") +} +func (*UnimplementedAuthServiceServer) GetAccessCapabilities(ctx context.Context, req *types.AccessCapabilitiesRequest) (*types.AccessCapabilities, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAccessCapabilities not implemented") +} +func (*UnimplementedAuthServiceServer) GetPluginData(ctx context.Context, req *types.PluginDataFilter) (*PluginDataSeq, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetPluginData not implemented") +} +func (*UnimplementedAuthServiceServer) UpdatePluginData(ctx context.Context, req *types.PluginDataUpdateParams) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdatePluginData not implemented") +} +func (*UnimplementedAuthServiceServer) Ping(ctx context.Context, req *PingRequest) (*PingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Ping not implemented") +} +func (*UnimplementedAuthServiceServer) RotateResetPasswordTokenSecrets(ctx context.Context, req *RotateUserTokenSecretsRequest) (*types.UserTokenSecretsV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method RotateResetPasswordTokenSecrets not implemented") +} +func (*UnimplementedAuthServiceServer) GetResetPasswordToken(ctx context.Context, req *GetResetPasswordTokenRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetResetPasswordToken not implemented") +} +func (*UnimplementedAuthServiceServer) CreateResetPasswordToken(ctx context.Context, req *CreateResetPasswordTokenRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateResetPasswordToken not implemented") +} +func (*UnimplementedAuthServiceServer) CreateBot(ctx context.Context, req *CreateBotRequest) (*CreateBotResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateBot not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteBot(ctx context.Context, req *DeleteBotRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteBot not implemented") +} +func (*UnimplementedAuthServiceServer) GetBotUsers(req *GetBotUsersRequest, srv AuthService_GetBotUsersServer) error { + return status.Errorf(codes.Unimplemented, "method GetBotUsers not implemented") +} +func (*UnimplementedAuthServiceServer) GetUser(ctx context.Context, req *GetUserRequest) (*types.UserV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetUser not implemented") +} +func (*UnimplementedAuthServiceServer) GetCurrentUser(ctx context.Context, req *emptypb.Empty) (*types.UserV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetCurrentUser not implemented") +} +func (*UnimplementedAuthServiceServer) GetCurrentUserRoles(req *emptypb.Empty, srv AuthService_GetCurrentUserRolesServer) error { + return status.Errorf(codes.Unimplemented, "method GetCurrentUserRoles not implemented") +} +func (*UnimplementedAuthServiceServer) GetUsers(req *GetUsersRequest, srv AuthService_GetUsersServer) error { + return status.Errorf(codes.Unimplemented, "method GetUsers not implemented") +} +func (*UnimplementedAuthServiceServer) CreateUser(ctx context.Context, req *types.UserV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateUser(ctx context.Context, req *types.UserV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateUser not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteUser(ctx context.Context, req *DeleteUserRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteUser not implemented") +} +func (*UnimplementedAuthServiceServer) AcquireSemaphore(ctx context.Context, req *types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) { + return nil, status.Errorf(codes.Unimplemented, "method AcquireSemaphore not implemented") +} +func (*UnimplementedAuthServiceServer) KeepAliveSemaphoreLease(ctx context.Context, req *types.SemaphoreLease) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method KeepAliveSemaphoreLease not implemented") +} +func (*UnimplementedAuthServiceServer) CancelSemaphoreLease(ctx context.Context, req *types.SemaphoreLease) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CancelSemaphoreLease not implemented") +} +func (*UnimplementedAuthServiceServer) GetSemaphores(ctx context.Context, req *types.SemaphoreFilter) (*Semaphores, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSemaphores not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteSemaphore(ctx context.Context, req *types.SemaphoreFilter) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteSemaphore not implemented") +} +func (*UnimplementedAuthServiceServer) EmitAuditEvent(ctx context.Context, req *events.OneOf) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method EmitAuditEvent not implemented") +} +func (*UnimplementedAuthServiceServer) CreateAuditStream(srv AuthService_CreateAuditStreamServer) error { + return status.Errorf(codes.Unimplemented, "method CreateAuditStream not implemented") +} +func (*UnimplementedAuthServiceServer) GetApplicationServers(ctx context.Context, req *GetApplicationServersRequest) (*GetApplicationServersResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetApplicationServers not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertApplicationServer(ctx context.Context, req *UpsertApplicationServerRequest) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertApplicationServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteApplicationServer(ctx context.Context, req *DeleteApplicationServerRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteApplicationServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllApplicationServers(ctx context.Context, req *DeleteAllApplicationServersRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllApplicationServers not implemented") +} +func (*UnimplementedAuthServiceServer) GetAppServers(ctx context.Context, req *GetAppServersRequest) (*GetAppServersResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAppServers not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertAppServer(ctx context.Context, req *UpsertAppServerRequest) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertAppServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAppServer(ctx context.Context, req *DeleteAppServerRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAppServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllAppServers(ctx context.Context, req *DeleteAllAppServersRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllAppServers not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateAppToken(ctx context.Context, req *GenerateAppTokenRequest) (*GenerateAppTokenResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateAppToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetAppSession(ctx context.Context, req *GetAppSessionRequest) (*GetAppSessionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAppSession not implemented") +} +func (*UnimplementedAuthServiceServer) GetAppSessions(ctx context.Context, req *emptypb.Empty) (*GetAppSessionsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAppSessions not implemented") +} +func (*UnimplementedAuthServiceServer) CreateAppSession(ctx context.Context, req *CreateAppSessionRequest) (*CreateAppSessionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateAppSession not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAppSession(ctx context.Context, req *DeleteAppSessionRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAppSession not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllAppSessions(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllAppSessions not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteUserAppSessions(ctx context.Context, req *DeleteUserAppSessionsRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteUserAppSessions not implemented") +} +func (*UnimplementedAuthServiceServer) CreateSnowflakeSession(ctx context.Context, req *CreateSnowflakeSessionRequest) (*CreateSnowflakeSessionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateSnowflakeSession not implemented") +} +func (*UnimplementedAuthServiceServer) GetSnowflakeSession(ctx context.Context, req *GetSnowflakeSessionRequest) (*GetSnowflakeSessionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSnowflakeSession not implemented") +} +func (*UnimplementedAuthServiceServer) GetSnowflakeSessions(ctx context.Context, req *emptypb.Empty) (*GetSnowflakeSessionsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSnowflakeSessions not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteSnowflakeSession(ctx context.Context, req *DeleteSnowflakeSessionRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteSnowflakeSession not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllSnowflakeSessions(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllSnowflakeSessions not implemented") +} +func (*UnimplementedAuthServiceServer) GetWebSession(ctx context.Context, req *types.GetWebSessionRequest) (*GetWebSessionResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWebSession not implemented") +} +func (*UnimplementedAuthServiceServer) GetWebSessions(ctx context.Context, req *emptypb.Empty) (*GetWebSessionsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWebSessions not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteWebSession(ctx context.Context, req *types.DeleteWebSessionRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWebSession not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllWebSessions(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWebSessions not implemented") +} +func (*UnimplementedAuthServiceServer) GetWebToken(ctx context.Context, req *types.GetWebTokenRequest) (*GetWebTokenResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWebToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetWebTokens(ctx context.Context, req *emptypb.Empty) (*GetWebTokensResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWebTokens not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteWebToken(ctx context.Context, req *types.DeleteWebTokenRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWebToken not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllWebTokens(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWebTokens not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateRemoteCluster(ctx context.Context, req *types.RemoteClusterV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateRemoteCluster not implemented") +} +func (*UnimplementedAuthServiceServer) GetKubeServices(ctx context.Context, req *GetKubeServicesRequest) (*GetKubeServicesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetKubeServices not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertKubeService(ctx context.Context, req *UpsertKubeServiceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertKubeService not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertKubeServiceV2(ctx context.Context, req *UpsertKubeServiceRequest) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertKubeServiceV2 not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteKubeService(ctx context.Context, req *DeleteKubeServiceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteKubeService not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllKubeServices(ctx context.Context, req *DeleteAllKubeServicesRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllKubeServices not implemented") +} +func (*UnimplementedAuthServiceServer) GetDatabaseServers(ctx context.Context, req *GetDatabaseServersRequest) (*GetDatabaseServersResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetDatabaseServers not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertDatabaseServer(ctx context.Context, req *UpsertDatabaseServerRequest) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertDatabaseServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteDatabaseServer(ctx context.Context, req *DeleteDatabaseServerRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteDatabaseServer not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllDatabaseServers(ctx context.Context, req *DeleteAllDatabaseServersRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllDatabaseServers not implemented") +} +func (*UnimplementedAuthServiceServer) SignDatabaseCSR(ctx context.Context, req *DatabaseCSRRequest) (*DatabaseCSRResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method SignDatabaseCSR not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateDatabaseCert(ctx context.Context, req *DatabaseCertRequest) (*DatabaseCertResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateDatabaseCert not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateSnowflakeJWT(ctx context.Context, req *SnowflakeJWTRequest) (*SnowflakeJWTResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateSnowflakeJWT not implemented") +} +func (*UnimplementedAuthServiceServer) GetRole(ctx context.Context, req *GetRoleRequest) (*types.RoleV5, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetRole not implemented") +} +func (*UnimplementedAuthServiceServer) GetRoles(ctx context.Context, req *emptypb.Empty) (*GetRolesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetRoles not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertRole(ctx context.Context, req *types.RoleV5) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertRole not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteRole(ctx context.Context, req *DeleteRoleRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteRole not implemented") +} +func (*UnimplementedAuthServiceServer) AddMFADevice(srv AuthService_AddMFADeviceServer) error { + return status.Errorf(codes.Unimplemented, "method AddMFADevice not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteMFADevice(srv AuthService_DeleteMFADeviceServer) error { + return status.Errorf(codes.Unimplemented, "method DeleteMFADevice not implemented") +} +func (*UnimplementedAuthServiceServer) AddMFADeviceSync(ctx context.Context, req *AddMFADeviceSyncRequest) (*AddMFADeviceSyncResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method AddMFADeviceSync not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteMFADeviceSync(ctx context.Context, req *DeleteMFADeviceSyncRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteMFADeviceSync not implemented") +} +func (*UnimplementedAuthServiceServer) GetMFADevices(ctx context.Context, req *GetMFADevicesRequest) (*GetMFADevicesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetMFADevices not implemented") +} +func (*UnimplementedAuthServiceServer) CreateAuthenticateChallenge(ctx context.Context, req *CreateAuthenticateChallengeRequest) (*MFAAuthenticateChallenge, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateAuthenticateChallenge not implemented") +} +func (*UnimplementedAuthServiceServer) CreateRegisterChallenge(ctx context.Context, req *CreateRegisterChallengeRequest) (*MFARegisterChallenge, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateRegisterChallenge not implemented") +} +func (*UnimplementedAuthServiceServer) GetOIDCConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.OIDCConnectorV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetOIDCConnector not implemented") +} +func (*UnimplementedAuthServiceServer) GetOIDCConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.OIDCConnectorV3List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetOIDCConnectors not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertOIDCConnector(ctx context.Context, req *types.OIDCConnectorV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertOIDCConnector not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteOIDCConnector(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteOIDCConnector not implemented") +} +func (*UnimplementedAuthServiceServer) CreateOIDCAuthRequest(ctx context.Context, req *types.OIDCAuthRequest) (*types.OIDCAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateOIDCAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetOIDCAuthRequest(ctx context.Context, req *GetOIDCAuthRequestRequest) (*types.OIDCAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetOIDCAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetSAMLConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.SAMLConnectorV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSAMLConnector not implemented") +} +func (*UnimplementedAuthServiceServer) GetSAMLConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.SAMLConnectorV2List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSAMLConnectors not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertSAMLConnector(ctx context.Context, req *types.SAMLConnectorV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertSAMLConnector not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteSAMLConnector(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteSAMLConnector not implemented") +} +func (*UnimplementedAuthServiceServer) CreateSAMLAuthRequest(ctx context.Context, req *types.SAMLAuthRequest) (*types.SAMLAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateSAMLAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetSAMLAuthRequest(ctx context.Context, req *GetSAMLAuthRequestRequest) (*types.SAMLAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSAMLAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetGithubConnector(ctx context.Context, req *types.ResourceWithSecretsRequest) (*types.GithubConnectorV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetGithubConnector not implemented") +} +func (*UnimplementedAuthServiceServer) GetGithubConnectors(ctx context.Context, req *types.ResourcesWithSecretsRequest) (*types.GithubConnectorV3List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetGithubConnectors not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertGithubConnector(ctx context.Context, req *types.GithubConnectorV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertGithubConnector not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteGithubConnector(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteGithubConnector not implemented") +} +func (*UnimplementedAuthServiceServer) CreateGithubAuthRequest(ctx context.Context, req *types.GithubAuthRequest) (*types.GithubAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateGithubAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetGithubAuthRequest(ctx context.Context, req *GetGithubAuthRequestRequest) (*types.GithubAuthRequest, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetGithubAuthRequest not implemented") +} +func (*UnimplementedAuthServiceServer) GetSSODiagnosticInfo(ctx context.Context, req *GetSSODiagnosticInfoRequest) (*types.SSODiagnosticInfo, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSSODiagnosticInfo not implemented") +} +func (*UnimplementedAuthServiceServer) GetTrustedCluster(ctx context.Context, req *types.ResourceRequest) (*types.TrustedClusterV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetTrustedCluster not implemented") +} +func (*UnimplementedAuthServiceServer) GetTrustedClusters(ctx context.Context, req *emptypb.Empty) (*types.TrustedClusterV2List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetTrustedClusters not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertTrustedCluster(ctx context.Context, req *types.TrustedClusterV2) (*types.TrustedClusterV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertTrustedCluster not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteTrustedCluster(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteTrustedCluster not implemented") +} +func (*UnimplementedAuthServiceServer) GetToken(ctx context.Context, req *types.ResourceRequest) (*types.ProvisionTokenV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetTokens(ctx context.Context, req *emptypb.Empty) (*types.ProvisionTokenV2List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetTokens not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertToken(ctx context.Context, req *types.ProvisionTokenV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertToken not implemented") +} +func (*UnimplementedAuthServiceServer) CreateToken(ctx context.Context, req *types.ProvisionTokenV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateToken not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateToken(ctx context.Context, req *GenerateTokenRequest) (*GenerateTokenResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateToken not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteToken(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetClusterAuditConfig(ctx context.Context, req *emptypb.Empty) (*types.ClusterAuditConfigV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetClusterAuditConfig not implemented") +} +func (*UnimplementedAuthServiceServer) GetClusterNetworkingConfig(ctx context.Context, req *emptypb.Empty) (*types.ClusterNetworkingConfigV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetClusterNetworkingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) SetClusterNetworkingConfig(ctx context.Context, req *types.ClusterNetworkingConfigV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetClusterNetworkingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) ResetClusterNetworkingConfig(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method ResetClusterNetworkingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) GetSessionRecordingConfig(ctx context.Context, req *emptypb.Empty) (*types.SessionRecordingConfigV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSessionRecordingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) SetSessionRecordingConfig(ctx context.Context, req *types.SessionRecordingConfigV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetSessionRecordingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) ResetSessionRecordingConfig(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method ResetSessionRecordingConfig not implemented") +} +func (*UnimplementedAuthServiceServer) GetAuthPreference(ctx context.Context, req *emptypb.Empty) (*types.AuthPreferenceV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAuthPreference not implemented") +} +func (*UnimplementedAuthServiceServer) SetAuthPreference(ctx context.Context, req *types.AuthPreferenceV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetAuthPreference not implemented") +} +func (*UnimplementedAuthServiceServer) ResetAuthPreference(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method ResetAuthPreference not implemented") +} +func (*UnimplementedAuthServiceServer) GetEvents(ctx context.Context, req *GetEventsRequest) (*Events, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetEvents not implemented") +} +func (*UnimplementedAuthServiceServer) GetSessionEvents(ctx context.Context, req *GetSessionEventsRequest) (*Events, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSessionEvents not implemented") +} +func (*UnimplementedAuthServiceServer) GetLock(ctx context.Context, req *GetLockRequest) (*types.LockV2, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetLock not implemented") +} +func (*UnimplementedAuthServiceServer) GetLocks(ctx context.Context, req *GetLocksRequest) (*GetLocksResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetLocks not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertLock(ctx context.Context, req *types.LockV2) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertLock not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteLock(ctx context.Context, req *DeleteLockRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteLock not implemented") +} +func (*UnimplementedAuthServiceServer) ReplaceRemoteLocks(ctx context.Context, req *ReplaceRemoteLocksRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method ReplaceRemoteLocks not implemented") +} +func (*UnimplementedAuthServiceServer) StreamSessionEvents(req *StreamSessionEventsRequest, srv AuthService_StreamSessionEventsServer) error { + return status.Errorf(codes.Unimplemented, "method StreamSessionEvents not implemented") +} +func (*UnimplementedAuthServiceServer) GetNetworkRestrictions(ctx context.Context, req *emptypb.Empty) (*types.NetworkRestrictionsV4, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetNetworkRestrictions not implemented") +} +func (*UnimplementedAuthServiceServer) SetNetworkRestrictions(ctx context.Context, req *types.NetworkRestrictionsV4) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetNetworkRestrictions not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteNetworkRestrictions(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteNetworkRestrictions not implemented") +} +func (*UnimplementedAuthServiceServer) GetApps(ctx context.Context, req *emptypb.Empty) (*types.AppV3List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetApps not implemented") +} +func (*UnimplementedAuthServiceServer) GetApp(ctx context.Context, req *types.ResourceRequest) (*types.AppV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetApp not implemented") +} +func (*UnimplementedAuthServiceServer) CreateApp(ctx context.Context, req *types.AppV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateApp not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateApp(ctx context.Context, req *types.AppV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateApp not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteApp(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteApp not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllApps(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllApps not implemented") +} +func (*UnimplementedAuthServiceServer) GetDatabases(ctx context.Context, req *emptypb.Empty) (*types.DatabaseV3List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetDatabases not implemented") +} +func (*UnimplementedAuthServiceServer) GetDatabase(ctx context.Context, req *types.ResourceRequest) (*types.DatabaseV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetDatabase not implemented") +} +func (*UnimplementedAuthServiceServer) CreateDatabase(ctx context.Context, req *types.DatabaseV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateDatabase not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateDatabase(ctx context.Context, req *types.DatabaseV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateDatabase not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteDatabase(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteDatabase not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllDatabases(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllDatabases not implemented") +} +func (*UnimplementedAuthServiceServer) GetWindowsDesktopServices(ctx context.Context, req *emptypb.Empty) (*GetWindowsDesktopServicesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktopServices not implemented") +} +func (*UnimplementedAuthServiceServer) GetWindowsDesktopService(ctx context.Context, req *GetWindowsDesktopServiceRequest) (*GetWindowsDesktopServiceResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktopService not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertWindowsDesktopService(ctx context.Context, req *types.WindowsDesktopServiceV3) (*types.KeepAlive, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertWindowsDesktopService not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteWindowsDesktopService(ctx context.Context, req *DeleteWindowsDesktopServiceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWindowsDesktopService not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllWindowsDesktopServices(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWindowsDesktopServices not implemented") +} +func (*UnimplementedAuthServiceServer) GetWindowsDesktops(ctx context.Context, req *types.WindowsDesktopFilter) (*GetWindowsDesktopsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWindowsDesktops not implemented") +} +func (*UnimplementedAuthServiceServer) CreateWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateWindowsDesktop not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateWindowsDesktop not implemented") +} +func (*UnimplementedAuthServiceServer) UpsertWindowsDesktop(ctx context.Context, req *types.WindowsDesktopV3) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpsertWindowsDesktop not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteWindowsDesktop(ctx context.Context, req *DeleteWindowsDesktopRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWindowsDesktop not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllWindowsDesktops(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllWindowsDesktops not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateWindowsDesktopCert(ctx context.Context, req *WindowsDesktopCertRequest) (*WindowsDesktopCertResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateWindowsDesktopCert not implemented") +} +func (*UnimplementedAuthServiceServer) GenerateCertAuthorityCRL(ctx context.Context, req *CertAuthorityRequest) (*CRL, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateCertAuthorityCRL not implemented") +} +func (*UnimplementedAuthServiceServer) CreateConnectionDiagnostic(ctx context.Context, req *types.ConnectionDiagnosticV1) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateConnectionDiagnostic not implemented") +} +func (*UnimplementedAuthServiceServer) UpdateConnectionDiagnostic(ctx context.Context, req *types.ConnectionDiagnosticV1) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateConnectionDiagnostic not implemented") +} +func (*UnimplementedAuthServiceServer) GetConnectionDiagnostic(ctx context.Context, req *GetConnectionDiagnosticRequest) (*types.ConnectionDiagnosticV1, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetConnectionDiagnostic not implemented") +} +func (*UnimplementedAuthServiceServer) AppendDiagnosticTrace(ctx context.Context, req *AppendDiagnosticTraceRequest) (*types.ConnectionDiagnosticV1, error) { + return nil, status.Errorf(codes.Unimplemented, "method AppendDiagnosticTrace not implemented") +} +func (*UnimplementedAuthServiceServer) ChangeUserAuthentication(ctx context.Context, req *ChangeUserAuthenticationRequest) (*ChangeUserAuthenticationResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ChangeUserAuthentication not implemented") +} +func (*UnimplementedAuthServiceServer) StartAccountRecovery(ctx context.Context, req *StartAccountRecoveryRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method StartAccountRecovery not implemented") +} +func (*UnimplementedAuthServiceServer) VerifyAccountRecovery(ctx context.Context, req *VerifyAccountRecoveryRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method VerifyAccountRecovery not implemented") +} +func (*UnimplementedAuthServiceServer) CompleteAccountRecovery(ctx context.Context, req *CompleteAccountRecoveryRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method CompleteAccountRecovery not implemented") +} +func (*UnimplementedAuthServiceServer) CreateAccountRecoveryCodes(ctx context.Context, req *CreateAccountRecoveryCodesRequest) (*RecoveryCodes, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateAccountRecoveryCodes not implemented") +} +func (*UnimplementedAuthServiceServer) GetAccountRecoveryToken(ctx context.Context, req *GetAccountRecoveryTokenRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAccountRecoveryToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetAccountRecoveryCodes(ctx context.Context, req *GetAccountRecoveryCodesRequest) (*RecoveryCodes, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAccountRecoveryCodes not implemented") +} +func (*UnimplementedAuthServiceServer) CreatePrivilegeToken(ctx context.Context, req *CreatePrivilegeTokenRequest) (*types.UserTokenV3, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreatePrivilegeToken not implemented") +} +func (*UnimplementedAuthServiceServer) GetInstaller(ctx context.Context, req *types.ResourceRequest) (*types.InstallerV1, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetInstaller not implemented") +} +func (*UnimplementedAuthServiceServer) GetInstallers(ctx context.Context, req *emptypb.Empty) (*types.InstallerV1List, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetInstallers not implemented") +} +func (*UnimplementedAuthServiceServer) SetInstaller(ctx context.Context, req *types.InstallerV1) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetInstaller not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteInstaller(ctx context.Context, req *types.ResourceRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteInstaller not implemented") +} +func (*UnimplementedAuthServiceServer) DeleteAllInstallers(ctx context.Context, req *emptypb.Empty) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllInstallers not implemented") +} +func (*UnimplementedAuthServiceServer) ListResources(ctx context.Context, req *ListResourcesRequest) (*ListResourcesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListResources not implemented") +} +func (*UnimplementedAuthServiceServer) GetDomainName(ctx context.Context, req *emptypb.Empty) (*GetDomainNameResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetDomainName not implemented") +} +func (*UnimplementedAuthServiceServer) GetClusterCACert(ctx context.Context, req *emptypb.Empty) (*GetClusterCACertResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetClusterCACert not implemented") +} +func (*UnimplementedAuthServiceServer) UnstableAssertSystemRole(ctx context.Context, req *UnstableSystemRoleAssertion) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method UnstableAssertSystemRole not implemented") +} + +func RegisterAuthServiceServer(s *grpc.Server, srv AuthServiceServer) { + s.RegisterService(&_AuthService_serviceDesc, srv) +} + +func _AuthService_InventoryControlStream_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).InventoryControlStream(&authServiceInventoryControlStreamServer{stream}) +} + +type AuthService_InventoryControlStreamServer interface { + Send(*DownstreamInventoryOneOf) error + Recv() (*UpstreamInventoryOneOf, error) + grpc.ServerStream +} + +type authServiceInventoryControlStreamServer struct { + grpc.ServerStream +} + +func (x *authServiceInventoryControlStreamServer) Send(m *DownstreamInventoryOneOf) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceInventoryControlStreamServer) Recv() (*UpstreamInventoryOneOf, error) { + m := new(UpstreamInventoryOneOf) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err } - return interceptor(ctx, in, info, handler) + return m, nil } -func _AuthService_DeleteApplicationServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteApplicationServerRequest) +func _AuthService_GetInventoryStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InventoryStatusRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteApplicationServer(ctx, in) + return srv.(AuthServiceServer).GetInventoryStatus(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteApplicationServer", + FullMethod: "/proto.AuthService/GetInventoryStatus", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteApplicationServer(ctx, req.(*DeleteApplicationServerRequest)) + return srv.(AuthServiceServer).GetInventoryStatus(ctx, req.(*InventoryStatusRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllApplicationServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAllApplicationServersRequest) +func _AuthService_PingInventory_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InventoryPingRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllApplicationServers(ctx, in) + return srv.(AuthServiceServer).PingInventory(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllApplicationServers", + FullMethod: "/proto.AuthService/PingInventory", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllApplicationServers(ctx, req.(*DeleteAllApplicationServersRequest)) + return srv.(AuthServiceServer).PingInventory(ctx, req.(*InventoryPingRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAppServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetAppServersRequest) +func _AuthService_GetClusterAlerts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.GetClusterAlertsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAppServers(ctx, in) + return srv.(AuthServiceServer).GetClusterAlerts(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAppServers", + FullMethod: "/proto.AuthService/GetClusterAlerts", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAppServers(ctx, req.(*GetAppServersRequest)) + return srv.(AuthServiceServer).GetClusterAlerts(ctx, req.(*types.GetClusterAlertsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertAppServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpsertAppServerRequest) +func _AuthService_UpsertClusterAlert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertClusterAlertRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertAppServer(ctx, in) + return srv.(AuthServiceServer).UpsertClusterAlert(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertAppServer", + FullMethod: "/proto.AuthService/UpsertClusterAlert", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertAppServer(ctx, req.(*UpsertAppServerRequest)) + return srv.(AuthServiceServer).UpsertClusterAlert(ctx, req.(*UpsertClusterAlertRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAppServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAppServerRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).DeleteAppServer(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/DeleteAppServer", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAppServer(ctx, req.(*DeleteAppServerRequest)) +func _AuthService_MaintainSessionPresence_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).MaintainSessionPresence(&authServiceMaintainSessionPresenceServer{stream}) +} + +type AuthService_MaintainSessionPresenceServer interface { + Send(*MFAAuthenticateChallenge) error + Recv() (*PresenceMFAChallengeSend, error) + grpc.ServerStream +} + +type authServiceMaintainSessionPresenceServer struct { + grpc.ServerStream +} + +func (x *authServiceMaintainSessionPresenceServer) Send(m *MFAAuthenticateChallenge) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceMaintainSessionPresenceServer) Recv() (*PresenceMFAChallengeSend, error) { + m := new(PresenceMFAChallengeSend) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err } - return interceptor(ctx, in, info, handler) + return m, nil } -func _AuthService_DeleteAllAppServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAllAppServersRequest) +func _AuthService_CreateSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateSessionTrackerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllAppServers(ctx, in) + return srv.(AuthServiceServer).CreateSessionTracker(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllAppServers", + FullMethod: "/proto.AuthService/CreateSessionTracker", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllAppServers(ctx, req.(*DeleteAllAppServersRequest)) + return srv.(AuthServiceServer).CreateSessionTracker(ctx, req.(*CreateSessionTrackerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateAppToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GenerateAppTokenRequest) +func _AuthService_GetSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSessionTrackerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateAppToken(ctx, in) + return srv.(AuthServiceServer).GetSessionTracker(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GenerateAppToken", + FullMethod: "/proto.AuthService/GetSessionTracker", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateAppToken(ctx, req.(*GenerateAppTokenRequest)) + return srv.(AuthServiceServer).GetSessionTracker(ctx, req.(*GetSessionTrackerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetAppSessionRequest) +func _AuthService_GetActiveSessionTrackers_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(emptypb.Empty) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).GetActiveSessionTrackers(m, &authServiceGetActiveSessionTrackersServer{stream}) +} + +type AuthService_GetActiveSessionTrackersServer interface { + Send(*types.SessionTrackerV1) error + grpc.ServerStream +} + +type authServiceGetActiveSessionTrackersServer struct { + grpc.ServerStream +} + +func (x *authServiceGetActiveSessionTrackersServer) Send(m *types.SessionTrackerV1) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_RemoveSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RemoveSessionTrackerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAppSession(ctx, in) + return srv.(AuthServiceServer).RemoveSessionTracker(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAppSession", + FullMethod: "/proto.AuthService/RemoveSessionTracker", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAppSession(ctx, req.(*GetAppSessionRequest)) + return srv.(AuthServiceServer).RemoveSessionTracker(ctx, req.(*RemoveSessionTrackerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_UpdateSessionTracker_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateSessionTrackerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAppSessions(ctx, in) + return srv.(AuthServiceServer).UpdateSessionTracker(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAppSessions", + FullMethod: "/proto.AuthService/UpdateSessionTracker", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAppSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).UpdateSessionTracker(ctx, req.(*UpdateSessionTrackerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateAppSessionRequest) +func _AuthService_SendKeepAlives_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).SendKeepAlives(&authServiceSendKeepAlivesServer{stream}) +} + +type AuthService_SendKeepAlivesServer interface { + SendAndClose(*emptypb.Empty) error + Recv() (*types.KeepAlive, error) + grpc.ServerStream +} + +type authServiceSendKeepAlivesServer struct { + grpc.ServerStream +} + +func (x *authServiceSendKeepAlivesServer) SendAndClose(m *emptypb.Empty) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceSendKeepAlivesServer) Recv() (*types.KeepAlive, error) { + m := new(types.KeepAlive) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func _AuthService_WatchEvents_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(Watch) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).WatchEvents(m, &authServiceWatchEventsServer{stream}) +} + +type AuthService_WatchEventsServer interface { + Send(*Event) error + grpc.ServerStream +} + +type authServiceWatchEventsServer struct { + grpc.ServerStream +} + +func (x *authServiceWatchEventsServer) Send(m *Event) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_GetNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceInNamespaceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateAppSession(ctx, in) + return srv.(AuthServiceServer).GetNode(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateAppSession", + FullMethod: "/proto.AuthService/GetNode", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateAppSession(ctx, req.(*CreateAppSessionRequest)) + return srv.(AuthServiceServer).GetNode(ctx, req.(*types.ResourceInNamespaceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAppSessionRequest) +func _AuthService_UpsertNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ServerV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAppSession(ctx, in) + return srv.(AuthServiceServer).UpsertNode(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAppSession", + FullMethod: "/proto.AuthService/UpsertNode", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAppSession(ctx, req.(*DeleteAppSessionRequest)) + return srv.(AuthServiceServer).UpsertNode(ctx, req.(*types.ServerV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_DeleteNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceInNamespaceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllAppSessions(ctx, in) + return srv.(AuthServiceServer).DeleteNode(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllAppSessions", + FullMethod: "/proto.AuthService/DeleteNode", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllAppSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).DeleteNode(ctx, req.(*types.ResourceInNamespaceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteUserAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteUserAppSessionsRequest) +func _AuthService_DeleteAllNodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourcesInNamespaceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteUserAppSessions(ctx, in) + return srv.(AuthServiceServer).DeleteAllNodes(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteUserAppSessions", + FullMethod: "/proto.AuthService/DeleteAllNodes", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteUserAppSessions(ctx, req.(*DeleteUserAppSessionsRequest)) + return srv.(AuthServiceServer).DeleteAllNodes(ctx, req.(*types.ResourcesInNamespaceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateSnowflakeSessionRequest) +func _AuthService_GenerateUserCerts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserCertsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateSnowflakeSession(ctx, in) + return srv.(AuthServiceServer).GenerateUserCerts(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateSnowflakeSession", + FullMethod: "/proto.AuthService/GenerateUserCerts", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateSnowflakeSession(ctx, req.(*CreateSnowflakeSessionRequest)) + return srv.(AuthServiceServer).GenerateUserCerts(ctx, req.(*UserCertsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetSnowflakeSessionRequest) +func _AuthService_GenerateHostCerts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HostCertsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSnowflakeSession(ctx, in) + return srv.(AuthServiceServer).GenerateHostCerts(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSnowflakeSession", + FullMethod: "/proto.AuthService/GenerateHostCerts", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSnowflakeSession(ctx, req.(*GetSnowflakeSessionRequest)) + return srv.(AuthServiceServer).GenerateHostCerts(ctx, req.(*HostCertsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSnowflakeSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GenerateUserSingleUseCerts_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).GenerateUserSingleUseCerts(&authServiceGenerateUserSingleUseCertsServer{stream}) +} + +type AuthService_GenerateUserSingleUseCertsServer interface { + Send(*UserSingleUseCertsResponse) error + Recv() (*UserSingleUseCertsRequest, error) + grpc.ServerStream +} + +type authServiceGenerateUserSingleUseCertsServer struct { + grpc.ServerStream +} + +func (x *authServiceGenerateUserSingleUseCertsServer) Send(m *UserSingleUseCertsResponse) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceGenerateUserSingleUseCertsServer) Recv() (*UserSingleUseCertsRequest, error) { + m := new(UserSingleUseCertsRequest) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func _AuthService_IsMFARequired_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(IsMFARequiredRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSnowflakeSessions(ctx, in) + return srv.(AuthServiceServer).IsMFARequired(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSnowflakeSessions", + FullMethod: "/proto.AuthService/IsMFARequired", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSnowflakeSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).IsMFARequired(ctx, req.(*IsMFARequiredRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteSnowflakeSessionRequest) +func _AuthService_GetAccessRequests_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AccessRequestFilter) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteSnowflakeSession(ctx, in) + return srv.(AuthServiceServer).GetAccessRequests(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteSnowflakeSession", + FullMethod: "/proto.AuthService/GetAccessRequests", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteSnowflakeSession(ctx, req.(*DeleteSnowflakeSessionRequest)) + return srv.(AuthServiceServer).GetAccessRequests(ctx, req.(*types.AccessRequestFilter)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllSnowflakeSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetAccessRequestsV2_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(types.AccessRequestFilter) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).GetAccessRequestsV2(m, &authServiceGetAccessRequestsV2Server{stream}) +} + +type AuthService_GetAccessRequestsV2Server interface { + Send(*types.AccessRequestV3) error + grpc.ServerStream +} + +type authServiceGetAccessRequestsV2Server struct { + grpc.ServerStream +} + +func (x *authServiceGetAccessRequestsV2Server) Send(m *types.AccessRequestV3) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_CreateAccessRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AccessRequestV3) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllSnowflakeSessions(ctx, in) + return srv.(AuthServiceServer).CreateAccessRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllSnowflakeSessions", + FullMethod: "/proto.AuthService/CreateAccessRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllSnowflakeSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).CreateAccessRequest(ctx, req.(*types.AccessRequestV3)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWebSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.GetWebSessionRequest) +func _AuthService_DeleteAccessRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RequestID) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWebSession(ctx, in) + return srv.(AuthServiceServer).DeleteAccessRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWebSession", + FullMethod: "/proto.AuthService/DeleteAccessRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWebSession(ctx, req.(*types.GetWebSessionRequest)) + return srv.(AuthServiceServer).DeleteAccessRequest(ctx, req.(*RequestID)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWebSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_SetAccessRequestState_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RequestStateSetter) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWebSessions(ctx, in) + return srv.(AuthServiceServer).SetAccessRequestState(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWebSessions", + FullMethod: "/proto.AuthService/SetAccessRequestState", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWebSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).SetAccessRequestState(ctx, req.(*RequestStateSetter)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteWebSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.DeleteWebSessionRequest) +func _AuthService_SubmitAccessReview_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AccessReviewSubmission) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteWebSession(ctx, in) + return srv.(AuthServiceServer).SubmitAccessReview(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteWebSession", + FullMethod: "/proto.AuthService/SubmitAccessReview", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteWebSession(ctx, req.(*types.DeleteWebSessionRequest)) + return srv.(AuthServiceServer).SubmitAccessReview(ctx, req.(*types.AccessReviewSubmission)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllWebSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetAccessCapabilities_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AccessCapabilitiesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllWebSessions(ctx, in) + return srv.(AuthServiceServer).GetAccessCapabilities(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllWebSessions", + FullMethod: "/proto.AuthService/GetAccessCapabilities", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllWebSessions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetAccessCapabilities(ctx, req.(*types.AccessCapabilitiesRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWebToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.GetWebTokenRequest) +func _AuthService_GetPluginData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.PluginDataFilter) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWebToken(ctx, in) + return srv.(AuthServiceServer).GetPluginData(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWebToken", + FullMethod: "/proto.AuthService/GetPluginData", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWebToken(ctx, req.(*types.GetWebTokenRequest)) + return srv.(AuthServiceServer).GetPluginData(ctx, req.(*types.PluginDataFilter)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWebTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_UpdatePluginData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.PluginDataUpdateParams) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWebTokens(ctx, in) + return srv.(AuthServiceServer).UpdatePluginData(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWebTokens", + FullMethod: "/proto.AuthService/UpdatePluginData", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWebTokens(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).UpdatePluginData(ctx, req.(*types.PluginDataUpdateParams)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteWebToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.DeleteWebTokenRequest) +func _AuthService_Ping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(PingRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteWebToken(ctx, in) + return srv.(AuthServiceServer).Ping(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteWebToken", + FullMethod: "/proto.AuthService/Ping", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteWebToken(ctx, req.(*types.DeleteWebTokenRequest)) + return srv.(AuthServiceServer).Ping(ctx, req.(*PingRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllWebTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_RotateResetPasswordTokenSecrets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RotateUserTokenSecretsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllWebTokens(ctx, in) + return srv.(AuthServiceServer).RotateResetPasswordTokenSecrets(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllWebTokens", + FullMethod: "/proto.AuthService/RotateResetPasswordTokenSecrets", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllWebTokens(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).RotateResetPasswordTokenSecrets(ctx, req.(*RotateUserTokenSecretsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpdateRemoteCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.RemoteClusterV3) +func _AuthService_GetResetPasswordToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetResetPasswordTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpdateRemoteCluster(ctx, in) + return srv.(AuthServiceServer).GetResetPasswordToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpdateRemoteCluster", + FullMethod: "/proto.AuthService/GetResetPasswordToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateRemoteCluster(ctx, req.(*types.RemoteClusterV3)) + return srv.(AuthServiceServer).GetResetPasswordToken(ctx, req.(*GetResetPasswordTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetKubeServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetKubeServicesRequest) +func _AuthService_CreateResetPasswordToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateResetPasswordTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetKubeServices(ctx, in) + return srv.(AuthServiceServer).CreateResetPasswordToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetKubeServices", + FullMethod: "/proto.AuthService/CreateResetPasswordToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetKubeServices(ctx, req.(*GetKubeServicesRequest)) + return srv.(AuthServiceServer).CreateResetPasswordToken(ctx, req.(*CreateResetPasswordTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertKubeService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpsertKubeServiceRequest) +func _AuthService_CreateBot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateBotRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertKubeService(ctx, in) + return srv.(AuthServiceServer).CreateBot(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertKubeService", + FullMethod: "/proto.AuthService/CreateBot", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertKubeService(ctx, req.(*UpsertKubeServiceRequest)) + return srv.(AuthServiceServer).CreateBot(ctx, req.(*CreateBotRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertKubeServiceV2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpsertKubeServiceRequest) +func _AuthService_DeleteBot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteBotRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertKubeServiceV2(ctx, in) + return srv.(AuthServiceServer).DeleteBot(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertKubeServiceV2", + FullMethod: "/proto.AuthService/DeleteBot", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertKubeServiceV2(ctx, req.(*UpsertKubeServiceRequest)) + return srv.(AuthServiceServer).DeleteBot(ctx, req.(*DeleteBotRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteKubeService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteKubeServiceRequest) +func _AuthService_GetBotUsers_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(GetBotUsersRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).GetBotUsers(m, &authServiceGetBotUsersServer{stream}) +} + +type AuthService_GetBotUsersServer interface { + Send(*types.UserV2) error + grpc.ServerStream +} + +type authServiceGetBotUsersServer struct { + grpc.ServerStream +} + +func (x *authServiceGetBotUsersServer) Send(m *types.UserV2) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_GetUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetUserRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteKubeService(ctx, in) + return srv.(AuthServiceServer).GetUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteKubeService", + FullMethod: "/proto.AuthService/GetUser", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteKubeService(ctx, req.(*DeleteKubeServiceRequest)) + return srv.(AuthServiceServer).GetUser(ctx, req.(*GetUserRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllKubeServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAllKubeServicesRequest) +func _AuthService_GetCurrentUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllKubeServices(ctx, in) + return srv.(AuthServiceServer).GetCurrentUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllKubeServices", + FullMethod: "/proto.AuthService/GetCurrentUser", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllKubeServices(ctx, req.(*DeleteAllKubeServicesRequest)) + return srv.(AuthServiceServer).GetCurrentUser(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetDatabaseServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetDatabaseServersRequest) +func _AuthService_GetCurrentUserRoles_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(emptypb.Empty) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).GetCurrentUserRoles(m, &authServiceGetCurrentUserRolesServer{stream}) +} + +type AuthService_GetCurrentUserRolesServer interface { + Send(*types.RoleV5) error + grpc.ServerStream +} + +type authServiceGetCurrentUserRolesServer struct { + grpc.ServerStream +} + +func (x *authServiceGetCurrentUserRolesServer) Send(m *types.RoleV5) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_GetUsers_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(GetUsersRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).GetUsers(m, &authServiceGetUsersServer{stream}) +} + +type AuthService_GetUsersServer interface { + Send(*types.UserV2) error + grpc.ServerStream +} + +type authServiceGetUsersServer struct { + grpc.ServerStream +} + +func (x *authServiceGetUsersServer) Send(m *types.UserV2) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.UserV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetDatabaseServers(ctx, in) + return srv.(AuthServiceServer).CreateUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetDatabaseServers", + FullMethod: "/proto.AuthService/CreateUser", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetDatabaseServers(ctx, req.(*GetDatabaseServersRequest)) + return srv.(AuthServiceServer).CreateUser(ctx, req.(*types.UserV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertDatabaseServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpsertDatabaseServerRequest) +func _AuthService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.UserV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertDatabaseServer(ctx, in) + return srv.(AuthServiceServer).UpdateUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertDatabaseServer", + FullMethod: "/proto.AuthService/UpdateUser", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertDatabaseServer(ctx, req.(*UpsertDatabaseServerRequest)) + return srv.(AuthServiceServer).UpdateUser(ctx, req.(*types.UserV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteDatabaseServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteDatabaseServerRequest) +func _AuthService_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteUserRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteDatabaseServer(ctx, in) + return srv.(AuthServiceServer).DeleteUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteDatabaseServer", + FullMethod: "/proto.AuthService/DeleteUser", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteDatabaseServer(ctx, req.(*DeleteDatabaseServerRequest)) + return srv.(AuthServiceServer).DeleteUser(ctx, req.(*DeleteUserRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllDatabaseServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteAllDatabaseServersRequest) +func _AuthService_AcquireSemaphore_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AcquireSemaphoreRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllDatabaseServers(ctx, in) + return srv.(AuthServiceServer).AcquireSemaphore(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllDatabaseServers", + FullMethod: "/proto.AuthService/AcquireSemaphore", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllDatabaseServers(ctx, req.(*DeleteAllDatabaseServersRequest)) + return srv.(AuthServiceServer).AcquireSemaphore(ctx, req.(*types.AcquireSemaphoreRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_SignDatabaseCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DatabaseCSRRequest) +func _AuthService_KeepAliveSemaphoreLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SemaphoreLease) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).SignDatabaseCSR(ctx, in) + return srv.(AuthServiceServer).KeepAliveSemaphoreLease(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/SignDatabaseCSR", + FullMethod: "/proto.AuthService/KeepAliveSemaphoreLease", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SignDatabaseCSR(ctx, req.(*DatabaseCSRRequest)) + return srv.(AuthServiceServer).KeepAliveSemaphoreLease(ctx, req.(*types.SemaphoreLease)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateDatabaseCert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DatabaseCertRequest) +func _AuthService_CancelSemaphoreLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SemaphoreLease) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateDatabaseCert(ctx, in) + return srv.(AuthServiceServer).CancelSemaphoreLease(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GenerateDatabaseCert", + FullMethod: "/proto.AuthService/CancelSemaphoreLease", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateDatabaseCert(ctx, req.(*DatabaseCertRequest)) + return srv.(AuthServiceServer).CancelSemaphoreLease(ctx, req.(*types.SemaphoreLease)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateSnowflakeJWT_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SnowflakeJWTRequest) +func _AuthService_GetSemaphores_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SemaphoreFilter) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateSnowflakeJWT(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GenerateSnowflakeJWT", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateSnowflakeJWT(ctx, req.(*SnowflakeJWTRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetRoleRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GetRole(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/proto.AuthService/GetRole", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetRole(ctx, req.(*GetRoleRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _AuthService_GetRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthServiceServer).GetRoles(ctx, in) + return srv.(AuthServiceServer).GetSemaphores(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetRoles", + FullMethod: "/proto.AuthService/GetSemaphores", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetRoles(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetSemaphores(ctx, req.(*types.SemaphoreFilter)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.RoleV5) +func _AuthService_DeleteSemaphore_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SemaphoreFilter) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertRole(ctx, in) + return srv.(AuthServiceServer).DeleteSemaphore(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertRole", + FullMethod: "/proto.AuthService/DeleteSemaphore", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertRole(ctx, req.(*types.RoleV5)) + return srv.(AuthServiceServer).DeleteSemaphore(ctx, req.(*types.SemaphoreFilter)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteRoleRequest) +func _AuthService_EmitAuditEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(events.OneOf) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteRole(ctx, in) + return srv.(AuthServiceServer).EmitAuditEvent(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteRole", + FullMethod: "/proto.AuthService/EmitAuditEvent", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest)) + return srv.(AuthServiceServer).EmitAuditEvent(ctx, req.(*events.OneOf)) } return interceptor(ctx, in, info, handler) } -func _AuthService_AddMFADevice_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).AddMFADevice(&authServiceAddMFADeviceServer{stream}) -} - -type AuthService_AddMFADeviceServer interface { - Send(*AddMFADeviceResponse) error - Recv() (*AddMFADeviceRequest, error) - grpc.ServerStream -} - -type authServiceAddMFADeviceServer struct { - grpc.ServerStream -} - -func (x *authServiceAddMFADeviceServer) Send(m *AddMFADeviceResponse) error { - return x.ServerStream.SendMsg(m) -} - -func (x *authServiceAddMFADeviceServer) Recv() (*AddMFADeviceRequest, error) { - m := new(AddMFADeviceRequest) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -func _AuthService_DeleteMFADevice_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(AuthServiceServer).DeleteMFADevice(&authServiceDeleteMFADeviceServer{stream}) +func _AuthService_CreateAuditStream_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).CreateAuditStream(&authServiceCreateAuditStreamServer{stream}) } -type AuthService_DeleteMFADeviceServer interface { - Send(*DeleteMFADeviceResponse) error - Recv() (*DeleteMFADeviceRequest, error) +type AuthService_CreateAuditStreamServer interface { + Send(*events.StreamStatus) error + Recv() (*AuditStreamRequest, error) grpc.ServerStream } -type authServiceDeleteMFADeviceServer struct { +type authServiceCreateAuditStreamServer struct { grpc.ServerStream } -func (x *authServiceDeleteMFADeviceServer) Send(m *DeleteMFADeviceResponse) error { +func (x *authServiceCreateAuditStreamServer) Send(m *events.StreamStatus) error { return x.ServerStream.SendMsg(m) } -func (x *authServiceDeleteMFADeviceServer) Recv() (*DeleteMFADeviceRequest, error) { - m := new(DeleteMFADeviceRequest) +func (x *authServiceCreateAuditStreamServer) Recv() (*AuditStreamRequest, error) { + m := new(AuditStreamRequest) if err := x.ServerStream.RecvMsg(m); err != nil { return nil, err } return m, nil } -func _AuthService_AddMFADeviceSync_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(AddMFADeviceSyncRequest) +func _AuthService_GetApplicationServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetApplicationServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).AddMFADeviceSync(ctx, in) + return srv.(AuthServiceServer).GetApplicationServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/AddMFADeviceSync", + FullMethod: "/proto.AuthService/GetApplicationServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).AddMFADeviceSync(ctx, req.(*AddMFADeviceSyncRequest)) + return srv.(AuthServiceServer).GetApplicationServers(ctx, req.(*GetApplicationServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteMFADeviceSync_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteMFADeviceSyncRequest) +func _AuthService_UpsertApplicationServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertApplicationServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteMFADeviceSync(ctx, in) + return srv.(AuthServiceServer).UpsertApplicationServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteMFADeviceSync", + FullMethod: "/proto.AuthService/UpsertApplicationServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteMFADeviceSync(ctx, req.(*DeleteMFADeviceSyncRequest)) + return srv.(AuthServiceServer).UpsertApplicationServer(ctx, req.(*UpsertApplicationServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetMFADevices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetMFADevicesRequest) +func _AuthService_DeleteApplicationServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteApplicationServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetMFADevices(ctx, in) + return srv.(AuthServiceServer).DeleteApplicationServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetMFADevices", + FullMethod: "/proto.AuthService/DeleteApplicationServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetMFADevices(ctx, req.(*GetMFADevicesRequest)) + return srv.(AuthServiceServer).DeleteApplicationServer(ctx, req.(*DeleteApplicationServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateAuthenticateChallenge_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateAuthenticateChallengeRequest) +func _AuthService_DeleteAllApplicationServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllApplicationServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateAuthenticateChallenge(ctx, in) + return srv.(AuthServiceServer).DeleteAllApplicationServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateAuthenticateChallenge", + FullMethod: "/proto.AuthService/DeleteAllApplicationServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateAuthenticateChallenge(ctx, req.(*CreateAuthenticateChallengeRequest)) + return srv.(AuthServiceServer).DeleteAllApplicationServers(ctx, req.(*DeleteAllApplicationServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateRegisterChallenge_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateRegisterChallengeRequest) +func _AuthService_GetAppServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAppServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateRegisterChallenge(ctx, in) + return srv.(AuthServiceServer).GetAppServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateRegisterChallenge", + FullMethod: "/proto.AuthService/GetAppServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateRegisterChallenge(ctx, req.(*CreateRegisterChallengeRequest)) + return srv.(AuthServiceServer).GetAppServers(ctx, req.(*GetAppServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceWithSecretsRequest) +func _AuthService_UpsertAppServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertAppServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetOIDCConnector(ctx, in) + return srv.(AuthServiceServer).UpsertAppServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetOIDCConnector", + FullMethod: "/proto.AuthService/UpsertAppServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetOIDCConnector(ctx, req.(*types.ResourceWithSecretsRequest)) + return srv.(AuthServiceServer).UpsertAppServer(ctx, req.(*UpsertAppServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetOIDCConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourcesWithSecretsRequest) +func _AuthService_DeleteAppServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAppServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetOIDCConnectors(ctx, in) + return srv.(AuthServiceServer).DeleteAppServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetOIDCConnectors", + FullMethod: "/proto.AuthService/DeleteAppServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetOIDCConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) + return srv.(AuthServiceServer).DeleteAppServer(ctx, req.(*DeleteAppServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.OIDCConnectorV3) +func _AuthService_DeleteAllAppServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllAppServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertOIDCConnector(ctx, in) + return srv.(AuthServiceServer).DeleteAllAppServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertOIDCConnector", + FullMethod: "/proto.AuthService/DeleteAllAppServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertOIDCConnector(ctx, req.(*types.OIDCConnectorV3)) + return srv.(AuthServiceServer).DeleteAllAppServers(ctx, req.(*DeleteAllAppServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_GenerateAppToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GenerateAppTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteOIDCConnector(ctx, in) + return srv.(AuthServiceServer).GenerateAppToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteOIDCConnector", + FullMethod: "/proto.AuthService/GenerateAppToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteOIDCConnector(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).GenerateAppToken(ctx, req.(*GenerateAppTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateOIDCAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.OIDCAuthRequest) +func _AuthService_GetAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAppSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateOIDCAuthRequest(ctx, in) + return srv.(AuthServiceServer).GetAppSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateOIDCAuthRequest", + FullMethod: "/proto.AuthService/GetAppSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateOIDCAuthRequest(ctx, req.(*types.OIDCAuthRequest)) + return srv.(AuthServiceServer).GetAppSession(ctx, req.(*GetAppSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetOIDCAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetOIDCAuthRequestRequest) +func _AuthService_GetAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetOIDCAuthRequest(ctx, in) + return srv.(AuthServiceServer).GetAppSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetOIDCAuthRequest", + FullMethod: "/proto.AuthService/GetAppSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetOIDCAuthRequest(ctx, req.(*GetOIDCAuthRequestRequest)) + return srv.(AuthServiceServer).GetAppSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceWithSecretsRequest) +func _AuthService_CreateAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateAppSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSAMLConnector(ctx, in) + return srv.(AuthServiceServer).CreateAppSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSAMLConnector", + FullMethod: "/proto.AuthService/CreateAppSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSAMLConnector(ctx, req.(*types.ResourceWithSecretsRequest)) + return srv.(AuthServiceServer).CreateAppSession(ctx, req.(*CreateAppSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSAMLConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourcesWithSecretsRequest) +func _AuthService_DeleteAppSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAppSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSAMLConnectors(ctx, in) + return srv.(AuthServiceServer).DeleteAppSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSAMLConnectors", + FullMethod: "/proto.AuthService/DeleteAppSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSAMLConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) + return srv.(AuthServiceServer).DeleteAppSession(ctx, req.(*DeleteAppSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SAMLConnectorV2) +func _AuthService_DeleteAllAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertSAMLConnector(ctx, in) + return srv.(AuthServiceServer).DeleteAllAppSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertSAMLConnector", + FullMethod: "/proto.AuthService/DeleteAllAppSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertSAMLConnector(ctx, req.(*types.SAMLConnectorV2)) + return srv.(AuthServiceServer).DeleteAllAppSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_DeleteUserAppSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteUserAppSessionsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteSAMLConnector(ctx, in) + return srv.(AuthServiceServer).DeleteUserAppSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteSAMLConnector", + FullMethod: "/proto.AuthService/DeleteUserAppSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteSAMLConnector(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).DeleteUserAppSessions(ctx, req.(*DeleteUserAppSessionsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateSAMLAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SAMLAuthRequest) +func _AuthService_CreateSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateSnowflakeSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateSAMLAuthRequest(ctx, in) + return srv.(AuthServiceServer).CreateSnowflakeSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateSAMLAuthRequest", + FullMethod: "/proto.AuthService/CreateSnowflakeSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateSAMLAuthRequest(ctx, req.(*types.SAMLAuthRequest)) + return srv.(AuthServiceServer).CreateSnowflakeSession(ctx, req.(*CreateSnowflakeSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSAMLAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetSAMLAuthRequestRequest) +func _AuthService_GetSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSnowflakeSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSAMLAuthRequest(ctx, in) + return srv.(AuthServiceServer).GetSnowflakeSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSAMLAuthRequest", + FullMethod: "/proto.AuthService/GetSnowflakeSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSAMLAuthRequest(ctx, req.(*GetSAMLAuthRequestRequest)) + return srv.(AuthServiceServer).GetSnowflakeSession(ctx, req.(*GetSnowflakeSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceWithSecretsRequest) +func _AuthService_GetSnowflakeSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetGithubConnector(ctx, in) + return srv.(AuthServiceServer).GetSnowflakeSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetGithubConnector", + FullMethod: "/proto.AuthService/GetSnowflakeSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetGithubConnector(ctx, req.(*types.ResourceWithSecretsRequest)) + return srv.(AuthServiceServer).GetSnowflakeSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetGithubConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourcesWithSecretsRequest) +func _AuthService_DeleteSnowflakeSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteSnowflakeSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetGithubConnectors(ctx, in) + return srv.(AuthServiceServer).DeleteSnowflakeSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetGithubConnectors", + FullMethod: "/proto.AuthService/DeleteSnowflakeSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetGithubConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) + return srv.(AuthServiceServer).DeleteSnowflakeSession(ctx, req.(*DeleteSnowflakeSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.GithubConnectorV3) +func _AuthService_DeleteAllSnowflakeSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertGithubConnector(ctx, in) + return srv.(AuthServiceServer).DeleteAllSnowflakeSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertGithubConnector", + FullMethod: "/proto.AuthService/DeleteAllSnowflakeSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertGithubConnector(ctx, req.(*types.GithubConnectorV3)) + return srv.(AuthServiceServer).DeleteAllSnowflakeSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_GetWebSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.GetWebSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteGithubConnector(ctx, in) + return srv.(AuthServiceServer).GetWebSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteGithubConnector", + FullMethod: "/proto.AuthService/GetWebSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteGithubConnector(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).GetWebSession(ctx, req.(*types.GetWebSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateGithubAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.GithubAuthRequest) +func _AuthService_GetWebSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateGithubAuthRequest(ctx, in) + return srv.(AuthServiceServer).GetWebSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateGithubAuthRequest", + FullMethod: "/proto.AuthService/GetWebSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateGithubAuthRequest(ctx, req.(*types.GithubAuthRequest)) + return srv.(AuthServiceServer).GetWebSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetGithubAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetGithubAuthRequestRequest) +func _AuthService_DeleteWebSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.DeleteWebSessionRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetGithubAuthRequest(ctx, in) + return srv.(AuthServiceServer).DeleteWebSession(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetGithubAuthRequest", + FullMethod: "/proto.AuthService/DeleteWebSession", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetGithubAuthRequest(ctx, req.(*GetGithubAuthRequestRequest)) + return srv.(AuthServiceServer).DeleteWebSession(ctx, req.(*types.DeleteWebSessionRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSSODiagnosticInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetSSODiagnosticInfoRequest) +func _AuthService_DeleteAllWebSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSSODiagnosticInfo(ctx, in) + return srv.(AuthServiceServer).DeleteAllWebSessions(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSSODiagnosticInfo", + FullMethod: "/proto.AuthService/DeleteAllWebSessions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSSODiagnosticInfo(ctx, req.(*GetSSODiagnosticInfoRequest)) + return srv.(AuthServiceServer).DeleteAllWebSessions(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_GetWebToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.GetWebTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetTrustedCluster(ctx, in) + return srv.(AuthServiceServer).GetWebToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetTrustedCluster", + FullMethod: "/proto.AuthService/GetWebToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetTrustedCluster(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).GetWebToken(ctx, req.(*types.GetWebTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetTrustedClusters_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetWebTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetTrustedClusters(ctx, in) + return srv.(AuthServiceServer).GetWebTokens(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetTrustedClusters", + FullMethod: "/proto.AuthService/GetWebTokens", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetTrustedClusters(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetWebTokens(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.TrustedClusterV2) +func _AuthService_DeleteWebToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.DeleteWebTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertTrustedCluster(ctx, in) + return srv.(AuthServiceServer).DeleteWebToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertTrustedCluster", + FullMethod: "/proto.AuthService/DeleteWebToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertTrustedCluster(ctx, req.(*types.TrustedClusterV2)) + return srv.(AuthServiceServer).DeleteWebToken(ctx, req.(*types.DeleteWebTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_DeleteAllWebTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteTrustedCluster(ctx, in) + return srv.(AuthServiceServer).DeleteAllWebTokens(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteTrustedCluster", + FullMethod: "/proto.AuthService/DeleteAllWebTokens", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteTrustedCluster(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).DeleteAllWebTokens(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_UpdateRemoteCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.RemoteClusterV3) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetToken(ctx, in) + return srv.(AuthServiceServer).UpdateRemoteCluster(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetToken", + FullMethod: "/proto.AuthService/UpdateRemoteCluster", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetToken(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).UpdateRemoteCluster(ctx, req.(*types.RemoteClusterV3)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetKubeServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetKubeServicesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetTokens(ctx, in) + return srv.(AuthServiceServer).GetKubeServices(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetTokens", + FullMethod: "/proto.AuthService/GetKubeServices", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetTokens(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetKubeServices(ctx, req.(*GetKubeServicesRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ProvisionTokenV2) +func _AuthService_UpsertKubeService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertKubeServiceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertToken(ctx, in) + return srv.(AuthServiceServer).UpsertKubeService(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertToken", + FullMethod: "/proto.AuthService/UpsertKubeService", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertToken(ctx, req.(*types.ProvisionTokenV2)) + return srv.(AuthServiceServer).UpsertKubeService(ctx, req.(*UpsertKubeServiceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GenerateTokenRequest) +func _AuthService_UpsertKubeServiceV2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertKubeServiceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateToken(ctx, in) + return srv.(AuthServiceServer).UpsertKubeServiceV2(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GenerateToken", + FullMethod: "/proto.AuthService/UpsertKubeServiceV2", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateToken(ctx, req.(*GenerateTokenRequest)) + return srv.(AuthServiceServer).UpsertKubeServiceV2(ctx, req.(*UpsertKubeServiceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_DeleteKubeService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteKubeServiceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteToken(ctx, in) + return srv.(AuthServiceServer).DeleteKubeService(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteToken", + FullMethod: "/proto.AuthService/DeleteKubeService", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteToken(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).DeleteKubeService(ctx, req.(*DeleteKubeServiceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetClusterAuditConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_DeleteAllKubeServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllKubeServicesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetClusterAuditConfig(ctx, in) + return srv.(AuthServiceServer).DeleteAllKubeServices(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetClusterAuditConfig", + FullMethod: "/proto.AuthService/DeleteAllKubeServices", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetClusterAuditConfig(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).DeleteAllKubeServices(ctx, req.(*DeleteAllKubeServicesRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetDatabaseServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetDatabaseServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetClusterNetworkingConfig(ctx, in) + return srv.(AuthServiceServer).GetDatabaseServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetClusterNetworkingConfig", + FullMethod: "/proto.AuthService/GetDatabaseServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetClusterNetworkingConfig(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetDatabaseServers(ctx, req.(*GetDatabaseServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_SetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ClusterNetworkingConfigV2) +func _AuthService_UpsertDatabaseServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpsertDatabaseServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).SetClusterNetworkingConfig(ctx, in) + return srv.(AuthServiceServer).UpsertDatabaseServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/SetClusterNetworkingConfig", + FullMethod: "/proto.AuthService/UpsertDatabaseServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SetClusterNetworkingConfig(ctx, req.(*types.ClusterNetworkingConfigV2)) + return srv.(AuthServiceServer).UpsertDatabaseServer(ctx, req.(*UpsertDatabaseServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ResetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_DeleteDatabaseServer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteDatabaseServerRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ResetClusterNetworkingConfig(ctx, in) + return srv.(AuthServiceServer).DeleteDatabaseServer(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ResetClusterNetworkingConfig", + FullMethod: "/proto.AuthService/DeleteDatabaseServer", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ResetClusterNetworkingConfig(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).DeleteDatabaseServer(ctx, req.(*DeleteDatabaseServerRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_DeleteAllDatabaseServers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllDatabaseServersRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSessionRecordingConfig(ctx, in) + return srv.(AuthServiceServer).DeleteAllDatabaseServers(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSessionRecordingConfig", + FullMethod: "/proto.AuthService/DeleteAllDatabaseServers", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSessionRecordingConfig(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).DeleteAllDatabaseServers(ctx, req.(*DeleteAllDatabaseServersRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_SetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.SessionRecordingConfigV2) +func _AuthService_SignDatabaseCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DatabaseCSRRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).SetSessionRecordingConfig(ctx, in) + return srv.(AuthServiceServer).SignDatabaseCSR(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/SetSessionRecordingConfig", + FullMethod: "/proto.AuthService/SignDatabaseCSR", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SetSessionRecordingConfig(ctx, req.(*types.SessionRecordingConfigV2)) + return srv.(AuthServiceServer).SignDatabaseCSR(ctx, req.(*DatabaseCSRRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ResetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GenerateDatabaseCert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DatabaseCertRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ResetSessionRecordingConfig(ctx, in) + return srv.(AuthServiceServer).GenerateDatabaseCert(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ResetSessionRecordingConfig", + FullMethod: "/proto.AuthService/GenerateDatabaseCert", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ResetSessionRecordingConfig(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GenerateDatabaseCert(ctx, req.(*DatabaseCertRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GenerateSnowflakeJWT_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SnowflakeJWTRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAuthPreference(ctx, in) + return srv.(AuthServiceServer).GenerateSnowflakeJWT(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAuthPreference", + FullMethod: "/proto.AuthService/GenerateSnowflakeJWT", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAuthPreference(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GenerateSnowflakeJWT(ctx, req.(*SnowflakeJWTRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_SetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AuthPreferenceV2) +func _AuthService_GetRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetRoleRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).SetAuthPreference(ctx, in) + return srv.(AuthServiceServer).GetRole(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/SetAuthPreference", + FullMethod: "/proto.AuthService/GetRole", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SetAuthPreference(ctx, req.(*types.AuthPreferenceV2)) + return srv.(AuthServiceServer).GetRole(ctx, req.(*GetRoleRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ResetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ResetAuthPreference(ctx, in) + return srv.(AuthServiceServer).GetRoles(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ResetAuthPreference", + FullMethod: "/proto.AuthService/GetRoles", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ResetAuthPreference(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetRoles(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetEvents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetEventsRequest) +func _AuthService_UpsertRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.RoleV5) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetEvents(ctx, in) + return srv.(AuthServiceServer).UpsertRole(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetEvents", + FullMethod: "/proto.AuthService/UpsertRole", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetEvents(ctx, req.(*GetEventsRequest)) + return srv.(AuthServiceServer).UpsertRole(ctx, req.(*types.RoleV5)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetSessionEvents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetSessionEventsRequest) +func _AuthService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteRoleRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetSessionEvents(ctx, in) + return srv.(AuthServiceServer).DeleteRole(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetSessionEvents", + FullMethod: "/proto.AuthService/DeleteRole", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetSessionEvents(ctx, req.(*GetSessionEventsRequest)) + return srv.(AuthServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetLockRequest) +func _AuthService_AddMFADevice_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).AddMFADevice(&authServiceAddMFADeviceServer{stream}) +} + +type AuthService_AddMFADeviceServer interface { + Send(*AddMFADeviceResponse) error + Recv() (*AddMFADeviceRequest, error) + grpc.ServerStream +} + +type authServiceAddMFADeviceServer struct { + grpc.ServerStream +} + +func (x *authServiceAddMFADeviceServer) Send(m *AddMFADeviceResponse) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceAddMFADeviceServer) Recv() (*AddMFADeviceRequest, error) { + m := new(AddMFADeviceRequest) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func _AuthService_DeleteMFADevice_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(AuthServiceServer).DeleteMFADevice(&authServiceDeleteMFADeviceServer{stream}) +} + +type AuthService_DeleteMFADeviceServer interface { + Send(*DeleteMFADeviceResponse) error + Recv() (*DeleteMFADeviceRequest, error) + grpc.ServerStream +} + +type authServiceDeleteMFADeviceServer struct { + grpc.ServerStream +} + +func (x *authServiceDeleteMFADeviceServer) Send(m *DeleteMFADeviceResponse) error { + return x.ServerStream.SendMsg(m) +} + +func (x *authServiceDeleteMFADeviceServer) Recv() (*DeleteMFADeviceRequest, error) { + m := new(DeleteMFADeviceRequest) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +func _AuthService_AddMFADeviceSync_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AddMFADeviceSyncRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetLock(ctx, in) + return srv.(AuthServiceServer).AddMFADeviceSync(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetLock", + FullMethod: "/proto.AuthService/AddMFADeviceSync", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetLock(ctx, req.(*GetLockRequest)) + return srv.(AuthServiceServer).AddMFADeviceSync(ctx, req.(*AddMFADeviceSyncRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetLocks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetLocksRequest) +func _AuthService_DeleteMFADeviceSync_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteMFADeviceSyncRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetLocks(ctx, in) + return srv.(AuthServiceServer).DeleteMFADeviceSync(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetLocks", + FullMethod: "/proto.AuthService/DeleteMFADeviceSync", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetLocks(ctx, req.(*GetLocksRequest)) + return srv.(AuthServiceServer).DeleteMFADeviceSync(ctx, req.(*DeleteMFADeviceSyncRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.LockV2) +func _AuthService_GetMFADevices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetMFADevicesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertLock(ctx, in) + return srv.(AuthServiceServer).GetMFADevices(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertLock", + FullMethod: "/proto.AuthService/GetMFADevices", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertLock(ctx, req.(*types.LockV2)) + return srv.(AuthServiceServer).GetMFADevices(ctx, req.(*GetMFADevicesRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteLockRequest) +func _AuthService_CreateAuthenticateChallenge_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateAuthenticateChallengeRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteLock(ctx, in) + return srv.(AuthServiceServer).CreateAuthenticateChallenge(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteLock", + FullMethod: "/proto.AuthService/CreateAuthenticateChallenge", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteLock(ctx, req.(*DeleteLockRequest)) + return srv.(AuthServiceServer).CreateAuthenticateChallenge(ctx, req.(*CreateAuthenticateChallengeRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ReplaceRemoteLocks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ReplaceRemoteLocksRequest) +func _AuthService_CreateRegisterChallenge_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateRegisterChallengeRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ReplaceRemoteLocks(ctx, in) + return srv.(AuthServiceServer).CreateRegisterChallenge(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ReplaceRemoteLocks", + FullMethod: "/proto.AuthService/CreateRegisterChallenge", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ReplaceRemoteLocks(ctx, req.(*ReplaceRemoteLocksRequest)) + return srv.(AuthServiceServer).CreateRegisterChallenge(ctx, req.(*CreateRegisterChallengeRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_StreamSessionEvents_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(StreamSessionEventsRequest) - if err := stream.RecvMsg(m); err != nil { - return err +func _AuthService_GetOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceWithSecretsRequest) + if err := dec(in); err != nil { + return nil, err } - return srv.(AuthServiceServer).StreamSessionEvents(m, &authServiceStreamSessionEventsServer{stream}) -} - -type AuthService_StreamSessionEventsServer interface { - Send(*events.OneOf) error - grpc.ServerStream -} - -type authServiceStreamSessionEventsServer struct { - grpc.ServerStream + if interceptor == nil { + return srv.(AuthServiceServer).GetOIDCConnector(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetOIDCConnector", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetOIDCConnector(ctx, req.(*types.ResourceWithSecretsRequest)) + } + return interceptor(ctx, in, info, handler) } -func (x *authServiceStreamSessionEventsServer) Send(m *events.OneOf) error { - return x.ServerStream.SendMsg(m) +func _AuthService_GetOIDCConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourcesWithSecretsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetOIDCConnectors(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetOIDCConnectors", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetOIDCConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) + } + return interceptor(ctx, in, info, handler) } -func _AuthService_GetNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_UpsertOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.OIDCConnectorV3) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetNetworkRestrictions(ctx, in) + return srv.(AuthServiceServer).UpsertOIDCConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetNetworkRestrictions", + FullMethod: "/proto.AuthService/UpsertOIDCConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetNetworkRestrictions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).UpsertOIDCConnector(ctx, req.(*types.OIDCConnectorV3)) } return interceptor(ctx, in, info, handler) } -func _AuthService_SetNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.NetworkRestrictionsV4) +func _AuthService_DeleteOIDCConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).SetNetworkRestrictions(ctx, in) + return srv.(AuthServiceServer).DeleteOIDCConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/SetNetworkRestrictions", + FullMethod: "/proto.AuthService/DeleteOIDCConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).SetNetworkRestrictions(ctx, req.(*types.NetworkRestrictionsV4)) + return srv.(AuthServiceServer).DeleteOIDCConnector(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_CreateOIDCAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.OIDCAuthRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteNetworkRestrictions(ctx, in) + return srv.(AuthServiceServer).CreateOIDCAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteNetworkRestrictions", + FullMethod: "/proto.AuthService/CreateOIDCAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteNetworkRestrictions(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).CreateOIDCAuthRequest(ctx, req.(*types.OIDCAuthRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetApps_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetOIDCAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetOIDCAuthRequestRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetApps(ctx, in) + return srv.(AuthServiceServer).GetOIDCAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetApps", + FullMethod: "/proto.AuthService/GetOIDCAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetApps(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetOIDCAuthRequest(ctx, req.(*GetOIDCAuthRequestRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_GetSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceWithSecretsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetApp(ctx, in) + return srv.(AuthServiceServer).GetSAMLConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetApp", + FullMethod: "/proto.AuthService/GetSAMLConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetApp(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).GetSAMLConnector(ctx, req.(*types.ResourceWithSecretsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AppV3) +func _AuthService_GetSAMLConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourcesWithSecretsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateApp(ctx, in) + return srv.(AuthServiceServer).GetSAMLConnectors(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateApp", + FullMethod: "/proto.AuthService/GetSAMLConnectors", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateApp(ctx, req.(*types.AppV3)) + return srv.(AuthServiceServer).GetSAMLConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpdateApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.AppV3) +func _AuthService_UpsertSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SAMLConnectorV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpdateApp(ctx, in) + return srv.(AuthServiceServer).UpsertSAMLConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpdateApp", + FullMethod: "/proto.AuthService/UpsertSAMLConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateApp(ctx, req.(*types.AppV3)) + return srv.(AuthServiceServer).UpsertSAMLConnector(ctx, req.(*types.SAMLConnectorV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _AuthService_DeleteSAMLConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteApp(ctx, in) + return srv.(AuthServiceServer).DeleteSAMLConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteApp", + FullMethod: "/proto.AuthService/DeleteSAMLConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteApp(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).DeleteSAMLConnector(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllApps_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_CreateSAMLAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SAMLAuthRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllApps(ctx, in) + return srv.(AuthServiceServer).CreateSAMLAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllApps", + FullMethod: "/proto.AuthService/CreateSAMLAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllApps(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).CreateSAMLAuthRequest(ctx, req.(*types.SAMLAuthRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetDatabases_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetSAMLAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSAMLAuthRequestRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetDatabases(ctx, in) + return srv.(AuthServiceServer).GetSAMLAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetDatabases", + FullMethod: "/proto.AuthService/GetSAMLAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetDatabases(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetSAMLAuthRequest(ctx, req.(*GetSAMLAuthRequestRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.ResourceRequest) +func _AuthService_GetGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceWithSecretsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetDatabase(ctx, in) + return srv.(AuthServiceServer).GetGithubConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetDatabase", + FullMethod: "/proto.AuthService/GetGithubConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetDatabase(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).GetGithubConnector(ctx, req.(*types.ResourceWithSecretsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.DatabaseV3) +func _AuthService_GetGithubConnectors_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourcesWithSecretsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateDatabase(ctx, in) + return srv.(AuthServiceServer).GetGithubConnectors(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateDatabase", + FullMethod: "/proto.AuthService/GetGithubConnectors", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateDatabase(ctx, req.(*types.DatabaseV3)) + return srv.(AuthServiceServer).GetGithubConnectors(ctx, req.(*types.ResourcesWithSecretsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpdateDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.DatabaseV3) +func _AuthService_UpsertGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.GithubConnectorV3) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpdateDatabase(ctx, in) + return srv.(AuthServiceServer).UpsertGithubConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpdateDatabase", + FullMethod: "/proto.AuthService/UpsertGithubConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateDatabase(ctx, req.(*types.DatabaseV3)) + return srv.(AuthServiceServer).UpsertGithubConnector(ctx, req.(*types.GithubConnectorV3)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _AuthService_DeleteGithubConnector_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteDatabase(ctx, in) + return srv.(AuthServiceServer).DeleteGithubConnector(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteDatabase", + FullMethod: "/proto.AuthService/DeleteGithubConnector", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteDatabase(ctx, req.(*types.ResourceRequest)) + return srv.(AuthServiceServer).DeleteGithubConnector(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllDatabases_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_CreateGithubAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.GithubAuthRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllDatabases(ctx, in) + return srv.(AuthServiceServer).CreateGithubAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllDatabases", + FullMethod: "/proto.AuthService/CreateGithubAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllDatabases(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).CreateGithubAuthRequest(ctx, req.(*types.GithubAuthRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWindowsDesktopServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetGithubAuthRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetGithubAuthRequestRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWindowsDesktopServices(ctx, in) + return srv.(AuthServiceServer).GetGithubAuthRequest(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWindowsDesktopServices", + FullMethod: "/proto.AuthService/GetGithubAuthRequest", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWindowsDesktopServices(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetGithubAuthRequest(ctx, req.(*GetGithubAuthRequestRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetWindowsDesktopServiceRequest) +func _AuthService_GetSSODiagnosticInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSSODiagnosticInfoRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWindowsDesktopService(ctx, in) + return srv.(AuthServiceServer).GetSSODiagnosticInfo(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWindowsDesktopService", + FullMethod: "/proto.AuthService/GetSSODiagnosticInfo", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWindowsDesktopService(ctx, req.(*GetWindowsDesktopServiceRequest)) + return srv.(AuthServiceServer).GetSSODiagnosticInfo(ctx, req.(*GetSSODiagnosticInfoRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.WindowsDesktopServiceV3) +func _AuthService_GetTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertWindowsDesktopService(ctx, in) + return srv.(AuthServiceServer).GetTrustedCluster(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertWindowsDesktopService", + FullMethod: "/proto.AuthService/GetTrustedCluster", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertWindowsDesktopService(ctx, req.(*types.WindowsDesktopServiceV3)) + return srv.(AuthServiceServer).GetTrustedCluster(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteWindowsDesktopServiceRequest) +func _AuthService_GetTrustedClusters_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteWindowsDesktopService(ctx, in) + return srv.(AuthServiceServer).GetTrustedClusters(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteWindowsDesktopService", + FullMethod: "/proto.AuthService/GetTrustedClusters", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteWindowsDesktopService(ctx, req.(*DeleteWindowsDesktopServiceRequest)) + return srv.(AuthServiceServer).GetTrustedClusters(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllWindowsDesktopServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_UpsertTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.TrustedClusterV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllWindowsDesktopServices(ctx, in) + return srv.(AuthServiceServer).UpsertTrustedCluster(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllWindowsDesktopServices", + FullMethod: "/proto.AuthService/UpsertTrustedCluster", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllWindowsDesktopServices(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).UpsertTrustedCluster(ctx, req.(*types.TrustedClusterV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetWindowsDesktops_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.WindowsDesktopFilter) +func _AuthService_DeleteTrustedCluster_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetWindowsDesktops(ctx, in) + return srv.(AuthServiceServer).DeleteTrustedCluster(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetWindowsDesktops", + FullMethod: "/proto.AuthService/DeleteTrustedCluster", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetWindowsDesktops(ctx, req.(*types.WindowsDesktopFilter)) + return srv.(AuthServiceServer).DeleteTrustedCluster(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.WindowsDesktopV3) +func _AuthService_GetToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateWindowsDesktop(ctx, in) + return srv.(AuthServiceServer).GetToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateWindowsDesktop", + FullMethod: "/proto.AuthService/GetToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + return srv.(AuthServiceServer).GetToken(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpdateWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.WindowsDesktopV3) +func _AuthService_GetTokens_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpdateWindowsDesktop(ctx, in) + return srv.(AuthServiceServer).GetTokens(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpdateWindowsDesktop", + FullMethod: "/proto.AuthService/GetTokens", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpdateWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + return srv.(AuthServiceServer).GetTokens(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_UpsertWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(types.WindowsDesktopV3) +func _AuthService_UpsertToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ProvisionTokenV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).UpsertWindowsDesktop(ctx, in) + return srv.(AuthServiceServer).UpsertToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/UpsertWindowsDesktop", + FullMethod: "/proto.AuthService/UpsertToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).UpsertWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + return srv.(AuthServiceServer).UpsertToken(ctx, req.(*types.ProvisionTokenV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteWindowsDesktopRequest) +func _AuthService_CreateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ProvisionTokenV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteWindowsDesktop(ctx, in) + return srv.(AuthServiceServer).CreateToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteWindowsDesktop", + FullMethod: "/proto.AuthService/CreateToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteWindowsDesktop(ctx, req.(*DeleteWindowsDesktopRequest)) + return srv.(AuthServiceServer).CreateToken(ctx, req.(*types.ProvisionTokenV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_DeleteAllWindowsDesktops_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GenerateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GenerateTokenRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).DeleteAllWindowsDesktops(ctx, in) + return srv.(AuthServiceServer).GenerateToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/DeleteAllWindowsDesktops", + FullMethod: "/proto.AuthService/GenerateToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).DeleteAllWindowsDesktops(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GenerateToken(ctx, req.(*GenerateTokenRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateWindowsDesktopCert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(WindowsDesktopCertRequest) +func _AuthService_DeleteToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateWindowsDesktopCert(ctx, in) + return srv.(AuthServiceServer).DeleteToken(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GenerateWindowsDesktopCert", + FullMethod: "/proto.AuthService/DeleteToken", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateWindowsDesktopCert(ctx, req.(*WindowsDesktopCertRequest)) + return srv.(AuthServiceServer).DeleteToken(ctx, req.(*types.ResourceRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GenerateCertAuthorityCRL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CertAuthorityRequest) +func _AuthService_GetClusterAuditConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GenerateCertAuthorityCRL(ctx, in) + return srv.(AuthServiceServer).GetClusterAuditConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GenerateCertAuthorityCRL", + FullMethod: "/proto.AuthService/GetClusterAuditConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GenerateCertAuthorityCRL(ctx, req.(*CertAuthorityRequest)) + return srv.(AuthServiceServer).GetClusterAuditConfig(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ChangeUserAuthentication_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ChangeUserAuthenticationRequest) +func _AuthService_GetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ChangeUserAuthentication(ctx, in) + return srv.(AuthServiceServer).GetClusterNetworkingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ChangeUserAuthentication", + FullMethod: "/proto.AuthService/GetClusterNetworkingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ChangeUserAuthentication(ctx, req.(*ChangeUserAuthenticationRequest)) + return srv.(AuthServiceServer).GetClusterNetworkingConfig(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_StartAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StartAccountRecoveryRequest) +func _AuthService_SetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ClusterNetworkingConfigV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).StartAccountRecovery(ctx, in) + return srv.(AuthServiceServer).SetClusterNetworkingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/StartAccountRecovery", + FullMethod: "/proto.AuthService/SetClusterNetworkingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).StartAccountRecovery(ctx, req.(*StartAccountRecoveryRequest)) + return srv.(AuthServiceServer).SetClusterNetworkingConfig(ctx, req.(*types.ClusterNetworkingConfigV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_VerifyAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(VerifyAccountRecoveryRequest) +func _AuthService_ResetClusterNetworkingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).VerifyAccountRecovery(ctx, in) + return srv.(AuthServiceServer).ResetClusterNetworkingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/VerifyAccountRecovery", + FullMethod: "/proto.AuthService/ResetClusterNetworkingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).VerifyAccountRecovery(ctx, req.(*VerifyAccountRecoveryRequest)) + return srv.(AuthServiceServer).ResetClusterNetworkingConfig(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CompleteAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CompleteAccountRecoveryRequest) +func _AuthService_GetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CompleteAccountRecovery(ctx, in) + return srv.(AuthServiceServer).GetSessionRecordingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CompleteAccountRecovery", + FullMethod: "/proto.AuthService/GetSessionRecordingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CompleteAccountRecovery(ctx, req.(*CompleteAccountRecoveryRequest)) + return srv.(AuthServiceServer).GetSessionRecordingConfig(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreateAccountRecoveryCodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateAccountRecoveryCodesRequest) +func _AuthService_SetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.SessionRecordingConfigV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreateAccountRecoveryCodes(ctx, in) + return srv.(AuthServiceServer).SetSessionRecordingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreateAccountRecoveryCodes", + FullMethod: "/proto.AuthService/SetSessionRecordingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreateAccountRecoveryCodes(ctx, req.(*CreateAccountRecoveryCodesRequest)) + return srv.(AuthServiceServer).SetSessionRecordingConfig(ctx, req.(*types.SessionRecordingConfigV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAccountRecoveryToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetAccountRecoveryTokenRequest) +func _AuthService_ResetSessionRecordingConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAccountRecoveryToken(ctx, in) + return srv.(AuthServiceServer).ResetSessionRecordingConfig(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAccountRecoveryToken", + FullMethod: "/proto.AuthService/ResetSessionRecordingConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAccountRecoveryToken(ctx, req.(*GetAccountRecoveryTokenRequest)) + return srv.(AuthServiceServer).ResetSessionRecordingConfig(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetAccountRecoveryCodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetAccountRecoveryCodesRequest) +func _AuthService_GetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetAccountRecoveryCodes(ctx, in) + return srv.(AuthServiceServer).GetAuthPreference(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetAccountRecoveryCodes", + FullMethod: "/proto.AuthService/GetAuthPreference", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetAccountRecoveryCodes(ctx, req.(*GetAccountRecoveryCodesRequest)) + return srv.(AuthServiceServer).GetAuthPreference(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_CreatePrivilegeToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreatePrivilegeTokenRequest) +func _AuthService_SetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AuthPreferenceV2) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).CreatePrivilegeToken(ctx, in) + return srv.(AuthServiceServer).SetAuthPreference(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/CreatePrivilegeToken", + FullMethod: "/proto.AuthService/SetAuthPreference", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).CreatePrivilegeToken(ctx, req.(*CreatePrivilegeTokenRequest)) + return srv.(AuthServiceServer).SetAuthPreference(ctx, req.(*types.AuthPreferenceV2)) } return interceptor(ctx, in, info, handler) } -func _AuthService_ListResources_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListResourcesRequest) +func _AuthService_ResetAuthPreference_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).ListResources(ctx, in) + return srv.(AuthServiceServer).ResetAuthPreference(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/ListResources", + FullMethod: "/proto.AuthService/ResetAuthPreference", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).ListResources(ctx, req.(*ListResourcesRequest)) + return srv.(AuthServiceServer).ResetAuthPreference(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetDomainName_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetEvents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetEventsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetDomainName(ctx, in) + return srv.(AuthServiceServer).GetEvents(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetDomainName", + FullMethod: "/proto.AuthService/GetEvents", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetDomainName(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetEvents(ctx, req.(*GetEventsRequest)) } return interceptor(ctx, in, info, handler) } -func _AuthService_GetClusterCACert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) +func _AuthService_GetSessionEvents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetSessionEventsRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(AuthServiceServer).GetClusterCACert(ctx, in) + return srv.(AuthServiceServer).GetSessionEvents(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.AuthService/GetClusterCACert", + FullMethod: "/proto.AuthService/GetSessionEvents", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthServiceServer).GetClusterCACert(ctx, req.(*empty.Empty)) + return srv.(AuthServiceServer).GetSessionEvents(ctx, req.(*GetSessionEventsRequest)) } return interceptor(ctx, in, info, handler) } -var _AuthService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "proto.AuthService", - HandlerType: (*AuthServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "CreateSessionTracker", - Handler: _AuthService_CreateSessionTracker_Handler, - }, - { - MethodName: "GetSessionTracker", - Handler: _AuthService_GetSessionTracker_Handler, - }, - { - MethodName: "RemoveSessionTracker", - Handler: _AuthService_RemoveSessionTracker_Handler, +func _AuthService_GetLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetLockRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetLock(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetLock", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetLock(ctx, req.(*GetLockRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetLocks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetLocksRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetLocks(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetLocks", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetLocks(ctx, req.(*GetLocksRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpsertLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.LockV2) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpsertLock(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpsertLock", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpsertLock(ctx, req.(*types.LockV2)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteLock_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteLockRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteLock(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteLock", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteLock(ctx, req.(*DeleteLockRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_ReplaceRemoteLocks_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReplaceRemoteLocksRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).ReplaceRemoteLocks(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/ReplaceRemoteLocks", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).ReplaceRemoteLocks(ctx, req.(*ReplaceRemoteLocksRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_StreamSessionEvents_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(StreamSessionEventsRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(AuthServiceServer).StreamSessionEvents(m, &authServiceStreamSessionEventsServer{stream}) +} + +type AuthService_StreamSessionEventsServer interface { + Send(*events.OneOf) error + grpc.ServerStream +} + +type authServiceStreamSessionEventsServer struct { + grpc.ServerStream +} + +func (x *authServiceStreamSessionEventsServer) Send(m *events.OneOf) error { + return x.ServerStream.SendMsg(m) +} + +func _AuthService_GetNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetNetworkRestrictions(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetNetworkRestrictions", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetNetworkRestrictions(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_SetNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.NetworkRestrictionsV4) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).SetNetworkRestrictions(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/SetNetworkRestrictions", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).SetNetworkRestrictions(ctx, req.(*types.NetworkRestrictionsV4)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteNetworkRestrictions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteNetworkRestrictions(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteNetworkRestrictions", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteNetworkRestrictions(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetApps_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetApps(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetApps", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetApps(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetApp(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetApp", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetApp(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreateApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AppV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreateApp(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreateApp", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreateApp(ctx, req.(*types.AppV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpdateApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.AppV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpdateApp(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpdateApp", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpdateApp(ctx, req.(*types.AppV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteApp(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteApp", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteApp(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteAllApps_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteAllApps(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteAllApps", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteAllApps(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetDatabases_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetDatabases(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetDatabases", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetDatabases(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetDatabase(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetDatabase", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetDatabase(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreateDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.DatabaseV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreateDatabase(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreateDatabase", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreateDatabase(ctx, req.(*types.DatabaseV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpdateDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.DatabaseV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpdateDatabase(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpdateDatabase", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpdateDatabase(ctx, req.(*types.DatabaseV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteDatabase_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteDatabase(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteDatabase", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteDatabase(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteAllDatabases_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteAllDatabases(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteAllDatabases", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteAllDatabases(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetWindowsDesktopServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetWindowsDesktopServices(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetWindowsDesktopServices", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetWindowsDesktopServices(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetWindowsDesktopServiceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetWindowsDesktopService(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetWindowsDesktopService", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetWindowsDesktopService(ctx, req.(*GetWindowsDesktopServiceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpsertWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.WindowsDesktopServiceV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpsertWindowsDesktopService(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpsertWindowsDesktopService", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpsertWindowsDesktopService(ctx, req.(*types.WindowsDesktopServiceV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteWindowsDesktopService_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteWindowsDesktopServiceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteWindowsDesktopService(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteWindowsDesktopService", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteWindowsDesktopService(ctx, req.(*DeleteWindowsDesktopServiceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteAllWindowsDesktopServices_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteAllWindowsDesktopServices(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteAllWindowsDesktopServices", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteAllWindowsDesktopServices(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetWindowsDesktops_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.WindowsDesktopFilter) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetWindowsDesktops(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetWindowsDesktops", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetWindowsDesktops(ctx, req.(*types.WindowsDesktopFilter)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreateWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.WindowsDesktopV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreateWindowsDesktop(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreateWindowsDesktop", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreateWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpdateWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.WindowsDesktopV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpdateWindowsDesktop(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpdateWindowsDesktop", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpdateWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpsertWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.WindowsDesktopV3) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpsertWindowsDesktop(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpsertWindowsDesktop", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpsertWindowsDesktop(ctx, req.(*types.WindowsDesktopV3)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteWindowsDesktop_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteWindowsDesktopRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteWindowsDesktop(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteWindowsDesktop", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteWindowsDesktop(ctx, req.(*DeleteWindowsDesktopRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteAllWindowsDesktops_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteAllWindowsDesktops(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteAllWindowsDesktops", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteAllWindowsDesktops(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GenerateWindowsDesktopCert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WindowsDesktopCertRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GenerateWindowsDesktopCert(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GenerateWindowsDesktopCert", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GenerateWindowsDesktopCert(ctx, req.(*WindowsDesktopCertRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GenerateCertAuthorityCRL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CertAuthorityRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GenerateCertAuthorityCRL(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GenerateCertAuthorityCRL", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GenerateCertAuthorityCRL(ctx, req.(*CertAuthorityRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreateConnectionDiagnostic_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ConnectionDiagnosticV1) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreateConnectionDiagnostic(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreateConnectionDiagnostic", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreateConnectionDiagnostic(ctx, req.(*types.ConnectionDiagnosticV1)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UpdateConnectionDiagnostic_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ConnectionDiagnosticV1) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UpdateConnectionDiagnostic(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UpdateConnectionDiagnostic", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UpdateConnectionDiagnostic(ctx, req.(*types.ConnectionDiagnosticV1)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetConnectionDiagnostic_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetConnectionDiagnosticRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetConnectionDiagnostic(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetConnectionDiagnostic", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetConnectionDiagnostic(ctx, req.(*GetConnectionDiagnosticRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_AppendDiagnosticTrace_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AppendDiagnosticTraceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).AppendDiagnosticTrace(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/AppendDiagnosticTrace", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).AppendDiagnosticTrace(ctx, req.(*AppendDiagnosticTraceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_ChangeUserAuthentication_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ChangeUserAuthenticationRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).ChangeUserAuthentication(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/ChangeUserAuthentication", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).ChangeUserAuthentication(ctx, req.(*ChangeUserAuthenticationRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_StartAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StartAccountRecoveryRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).StartAccountRecovery(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/StartAccountRecovery", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).StartAccountRecovery(ctx, req.(*StartAccountRecoveryRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_VerifyAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(VerifyAccountRecoveryRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).VerifyAccountRecovery(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/VerifyAccountRecovery", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).VerifyAccountRecovery(ctx, req.(*VerifyAccountRecoveryRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CompleteAccountRecovery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CompleteAccountRecoveryRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CompleteAccountRecovery(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CompleteAccountRecovery", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CompleteAccountRecovery(ctx, req.(*CompleteAccountRecoveryRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreateAccountRecoveryCodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateAccountRecoveryCodesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreateAccountRecoveryCodes(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreateAccountRecoveryCodes", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreateAccountRecoveryCodes(ctx, req.(*CreateAccountRecoveryCodesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetAccountRecoveryToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAccountRecoveryTokenRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetAccountRecoveryToken(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetAccountRecoveryToken", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetAccountRecoveryToken(ctx, req.(*GetAccountRecoveryTokenRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetAccountRecoveryCodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAccountRecoveryCodesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetAccountRecoveryCodes(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetAccountRecoveryCodes", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetAccountRecoveryCodes(ctx, req.(*GetAccountRecoveryCodesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_CreatePrivilegeToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreatePrivilegeTokenRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).CreatePrivilegeToken(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/CreatePrivilegeToken", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).CreatePrivilegeToken(ctx, req.(*CreatePrivilegeTokenRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetInstaller_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetInstaller(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetInstaller", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetInstaller(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetInstallers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetInstallers(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetInstallers", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetInstallers(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_SetInstaller_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.InstallerV1) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).SetInstaller(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/SetInstaller", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).SetInstaller(ctx, req.(*types.InstallerV1)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteInstaller_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(types.ResourceRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteInstaller(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteInstaller", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteInstaller(ctx, req.(*types.ResourceRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_DeleteAllInstallers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).DeleteAllInstallers(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/DeleteAllInstallers", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).DeleteAllInstallers(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_ListResources_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListResourcesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).ListResources(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/ListResources", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).ListResources(ctx, req.(*ListResourcesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetDomainName_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetDomainName(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetDomainName", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetDomainName(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_GetClusterCACert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).GetClusterCACert(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/GetClusterCACert", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).GetClusterCACert(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _AuthService_UnstableAssertSystemRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UnstableSystemRoleAssertion) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthServiceServer).UnstableAssertSystemRole(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/proto.AuthService/UnstableAssertSystemRole", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthServiceServer).UnstableAssertSystemRole(ctx, req.(*UnstableSystemRoleAssertion)) + } + return interceptor(ctx, in, info, handler) +} + +var _AuthService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "proto.AuthService", + HandlerType: (*AuthServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "GetInventoryStatus", + Handler: _AuthService_GetInventoryStatus_Handler, + }, + { + MethodName: "PingInventory", + Handler: _AuthService_PingInventory_Handler, + }, + { + MethodName: "GetClusterAlerts", + Handler: _AuthService_GetClusterAlerts_Handler, + }, + { + MethodName: "UpsertClusterAlert", + Handler: _AuthService_UpsertClusterAlert_Handler, + }, + { + MethodName: "CreateSessionTracker", + Handler: _AuthService_CreateSessionTracker_Handler, + }, + { + MethodName: "GetSessionTracker", + Handler: _AuthService_GetSessionTracker_Handler, + }, + { + MethodName: "RemoveSessionTracker", + Handler: _AuthService_RemoveSessionTracker_Handler, }, { MethodName: "UpdateSessionTracker", @@ -19127,6 +20990,10 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ MethodName: "UpsertToken", Handler: _AuthService_UpsertToken_Handler, }, + { + MethodName: "CreateToken", + Handler: _AuthService_CreateToken_Handler, + }, { MethodName: "GenerateToken", Handler: _AuthService_GenerateToken_Handler, @@ -19315,6 +21182,22 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ MethodName: "GenerateCertAuthorityCRL", Handler: _AuthService_GenerateCertAuthorityCRL_Handler, }, + { + MethodName: "CreateConnectionDiagnostic", + Handler: _AuthService_CreateConnectionDiagnostic_Handler, + }, + { + MethodName: "UpdateConnectionDiagnostic", + Handler: _AuthService_UpdateConnectionDiagnostic_Handler, + }, + { + MethodName: "GetConnectionDiagnostic", + Handler: _AuthService_GetConnectionDiagnostic_Handler, + }, + { + MethodName: "AppendDiagnosticTrace", + Handler: _AuthService_AppendDiagnosticTrace_Handler, + }, { MethodName: "ChangeUserAuthentication", Handler: _AuthService_ChangeUserAuthentication_Handler, @@ -19347,6 +21230,26 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ MethodName: "CreatePrivilegeToken", Handler: _AuthService_CreatePrivilegeToken_Handler, }, + { + MethodName: "GetInstaller", + Handler: _AuthService_GetInstaller_Handler, + }, + { + MethodName: "GetInstallers", + Handler: _AuthService_GetInstallers_Handler, + }, + { + MethodName: "SetInstaller", + Handler: _AuthService_SetInstaller_Handler, + }, + { + MethodName: "DeleteInstaller", + Handler: _AuthService_DeleteInstaller_Handler, + }, + { + MethodName: "DeleteAllInstallers", + Handler: _AuthService_DeleteAllInstallers_Handler, + }, { MethodName: "ListResources", Handler: _AuthService_ListResources_Handler, @@ -19359,8 +21262,18 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ MethodName: "GetClusterCACert", Handler: _AuthService_GetClusterCACert_Handler, }, + { + MethodName: "UnstableAssertSystemRole", + Handler: _AuthService_UnstableAssertSystemRole_Handler, + }, }, Streams: []grpc.StreamDesc{ + { + StreamName: "InventoryControlStream", + Handler: _AuthService_InventoryControlStream_Handler, + ServerStreams: true, + ClientStreams: true, + }, { StreamName: "MaintainSessionPresence", Handler: _AuthService_MaintainSessionPresence_Handler, @@ -19398,6 +21311,11 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ Handler: _AuthService_GetBotUsers_Handler, ServerStreams: true, }, + { + StreamName: "GetCurrentUserRoles", + Handler: _AuthService_GetCurrentUserRoles_Handler, + ServerStreams: true, + }, { StreamName: "GetUsers", Handler: _AuthService_GetUsers_Handler, @@ -19427,7 +21345,7 @@ var _AuthService_serviceDesc = grpc.ServiceDesc{ ServerStreams: true, }, }, - Metadata: "authservice.proto", + Metadata: "teleport/legacy/client/proto/authservice.proto", } func (m *Event) Marshal() (dAtA []byte, err error) { @@ -20112,6 +22030,29 @@ func (m *Event_SnowflakeSession) MarshalToSizedBuffer(dAtA []byte) (int, error) } return len(dAtA) - i, nil } +func (m *Event_Installer) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Event_Installer) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Installer != nil { + { + size, err := m.Installer.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2 + i-- + dAtA[i] = 0x92 + } + return len(dAtA) - i, nil +} func (m *Watch) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -20254,6 +22195,22 @@ func (m *HostCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.UnstableSystemRoleAssertionID) > 0 { + i -= len(m.UnstableSystemRoleAssertionID) + copy(dAtA[i:], m.UnstableSystemRoleAssertionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UnstableSystemRoleAssertionID))) + i-- + dAtA[i] = 0x62 + } + if len(m.SystemRoles) > 0 { + for iNdEx := len(m.SystemRoles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SystemRoles[iNdEx]) + copy(dAtA[i:], m.SystemRoles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SystemRoles[iNdEx]))) + i-- + dAtA[i] = 0x5a + } + } if m.NoCache { i-- if m.NoCache { @@ -20363,6 +22320,34 @@ func (m *UserCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ConnectionDiagnosticID) > 0 { + i -= len(m.ConnectionDiagnosticID) + copy(dAtA[i:], m.ConnectionDiagnosticID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ConnectionDiagnosticID))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + } + if len(m.DropAccessRequests) > 0 { + for iNdEx := len(m.DropAccessRequests) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.DropAccessRequests[iNdEx]) + copy(dAtA[i:], m.DropAccessRequests[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DropAccessRequests[iNdEx]))) + i-- + dAtA[i] = 0x7a + } + } + if m.UseRoleRequests { + i-- + if m.UseRoleRequests { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x70 + } { size, err := m.RouteToWindowsDesktop.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -20444,12 +22429,12 @@ func (m *UserCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x22 } - n34, err34 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err34 != nil { - return 0, err34 + n35, err35 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err35 != nil { + return 0, err35 } - i -= n34 - i = encodeVarintAuthservice(dAtA, i, uint64(n34)) + i -= n35 + i = encodeVarintAuthservice(dAtA, i, uint64(n35)) i-- dAtA[i] = 0x1a if len(m.Username) > 0 { @@ -20469,7 +22454,468 @@ func (m *UserCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *RouteToDatabase) Marshal() (dAtA []byte, err error) { +func (m *RouteToDatabase) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteToDatabase) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteToDatabase) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Database) > 0 { + i -= len(m.Database) + copy(dAtA[i:], m.Database) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Database))) + i-- + dAtA[i] = 0x22 + } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + i-- + dAtA[i] = 0x1a + } + if len(m.Protocol) > 0 { + i -= len(m.Protocol) + copy(dAtA[i:], m.Protocol) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Protocol))) + i-- + dAtA[i] = 0x12 + } + if len(m.ServiceName) > 0 { + i -= len(m.ServiceName) + copy(dAtA[i:], m.ServiceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServiceName))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RouteToWindowsDesktop) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteToWindowsDesktop) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteToWindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Login) > 0 { + i -= len(m.Login) + copy(dAtA[i:], m.Login) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) + i-- + dAtA[i] = 0x12 + } + if len(m.WindowsDesktop) > 0 { + i -= len(m.WindowsDesktop) + copy(dAtA[i:], m.WindowsDesktop) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.WindowsDesktop))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RouteToApp) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteToApp) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteToApp) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.AWSRoleARN) > 0 { + i -= len(m.AWSRoleARN) + copy(dAtA[i:], m.AWSRoleARN) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AWSRoleARN))) + i-- + dAtA[i] = 0x2a + } + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0x22 + } + if len(m.PublicAddr) > 0 { + i -= len(m.PublicAddr) + copy(dAtA[i:], m.PublicAddr) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicAddr))) + i-- + dAtA[i] = 0x1a + } + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + i-- + dAtA[i] = 0x12 + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *GetUserRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetUserRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.WithSecrets { + i-- + if m.WithSecrets { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *GetUsersRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetUsersRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.WithSecrets { + i-- + if m.WithSecrets { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *AccessRequests) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AccessRequests) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AccessRequests) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.AccessRequests) > 0 { + for iNdEx := len(m.AccessRequests) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.AccessRequests[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *PluginDataSeq) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginDataSeq) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginDataSeq) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.PluginData) > 0 { + for iNdEx := len(m.PluginData) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.PluginData[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *RequestStateSetter) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RequestStateSetter) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RequestStateSetter) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Roles) > 0 { + for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Roles[iNdEx]) + copy(dAtA[i:], m.Roles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) + i-- + dAtA[i] = 0x32 + } + } + { + size := m.Annotations.Size() + i -= size + if _, err := m.Annotations.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + if len(m.Reason) > 0 { + i -= len(m.Reason) + copy(dAtA[i:], m.Reason) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Reason))) + i-- + dAtA[i] = 0x22 + } + if len(m.Delegator) > 0 { + i -= len(m.Delegator) + copy(dAtA[i:], m.Delegator) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Delegator))) + i-- + dAtA[i] = 0x1a + } + if m.State != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.State)) + i-- + dAtA[i] = 0x10 + } + if len(m.ID) > 0 { + i -= len(m.ID) + copy(dAtA[i:], m.ID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RequestID) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RequestID) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RequestID) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.ID) > 0 { + i -= len(m.ID) + copy(dAtA[i:], m.ID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RotateUserTokenSecretsRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RotateUserTokenSecretsRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RotateUserTokenSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *GetResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20479,12 +22925,12 @@ func (m *RouteToDatabase) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RouteToDatabase) MarshalTo(dAtA []byte) (int, error) { +func (m *GetResetPasswordTokenRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RouteToDatabase) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20493,38 +22939,63 @@ func (m *RouteToDatabase) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Database) > 0 { - i -= len(m.Database) - copy(dAtA[i:], m.Database) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Database))) + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) i-- - dAtA[i] = 0x22 + dAtA[i] = 0xa } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + return len(dAtA) - i, nil +} + +func (m *CreateResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CreateResetPasswordTokenRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CreateResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.TTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) i-- - dAtA[i] = 0x1a + dAtA[i] = 0x18 } - if len(m.Protocol) > 0 { - i -= len(m.Protocol) - copy(dAtA[i:], m.Protocol) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Protocol))) + if len(m.Type) > 0 { + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) i-- dAtA[i] = 0x12 } - if len(m.ServiceName) > 0 { - i -= len(m.ServiceName) - copy(dAtA[i:], m.ServiceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServiceName))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RouteToWindowsDesktop) Marshal() (dAtA []byte, err error) { +func (m *RenewableCertsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20534,12 +23005,12 @@ func (m *RouteToWindowsDesktop) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RouteToWindowsDesktop) MarshalTo(dAtA []byte) (int, error) { +func (m *RenewableCertsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RouteToWindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RenewableCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20548,24 +23019,24 @@ func (m *RouteToWindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Login) > 0 { - i -= len(m.Login) - copy(dAtA[i:], m.Login) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) + if len(m.PublicKey) > 0 { + i -= len(m.PublicKey) + copy(dAtA[i:], m.PublicKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicKey))) i-- dAtA[i] = 0x12 } - if len(m.WindowsDesktop) > 0 { - i -= len(m.WindowsDesktop) - copy(dAtA[i:], m.WindowsDesktop) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.WindowsDesktop))) + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RouteToApp) Marshal() (dAtA []byte, err error) { +func (m *CreateBotRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20575,12 +23046,12 @@ func (m *RouteToApp) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RouteToApp) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateBotRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RouteToApp) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20589,33 +23060,36 @@ func (m *RouteToApp) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.AWSRoleARN) > 0 { - i -= len(m.AWSRoleARN) - copy(dAtA[i:], m.AWSRoleARN) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AWSRoleARN))) - i-- - dAtA[i] = 0x2a + { + size := m.Traits.Size() + i -= size + if _, err := m.Traits.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) - i-- - dAtA[i] = 0x22 + i-- + dAtA[i] = 0x2a + if len(m.Roles) > 0 { + for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Roles[iNdEx]) + copy(dAtA[i:], m.Roles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) + i-- + dAtA[i] = 0x22 + } } - if len(m.PublicAddr) > 0 { - i -= len(m.PublicAddr) - copy(dAtA[i:], m.PublicAddr) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicAddr))) + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) i-- dAtA[i] = 0x1a } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if m.TTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) i-- - dAtA[i] = 0x12 + dAtA[i] = 0x10 } if len(m.Name) > 0 { i -= len(m.Name) @@ -20627,7 +23101,7 @@ func (m *RouteToApp) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *GetUserRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateBotResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20637,12 +23111,12 @@ func (m *GetUserRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetUserRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateBotResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateBotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20651,15 +23125,65 @@ func (m *GetUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.WithSecrets { + if len(m.JoinMethod) > 0 { + i -= len(m.JoinMethod) + copy(dAtA[i:], m.JoinMethod) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.JoinMethod))) i-- - if m.WithSecrets { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } + dAtA[i] = 0x2a + } + if m.TokenTTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TokenTTL)) i-- - dAtA[i] = 0x10 + dAtA[i] = 0x20 + } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + i-- + dAtA[i] = 0x1a + } + if len(m.RoleName) > 0 { + i -= len(m.RoleName) + copy(dAtA[i:], m.RoleName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RoleName))) + i-- + dAtA[i] = 0x12 + } + if len(m.UserName) > 0 { + i -= len(m.UserName) + copy(dAtA[i:], m.UserName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UserName))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *DeleteBotRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DeleteBotRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *DeleteBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if len(m.Name) > 0 { i -= len(m.Name) @@ -20671,7 +23195,7 @@ func (m *GetUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *GetUsersRequest) Marshal() (dAtA []byte, err error) { +func (m *GetBotUsersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20681,12 +23205,12 @@ func (m *GetUsersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetUsersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetBotUsersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetBotUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20695,20 +23219,10 @@ func (m *GetUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.WithSecrets { - i-- - if m.WithSecrets { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x8 - } return len(dAtA) - i, nil } -func (m *AccessRequests) Marshal() (dAtA []byte, err error) { +func (m *PingRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20718,12 +23232,12 @@ func (m *AccessRequests) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AccessRequests) MarshalTo(dAtA []byte) (int, error) { +func (m *PingRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AccessRequests) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PingRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20732,24 +23246,10 @@ func (m *AccessRequests) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.AccessRequests) > 0 { - for iNdEx := len(m.AccessRequests) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.AccessRequests[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } return len(dAtA) - i, nil } -func (m *PluginDataSeq) Marshal() (dAtA []byte, err error) { +func (m *PingResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20759,12 +23259,12 @@ func (m *PluginDataSeq) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PluginDataSeq) MarshalTo(dAtA []byte) (int, error) { +func (m *PingResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PluginDataSeq) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PingResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20773,24 +23273,60 @@ func (m *PluginDataSeq) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.PluginData) > 0 { - for iNdEx := len(m.PluginData) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.PluginData[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if len(m.RemoteAddr) > 0 { + i -= len(m.RemoteAddr) + copy(dAtA[i:], m.RemoteAddr) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RemoteAddr))) + i-- + dAtA[i] = 0x3a + } + if m.IsBoring { + i-- + if m.IsBoring { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } + if len(m.ProxyPublicAddr) > 0 { + i -= len(m.ProxyPublicAddr) + copy(dAtA[i:], m.ProxyPublicAddr) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ProxyPublicAddr))) + i-- + dAtA[i] = 0x22 + } + if m.ServerFeatures != nil { + { + size, err := m.ServerFeatures.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } - i-- - dAtA[i] = 0xa + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0x1a + } + if len(m.ServerVersion) > 0 { + i -= len(m.ServerVersion) + copy(dAtA[i:], m.ServerVersion) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerVersion))) + i-- + dAtA[i] = 0x12 + } + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RequestStateSetter) Marshal() (dAtA []byte, err error) { +func (m *Features) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20800,12 +23336,12 @@ func (m *RequestStateSetter) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RequestStateSetter) MarshalTo(dAtA []byte) (int, error) { +func (m *Features) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RequestStateSetter) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *Features) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20814,55 +23350,140 @@ func (m *RequestStateSetter) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Roles) > 0 { - for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Roles[iNdEx]) - copy(dAtA[i:], m.Roles[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) - i-- - dAtA[i] = 0x32 + if m.ResourceAccessRequests { + i-- + if m.ResourceAccessRequests { + dAtA[i] = 1 + } else { + dAtA[i] = 0 } + i-- + dAtA[i] = 0x68 } - { - size := m.Annotations.Size() - i -= size - if _, err := m.Annotations.MarshalTo(dAtA[i:]); err != nil { - return 0, err + if m.MachineID { + i-- + if m.MachineID { + dAtA[i] = 1 + } else { + dAtA[i] = 0 } - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x60 } - i-- - dAtA[i] = 0x2a - if len(m.Reason) > 0 { - i -= len(m.Reason) - copy(dAtA[i:], m.Reason) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Reason))) + if m.ModeratedSessions { i-- - dAtA[i] = 0x22 + if m.ModeratedSessions { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x58 } - if len(m.Delegator) > 0 { - i -= len(m.Delegator) - copy(dAtA[i:], m.Delegator) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Delegator))) + if m.Desktop { i-- - dAtA[i] = 0x1a + if m.Desktop { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x50 } - if m.State != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.State)) + if m.HSM { + i-- + if m.HSM { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } + if m.Cloud { + i-- + if m.Cloud { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x40 + } + if m.AdvancedAccessWorkflows { + i-- + if m.AdvancedAccessWorkflows { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + } + if m.AccessControls { + i-- + if m.AccessControls { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 + } + if m.SAML { + i-- + if m.SAML { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } + if m.OIDC { + i-- + if m.OIDC { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + } + if m.DB { + i-- + if m.DB { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } + if m.App { + i-- + if m.App { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } i-- dAtA[i] = 0x10 } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) + if m.Kubernetes { i-- - dAtA[i] = 0xa + if m.Kubernetes { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *RequestID) Marshal() (dAtA []byte, err error) { +func (m *DeleteUserRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20872,12 +23493,12 @@ func (m *RequestID) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RequestID) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteUserRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RequestID) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20886,17 +23507,58 @@ func (m *RequestID) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RotateUserTokenSecretsRequest) Marshal() (dAtA []byte, err error) { +func (m *Semaphores) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Semaphores) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Semaphores) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Semaphores) > 0 { + for iNdEx := len(m.Semaphores) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Semaphores[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *AuditStreamRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20906,12 +23568,12 @@ func (m *RotateUserTokenSecretsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RotateUserTokenSecretsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *AuditStreamRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RotateUserTokenSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuditStreamRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20920,17 +23582,124 @@ func (m *RotateUserTokenSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + if m.Request != nil { + { + size := m.Request.Size() + i -= size + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + return len(dAtA) - i, nil +} + +func (m *AuditStreamRequest_CreateStream) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuditStreamRequest_CreateStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.CreateStream != nil { + { + size, err := m.CreateStream.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } +func (m *AuditStreamRequest_ResumeStream) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} -func (m *GetResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { +func (m *AuditStreamRequest_ResumeStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.ResumeStream != nil { + { + size, err := m.ResumeStream.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *AuditStreamRequest_CompleteStream) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuditStreamRequest_CompleteStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.CompleteStream != nil { + { + size, err := m.CompleteStream.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + return len(dAtA) - i, nil +} +func (m *AuditStreamRequest_FlushAndCloseStream) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuditStreamRequest_FlushAndCloseStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.FlushAndCloseStream != nil { + { + size, err := m.FlushAndCloseStream.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + return len(dAtA) - i, nil +} +func (m *AuditStreamRequest_Event) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuditStreamRequest_Event) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Event != nil { + { + size, err := m.Event.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } + return len(dAtA) - i, nil +} +func (m *AuditStreamStatus) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20940,12 +23709,12 @@ func (m *GetResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetResetPasswordTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *AuditStreamStatus) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuditStreamStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20954,17 +23723,17 @@ func (m *GetResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + if len(m.UploadID) > 0 { + i -= len(m.UploadID) + copy(dAtA[i:], m.UploadID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UploadID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *CreateResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateStream) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -20974,12 +23743,12 @@ func (m *CreateResetPasswordTokenRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateResetPasswordTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateStream) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -20988,29 +23757,17 @@ func (m *CreateResetPasswordTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.TTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) - i-- - dAtA[i] = 0x18 - } - if len(m.Type) > 0 { - i -= len(m.Type) - copy(dAtA[i:], m.Type) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) - i-- - dAtA[i] = 0x12 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RenewableCertsRequest) Marshal() (dAtA []byte, err error) { +func (m *ResumeStream) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21020,12 +23777,12 @@ func (m *RenewableCertsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RenewableCertsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *ResumeStream) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RenewableCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ResumeStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21034,24 +23791,24 @@ func (m *RenewableCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.PublicKey) > 0 { - i -= len(m.PublicKey) - copy(dAtA[i:], m.PublicKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicKey))) + if len(m.UploadID) > 0 { + i -= len(m.UploadID) + copy(dAtA[i:], m.UploadID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UploadID))) i-- dAtA[i] = 0x12 } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *CreateBotRequest) Marshal() (dAtA []byte, err error) { +func (m *CompleteStream) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21061,12 +23818,12 @@ func (m *CreateBotRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateBotRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CompleteStream) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CompleteStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21075,38 +23832,10 @@ func (m *CreateBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Roles) > 0 { - for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Roles[iNdEx]) - copy(dAtA[i:], m.Roles[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) - i-- - dAtA[i] = 0x22 - } - } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) - i-- - dAtA[i] = 0x1a - } - if m.TTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) - i-- - dAtA[i] = 0x10 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *CreateBotResponse) Marshal() (dAtA []byte, err error) { +func (m *FlushAndCloseStream) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21116,12 +23845,12 @@ func (m *CreateBotResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateBotResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *FlushAndCloseStream) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateBotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *FlushAndCloseStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21130,43 +23859,10 @@ func (m *CreateBotResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.JoinMethod) > 0 { - i -= len(m.JoinMethod) - copy(dAtA[i:], m.JoinMethod) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.JoinMethod))) - i-- - dAtA[i] = 0x2a - } - if m.TokenTTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TokenTTL)) - i-- - dAtA[i] = 0x20 - } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) - i-- - dAtA[i] = 0x1a - } - if len(m.RoleName) > 0 { - i -= len(m.RoleName) - copy(dAtA[i:], m.RoleName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RoleName))) - i-- - dAtA[i] = 0x12 - } - if len(m.UserName) > 0 { - i -= len(m.UserName) - copy(dAtA[i:], m.UserName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UserName))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *DeleteBotRequest) Marshal() (dAtA []byte, err error) { +func (m *GetApplicationServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21176,12 +23872,12 @@ func (m *DeleteBotRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteBotRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetApplicationServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21190,17 +23886,17 @@ func (m *DeleteBotRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetBotUsersRequest) Marshal() (dAtA []byte, err error) { +func (m *GetApplicationServersResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21210,12 +23906,12 @@ func (m *GetBotUsersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetBotUsersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetApplicationServersResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetBotUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetApplicationServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21224,10 +23920,24 @@ func (m *GetBotUsersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.Servers) > 0 { + for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } return len(dAtA) - i, nil } -func (m *PingRequest) Marshal() (dAtA []byte, err error) { +func (m *UpsertApplicationServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21237,12 +23947,12 @@ func (m *PingRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PingRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpsertApplicationServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PingRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpsertApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21251,10 +23961,22 @@ func (m *PingRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Server != nil { + { + size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *PingResponse) Marshal() (dAtA []byte, err error) { +func (m *DeleteApplicationServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21264,12 +23986,12 @@ func (m *PingResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PingResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteApplicationServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PingResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21278,53 +24000,31 @@ func (m *PingResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.IsBoring { - i-- - if m.IsBoring { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if len(m.ProxyPublicAddr) > 0 { - i -= len(m.ProxyPublicAddr) - copy(dAtA[i:], m.ProxyPublicAddr) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ProxyPublicAddr))) - i-- - dAtA[i] = 0x22 - } - if m.ServerFeatures != nil { - { - size, err := m.ServerFeatures.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0x1a } - if len(m.ServerVersion) > 0 { - i -= len(m.ServerVersion) - copy(dAtA[i:], m.ServerVersion) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerVersion))) + if len(m.HostID) > 0 { + i -= len(m.HostID) + copy(dAtA[i:], m.HostID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) i-- dAtA[i] = 0x12 } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *Features) Marshal() (dAtA []byte, err error) { +func (m *DeleteAllApplicationServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21334,12 +24034,12 @@ func (m *Features) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *Features) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAllApplicationServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Features) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAllApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21348,120 +24048,17 @@ func (m *Features) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.ModeratedSessions { - i-- - if m.ModeratedSessions { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x58 - } - if m.Desktop { - i-- - if m.Desktop { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x50 - } - if m.HSM { - i-- - if m.HSM { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - if m.Cloud { - i-- - if m.Cloud { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x40 - } - if m.AdvancedAccessWorkflows { - i-- - if m.AdvancedAccessWorkflows { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } - if m.AccessControls { - i-- - if m.AccessControls { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x30 - } - if m.SAML { - i-- - if m.SAML { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } - if m.OIDC { - i-- - if m.OIDC { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - } - if m.DB { - i-- - if m.DB { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } - if m.App { - i-- - if m.App { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - } - if m.Kubernetes { - i-- - if m.Kubernetes { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- - dAtA[i] = 0x8 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteUserRequest) Marshal() (dAtA []byte, err error) { +func (m *GetAppServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21471,12 +24068,12 @@ func (m *DeleteUserRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteUserRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAppServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21485,17 +24082,27 @@ func (m *DeleteUserRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if m.SkipValidation { + i-- + if m.SkipValidation { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *Semaphores) Marshal() (dAtA []byte, err error) { +func (m *GetAppServersResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21505,12 +24112,12 @@ func (m *Semaphores) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *Semaphores) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAppServersResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Semaphores) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAppServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21518,11 +24125,11 @@ func (m *Semaphores) MarshalToSizedBuffer(dAtA []byte) (int, error) { if m.XXX_unrecognized != nil { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Semaphores) > 0 { - for iNdEx := len(m.Semaphores) - 1; iNdEx >= 0; iNdEx-- { + } + if len(m.Servers) > 0 { + for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { { - size, err := m.Semaphores[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -21536,7 +24143,7 @@ func (m *Semaphores) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AuditStreamRequest) Marshal() (dAtA []byte, err error) { +func (m *UpsertAppServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21546,12 +24153,12 @@ func (m *AuditStreamRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuditStreamRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpsertAppServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuditStreamRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpsertAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21560,28 +24167,9 @@ func (m *AuditStreamRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { - { - size := m.Request.Size() - i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } - } - return len(dAtA) - i, nil -} - -func (m *AuditStreamRequest_CreateStream) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AuditStreamRequest_CreateStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.CreateStream != nil { + if m.Server != nil { { - size, err := m.CreateStream.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -21593,91 +24181,49 @@ func (m *AuditStreamRequest_CreateStream) MarshalToSizedBuffer(dAtA []byte) (int } return len(dAtA) - i, nil } -func (m *AuditStreamRequest_ResumeStream) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} -func (m *AuditStreamRequest_ResumeStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.ResumeStream != nil { - { - size, err := m.ResumeStream.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - return len(dAtA) - i, nil -} -func (m *AuditStreamRequest_CompleteStream) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAppServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AuditStreamRequest_CompleteStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.CompleteStream != nil { - { - size, err := m.CompleteStream.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return len(dAtA) - i, nil + return dAtA[:n], nil } -func (m *AuditStreamRequest_FlushAndCloseStream) MarshalTo(dAtA []byte) (int, error) { + +func (m *DeleteAppServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuditStreamRequest_FlushAndCloseStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.FlushAndCloseStream != nil { - { - size, err := m.FlushAndCloseStream.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- - dAtA[i] = 0x22 + dAtA[i] = 0x12 } - return len(dAtA) - i, nil -} -func (m *AuditStreamRequest_Event) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AuditStreamRequest_Event) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Event != nil { - { - size, err := m.Event.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- - dAtA[i] = 0x2a + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *AuditStreamStatus) Marshal() (dAtA []byte, err error) { + +func (m *DeleteAllAppServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21687,12 +24233,12 @@ func (m *AuditStreamStatus) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuditStreamStatus) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAllAppServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuditStreamStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAllAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21701,17 +24247,17 @@ func (m *AuditStreamStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.UploadID) > 0 { - i -= len(m.UploadID) - copy(dAtA[i:], m.UploadID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UploadID))) + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *CreateStream) Marshal() (dAtA []byte, err error) { +func (m *GenerateAppTokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21721,12 +24267,12 @@ func (m *CreateStream) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateStream) MarshalTo(dAtA []byte) (int, error) { +func (m *GenerateAppTokenRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GenerateAppTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21735,17 +24281,41 @@ func (m *CreateStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + n46, err46 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err46 != nil { + return 0, err46 + } + i -= n46 + i = encodeVarintAuthservice(dAtA, i, uint64(n46)) + i-- + dAtA[i] = 0x22 + if len(m.URI) > 0 { + i -= len(m.URI) + copy(dAtA[i:], m.URI) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.URI))) + i-- + dAtA[i] = 0x1a + } + if len(m.Roles) > 0 { + for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Roles[iNdEx]) + copy(dAtA[i:], m.Roles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) + i-- + dAtA[i] = 0x12 + } + } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *ResumeStream) Marshal() (dAtA []byte, err error) { +func (m *GenerateAppTokenResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21755,12 +24325,12 @@ func (m *ResumeStream) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ResumeStream) MarshalTo(dAtA []byte) (int, error) { +func (m *GenerateAppTokenResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ResumeStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GenerateAppTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21769,24 +24339,17 @@ func (m *ResumeStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.UploadID) > 0 { - i -= len(m.UploadID) - copy(dAtA[i:], m.UploadID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UploadID))) - i-- - dAtA[i] = 0x12 - } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *CompleteStream) Marshal() (dAtA []byte, err error) { +func (m *GetAppSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21796,12 +24359,12 @@ func (m *CompleteStream) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CompleteStream) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CompleteStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21810,10 +24373,17 @@ func (m *CompleteStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *FlushAndCloseStream) Marshal() (dAtA []byte, err error) { +func (m *GetAppSessionResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21823,12 +24393,12 @@ func (m *FlushAndCloseStream) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *FlushAndCloseStream) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAppSessionResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *FlushAndCloseStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21837,10 +24407,22 @@ func (m *FlushAndCloseStream) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Session != nil { + { + size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetApplicationServersRequest) Marshal() (dAtA []byte, err error) { +func (m *GetAppSessionsResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21850,12 +24432,12 @@ func (m *GetApplicationServersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetApplicationServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAppSessionsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAppSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21864,17 +24446,24 @@ func (m *GetApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0xa + if len(m.Sessions) > 0 { + for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *GetApplicationServersResponse) Marshal() (dAtA []byte, err error) { +func (m *GetSnowflakeSessionsResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21884,12 +24473,12 @@ func (m *GetApplicationServersResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetApplicationServersResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetApplicationServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21898,10 +24487,10 @@ func (m *GetApplicationServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Servers) > 0 { - for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { + if len(m.Sessions) > 0 { + for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { { - size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -21915,7 +24504,7 @@ func (m *GetApplicationServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, return len(dAtA) - i, nil } -func (m *UpsertApplicationServerRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateAppSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21925,12 +24514,12 @@ func (m *UpsertApplicationServerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UpsertApplicationServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpsertApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21939,22 +24528,38 @@ func (m *UpsertApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Server != nil { - { - size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.AWSRoleARN) > 0 { + i -= len(m.AWSRoleARN) + copy(dAtA[i:], m.AWSRoleARN) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AWSRoleARN))) + i-- + dAtA[i] = 0x2a + } + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0x22 + } + if len(m.PublicAddr) > 0 { + i -= len(m.PublicAddr) + copy(dAtA[i:], m.PublicAddr) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicAddr))) + i-- + dAtA[i] = 0x1a + } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteApplicationServerRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateAppSessionResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -21964,12 +24569,12 @@ func (m *DeleteApplicationServerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteApplicationServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAppSessionResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -21978,31 +24583,22 @@ func (m *DeleteApplicationServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x1a - } - if len(m.HostID) > 0 { - i -= len(m.HostID) - copy(dAtA[i:], m.HostID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if m.Session != nil { + { + size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteAllApplicationServersRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22012,12 +24608,12 @@ func (m *DeleteAllApplicationServersRequest) Marshal() (dAtA []byte, err error) return dAtA[:n], nil } -func (m *DeleteAllApplicationServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAllApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22026,17 +24622,29 @@ func (m *DeleteAllApplicationServersRequest) MarshalToSizedBuffer(dAtA []byte) ( i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if m.TokenTTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TokenTTL)) + i-- + dAtA[i] = 0x18 + } + if len(m.SessionToken) > 0 { + i -= len(m.SessionToken) + copy(dAtA[i:], m.SessionToken) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionToken))) + i-- + dAtA[i] = 0x12 + } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetAppServersRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22046,12 +24654,12 @@ func (m *GetAppServersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAppServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateSnowflakeSessionResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22060,27 +24668,22 @@ func (m *GetAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.SkipValidation { - i-- - if m.SkipValidation { - dAtA[i] = 1 - } else { - dAtA[i] = 0 + if m.Session != nil { + { + size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x10 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) - i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetAppServersResponse) Marshal() (dAtA []byte, err error) { +func (m *GetSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22090,12 +24693,12 @@ func (m *GetAppServersResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAppServersResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAppServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22104,24 +24707,17 @@ func (m *GetAppServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Servers) > 0 { - for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UpsertAppServerRequest) Marshal() (dAtA []byte, err error) { +func (m *GetSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22131,12 +24727,12 @@ func (m *UpsertAppServerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UpsertAppServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpsertAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22145,9 +24741,9 @@ func (m *UpsertAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Server != nil { + if m.Session != nil { { - size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -22160,7 +24756,7 @@ func (m *UpsertAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *DeleteAppServerRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteAppSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22170,12 +24766,12 @@ func (m *DeleteAppServerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteAppServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22184,24 +24780,17 @@ func (m *DeleteAppServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x12 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteAllAppServersRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22211,12 +24800,12 @@ func (m *DeleteAllAppServersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteAllAppServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAllAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22225,17 +24814,17 @@ func (m *DeleteAllAppServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GenerateAppTokenRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteUserAppSessionsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22245,12 +24834,12 @@ func (m *GenerateAppTokenRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GenerateAppTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteUserAppSessionsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GenerateAppTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteUserAppSessionsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22259,30 +24848,6 @@ func (m *GenerateAppTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n44, err44 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err44 != nil { - return 0, err44 - } - i -= n44 - i = encodeVarintAuthservice(dAtA, i, uint64(n44)) - i-- - dAtA[i] = 0x22 - if len(m.URI) > 0 { - i -= len(m.URI) - copy(dAtA[i:], m.URI) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.URI))) - i-- - dAtA[i] = 0x1a - } - if len(m.Roles) > 0 { - for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Roles[iNdEx]) - copy(dAtA[i:], m.Roles[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } if len(m.Username) > 0 { i -= len(m.Username) copy(dAtA[i:], m.Username) @@ -22293,7 +24858,7 @@ func (m *GenerateAppTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *GenerateAppTokenResponse) Marshal() (dAtA []byte, err error) { +func (m *GetWebSessionResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22303,12 +24868,12 @@ func (m *GenerateAppTokenResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GenerateAppTokenResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWebSessionResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GenerateAppTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWebSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22317,17 +24882,22 @@ func (m *GenerateAppTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + if m.Session != nil { + { + size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetAppSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *GetWebSessionsResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22337,12 +24907,12 @@ func (m *GetAppSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWebSessionsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWebSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22351,17 +24921,24 @@ func (m *GetAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) - i-- - dAtA[i] = 0xa + if len(m.Sessions) > 0 { + for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *GetAppSessionResponse) Marshal() (dAtA []byte, err error) { +func (m *GetWebTokenResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22371,12 +24948,12 @@ func (m *GetAppSessionResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAppSessionResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWebTokenResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWebTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22385,9 +24962,9 @@ func (m *GetAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Session != nil { + if m.Token != nil { { - size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Token.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -22400,7 +24977,7 @@ func (m *GetAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *GetAppSessionsResponse) Marshal() (dAtA []byte, err error) { +func (m *GetWebTokensResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22410,12 +24987,12 @@ func (m *GetAppSessionsResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAppSessionsResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWebTokensResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAppSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWebTokensResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22424,10 +25001,10 @@ func (m *GetAppSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Sessions) > 0 { - for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { + if len(m.Tokens) > 0 { + for iNdEx := len(m.Tokens) - 1; iNdEx >= 0; iNdEx-- { { - size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Tokens[iNdEx].MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -22441,7 +25018,7 @@ func (m *GetAppSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *GetSnowflakeSessionsResponse) Marshal() (dAtA []byte, err error) { +func (m *GetKubeServicesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22451,12 +25028,12 @@ func (m *GetSnowflakeSessionsResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSnowflakeSessionsResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetKubeServicesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSnowflakeSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22465,24 +25042,10 @@ func (m *GetSnowflakeSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Sessions) > 0 { - for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } return len(dAtA) - i, nil } -func (m *CreateAppSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *GetKubeServicesResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22492,12 +25055,12 @@ func (m *CreateAppSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetKubeServicesResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetKubeServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22506,38 +25069,24 @@ func (m *CreateAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.AWSRoleARN) > 0 { - i -= len(m.AWSRoleARN) - copy(dAtA[i:], m.AWSRoleARN) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AWSRoleARN))) - i-- - dAtA[i] = 0x2a - } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) - i-- - dAtA[i] = 0x22 - } - if len(m.PublicAddr) > 0 { - i -= len(m.PublicAddr) - copy(dAtA[i:], m.PublicAddr) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PublicAddr))) - i-- - dAtA[i] = 0x1a - } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) - i-- - dAtA[i] = 0xa + if len(m.Servers) > 0 { + for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *CreateAppSessionResponse) Marshal() (dAtA []byte, err error) { +func (m *UpsertKubeServiceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22547,12 +25096,12 @@ func (m *CreateAppSessionResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateAppSessionResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *UpsertKubeServiceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpsertKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22561,9 +25110,9 @@ func (m *CreateAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Session != nil { + if m.Server != nil { { - size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -22576,7 +25125,7 @@ func (m *CreateAppSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error return len(dAtA) - i, nil } -func (m *CreateSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteKubeServiceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22586,12 +25135,12 @@ func (m *CreateSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteKubeServiceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22600,29 +25149,17 @@ func (m *CreateSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.TokenTTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TokenTTL)) - i-- - dAtA[i] = 0x18 - } - if len(m.SessionToken) > 0 { - i -= len(m.SessionToken) - copy(dAtA[i:], m.SessionToken) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionToken))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0x12 } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *CreateSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { +func (m *DeleteAllKubeServicesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22632,12 +25169,12 @@ func (m *CreateSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateSnowflakeSessionResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAllKubeServicesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAllKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22646,22 +25183,10 @@ func (m *CreateSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Session != nil { - { - size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *GetSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *GetDatabaseServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22671,12 +25196,12 @@ func (m *GetSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetDatabaseServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22685,17 +25210,27 @@ func (m *GetSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if m.SkipValidation { + i-- + if m.SkipValidation { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { +func (m *GetDatabaseServersResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22705,12 +25240,12 @@ func (m *GetSnowflakeSessionResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSnowflakeSessionResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetDatabaseServersResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetDatabaseServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22719,22 +25254,24 @@ func (m *GetSnowflakeSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Session != nil { - { - size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if len(m.Servers) > 0 { + for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa } - i-- - dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteAppSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *UpsertDatabaseServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22744,12 +25281,12 @@ func (m *DeleteAppSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteAppSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpsertDatabaseServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpsertDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22758,17 +25295,22 @@ func (m *DeleteAppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if m.Server != nil { + { + size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteDatabaseServerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22778,12 +25320,12 @@ func (m *DeleteSnowflakeSessionRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteSnowflakeSessionRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteDatabaseServerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22792,17 +25334,31 @@ func (m *DeleteSnowflakeSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x1a + } + if len(m.HostID) > 0 { + i -= len(m.HostID) + copy(dAtA[i:], m.HostID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) + i-- + dAtA[i] = 0x12 + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteUserAppSessionsRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteAllDatabaseServersRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22812,12 +25368,12 @@ func (m *DeleteUserAppSessionsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteUserAppSessionsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteAllDatabaseServersRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteUserAppSessionsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteAllDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22826,17 +25382,17 @@ func (m *DeleteUserAppSessionsRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetWebSessionResponse) Marshal() (dAtA []byte, err error) { +func (m *DatabaseCSRRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22846,12 +25402,12 @@ func (m *GetWebSessionResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWebSessionResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DatabaseCSRRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWebSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DatabaseCSRRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22860,22 +25416,34 @@ func (m *GetWebSessionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Session != nil { - { - size, err := m.Session.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.SignWithDatabaseCA { + i-- + if m.SignWithDatabaseCA { + dAtA[i] = 1 + } else { + dAtA[i] = 0 } i-- + dAtA[i] = 0x18 + } + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0x12 + } + if len(m.CSR) > 0 { + i -= len(m.CSR) + copy(dAtA[i:], m.CSR) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) + i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetWebSessionsResponse) Marshal() (dAtA []byte, err error) { +func (m *DatabaseCSRResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22885,12 +25453,12 @@ func (m *GetWebSessionsResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWebSessionsResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DatabaseCSRResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWebSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DatabaseCSRResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22899,24 +25467,26 @@ func (m *GetWebSessionsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Sessions) > 0 { - for iNdEx := len(m.Sessions) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Sessions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.CACerts) > 0 { + for iNdEx := len(m.CACerts) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.CACerts[iNdEx]) + copy(dAtA[i:], m.CACerts[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CACerts[iNdEx]))) i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } } + if len(m.Cert) > 0 { + i -= len(m.Cert) + copy(dAtA[i:], m.Cert) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetWebTokenResponse) Marshal() (dAtA []byte, err error) { +func (m *DatabaseCertRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22926,12 +25496,12 @@ func (m *GetWebTokenResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWebTokenResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DatabaseCertRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWebTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DatabaseCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22940,22 +25510,43 @@ func (m *GetWebTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Token != nil { - { - size, err := m.Token.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.RequesterName != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.RequesterName)) + i-- + dAtA[i] = 0x28 + } + if len(m.ServerNames) > 0 { + for iNdEx := len(m.ServerNames) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ServerNames[iNdEx]) + copy(dAtA[i:], m.ServerNames[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerNames[iNdEx]))) + i-- + dAtA[i] = 0x22 } + } + if m.TTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) + i-- + dAtA[i] = 0x18 + } + if len(m.ServerName) > 0 { + i -= len(m.ServerName) + copy(dAtA[i:], m.ServerName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerName))) + i-- + dAtA[i] = 0x12 + } + if len(m.CSR) > 0 { + i -= len(m.CSR) + copy(dAtA[i:], m.CSR) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetWebTokensResponse) Marshal() (dAtA []byte, err error) { +func (m *DatabaseCertResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -22965,12 +25556,12 @@ func (m *GetWebTokensResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWebTokensResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DatabaseCertResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWebTokensResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DatabaseCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -22979,24 +25570,26 @@ func (m *GetWebTokensResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Tokens) > 0 { - for iNdEx := len(m.Tokens) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Tokens[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.CACerts) > 0 { + for iNdEx := len(m.CACerts) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.CACerts[iNdEx]) + copy(dAtA[i:], m.CACerts[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CACerts[iNdEx]))) i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } } + if len(m.Cert) > 0 { + i -= len(m.Cert) + copy(dAtA[i:], m.Cert) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetKubeServicesRequest) Marshal() (dAtA []byte, err error) { +func (m *SnowflakeJWTRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23006,12 +25599,12 @@ func (m *GetKubeServicesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetKubeServicesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *SnowflakeJWTRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SnowflakeJWTRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23020,10 +25613,24 @@ func (m *GetKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.UserName) > 0 { + i -= len(m.UserName) + copy(dAtA[i:], m.UserName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UserName))) + i-- + dAtA[i] = 0x12 + } + if len(m.AccountName) > 0 { + i -= len(m.AccountName) + copy(dAtA[i:], m.AccountName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AccountName))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetKubeServicesResponse) Marshal() (dAtA []byte, err error) { +func (m *SnowflakeJWTResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23033,12 +25640,12 @@ func (m *GetKubeServicesResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetKubeServicesResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *SnowflakeJWTResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetKubeServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SnowflakeJWTResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23047,24 +25654,17 @@ func (m *GetKubeServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Servers) > 0 { - for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UpsertKubeServiceRequest) Marshal() (dAtA []byte, err error) { +func (m *GetRoleRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23074,12 +25674,12 @@ func (m *UpsertKubeServiceRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UpsertKubeServiceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetRoleRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpsertKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23088,22 +25688,17 @@ func (m *UpsertKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Server != nil { - { - size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteKubeServiceRequest) Marshal() (dAtA []byte, err error) { +func (m *GetRolesResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23113,12 +25708,12 @@ func (m *DeleteKubeServiceRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteKubeServiceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetRolesResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetRolesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23127,17 +25722,24 @@ func (m *DeleteKubeServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x12 + if len(m.Roles) > 0 { + for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Roles[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *DeleteAllKubeServicesRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteRoleRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23147,12 +25749,12 @@ func (m *DeleteAllKubeServicesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteAllKubeServicesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteRoleRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAllKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23161,10 +25763,17 @@ func (m *DeleteAllKubeServicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetDatabaseServersRequest) Marshal() (dAtA []byte, err error) { +func (m *MFAAuthenticateChallenge) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23174,12 +25783,12 @@ func (m *GetDatabaseServersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetDatabaseServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *MFAAuthenticateChallenge) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MFAAuthenticateChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23188,27 +25797,34 @@ func (m *GetDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.SkipValidation { - i-- - if m.SkipValidation { - dAtA[i] = 1 - } else { - dAtA[i] = 0 + if m.WebauthnChallenge != nil { + { + size, err := m.WebauthnChallenge.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x10 + dAtA[i] = 0x1a } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if m.TOTP != nil { + { + size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *GetDatabaseServersResponse) Marshal() (dAtA []byte, err error) { +func (m *MFAAuthenticateResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23218,12 +25834,12 @@ func (m *GetDatabaseServersResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetDatabaseServersResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *MFAAuthenticateResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetDatabaseServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MFAAuthenticateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23232,50 +25848,49 @@ func (m *GetDatabaseServersResponse) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Servers) > 0 { - for iNdEx := len(m.Servers) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Servers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.Response != nil { + { + size := m.Response.Size() + i -= size + if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + return 0, err } - i-- - dAtA[i] = 0xa } } return len(dAtA) - i, nil } -func (m *UpsertDatabaseServerRequest) Marshal() (dAtA []byte, err error) { +func (m *MFAAuthenticateResponse_TOTP) MarshalTo(dAtA []byte) (int, error) { size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil + return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpsertDatabaseServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *MFAAuthenticateResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.TOTP != nil { + { + size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *MFAAuthenticateResponse_Webauthn) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpsertDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MFAAuthenticateResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Server != nil { + if m.Webauthn != nil { { - size, err := m.Server.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -23283,12 +25898,11 @@ func (m *UpsertDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x1a } return len(dAtA) - i, nil } - -func (m *DeleteDatabaseServerRequest) Marshal() (dAtA []byte, err error) { +func (m *TOTPChallenge) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23298,12 +25912,12 @@ func (m *DeleteDatabaseServerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteDatabaseServerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *TOTPChallenge) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TOTPChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23312,31 +25926,10 @@ func (m *DeleteDatabaseServerRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x1a - } - if len(m.HostID) > 0 { - i -= len(m.HostID) - copy(dAtA[i:], m.HostID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *DeleteAllDatabaseServersRequest) Marshal() (dAtA []byte, err error) { +func (m *TOTPResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23346,12 +25939,12 @@ func (m *DeleteAllDatabaseServersRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteAllDatabaseServersRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *TOTPResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteAllDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TOTPResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23360,17 +25953,17 @@ func (m *DeleteAllDatabaseServersRequest) MarshalToSizedBuffer(dAtA []byte) (int i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + if len(m.Code) > 0 { + i -= len(m.Code) + copy(dAtA[i:], m.Code) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Code))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DatabaseCSRRequest) Marshal() (dAtA []byte, err error) { +func (m *MFARegisterChallenge) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23380,12 +25973,12 @@ func (m *DatabaseCSRRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DatabaseCSRRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *MFARegisterChallenge) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DatabaseCSRRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MFARegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23394,34 +25987,61 @@ func (m *DatabaseCSRRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.SignWithDatabaseCA { - i-- - if m.SignWithDatabaseCA { - dAtA[i] = 1 - } else { - dAtA[i] = 0 + if m.Request != nil { + { + size := m.Request.Size() + i -= size + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } } - i-- - dAtA[i] = 0x18 } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + return len(dAtA) - i, nil +} + +func (m *MFARegisterChallenge_TOTP) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MFARegisterChallenge_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.TOTP != nil { + { + size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0x12 } - if len(m.CSR) > 0 { - i -= len(m.CSR) - copy(dAtA[i:], m.CSR) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) + return len(dAtA) - i, nil +} +func (m *MFARegisterChallenge_Webauthn) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MFARegisterChallenge_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Webauthn != nil { + { + size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x1a } return len(dAtA) - i, nil } - -func (m *DatabaseCSRResponse) Marshal() (dAtA []byte, err error) { +func (m *MFARegisterResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23431,12 +26051,12 @@ func (m *DatabaseCSRResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DatabaseCSRResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *MFARegisterResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DatabaseCSRResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *MFARegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23445,26 +26065,61 @@ func (m *DatabaseCSRResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.CACerts) > 0 { - for iNdEx := len(m.CACerts) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.CACerts[iNdEx]) - copy(dAtA[i:], m.CACerts[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CACerts[iNdEx]))) - i-- - dAtA[i] = 0x12 + if m.Response != nil { + { + size := m.Response.Size() + i -= size + if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } } } - if len(m.Cert) > 0 { - i -= len(m.Cert) - copy(dAtA[i:], m.Cert) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) + return len(dAtA) - i, nil +} + +func (m *MFARegisterResponse_TOTP) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MFARegisterResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.TOTP != nil { + { + size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } return len(dAtA) - i, nil } +func (m *MFARegisterResponse_Webauthn) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} -func (m *DatabaseCertRequest) Marshal() (dAtA []byte, err error) { +func (m *MFARegisterResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Webauthn != nil { + { + size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + return len(dAtA) - i, nil +} +func (m *TOTPRegisterChallenge) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23474,12 +26129,12 @@ func (m *DatabaseCertRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DatabaseCertRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *TOTPRegisterChallenge) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DatabaseCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TOTPRegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23488,43 +26143,55 @@ func (m *DatabaseCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.RequesterName != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.RequesterName)) + if len(m.QRCode) > 0 { + i -= len(m.QRCode) + copy(dAtA[i:], m.QRCode) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.QRCode))) + i-- + dAtA[i] = 0x3a + } + if len(m.Account) > 0 { + i -= len(m.Account) + copy(dAtA[i:], m.Account) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Account))) + i-- + dAtA[i] = 0x32 + } + if m.Digits != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Digits)) i-- dAtA[i] = 0x28 } - if len(m.ServerNames) > 0 { - for iNdEx := len(m.ServerNames) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ServerNames[iNdEx]) - copy(dAtA[i:], m.ServerNames[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerNames[iNdEx]))) - i-- - dAtA[i] = 0x22 - } + if len(m.Algorithm) > 0 { + i -= len(m.Algorithm) + copy(dAtA[i:], m.Algorithm) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Algorithm))) + i-- + dAtA[i] = 0x22 } - if m.TTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) + if m.PeriodSeconds != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.PeriodSeconds)) i-- dAtA[i] = 0x18 } - if len(m.ServerName) > 0 { - i -= len(m.ServerName) - copy(dAtA[i:], m.ServerName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerName))) + if len(m.Issuer) > 0 { + i -= len(m.Issuer) + copy(dAtA[i:], m.Issuer) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Issuer))) i-- dAtA[i] = 0x12 } - if len(m.CSR) > 0 { - i -= len(m.CSR) - copy(dAtA[i:], m.CSR) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) + if len(m.Secret) > 0 { + i -= len(m.Secret) + copy(dAtA[i:], m.Secret) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Secret))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DatabaseCertResponse) Marshal() (dAtA []byte, err error) { +func (m *TOTPRegisterResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23534,12 +26201,12 @@ func (m *DatabaseCertResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DatabaseCertResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *TOTPRegisterResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DatabaseCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TOTPRegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23548,26 +26215,17 @@ func (m *DatabaseCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.CACerts) > 0 { - for iNdEx := len(m.CACerts) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.CACerts[iNdEx]) - copy(dAtA[i:], m.CACerts[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CACerts[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } - if len(m.Cert) > 0 { - i -= len(m.Cert) - copy(dAtA[i:], m.Cert) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) + if len(m.Code) > 0 { + i -= len(m.Code) + copy(dAtA[i:], m.Code) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Code))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *SnowflakeJWTRequest) Marshal() (dAtA []byte, err error) { +func (m *AddMFADeviceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23577,12 +26235,12 @@ func (m *SnowflakeJWTRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SnowflakeJWTRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *AddMFADeviceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SnowflakeJWTRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23591,24 +26249,82 @@ func (m *SnowflakeJWTRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.UserName) > 0 { - i -= len(m.UserName) - copy(dAtA[i:], m.UserName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.UserName))) - i-- - dAtA[i] = 0x12 + if m.Request != nil { + { + size := m.Request.Size() + i -= size + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } } - if len(m.AccountName) > 0 { - i -= len(m.AccountName) - copy(dAtA[i:], m.AccountName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AccountName))) + return len(dAtA) - i, nil +} + +func (m *AddMFADeviceRequest_Init) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AddMFADeviceRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Init != nil { + { + size, err := m.Init.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } +func (m *AddMFADeviceRequest_ExistingMFAResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} -func (m *SnowflakeJWTResponse) Marshal() (dAtA []byte, err error) { +func (m *AddMFADeviceRequest_ExistingMFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.ExistingMFAResponse != nil { + { + size, err := m.ExistingMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *AddMFADeviceRequest_NewMFARegisterResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AddMFADeviceRequest_NewMFARegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.NewMFARegisterResponse != nil { + { + size, err := m.NewMFARegisterResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + return len(dAtA) - i, nil +} +func (m *AddMFADeviceResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23618,12 +26334,12 @@ func (m *SnowflakeJWTResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SnowflakeJWTResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *AddMFADeviceResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SnowflakeJWTResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23632,17 +26348,82 @@ func (m *SnowflakeJWTResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + if m.Response != nil { + { + size := m.Response.Size() + i -= size + if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + return len(dAtA) - i, nil +} + +func (m *AddMFADeviceResponse_ExistingMFAChallenge) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AddMFADeviceResponse_ExistingMFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.ExistingMFAChallenge != nil { + { + size, err := m.ExistingMFAChallenge.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} +func (m *AddMFADeviceResponse_NewMFARegisterChallenge) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AddMFADeviceResponse_NewMFARegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.NewMFARegisterChallenge != nil { + { + size, err := m.NewMFARegisterChallenge.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *AddMFADeviceResponse_Ack) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AddMFADeviceResponse_Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Ack != nil { + { + size, err := m.Ack.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x1a } return len(dAtA) - i, nil } - -func (m *GetRoleRequest) Marshal() (dAtA []byte, err error) { +func (m *AddMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23652,12 +26433,12 @@ func (m *GetRoleRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetRoleRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *AddMFADeviceRequestInit) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23666,17 +26447,27 @@ func (m *GetRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if m.DeviceUsage != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) + i-- + dAtA[i] = 0x20 + } + if m.DeviceType != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceType)) + i-- + dAtA[i] = 0x18 + } + if len(m.DeviceName) > 0 { + i -= len(m.DeviceName) + copy(dAtA[i:], m.DeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetRolesResponse) Marshal() (dAtA []byte, err error) { +func (m *AddMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23686,12 +26477,12 @@ func (m *GetRolesResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetRolesResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *AddMFADeviceResponseAck) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetRolesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23700,24 +26491,22 @@ func (m *GetRolesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Roles) > 0 { - for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Roles[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.Device != nil { + { + size, err := m.Device.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } - i-- - dAtA[i] = 0xa + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteRoleRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteMFADeviceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23727,12 +26516,12 @@ func (m *DeleteRoleRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteRoleRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23741,43 +26530,28 @@ func (m *DeleteRoleRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa + if m.Request != nil { + { + size := m.Request.Size() + i -= size + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } } return len(dAtA) - i, nil } -func (m *MFAAuthenticateChallenge) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *MFAAuthenticateChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequest_Init) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFAAuthenticateChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.WebauthnChallenge != nil { + if m.Init != nil { { - size, err := m.WebauthnChallenge.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Init.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -23785,11 +26559,20 @@ func (m *MFAAuthenticateChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a + dAtA[i] = 0xa } - if m.TOTP != nil { + return len(dAtA) - i, nil +} +func (m *DeleteMFADeviceRequest_MFAResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *DeleteMFADeviceRequest_MFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.MFAResponse != nil { { - size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.MFAResponse.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -23801,8 +26584,7 @@ func (m *MFAAuthenticateChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error } return len(dAtA) - i, nil } - -func (m *MFAAuthenticateResponse) Marshal() (dAtA []byte, err error) { +func (m *DeleteMFADeviceResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23812,12 +26594,12 @@ func (m *MFAAuthenticateResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *MFAAuthenticateResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFAAuthenticateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23838,16 +26620,16 @@ func (m *MFAAuthenticateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *MFAAuthenticateResponse_TOTP) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse_MFAChallenge) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFAAuthenticateResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse_MFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.TOTP != nil { + if m.MFAChallenge != nil { { - size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.MFAChallenge.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -23855,20 +26637,20 @@ func (m *MFAAuthenticateResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, e i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *MFAAuthenticateResponse_Webauthn) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse_Ack) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFAAuthenticateResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponse_Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Webauthn != nil { + if m.Ack != nil { { - size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Ack.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -23876,11 +26658,11 @@ func (m *MFAAuthenticateResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (in i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *TOTPChallenge) Marshal() (dAtA []byte, err error) { +func (m *DeleteMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23890,12 +26672,12 @@ func (m *TOTPChallenge) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TOTPChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequestInit) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TOTPChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23904,10 +26686,17 @@ func (m *TOTPChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.DeviceName) > 0 { + i -= len(m.DeviceName) + copy(dAtA[i:], m.DeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *TOTPResponse) Marshal() (dAtA []byte, err error) { +func (m *DeleteMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23917,12 +26706,12 @@ func (m *TOTPResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TOTPResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponseAck) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TOTPResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23931,17 +26720,22 @@ func (m *TOTPResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Code) > 0 { - i -= len(m.Code) - copy(dAtA[i:], m.Code) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Code))) + if m.Device != nil { + { + size, err := m.Device.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *MFARegisterChallenge) Marshal() (dAtA []byte, err error) { +func (m *DeleteMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -23951,12 +26745,12 @@ func (m *MFARegisterChallenge) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *MFARegisterChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceSyncRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFARegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -23965,61 +26759,24 @@ func (m *MFARegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { - { - size := m.Request.Size() - i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } - } - return len(dAtA) - i, nil -} - -func (m *MFARegisterChallenge_TOTP) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *MFARegisterChallenge_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.TOTP != nil { - { - size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.DeviceName) > 0 { + i -= len(m.DeviceName) + copy(dAtA[i:], m.DeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) i-- dAtA[i] = 0x12 } - return len(dAtA) - i, nil -} -func (m *MFARegisterChallenge_Webauthn) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *MFARegisterChallenge_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Webauthn != nil { - { - size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) i-- - dAtA[i] = 0x1a + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *MFARegisterResponse) Marshal() (dAtA []byte, err error) { + +func (m *AddMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24029,12 +26786,12 @@ func (m *MFARegisterResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *MFARegisterResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *AddMFADeviceSyncRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFARegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24043,28 +26800,14 @@ func (m *MFARegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Response != nil { - { - size := m.Response.Size() - i -= size - if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } + if m.DeviceUsage != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) + i-- + dAtA[i] = 0x20 } - return len(dAtA) - i, nil -} - -func (m *MFARegisterResponse_TOTP) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *MFARegisterResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.TOTP != nil { + if m.NewMFAResponse != nil { { - size, err := m.TOTP.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.NewMFAResponse.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24072,20 +26815,52 @@ func (m *MFARegisterResponse_TOTP) MarshalToSizedBuffer(dAtA []byte) (int, error i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- + dAtA[i] = 0x1a + } + if len(m.NewDeviceName) > 0 { + i -= len(m.NewDeviceName) + copy(dAtA[i:], m.NewDeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) + i-- dAtA[i] = 0x12 } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *MFARegisterResponse_Webauthn) MarshalTo(dAtA []byte) (int, error) { + +func (m *AddMFADeviceSyncResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AddMFADeviceSyncResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *MFARegisterResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AddMFADeviceSyncResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Webauthn != nil { + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Device != nil { { - size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Device.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24093,11 +26868,12 @@ func (m *MFARegisterResponse_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, e i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *TOTPRegisterChallenge) Marshal() (dAtA []byte, err error) { + +func (m *GetMFADevicesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24107,12 +26883,12 @@ func (m *TOTPRegisterChallenge) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TOTPRegisterChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *GetMFADevicesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TOTPRegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetMFADevicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24121,55 +26897,17 @@ func (m *TOTPRegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.QRCode) > 0 { - i -= len(m.QRCode) - copy(dAtA[i:], m.QRCode) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.QRCode))) - i-- - dAtA[i] = 0x3a - } - if len(m.Account) > 0 { - i -= len(m.Account) - copy(dAtA[i:], m.Account) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Account))) - i-- - dAtA[i] = 0x32 - } - if m.Digits != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Digits)) - i-- - dAtA[i] = 0x28 - } - if len(m.Algorithm) > 0 { - i -= len(m.Algorithm) - copy(dAtA[i:], m.Algorithm) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Algorithm))) - i-- - dAtA[i] = 0x22 - } - if m.PeriodSeconds != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.PeriodSeconds)) - i-- - dAtA[i] = 0x18 - } - if len(m.Issuer) > 0 { - i -= len(m.Issuer) - copy(dAtA[i:], m.Issuer) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Issuer))) - i-- - dAtA[i] = 0x12 - } - if len(m.Secret) > 0 { - i -= len(m.Secret) - copy(dAtA[i:], m.Secret) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Secret))) + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *TOTPRegisterResponse) Marshal() (dAtA []byte, err error) { +func (m *GetMFADevicesResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24179,12 +26917,12 @@ func (m *TOTPRegisterResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TOTPRegisterResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetMFADevicesResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TOTPRegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetMFADevicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24193,17 +26931,24 @@ func (m *TOTPRegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Code) > 0 { - i -= len(m.Code) - copy(dAtA[i:], m.Code) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Code))) - i-- - dAtA[i] = 0xa + if len(m.Devices) > 0 { + for iNdEx := len(m.Devices) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Devices[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *AddMFADeviceRequest) Marshal() (dAtA []byte, err error) { +func (m *UserSingleUseCertsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24213,12 +26958,12 @@ func (m *AddMFADeviceRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24239,12 +26984,12 @@ func (m *AddMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AddMFADeviceRequest_Init) MarshalTo(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest_Init) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) if m.Init != nil { { @@ -24260,16 +27005,16 @@ func (m *AddMFADeviceRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error } return len(dAtA) - i, nil } -func (m *AddMFADeviceRequest_ExistingMFAResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest_MFAResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceRequest_ExistingMFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsRequest_MFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.ExistingMFAResponse != nil { + if m.MFAResponse != nil { { - size, err := m.ExistingMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.MFAResponse.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24281,16 +27026,52 @@ func (m *AddMFADeviceRequest_ExistingMFAResponse) MarshalToSizedBuffer(dAtA []by } return len(dAtA) - i, nil } -func (m *AddMFADeviceRequest_NewMFARegisterResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *UserSingleUseCertsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceRequest_NewMFARegisterResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserSingleUseCertsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.NewMFARegisterResponse != nil { + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Response != nil { { - size, err := m.NewMFARegisterResponse.MarshalToSizedBuffer(dAtA[:i]) + size := m.Response.Size() + i -= size + if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + return len(dAtA) - i, nil +} + +func (m *UserSingleUseCertsResponse_MFAChallenge) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UserSingleUseCertsResponse_MFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.MFAChallenge != nil { + { + size, err := m.MFAChallenge.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24298,11 +27079,32 @@ func (m *AddMFADeviceRequest_NewMFARegisterResponse) MarshalToSizedBuffer(dAtA [ i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *AddMFADeviceResponse) Marshal() (dAtA []byte, err error) { +func (m *UserSingleUseCertsResponse_Cert) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UserSingleUseCertsResponse_Cert) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Cert != nil { + { + size, err := m.Cert.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *IsMFARequiredRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24312,12 +27114,12 @@ func (m *AddMFADeviceResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24326,11 +27128,11 @@ func (m *AddMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Response != nil { + if m.Target != nil { { - size := m.Response.Size() + size := m.Target.Size() i -= size - if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + if _, err := m.Target.MarshalTo(dAtA[i:]); err != nil { return 0, err } } @@ -24338,16 +27140,30 @@ func (m *AddMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AddMFADeviceResponse_ExistingMFAChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_KubernetesCluster) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceResponse_ExistingMFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_KubernetesCluster) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + i -= len(m.KubernetesCluster) + copy(dAtA[i:], m.KubernetesCluster) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.KubernetesCluster))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} +func (m *IsMFARequiredRequest_Database) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *IsMFARequiredRequest_Database) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.ExistingMFAChallenge != nil { + if m.Database != nil { { - size, err := m.ExistingMFAChallenge.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Database.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24355,20 +27171,20 @@ func (m *AddMFADeviceResponse_ExistingMFAChallenge) MarshalToSizedBuffer(dAtA [] i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *AddMFADeviceResponse_NewMFARegisterChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_Node) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceResponse_NewMFARegisterChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.NewMFARegisterChallenge != nil { + if m.Node != nil { { - size, err := m.NewMFARegisterChallenge.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Node.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24376,20 +27192,20 @@ func (m *AddMFADeviceResponse_NewMFARegisterChallenge) MarshalToSizedBuffer(dAtA i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 + dAtA[i] = 0x1a } return len(dAtA) - i, nil } -func (m *AddMFADeviceResponse_Ack) MarshalTo(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_WindowsDesktop) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceResponse_Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *IsMFARequiredRequest_WindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Ack != nil { + if m.WindowsDesktop != nil { { - size, err := m.Ack.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.WindowsDesktop.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24397,11 +27213,11 @@ func (m *AddMFADeviceResponse_Ack) MarshalToSizedBuffer(dAtA []byte) (int, error i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a + dAtA[i] = 0x22 } return len(dAtA) - i, nil } -func (m *AddMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { +func (m *StreamSessionEventsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24411,12 +27227,12 @@ func (m *AddMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceRequestInit) MarshalTo(dAtA []byte) (int, error) { +func (m *StreamSessionEventsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *StreamSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24425,27 +27241,22 @@ func (m *AddMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.DeviceUsage != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) - i-- - dAtA[i] = 0x20 - } - if m.DeviceType != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceType)) + if m.StartIndex != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.StartIndex)) i-- - dAtA[i] = 0x18 + dAtA[i] = 0x10 } - if len(m.DeviceName) > 0 { - i -= len(m.DeviceName) - copy(dAtA[i:], m.DeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *AddMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { +func (m *NodeLogin) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24455,12 +27266,12 @@ func (m *AddMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceResponseAck) MarshalTo(dAtA []byte) (int, error) { +func (m *NodeLogin) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *NodeLogin) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24469,22 +27280,24 @@ func (m *AddMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Device != nil { - { - size, err := m.Device.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.Login) > 0 { + i -= len(m.Login) + copy(dAtA[i:], m.Login) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) + i-- + dAtA[i] = 0x12 + } + if len(m.Node) > 0 { + i -= len(m.Node) + copy(dAtA[i:], m.Node) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Node))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteMFADeviceRequest) Marshal() (dAtA []byte, err error) { +func (m *IsMFARequiredResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24494,12 +27307,12 @@ func (m *DeleteMFADeviceRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteMFADeviceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *IsMFARequiredResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *IsMFARequiredResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24508,61 +27321,20 @@ func (m *DeleteMFADeviceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { - { - size := m.Request.Size() - i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } - } - return len(dAtA) - i, nil -} - -func (m *DeleteMFADeviceRequest_Init) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *DeleteMFADeviceRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Init != nil { - { - size, err := m.Init.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if m.Required { i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} -func (m *DeleteMFADeviceRequest_MFAResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *DeleteMFADeviceRequest_MFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.MFAResponse != nil { - { - size, err := m.MFAResponse.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.Required { + dAtA[i] = 1 + } else { + dAtA[i] = 0 } i-- - dAtA[i] = 0x12 + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *DeleteMFADeviceResponse) Marshal() (dAtA []byte, err error) { + +func (m *SingleUseUserCert) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24572,12 +27344,12 @@ func (m *DeleteMFADeviceResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteMFADeviceResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *SingleUseUserCert) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SingleUseUserCert) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24586,11 +27358,11 @@ func (m *DeleteMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Response != nil { + if m.Cert != nil { { - size := m.Response.Size() + size := m.Cert.Size() i -= size - if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { + if _, err := m.Cert.MarshalTo(dAtA[i:]); err != nil { return 0, err } } @@ -24598,49 +27370,39 @@ func (m *DeleteMFADeviceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *DeleteMFADeviceResponse_MFAChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *SingleUseUserCert_SSH) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceResponse_MFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SingleUseUserCert_SSH) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.MFAChallenge != nil { - { - size, err := m.MFAChallenge.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if m.SSH != nil { + i -= len(m.SSH) + copy(dAtA[i:], m.SSH) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SSH))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteMFADeviceResponse_Ack) MarshalTo(dAtA []byte) (int, error) { +func (m *SingleUseUserCert_TLS) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceResponse_Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SingleUseUserCert_TLS) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Ack != nil { - { - size, err := m.Ack.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if m.TLS != nil { + i -= len(m.TLS) + copy(dAtA[i:], m.TLS) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TLS))) i-- dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *DeleteMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { +func (m *GetEventsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24650,12 +27412,12 @@ func (m *DeleteMFADeviceRequestInit) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteMFADeviceRequestInit) MarshalTo(dAtA []byte) (int, error) { +func (m *GetEventsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24664,17 +27426,59 @@ func (m *DeleteMFADeviceRequestInit) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.DeviceName) > 0 { - i -= len(m.DeviceName) - copy(dAtA[i:], m.DeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) + if m.Order != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Order)) + i-- + dAtA[i] = 0x38 + } + if len(m.StartKey) > 0 { + i -= len(m.StartKey) + copy(dAtA[i:], m.StartKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) + i-- + dAtA[i] = 0x32 + } + if m.Limit != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) + i-- + dAtA[i] = 0x28 + } + if len(m.EventTypes) > 0 { + for iNdEx := len(m.EventTypes) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.EventTypes[iNdEx]) + copy(dAtA[i:], m.EventTypes[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.EventTypes[iNdEx]))) + i-- + dAtA[i] = 0x22 + } + } + n84, err84 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) + if err84 != nil { + return 0, err84 + } + i -= n84 + i = encodeVarintAuthservice(dAtA, i, uint64(n84)) + i-- + dAtA[i] = 0x1a + n85, err85 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + if err85 != nil { + return 0, err85 + } + i -= n85 + i = encodeVarintAuthservice(dAtA, i, uint64(n85)) + i-- + dAtA[i] = 0x12 + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { +func (m *GetSessionEventsRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24684,12 +27488,12 @@ func (m *DeleteMFADeviceResponseAck) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteMFADeviceResponseAck) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSessionEventsRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24698,10 +27502,43 @@ func (m *DeleteMFADeviceResponseAck) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Order != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Order)) + i-- + dAtA[i] = 0x28 + } + if len(m.StartKey) > 0 { + i -= len(m.StartKey) + copy(dAtA[i:], m.StartKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) + i-- + dAtA[i] = 0x22 + } + if m.Limit != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) + i-- + dAtA[i] = 0x18 + } + n86, err86 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) + if err86 != nil { + return 0, err86 + } + i -= n86 + i = encodeVarintAuthservice(dAtA, i, uint64(n86)) + i-- + dAtA[i] = 0x12 + n87, err87 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + if err87 != nil { + return 0, err87 + } + i -= n87 + i = encodeVarintAuthservice(dAtA, i, uint64(n87)) + i-- + dAtA[i] = 0xa return len(dAtA) - i, nil } -func (m *DeleteMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { +func (m *Events) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24711,12 +27548,12 @@ func (m *DeleteMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteMFADeviceSyncRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *Events) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *Events) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24725,24 +27562,31 @@ func (m *DeleteMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.DeviceName) > 0 { - i -= len(m.DeviceName) - copy(dAtA[i:], m.DeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DeviceName))) + if len(m.LastKey) > 0 { + i -= len(m.LastKey) + copy(dAtA[i:], m.LastKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.LastKey))) i-- dAtA[i] = 0x12 } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) - i-- - dAtA[i] = 0xa + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *AddMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { +func (m *GetLocksRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24752,12 +27596,12 @@ func (m *AddMFADeviceSyncRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceSyncRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetLocksRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24766,41 +27610,34 @@ func (m *AddMFADeviceSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.DeviceUsage != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) + if m.InForceOnly { i-- - dAtA[i] = 0x20 - } - if m.NewMFAResponse != nil { - { - size, err := m.NewMFAResponse.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.InForceOnly { + dAtA[i] = 1 + } else { + dAtA[i] = 0 } i-- - dAtA[i] = 0x1a - } - if len(m.NewDeviceName) > 0 { - i -= len(m.NewDeviceName) - copy(dAtA[i:], m.NewDeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) - i-- - dAtA[i] = 0x12 + dAtA[i] = 0x10 } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) - i-- - dAtA[i] = 0xa + if len(m.Targets) > 0 { + for iNdEx := len(m.Targets) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Targets[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *AddMFADeviceSyncResponse) Marshal() (dAtA []byte, err error) { +func (m *GetLocksResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24810,12 +27647,12 @@ func (m *AddMFADeviceSyncResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AddMFADeviceSyncResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetLocksResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AddMFADeviceSyncResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetLocksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24824,22 +27661,58 @@ func (m *AddMFADeviceSyncResponse) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Device != nil { - { - size, err := m.Device.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if len(m.Locks) > 0 { + for iNdEx := len(m.Locks) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Locks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa } + } + return len(dAtA) - i, nil +} + +func (m *GetLockRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetLockRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetMFADevicesRequest) Marshal() (dAtA []byte, err error) { +func (m *DeleteLockRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24849,12 +27722,12 @@ func (m *GetMFADevicesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetMFADevicesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteLockRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetMFADevicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24863,17 +27736,17 @@ func (m *GetMFADevicesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetMFADevicesResponse) Marshal() (dAtA []byte, err error) { +func (m *ReplaceRemoteLocksRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24883,12 +27756,12 @@ func (m *GetMFADevicesResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetMFADevicesResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *ReplaceRemoteLocksRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetMFADevicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ReplaceRemoteLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24897,10 +27770,10 @@ func (m *GetMFADevicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Devices) > 0 { - for iNdEx := len(m.Devices) - 1; iNdEx >= 0; iNdEx-- { + if len(m.Locks) > 0 { + for iNdEx := len(m.Locks) - 1; iNdEx >= 0; iNdEx-- { { - size, err := m.Devices[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Locks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24908,13 +27781,20 @@ func (m *GetMFADevicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } } + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *UserSingleUseCertsRequest) Marshal() (dAtA []byte, err error) { +func (m *GetWindowsDesktopServicesResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -24924,12 +27804,12 @@ func (m *UserSingleUseCertsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UserSingleUseCertsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopServicesResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserSingleUseCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -24938,49 +27818,84 @@ func (m *UserSingleUseCertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { - { - size := m.Request.Size() - i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { - return 0, err + if len(m.Services) > 0 { + for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Services[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0xa } } return len(dAtA) - i, nil } -func (m *UserSingleUseCertsRequest_Init) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopServiceRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetWindowsDesktopServiceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserSingleUseCertsRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Init != nil { - { - size, err := m.Init.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UserSingleUseCertsRequest_MFAResponse) MarshalTo(dAtA []byte) (int, error) { + +func (m *GetWindowsDesktopServiceResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetWindowsDesktopServiceResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserSingleUseCertsRequest_MFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.MFAResponse != nil { + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Service != nil { { - size, err := m.MFAResponse.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Service.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -24988,11 +27903,12 @@ func (m *UserSingleUseCertsRequest_MFAResponse) MarshalToSizedBuffer(dAtA []byte i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UserSingleUseCertsResponse) Marshal() (dAtA []byte, err error) { + +func (m *DeleteWindowsDesktopServiceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25002,12 +27918,12 @@ func (m *UserSingleUseCertsResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UserSingleUseCertsResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteWindowsDesktopServiceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserSingleUseCertsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteWindowsDesktopServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25016,61 +27932,58 @@ func (m *UserSingleUseCertsResponse) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Response != nil { - { - size := m.Response.Size() - i -= size - if _, err := m.Response.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UserSingleUseCertsResponse_MFAChallenge) MarshalTo(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopsResponse) Marshal() (dAtA []byte, err error) { size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *UserSingleUseCertsResponse_MFAChallenge) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.MFAChallenge != nil { - { - size, err := m.MFAChallenge.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return len(dAtA) - i, nil + return dAtA[:n], nil } -func (m *UserSingleUseCertsResponse_Cert) MarshalTo(dAtA []byte) (int, error) { + +func (m *GetWindowsDesktopsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserSingleUseCertsResponse_Cert) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetWindowsDesktopsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Cert != nil { - { - size, err := m.Cert.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Desktops) > 0 { + for iNdEx := len(m.Desktops) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Desktops[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa } - i-- - dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *IsMFARequiredRequest) Marshal() (dAtA []byte, err error) { + +func (m *DeleteWindowsDesktopRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25080,12 +27993,12 @@ func (m *IsMFARequiredRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *IsMFARequiredRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DeleteWindowsDesktopRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *IsMFARequiredRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DeleteWindowsDesktopRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25094,96 +28007,104 @@ func (m *IsMFARequiredRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Target != nil { - { - size := m.Target.Size() - i -= size - if _, err := m.Target.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } + if len(m.HostID) > 0 { + i -= len(m.HostID) + copy(dAtA[i:], m.HostID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) + i-- + dAtA[i] = 0x12 + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *IsMFARequiredRequest_KubernetesCluster) MarshalTo(dAtA []byte) (int, error) { +func (m *WindowsDesktopCertRequest) Marshal() (dAtA []byte, err error) { size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil } -func (m *IsMFARequiredRequest_KubernetesCluster) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - i -= len(m.KubernetesCluster) - copy(dAtA[i:], m.KubernetesCluster) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.KubernetesCluster))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} -func (m *IsMFARequiredRequest_Database) MarshalTo(dAtA []byte) (int, error) { +func (m *WindowsDesktopCertRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *IsMFARequiredRequest_Database) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *WindowsDesktopCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Database != nil { - { - size, err := m.Database.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.TTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) + i-- + dAtA[i] = 0x18 + } + if len(m.CRLEndpoint) > 0 { + i -= len(m.CRLEndpoint) + copy(dAtA[i:], m.CRLEndpoint) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CRLEndpoint))) i-- dAtA[i] = 0x12 } + if len(m.CSR) > 0 { + i -= len(m.CSR) + copy(dAtA[i:], m.CSR) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *IsMFARequiredRequest_Node) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} -func (m *IsMFARequiredRequest_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Node != nil { - { - size, err := m.Node.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a +func (m *WindowsDesktopCertResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return len(dAtA) - i, nil + return dAtA[:n], nil } -func (m *IsMFARequiredRequest_WindowsDesktop) MarshalTo(dAtA []byte) (int, error) { + +func (m *WindowsDesktopCertResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *IsMFARequiredRequest_WindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *WindowsDesktopCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.WindowsDesktop != nil { - { - size, err := m.WindowsDesktop.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Cert) > 0 { + i -= len(m.Cert) + copy(dAtA[i:], m.Cert) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) i-- - dAtA[i] = 0x22 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *StreamSessionEventsRequest) Marshal() (dAtA []byte, err error) { + +func (m *CertAuthorityRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25193,12 +28114,12 @@ func (m *StreamSessionEventsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *StreamSessionEventsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CertAuthorityRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *StreamSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CertAuthorityRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25207,22 +28128,17 @@ func (m *StreamSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.StartIndex != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.StartIndex)) - i-- - dAtA[i] = 0x10 - } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if len(m.Type) > 0 { + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *NodeLogin) Marshal() (dAtA []byte, err error) { +func (m *CRL) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25232,12 +28148,12 @@ func (m *NodeLogin) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *NodeLogin) MarshalTo(dAtA []byte) (int, error) { +func (m *CRL) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *NodeLogin) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CRL) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25246,24 +28162,17 @@ func (m *NodeLogin) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Login) > 0 { - i -= len(m.Login) - copy(dAtA[i:], m.Login) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) - i-- - dAtA[i] = 0x12 - } - if len(m.Node) > 0 { - i -= len(m.Node) - copy(dAtA[i:], m.Node) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Node))) + if len(m.CRL) > 0 { + i -= len(m.CRL) + copy(dAtA[i:], m.CRL) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CRL))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *IsMFARequiredResponse) Marshal() (dAtA []byte, err error) { +func (m *ChangeUserAuthenticationRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25273,12 +28182,12 @@ func (m *IsMFARequiredResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *IsMFARequiredResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *ChangeUserAuthenticationRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *IsMFARequiredResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ChangeUserAuthenticationRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25287,20 +28196,43 @@ func (m *IsMFARequiredResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Required { + if len(m.NewDeviceName) > 0 { + i -= len(m.NewDeviceName) + copy(dAtA[i:], m.NewDeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) i-- - if m.Required { - dAtA[i] = 1 - } else { - dAtA[i] = 0 + dAtA[i] = 0x22 + } + if m.NewMFARegisterResponse != nil { + { + size, err := m.NewMFARegisterResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x8 + dAtA[i] = 0x1a + } + if len(m.NewPassword) > 0 { + i -= len(m.NewPassword) + copy(dAtA[i:], m.NewPassword) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewPassword))) + i-- + dAtA[i] = 0x12 + } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *SingleUseUserCert) Marshal() (dAtA []byte, err error) { +func (m *ChangeUserAuthenticationResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25310,12 +28242,12 @@ func (m *SingleUseUserCert) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SingleUseUserCert) MarshalTo(dAtA []byte) (int, error) { +func (m *ChangeUserAuthenticationResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SingleUseUserCert) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ChangeUserAuthenticationResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25324,51 +28256,80 @@ func (m *SingleUseUserCert) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Cert != nil { + if m.Recovery != nil { { - size := m.Cert.Size() + size, err := m.Recovery.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } i -= size - if _, err := m.Cert.MarshalTo(dAtA[i:]); err != nil { + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if m.WebSession != nil { + { + size, err := m.WebSession.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { return 0, err } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *SingleUseUserCert_SSH) MarshalTo(dAtA []byte) (int, error) { +func (m *StartAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *SingleUseUserCert_SSH) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.SSH != nil { - i -= len(m.SSH) - copy(dAtA[i:], m.SSH) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SSH))) - i-- - dAtA[i] = 0xa + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return len(dAtA) - i, nil + return dAtA[:n], nil } -func (m *SingleUseUserCert_TLS) MarshalTo(dAtA []byte) (int, error) { + +func (m *StartAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SingleUseUserCert_TLS) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *StartAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.TLS != nil { - i -= len(m.TLS) - copy(dAtA[i:], m.TLS) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TLS))) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.RecoverType != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.RecoverType)) + i-- + dAtA[i] = 0x18 + } + if len(m.RecoveryCode) > 0 { + i -= len(m.RecoveryCode) + copy(dAtA[i:], m.RecoveryCode) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryCode))) i-- dAtA[i] = 0x12 } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetEventsRequest) Marshal() (dAtA []byte, err error) { + +func (m *VerifyAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25378,12 +28339,12 @@ func (m *GetEventsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetEventsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *VerifyAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *VerifyAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25392,59 +28353,70 @@ func (m *GetEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Order != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Order)) + if m.AuthnCred != nil { + { + size := m.AuthnCred.Size() + i -= size + if _, err := m.AuthnCred.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) i-- - dAtA[i] = 0x38 + dAtA[i] = 0x12 } - if len(m.StartKey) > 0 { - i -= len(m.StartKey) - copy(dAtA[i:], m.StartKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) + if len(m.RecoveryStartTokenID) > 0 { + i -= len(m.RecoveryStartTokenID) + copy(dAtA[i:], m.RecoveryStartTokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryStartTokenID))) i-- - dAtA[i] = 0x32 + dAtA[i] = 0xa } - if m.Limit != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) + return len(dAtA) - i, nil +} + +func (m *VerifyAccountRecoveryRequest_Password) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VerifyAccountRecoveryRequest_Password) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Password != nil { + i -= len(m.Password) + copy(dAtA[i:], m.Password) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Password))) i-- - dAtA[i] = 0x28 + dAtA[i] = 0x1a } - if len(m.EventTypes) > 0 { - for iNdEx := len(m.EventTypes) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.EventTypes[iNdEx]) - copy(dAtA[i:], m.EventTypes[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.EventTypes[iNdEx]))) - i-- - dAtA[i] = 0x22 + return len(dAtA) - i, nil +} +func (m *VerifyAccountRecoveryRequest_MFAAuthenticateResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VerifyAccountRecoveryRequest_MFAAuthenticateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.MFAAuthenticateResponse != nil { + { + size, err := m.MFAAuthenticateResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - } - n81, err81 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) - if err81 != nil { - return 0, err81 - } - i -= n81 - i = encodeVarintAuthservice(dAtA, i, uint64(n81)) - i-- - dAtA[i] = 0x1a - n82, err82 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) - if err82 != nil { - return 0, err82 - } - i -= n82 - i = encodeVarintAuthservice(dAtA, i, uint64(n82)) - i-- - dAtA[i] = 0x12 - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- - dAtA[i] = 0xa + dAtA[i] = 0x22 } return len(dAtA) - i, nil } - -func (m *GetSessionEventsRequest) Marshal() (dAtA []byte, err error) { +func (m *CompleteAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25454,12 +28426,12 @@ func (m *GetSessionEventsRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSessionEventsRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CompleteAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CompleteAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25468,91 +28440,70 @@ func (m *GetSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Order != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Order)) - i-- - dAtA[i] = 0x28 - } - if len(m.StartKey) > 0 { - i -= len(m.StartKey) - copy(dAtA[i:], m.StartKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) - i-- - dAtA[i] = 0x22 + if m.NewAuthnCred != nil { + { + size := m.NewAuthnCred.Size() + i -= size + if _, err := m.NewAuthnCred.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } } - if m.Limit != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) + if len(m.NewDeviceName) > 0 { + i -= len(m.NewDeviceName) + copy(dAtA[i:], m.NewDeviceName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) i-- - dAtA[i] = 0x18 - } - n83, err83 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) - if err83 != nil { - return 0, err83 + dAtA[i] = 0x12 } - i -= n83 - i = encodeVarintAuthservice(dAtA, i, uint64(n83)) - i-- - dAtA[i] = 0x12 - n84, err84 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) - if err84 != nil { - return 0, err84 + if len(m.RecoveryApprovedTokenID) > 0 { + i -= len(m.RecoveryApprovedTokenID) + copy(dAtA[i:], m.RecoveryApprovedTokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryApprovedTokenID))) + i-- + dAtA[i] = 0xa } - i -= n84 - i = encodeVarintAuthservice(dAtA, i, uint64(n84)) - i-- - dAtA[i] = 0xa return len(dAtA) - i, nil } -func (m *Events) Marshal() (dAtA []byte, err error) { +func (m *CompleteAccountRecoveryRequest_NewPassword) MarshalTo(dAtA []byte) (int, error) { size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil + return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Events) MarshalTo(dAtA []byte) (int, error) { +func (m *CompleteAccountRecoveryRequest_NewPassword) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.NewPassword != nil { + i -= len(m.NewPassword) + copy(dAtA[i:], m.NewPassword) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewPassword))) + i-- + dAtA[i] = 0x1a + } + return len(dAtA) - i, nil +} +func (m *CompleteAccountRecoveryRequest_NewMFAResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Events) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CompleteAccountRecoveryRequest_NewMFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.LastKey) > 0 { - i -= len(m.LastKey) - copy(dAtA[i:], m.LastKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.LastKey))) - i-- - dAtA[i] = 0x12 - } - if len(m.Items) > 0 { - for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.NewMFAResponse != nil { + { + size, err := m.NewMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } - i-- - dAtA[i] = 0xa + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0x22 } return len(dAtA) - i, nil } - -func (m *GetLocksRequest) Marshal() (dAtA []byte, err error) { +func (m *RecoveryCodes) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25562,12 +28513,12 @@ func (m *GetLocksRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetLocksRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *RecoveryCodes) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RecoveryCodes) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25576,26 +28527,19 @@ func (m *GetLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.InForceOnly { - i-- - if m.InForceOnly { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 + n94, err94 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err94 != nil { + return 0, err94 } - if len(m.Targets) > 0 { - for iNdEx := len(m.Targets) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Targets[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + i -= n94 + i = encodeVarintAuthservice(dAtA, i, uint64(n94)) + i-- + dAtA[i] = 0x12 + if len(m.Codes) > 0 { + for iNdEx := len(m.Codes) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Codes[iNdEx]) + copy(dAtA[i:], m.Codes[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Codes[iNdEx]))) i-- dAtA[i] = 0xa } @@ -25603,7 +28547,7 @@ func (m *GetLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *GetLocksResponse) Marshal() (dAtA []byte, err error) { +func (m *CreateAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25613,12 +28557,12 @@ func (m *GetLocksResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetLocksResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAccountRecoveryCodesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetLocksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25627,24 +28571,17 @@ func (m *GetLocksResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Locks) > 0 { - for iNdEx := len(m.Locks) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Locks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + i-- + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetLockRequest) Marshal() (dAtA []byte, err error) { +func (m *GetAccountRecoveryTokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25654,12 +28591,12 @@ func (m *GetLockRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetLockRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAccountRecoveryTokenRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAccountRecoveryTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25668,17 +28605,17 @@ func (m *GetLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if len(m.RecoveryTokenID) > 0 { + i -= len(m.RecoveryTokenID) + copy(dAtA[i:], m.RecoveryTokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryTokenID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *DeleteLockRequest) Marshal() (dAtA []byte, err error) { +func (m *GetAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25688,12 +28625,12 @@ func (m *DeleteLockRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteLockRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetAccountRecoveryCodesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25702,17 +28639,10 @@ func (m *DeleteLockRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *ReplaceRemoteLocksRequest) Marshal() (dAtA []byte, err error) { +func (m *UserCredentials) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25722,12 +28652,12 @@ func (m *ReplaceRemoteLocksRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ReplaceRemoteLocksRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UserCredentials) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ReplaceRemoteLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25736,31 +28666,24 @@ func (m *ReplaceRemoteLocksRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Locks) > 0 { - for iNdEx := len(m.Locks) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Locks[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } + if len(m.Password) > 0 { + i -= len(m.Password) + copy(dAtA[i:], m.Password) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Password))) + i-- + dAtA[i] = 0x12 } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + if len(m.Username) > 0 { + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetWindowsDesktopServicesResponse) Marshal() (dAtA []byte, err error) { +func (m *ContextUser) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25770,12 +28693,12 @@ func (m *GetWindowsDesktopServicesResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWindowsDesktopServicesResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *ContextUser) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWindowsDesktopServicesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ContextUser) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25784,24 +28707,10 @@ func (m *GetWindowsDesktopServicesResponse) MarshalToSizedBuffer(dAtA []byte) (i i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Services) > 0 { - for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Services[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } return len(dAtA) - i, nil } -func (m *GetWindowsDesktopServiceRequest) Marshal() (dAtA []byte, err error) { +func (m *Passwordless) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25811,12 +28720,12 @@ func (m *GetWindowsDesktopServiceRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWindowsDesktopServiceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *Passwordless) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWindowsDesktopServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *Passwordless) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25825,17 +28734,10 @@ func (m *GetWindowsDesktopServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } return len(dAtA) - i, nil } -func (m *GetWindowsDesktopServiceResponse) Marshal() (dAtA []byte, err error) { +func (m *CreateAuthenticateChallengeRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25845,12 +28747,12 @@ func (m *GetWindowsDesktopServiceResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetWindowsDesktopServiceResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWindowsDesktopServiceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25859,9 +28761,28 @@ func (m *GetWindowsDesktopServiceResponse) MarshalToSizedBuffer(dAtA []byte) (in i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Service != nil { + if m.Request != nil { { - size, err := m.Service.MarshalToSizedBuffer(dAtA[:i]) + size := m.Request.Size() + i -= size + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + return len(dAtA) - i, nil +} + +func (m *CreateAuthenticateChallengeRequest_UserCredentials) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CreateAuthenticateChallengeRequest_UserCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.UserCredentials != nil { + { + size, err := m.UserCredentials.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -25873,83 +28794,63 @@ func (m *GetWindowsDesktopServiceResponse) MarshalToSizedBuffer(dAtA []byte) (in } return len(dAtA) - i, nil } - -func (m *DeleteWindowsDesktopServiceRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateAuthenticateChallengeRequest_RecoveryStartTokenID) MarshalTo(dAtA []byte) (int, error) { size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil + return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteWindowsDesktopServiceRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest_RecoveryStartTokenID) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + i -= len(m.RecoveryStartTokenID) + copy(dAtA[i:], m.RecoveryStartTokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryStartTokenID))) + i-- + dAtA[i] = 0x12 + return len(dAtA) - i, nil +} +func (m *CreateAuthenticateChallengeRequest_ContextUser) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteWindowsDesktopServiceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest_ContextUser) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if m.ContextUser != nil { + { + size, err := m.ContextUser.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x1a } return len(dAtA) - i, nil } - -func (m *GetWindowsDesktopsResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GetWindowsDesktopsResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest_Passwordless) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetWindowsDesktopsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateAuthenticateChallengeRequest_Passwordless) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Desktops) > 0 { - for iNdEx := len(m.Desktops) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Desktops[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + if m.Passwordless != nil { + { + size, err := m.Passwordless.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } - i-- - dAtA[i] = 0xa + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0x22 } return len(dAtA) - i, nil } - -func (m *DeleteWindowsDesktopRequest) Marshal() (dAtA []byte, err error) { +func (m *CreatePrivilegeTokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -25959,12 +28860,12 @@ func (m *DeleteWindowsDesktopRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *DeleteWindowsDesktopRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreatePrivilegeTokenRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *DeleteWindowsDesktopRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreatePrivilegeTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -25973,24 +28874,22 @@ func (m *DeleteWindowsDesktopRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.HostID) > 0 { - i -= len(m.HostID) - copy(dAtA[i:], m.HostID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostID))) - i-- - dAtA[i] = 0x12 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) + if m.ExistingMFAResponse != nil { + { + size, err := m.ExistingMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *WindowsDesktopCertRequest) Marshal() (dAtA []byte, err error) { +func (m *CreateRegisterChallengeRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26000,12 +28899,12 @@ func (m *WindowsDesktopCertRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *WindowsDesktopCertRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateRegisterChallengeRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *WindowsDesktopCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateRegisterChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26014,29 +28913,27 @@ func (m *WindowsDesktopCertRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.TTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) + if m.DeviceUsage != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) i-- dAtA[i] = 0x18 } - if len(m.CRLEndpoint) > 0 { - i -= len(m.CRLEndpoint) - copy(dAtA[i:], m.CRLEndpoint) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CRLEndpoint))) + if m.DeviceType != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceType)) i-- - dAtA[i] = 0x12 + dAtA[i] = 0x10 } - if len(m.CSR) > 0 { - i -= len(m.CSR) - copy(dAtA[i:], m.CSR) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CSR))) + if len(m.TokenID) > 0 { + i -= len(m.TokenID) + copy(dAtA[i:], m.TokenID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *WindowsDesktopCertResponse) Marshal() (dAtA []byte, err error) { +func (m *PaginatedResource) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26046,12 +28943,12 @@ func (m *WindowsDesktopCertResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *WindowsDesktopCertResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *PaginatedResource) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *WindowsDesktopCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PaginatedResource) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26060,118 +28957,112 @@ func (m *WindowsDesktopCertResponse) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Cert) > 0 { - i -= len(m.Cert) - copy(dAtA[i:], m.Cert) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Cert))) - i-- - dAtA[i] = 0xa + if m.Resource != nil { + { + size := m.Resource.Size() + i -= size + if _, err := m.Resource.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } } return len(dAtA) - i, nil } -func (m *CertAuthorityRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CertAuthorityRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *PaginatedResource_DatabaseServer) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CertAuthorityRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PaginatedResource_DatabaseServer) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Type) > 0 { - i -= len(m.Type) - copy(dAtA[i:], m.Type) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) + if m.DatabaseServer != nil { + { + size, err := m.DatabaseServer.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } - -func (m *CRL) Marshal() (dAtA []byte, err error) { +func (m *PaginatedResource_AppServer) MarshalTo(dAtA []byte) (int, error) { size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil + return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CRL) MarshalTo(dAtA []byte) (int, error) { +func (m *PaginatedResource_AppServer) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.AppServer != nil { + { + size, err := m.AppServer.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *PaginatedResource_Node) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CRL) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PaginatedResource_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.CRL) > 0 { - i -= len(m.CRL) - copy(dAtA[i:], m.CRL) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.CRL))) + if m.Node != nil { + { + size, err := m.Node.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x1a } return len(dAtA) - i, nil } - -func (m *ChangeUserAuthenticationRequest) Marshal() (dAtA []byte, err error) { +func (m *PaginatedResource_KubeService) MarshalTo(dAtA []byte) (int, error) { size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PaginatedResource_KubeService) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.KubeService != nil { + { + size, err := m.KubeService.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 } - return dAtA[:n], nil + return len(dAtA) - i, nil } - -func (m *ChangeUserAuthenticationRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *PaginatedResource_WindowsDesktop) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ChangeUserAuthenticationRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PaginatedResource_WindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.NewDeviceName) > 0 { - i -= len(m.NewDeviceName) - copy(dAtA[i:], m.NewDeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) - i-- - dAtA[i] = 0x22 - } - if m.NewMFARegisterResponse != nil { + if m.WindowsDesktop != nil { { - size, err := m.NewMFARegisterResponse.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.WindowsDesktop.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26179,52 +29070,20 @@ func (m *ChangeUserAuthenticationRequest) MarshalToSizedBuffer(dAtA []byte) (int i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a - } - if len(m.NewPassword) > 0 { - i -= len(m.NewPassword) - copy(dAtA[i:], m.NewPassword) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewPassword))) - i-- - dAtA[i] = 0x12 - } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) - i-- - dAtA[i] = 0xa + dAtA[i] = 0x2a } return len(dAtA) - i, nil } - -func (m *ChangeUserAuthenticationResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ChangeUserAuthenticationResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *PaginatedResource_KubeCluster) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ChangeUserAuthenticationResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PaginatedResource_KubeCluster) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Recovery != nil { + if m.KubeCluster != nil { { - size, err := m.Recovery.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.KubeCluster.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26232,11 +29091,20 @@ func (m *ChangeUserAuthenticationResponse) MarshalToSizedBuffer(dAtA []byte) (in i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 + dAtA[i] = 0x32 } - if m.WebSession != nil { + return len(dAtA) - i, nil +} +func (m *PaginatedResource_WindowsDesktopService) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PaginatedResource_WindowsDesktopService) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.WindowsDesktopService != nil { { - size, err := m.WebSession.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.WindowsDesktopService.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26244,12 +29112,11 @@ func (m *ChangeUserAuthenticationResponse) MarshalToSizedBuffer(dAtA []byte) (in i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x42 } return len(dAtA) - i, nil } - -func (m *StartAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { +func (m *ListResourcesRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26259,12 +29126,12 @@ func (m *StartAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *StartAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *ListResourcesRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *StartAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ListResourcesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26273,29 +29140,111 @@ func (m *StartAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.RecoverType != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.RecoverType)) + if m.UseSearchAsRoles { + i-- + if m.UseSearchAsRoles { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x58 + } + { + size, err := m.WindowsDesktopFilter.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + if m.NeedTotalCount { + i-- + if m.NeedTotalCount { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } + { + size, err := m.SortBy.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x42 + if len(m.SearchKeywords) > 0 { + for iNdEx := len(m.SearchKeywords) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SearchKeywords[iNdEx]) + copy(dAtA[i:], m.SearchKeywords[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SearchKeywords[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } + if len(m.PredicateExpression) > 0 { + i -= len(m.PredicateExpression) + copy(dAtA[i:], m.PredicateExpression) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PredicateExpression))) + i-- + dAtA[i] = 0x32 + } + if len(m.Labels) > 0 { + for k := range m.Labels { + v := m.Labels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintAuthservice(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintAuthservice(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintAuthservice(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x2a + } + } + if len(m.StartKey) > 0 { + i -= len(m.StartKey) + copy(dAtA[i:], m.StartKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) + i-- + dAtA[i] = 0x22 + } + if m.Limit != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) i-- dAtA[i] = 0x18 } - if len(m.RecoveryCode) > 0 { - i -= len(m.RecoveryCode) - copy(dAtA[i:], m.RecoveryCode) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryCode))) + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) i-- dAtA[i] = 0x12 } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + if len(m.ResourceType) > 0 { + i -= len(m.ResourceType) + copy(dAtA[i:], m.ResourceType) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ResourceType))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *VerifyAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { +func (m *ListResourcesResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26305,12 +29254,12 @@ func (m *VerifyAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *VerifyAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *ListResourcesResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *VerifyAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ListResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26319,70 +29268,36 @@ func (m *VerifyAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.AuthnCred != nil { - { - size := m.AuthnCred.Size() - i -= size - if _, err := m.AuthnCred.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } - } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) - i-- - dAtA[i] = 0x12 - } - if len(m.RecoveryStartTokenID) > 0 { - i -= len(m.RecoveryStartTokenID) - copy(dAtA[i:], m.RecoveryStartTokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryStartTokenID))) + if m.TotalCount != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TotalCount)) i-- - dAtA[i] = 0xa + dAtA[i] = 0x18 } - return len(dAtA) - i, nil -} - -func (m *VerifyAccountRecoveryRequest_Password) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *VerifyAccountRecoveryRequest_Password) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Password != nil { - i -= len(m.Password) - copy(dAtA[i:], m.Password) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Password))) + if len(m.NextKey) > 0 { + i -= len(m.NextKey) + copy(dAtA[i:], m.NextKey) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NextKey))) i-- - dAtA[i] = 0x1a + dAtA[i] = 0x12 } - return len(dAtA) - i, nil -} -func (m *VerifyAccountRecoveryRequest_MFAAuthenticateResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *VerifyAccountRecoveryRequest_MFAAuthenticateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.MFAAuthenticateResponse != nil { - { - size, err := m.MFAAuthenticateResponse.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if len(m.Resources) > 0 { + for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa } - i-- - dAtA[i] = 0x22 } return len(dAtA) - i, nil } -func (m *CompleteAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { + +func (m *CreateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26392,12 +29307,12 @@ func (m *CompleteAccountRecoveryRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CompleteAccountRecoveryRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *CreateSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CompleteAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *CreateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26406,58 +29321,64 @@ func (m *CompleteAccountRecoveryRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.NewAuthnCred != nil { + if m.SessionTracker != nil { { - size := m.NewAuthnCred.Size() - i -= size - if _, err := m.NewAuthnCred.MarshalTo(dAtA[i:]); err != nil { + size, err := m.SessionTracker.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { return 0, err } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x7a + } + if len(m.HostPolicies) > 0 { + for iNdEx := len(m.HostPolicies) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.HostPolicies[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x72 } } - if len(m.NewDeviceName) > 0 { - i -= len(m.NewDeviceName) - copy(dAtA[i:], m.NewDeviceName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewDeviceName))) + if len(m.ID) > 0 { + i -= len(m.ID) + copy(dAtA[i:], m.ID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) i-- - dAtA[i] = 0x12 + dAtA[i] = 0x6a } - if len(m.RecoveryApprovedTokenID) > 0 { - i -= len(m.RecoveryApprovedTokenID) - copy(dAtA[i:], m.RecoveryApprovedTokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryApprovedTokenID))) + if len(m.HostUser) > 0 { + i -= len(m.HostUser) + copy(dAtA[i:], m.HostUser) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostUser))) i-- - dAtA[i] = 0xa + dAtA[i] = 0x62 } - return len(dAtA) - i, nil -} - -func (m *CompleteAccountRecoveryRequest_NewPassword) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CompleteAccountRecoveryRequest_NewPassword) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.NewPassword != nil { - i -= len(m.NewPassword) - copy(dAtA[i:], m.NewPassword) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NewPassword))) + if len(m.KubernetesCluster) > 0 { + i -= len(m.KubernetesCluster) + copy(dAtA[i:], m.KubernetesCluster) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.KubernetesCluster))) i-- - dAtA[i] = 0x1a + dAtA[i] = 0x5a } - return len(dAtA) - i, nil -} -func (m *CompleteAccountRecoveryRequest_NewMFAResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CompleteAccountRecoveryRequest_NewMFAResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.NewMFAResponse != nil { + n109, err109 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err109 != nil { + return 0, err109 + } + i -= n109 + i = encodeVarintAuthservice(dAtA, i, uint64(n109)) + i-- + dAtA[i] = 0x52 + if m.Initiator != nil { { - size, err := m.NewMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Initiator.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26465,55 +29386,70 @@ func (m *CompleteAccountRecoveryRequest_NewMFAResponse) MarshalToSizedBuffer(dAt i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x22 + dAtA[i] = 0x4a } - return len(dAtA) - i, nil -} -func (m *RecoveryCodes) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err + if len(m.Login) > 0 { + i -= len(m.Login) + copy(dAtA[i:], m.Login) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) + i-- + dAtA[i] = 0x42 } - return dAtA[:n], nil -} - -func (m *RecoveryCodes) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RecoveryCodes) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) + if len(m.ClusterName) > 0 { + i -= len(m.ClusterName) + copy(dAtA[i:], m.ClusterName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) + i-- + dAtA[i] = 0x3a } - n91, err91 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err91 != nil { - return 0, err91 + if len(m.Address) > 0 { + i -= len(m.Address) + copy(dAtA[i:], m.Address) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Address))) + i-- + dAtA[i] = 0x32 } - i -= n91 - i = encodeVarintAuthservice(dAtA, i, uint64(n91)) - i-- - dAtA[i] = 0x12 - if len(m.Codes) > 0 { - for iNdEx := len(m.Codes) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Codes[iNdEx]) - copy(dAtA[i:], m.Codes[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Codes[iNdEx]))) + if len(m.Hostname) > 0 { + i -= len(m.Hostname) + copy(dAtA[i:], m.Hostname) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Hostname))) + i-- + dAtA[i] = 0x2a + } + if len(m.Invited) > 0 { + for iNdEx := len(m.Invited) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Invited[iNdEx]) + copy(dAtA[i:], m.Invited[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Invited[iNdEx]))) i-- - dAtA[i] = 0xa + dAtA[i] = 0x22 } } + if len(m.Reason) > 0 { + i -= len(m.Reason) + copy(dAtA[i:], m.Reason) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Reason))) + i-- + dAtA[i] = 0x1a + } + if len(m.Type) > 0 { + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0x12 + } + if len(m.Namespace) > 0 { + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *CreateAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { +func (m *GetSessionTrackerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26523,12 +29459,12 @@ func (m *CreateAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateAccountRecoveryCodesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26537,17 +29473,17 @@ func (m *CreateAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (i i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetAccountRecoveryTokenRequest) Marshal() (dAtA []byte, err error) { +func (m *RemoveSessionTrackerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26557,12 +29493,12 @@ func (m *GetAccountRecoveryTokenRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAccountRecoveryTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *RemoveSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAccountRecoveryTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RemoveSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26571,17 +29507,17 @@ func (m *GetAccountRecoveryTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.RecoveryTokenID) > 0 { - i -= len(m.RecoveryTokenID) - copy(dAtA[i:], m.RecoveryTokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryTokenID))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { +func (m *SessionTrackerUpdateState) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26591,12 +29527,12 @@ func (m *GetAccountRecoveryCodesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetAccountRecoveryCodesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *SessionTrackerUpdateState) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SessionTrackerUpdateState) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26605,10 +29541,15 @@ func (m *GetAccountRecoveryCodesRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.State != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.State)) + i-- + dAtA[i] = 0x10 + } return len(dAtA) - i, nil } -func (m *UserCredentials) Marshal() (dAtA []byte, err error) { +func (m *SessionTrackerAddParticipant) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26618,12 +29559,12 @@ func (m *UserCredentials) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UserCredentials) MarshalTo(dAtA []byte) (int, error) { +func (m *SessionTrackerAddParticipant) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SessionTrackerAddParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26632,24 +29573,22 @@ func (m *UserCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Password) > 0 { - i -= len(m.Password) - copy(dAtA[i:], m.Password) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Password))) - i-- - dAtA[i] = 0x12 - } - if len(m.Username) > 0 { - i -= len(m.Username) - copy(dAtA[i:], m.Username) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Username))) + if m.Participant != nil { + { + size, err := m.Participant.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *ContextUser) Marshal() (dAtA []byte, err error) { +func (m *SessionTrackerRemoveParticipant) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26659,12 +29598,12 @@ func (m *ContextUser) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ContextUser) MarshalTo(dAtA []byte) (int, error) { +func (m *SessionTrackerRemoveParticipant) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ContextUser) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SessionTrackerRemoveParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26673,10 +29612,17 @@ func (m *ContextUser) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ParticipantID) > 0 { + i -= len(m.ParticipantID) + copy(dAtA[i:], m.ParticipantID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ParticipantID))) + i-- + dAtA[i] = 0x12 + } return len(dAtA) - i, nil } -func (m *Passwordless) Marshal() (dAtA []byte, err error) { +func (m *SessionTrackerUpdateExpiry) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26686,12 +29632,12 @@ func (m *Passwordless) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *Passwordless) MarshalTo(dAtA []byte) (int, error) { +func (m *SessionTrackerUpdateExpiry) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Passwordless) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SessionTrackerUpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26700,10 +29646,20 @@ func (m *Passwordless) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Expires != nil { + n112, err112 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) + if err112 != nil { + return 0, err112 + } + i -= n112 + i = encodeVarintAuthservice(dAtA, i, uint64(n112)) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *CreateAuthenticateChallengeRequest) Marshal() (dAtA []byte, err error) { +func (m *UpdateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26713,12 +29669,12 @@ func (m *CreateAuthenticateChallengeRequest) Marshal() (dAtA []byte, err error) return dAtA[:n], nil } -func (m *CreateAuthenticateChallengeRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAuthenticateChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26727,28 +29683,35 @@ func (m *CreateAuthenticateChallengeRequest) MarshalToSizedBuffer(dAtA []byte) ( i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { + if m.Update != nil { { - size := m.Request.Size() + size := m.Update.Size() i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { + if _, err := m.Update.MarshalTo(dAtA[i:]); err != nil { return 0, err } } } + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *CreateAuthenticateChallengeRequest_UserCredentials) MarshalTo(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_UpdateState) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAuthenticateChallengeRequest_UserCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_UpdateState) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.UserCredentials != nil { + if m.UpdateState != nil { { - size, err := m.UserCredentials.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.UpdateState.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26756,34 +29719,20 @@ func (m *CreateAuthenticateChallengeRequest_UserCredentials) MarshalToSizedBuffe i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *CreateAuthenticateChallengeRequest_RecoveryStartTokenID) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CreateAuthenticateChallengeRequest_RecoveryStartTokenID) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - i -= len(m.RecoveryStartTokenID) - copy(dAtA[i:], m.RecoveryStartTokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.RecoveryStartTokenID))) - i-- - dAtA[i] = 0x12 - return len(dAtA) - i, nil -} -func (m *CreateAuthenticateChallengeRequest_ContextUser) MarshalTo(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_AddParticipant) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAuthenticateChallengeRequest_ContextUser) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_AddParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.ContextUser != nil { + if m.AddParticipant != nil { { - size, err := m.ContextUser.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.AddParticipant.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26795,16 +29744,16 @@ func (m *CreateAuthenticateChallengeRequest_ContextUser) MarshalToSizedBuffer(dA } return len(dAtA) - i, nil } -func (m *CreateAuthenticateChallengeRequest_Passwordless) MarshalTo(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_RemoveParticipant) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateAuthenticateChallengeRequest_Passwordless) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_RemoveParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.Passwordless != nil { + if m.RemoveParticipant != nil { { - size, err := m.Passwordless.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.RemoveParticipant.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26816,33 +29765,16 @@ func (m *CreateAuthenticateChallengeRequest_Passwordless) MarshalToSizedBuffer(d } return len(dAtA) - i, nil } -func (m *CreatePrivilegeTokenRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CreatePrivilegeTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_UpdateExpiry) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreatePrivilegeTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpdateSessionTrackerRequest_UpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.ExistingMFAResponse != nil { + if m.UpdateExpiry != nil { { - size, err := m.ExistingMFAResponse.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.UpdateExpiry.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26850,12 +29782,11 @@ func (m *CreatePrivilegeTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa + dAtA[i] = 0x2a } return len(dAtA) - i, nil } - -func (m *CreateRegisterChallengeRequest) Marshal() (dAtA []byte, err error) { +func (m *PresenceMFAChallengeRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26865,12 +29796,12 @@ func (m *CreateRegisterChallengeRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateRegisterChallengeRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateRegisterChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26879,27 +29810,17 @@ func (m *CreateRegisterChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.DeviceUsage != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceUsage)) - i-- - dAtA[i] = 0x18 - } - if m.DeviceType != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.DeviceType)) - i-- - dAtA[i] = 0x10 - } - if len(m.TokenID) > 0 { - i -= len(m.TokenID) - copy(dAtA[i:], m.TokenID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TokenID))) + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *PaginatedResource) Marshal() (dAtA []byte, err error) { +func (m *PresenceMFAChallengeSend) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -26909,12 +29830,12 @@ func (m *PaginatedResource) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PaginatedResource) MarshalTo(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PaginatedResource) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -26923,11 +29844,11 @@ func (m *PaginatedResource) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Resource != nil { + if m.Request != nil { { - size := m.Resource.Size() + size := m.Request.Size() i -= size - if _, err := m.Resource.MarshalTo(dAtA[i:]); err != nil { + if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { return 0, err } } @@ -26935,16 +29856,16 @@ func (m *PaginatedResource) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *PaginatedResource_DatabaseServer) MarshalTo(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend_ChallengeRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PaginatedResource_DatabaseServer) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend_ChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.DatabaseServer != nil { + if m.ChallengeRequest != nil { { - size, err := m.DatabaseServer.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.ChallengeRequest.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26956,16 +29877,16 @@ func (m *PaginatedResource_DatabaseServer) MarshalToSizedBuffer(dAtA []byte) (in } return len(dAtA) - i, nil } -func (m *PaginatedResource_AppServer) MarshalTo(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend_ChallengeResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PaginatedResource_AppServer) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PresenceMFAChallengeSend_ChallengeResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.AppServer != nil { + if m.ChallengeResponse != nil { { - size, err := m.AppServer.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.ChallengeResponse.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -26977,91 +29898,7 @@ func (m *PaginatedResource_AppServer) MarshalToSizedBuffer(dAtA []byte) (int, er } return len(dAtA) - i, nil } -func (m *PaginatedResource_Node) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PaginatedResource_Node) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.Node != nil { - { - size, err := m.Node.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - return len(dAtA) - i, nil -} -func (m *PaginatedResource_KubeService) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PaginatedResource_KubeService) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.KubeService != nil { - { - size, err := m.KubeService.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - return len(dAtA) - i, nil -} -func (m *PaginatedResource_WindowsDesktop) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PaginatedResource_WindowsDesktop) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.WindowsDesktop != nil { - { - size, err := m.WindowsDesktop.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x2a - } - return len(dAtA) - i, nil -} -func (m *PaginatedResource_KubeCluster) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PaginatedResource_KubeCluster) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - if m.KubeCluster != nil { - { - size, err := m.KubeCluster.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - } - return len(dAtA) - i, nil -} -func (m *ListResourcesRequest) Marshal() (dAtA []byte, err error) { +func (m *GetDomainNameResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27071,12 +29908,12 @@ func (m *ListResourcesRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ListResourcesRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetDomainNameResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ListResourcesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetDomainNameResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27085,111 +29922,17 @@ func (m *ListResourcesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.UseSearchAsRoles { - i-- - if m.UseSearchAsRoles { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x58 - } - { - size, err := m.WindowsDesktopFilter.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - if m.NeedTotalCount { - i-- - if m.NeedTotalCount { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - { - size, err := m.SortBy.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - if len(m.SearchKeywords) > 0 { - for iNdEx := len(m.SearchKeywords) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.SearchKeywords[iNdEx]) - copy(dAtA[i:], m.SearchKeywords[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SearchKeywords[iNdEx]))) - i-- - dAtA[i] = 0x3a - } - } - if len(m.PredicateExpression) > 0 { - i -= len(m.PredicateExpression) - copy(dAtA[i:], m.PredicateExpression) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.PredicateExpression))) - i-- - dAtA[i] = 0x32 - } - if len(m.Labels) > 0 { - for k := range m.Labels { - v := m.Labels[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintAuthservice(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintAuthservice(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintAuthservice(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x2a - } - } - if len(m.StartKey) > 0 { - i -= len(m.StartKey) - copy(dAtA[i:], m.StartKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StartKey))) - i-- - dAtA[i] = 0x22 - } - if m.Limit != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.Limit)) - i-- - dAtA[i] = 0x18 - } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x12 - } - if len(m.ResourceType) > 0 { - i -= len(m.ResourceType) - copy(dAtA[i:], m.ResourceType) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ResourceType))) + if len(m.DomainName) > 0 { + i -= len(m.DomainName) + copy(dAtA[i:], m.DomainName) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DomainName))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *ListResourcesResponse) Marshal() (dAtA []byte, err error) { +func (m *GetClusterCACertResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27199,12 +29942,12 @@ func (m *ListResourcesResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ListResourcesResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *GetClusterCACertResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ListResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetClusterCACertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27213,36 +29956,17 @@ func (m *ListResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.TotalCount != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TotalCount)) - i-- - dAtA[i] = 0x18 - } - if len(m.NextKey) > 0 { - i -= len(m.NextKey) - copy(dAtA[i:], m.NextKey) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.NextKey))) + if len(m.TLSCA) > 0 { + i -= len(m.TLSCA) + copy(dAtA[i:], m.TLSCA) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TLSCA))) i-- - dAtA[i] = 0x12 - } - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *CreateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { +func (m *GenerateTokenRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27252,12 +29976,12 @@ func (m *CreateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *CreateSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GenerateTokenRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *CreateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GenerateTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27266,135 +29990,84 @@ func (m *CreateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.SessionTracker != nil { - { - size, err := m.SessionTracker.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x7a - } - if len(m.HostPolicies) > 0 { - for iNdEx := len(m.HostPolicies) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.HostPolicies[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.Labels) > 0 { + for k := range m.Labels { + v := m.Labels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintAuthservice(dAtA, i, uint64(len(v))) i-- - dAtA[i] = 0x72 - } - } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0x6a - } - if len(m.HostUser) > 0 { - i -= len(m.HostUser) - copy(dAtA[i:], m.HostUser) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.HostUser))) - i-- - dAtA[i] = 0x62 - } - if len(m.KubernetesCluster) > 0 { - i -= len(m.KubernetesCluster) - copy(dAtA[i:], m.KubernetesCluster) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.KubernetesCluster))) - i-- - dAtA[i] = 0x5a - } - n105, err105 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err105 != nil { - return 0, err105 - } - i -= n105 - i = encodeVarintAuthservice(dAtA, i, uint64(n105)) - i-- - dAtA[i] = 0x52 - if m.Initiator != nil { - { - size, err := m.Initiator.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintAuthservice(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintAuthservice(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x22 } - i-- - dAtA[i] = 0x4a - } - if len(m.Login) > 0 { - i -= len(m.Login) - copy(dAtA[i:], m.Login) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Login))) - i-- - dAtA[i] = 0x42 } - if len(m.ClusterName) > 0 { - i -= len(m.ClusterName) - copy(dAtA[i:], m.ClusterName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ClusterName))) - i-- - dAtA[i] = 0x3a - } - if len(m.Address) > 0 { - i -= len(m.Address) - copy(dAtA[i:], m.Address) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Address))) - i-- - dAtA[i] = 0x32 - } - if len(m.Hostname) > 0 { - i -= len(m.Hostname) - copy(dAtA[i:], m.Hostname) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Hostname))) + if m.TTL != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) i-- - dAtA[i] = 0x2a + dAtA[i] = 0x18 } - if len(m.Invited) > 0 { - for iNdEx := len(m.Invited) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Invited[iNdEx]) - copy(dAtA[i:], m.Invited[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Invited[iNdEx]))) + if len(m.Roles) > 0 { + for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Roles[iNdEx]) + copy(dAtA[i:], m.Roles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) i-- - dAtA[i] = 0x22 + dAtA[i] = 0x12 } } - if len(m.Reason) > 0 { - i -= len(m.Reason) - copy(dAtA[i:], m.Reason) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Reason))) + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) i-- - dAtA[i] = 0x1a + dAtA[i] = 0xa } - if len(m.Type) > 0 { - i -= len(m.Type) - copy(dAtA[i:], m.Type) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Type))) - i-- - dAtA[i] = 0x12 + return len(dAtA) - i, nil +} + +func (m *GenerateTokenResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - if len(m.Namespace) > 0 { - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Namespace))) + return dAtA[:n], nil +} + +func (m *GenerateTokenResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GenerateTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Token) > 0 { + i -= len(m.Token) + copy(dAtA[i:], m.Token) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetSessionTrackerRequest) Marshal() (dAtA []byte, err error) { +func (m *GetOIDCAuthRequestRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27404,12 +30077,12 @@ func (m *GetSessionTrackerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetOIDCAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetOIDCAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27418,17 +30091,17 @@ func (m *GetSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if len(m.StateToken) > 0 { + i -= len(m.StateToken) + copy(dAtA[i:], m.StateToken) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StateToken))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *RemoveSessionTrackerRequest) Marshal() (dAtA []byte, err error) { +func (m *GetSAMLAuthRequestRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27438,12 +30111,12 @@ func (m *RemoveSessionTrackerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RemoveSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSAMLAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RemoveSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSAMLAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27452,17 +30125,17 @@ func (m *RemoveSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if len(m.ID) > 0 { + i -= len(m.ID) + copy(dAtA[i:], m.ID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *SessionTrackerUpdateState) Marshal() (dAtA []byte, err error) { +func (m *GetGithubAuthRequestRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27472,12 +30145,12 @@ func (m *SessionTrackerUpdateState) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SessionTrackerUpdateState) MarshalTo(dAtA []byte) (int, error) { +func (m *GetGithubAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SessionTrackerUpdateState) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetGithubAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27486,15 +30159,17 @@ func (m *SessionTrackerUpdateState) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.State != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.State)) + if len(m.StateToken) > 0 { + i -= len(m.StateToken) + copy(dAtA[i:], m.StateToken) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StateToken))) i-- - dAtA[i] = 0x10 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *SessionTrackerAddParticipant) Marshal() (dAtA []byte, err error) { +func (m *GetSSODiagnosticInfoRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27504,12 +30179,12 @@ func (m *SessionTrackerAddParticipant) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SessionTrackerAddParticipant) MarshalTo(dAtA []byte) (int, error) { +func (m *GetSSODiagnosticInfoRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SessionTrackerAddParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetSSODiagnosticInfoRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27518,22 +30193,24 @@ func (m *SessionTrackerAddParticipant) MarshalToSizedBuffer(dAtA []byte) (int, e i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Participant != nil { - { - size, err := m.Participant.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + if len(m.AuthRequestID) > 0 { + i -= len(m.AuthRequestID) + copy(dAtA[i:], m.AuthRequestID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AuthRequestID))) i-- dAtA[i] = 0x12 } + if len(m.AuthRequestKind) > 0 { + i -= len(m.AuthRequestKind) + copy(dAtA[i:], m.AuthRequestKind) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AuthRequestKind))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *SessionTrackerRemoveParticipant) Marshal() (dAtA []byte, err error) { +func (m *UnstableSystemRoleAssertion) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27543,12 +30220,12 @@ func (m *SessionTrackerRemoveParticipant) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SessionTrackerRemoveParticipant) MarshalTo(dAtA []byte) (int, error) { +func (m *UnstableSystemRoleAssertion) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SessionTrackerRemoveParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UnstableSystemRoleAssertion) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27557,17 +30234,31 @@ func (m *SessionTrackerRemoveParticipant) MarshalToSizedBuffer(dAtA []byte) (int i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ParticipantID) > 0 { - i -= len(m.ParticipantID) - copy(dAtA[i:], m.ParticipantID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ParticipantID))) + if len(m.SystemRole) > 0 { + i -= len(m.SystemRole) + copy(dAtA[i:], m.SystemRole) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SystemRole))) + i-- + dAtA[i] = 0x1a + } + if len(m.AssertionID) > 0 { + i -= len(m.AssertionID) + copy(dAtA[i:], m.AssertionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AssertionID))) i-- dAtA[i] = 0x12 } + if len(m.ServerID) > 0 { + i -= len(m.ServerID) + copy(dAtA[i:], m.ServerID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerID))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *SessionTrackerUpdateExpiry) Marshal() (dAtA []byte, err error) { +func (m *UnstableSystemRoleAssertionSet) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27577,12 +30268,12 @@ func (m *SessionTrackerUpdateExpiry) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *SessionTrackerUpdateExpiry) MarshalTo(dAtA []byte) (int, error) { +func (m *UnstableSystemRoleAssertionSet) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *SessionTrackerUpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UnstableSystemRoleAssertionSet) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27591,20 +30282,33 @@ func (m *SessionTrackerUpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, err i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Expires != nil { - n108, err108 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) - if err108 != nil { - return 0, err108 + if len(m.SystemRoles) > 0 { + for iNdEx := len(m.SystemRoles) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SystemRoles[iNdEx]) + copy(dAtA[i:], m.SystemRoles[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SystemRoles[iNdEx]))) + i-- + dAtA[i] = 0x1a } - i -= n108 - i = encodeVarintAuthservice(dAtA, i, uint64(n108)) + } + if len(m.AssertionID) > 0 { + i -= len(m.AssertionID) + copy(dAtA[i:], m.AssertionID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AssertionID))) + i-- + dAtA[i] = 0x12 + } + if len(m.ServerID) > 0 { + i -= len(m.ServerID) + copy(dAtA[i:], m.ServerID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UpdateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { +func (m *UpstreamInventoryOneOf) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27614,12 +30318,12 @@ func (m *UpdateSessionTrackerRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UpdateSessionTrackerRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpdateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27628,35 +30332,49 @@ func (m *UpdateSessionTrackerRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Update != nil { + if m.Msg != nil { { - size := m.Update.Size() + size := m.Msg.Size() i -= size - if _, err := m.Update.MarshalTo(dAtA[i:]); err != nil { + if _, err := m.Msg.MarshalTo(dAtA[i:]); err != nil { return 0, err } } } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + return len(dAtA) - i, nil +} + +func (m *UpstreamInventoryOneOf_Hello) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UpstreamInventoryOneOf_Hello) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Hello != nil { + { + size, err := m.Hello.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } - -func (m *UpdateSessionTrackerRequest_UpdateState) MarshalTo(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf_Heartbeat) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpdateSessionTrackerRequest_UpdateState) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf_Heartbeat) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.UpdateState != nil { + if m.Heartbeat != nil { { - size, err := m.UpdateState.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Heartbeat.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -27668,16 +30386,16 @@ func (m *UpdateSessionTrackerRequest_UpdateState) MarshalToSizedBuffer(dAtA []by } return len(dAtA) - i, nil } -func (m *UpdateSessionTrackerRequest_AddParticipant) MarshalTo(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf_Pong) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpdateSessionTrackerRequest_AddParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpstreamInventoryOneOf_Pong) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.AddParticipant != nil { + if m.Pong != nil { { - size, err := m.AddParticipant.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Pong.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -27689,16 +30407,52 @@ func (m *UpdateSessionTrackerRequest_AddParticipant) MarshalToSizedBuffer(dAtA [ } return len(dAtA) - i, nil } -func (m *UpdateSessionTrackerRequest_RemoveParticipant) MarshalTo(dAtA []byte) (int, error) { +func (m *DownstreamInventoryOneOf) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DownstreamInventoryOneOf) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpdateSessionTrackerRequest_RemoveParticipant) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DownstreamInventoryOneOf) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.RemoveParticipant != nil { + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Msg != nil { { - size, err := m.RemoveParticipant.MarshalToSizedBuffer(dAtA[:i]) + size := m.Msg.Size() + i -= size + if _, err := m.Msg.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } + } + return len(dAtA) - i, nil +} + +func (m *DownstreamInventoryOneOf_Hello) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *DownstreamInventoryOneOf_Hello) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.Hello != nil { + { + size, err := m.Hello.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -27706,20 +30460,20 @@ func (m *UpdateSessionTrackerRequest_RemoveParticipant) MarshalToSizedBuffer(dAt i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x22 + dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *UpdateSessionTrackerRequest_UpdateExpiry) MarshalTo(dAtA []byte) (int, error) { +func (m *DownstreamInventoryOneOf_Ping) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UpdateSessionTrackerRequest_UpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DownstreamInventoryOneOf_Ping) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.UpdateExpiry != nil { + if m.Ping != nil { { - size, err := m.UpdateExpiry.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Ping.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -27727,11 +30481,11 @@ func (m *UpdateSessionTrackerRequest_UpdateExpiry) MarshalToSizedBuffer(dAtA []b i = encodeVarintAuthservice(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x2a + dAtA[i] = 0x12 } return len(dAtA) - i, nil } -func (m *PresenceMFAChallengeRequest) Marshal() (dAtA []byte, err error) { +func (m *DownstreamInventoryPing) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27741,12 +30495,12 @@ func (m *PresenceMFAChallengeRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PresenceMFAChallengeRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *DownstreamInventoryPing) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PresenceMFAChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DownstreamInventoryPing) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27755,17 +30509,15 @@ func (m *PresenceMFAChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.SessionID) > 0 { - i -= len(m.SessionID) - copy(dAtA[i:], m.SessionID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.SessionID))) + if m.ID != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.ID)) i-- - dAtA[i] = 0xa + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *PresenceMFAChallengeSend) Marshal() (dAtA []byte, err error) { +func (m *UpstreamInventoryPong) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27775,12 +30527,12 @@ func (m *PresenceMFAChallengeSend) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PresenceMFAChallengeSend) MarshalTo(dAtA []byte) (int, error) { +func (m *UpstreamInventoryPong) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PresenceMFAChallengeSend) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpstreamInventoryPong) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27789,61 +30541,106 @@ func (m *PresenceMFAChallengeSend) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.Request != nil { - { - size := m.Request.Size() - i -= size - if _, err := m.Request.MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - } + if m.ID != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.ID)) + i-- + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *PresenceMFAChallengeSend_ChallengeRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpstreamInventoryHello) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *UpstreamInventoryHello) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PresenceMFAChallengeSend_ChallengeRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpstreamInventoryHello) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.ChallengeRequest != nil { - { - size, err := m.ChallengeRequest.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Services) > 0 { + for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Services[iNdEx]) + copy(dAtA[i:], m.Services[iNdEx]) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Services[iNdEx]))) + i-- + dAtA[i] = 0x1a } + } + if len(m.ServerID) > 0 { + i -= len(m.ServerID) + copy(dAtA[i:], m.ServerID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerID))) + i-- + dAtA[i] = 0x12 + } + if len(m.Version) > 0 { + i -= len(m.Version) + copy(dAtA[i:], m.Version) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Version))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *PresenceMFAChallengeSend_ChallengeResponse) MarshalTo(dAtA []byte) (int, error) { + +func (m *DownstreamInventoryHello) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DownstreamInventoryHello) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PresenceMFAChallengeSend_ChallengeResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *DownstreamInventoryHello) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) - if m.ChallengeResponse != nil { - { - size, err := m.ChallengeResponse.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthservice(dAtA, i, uint64(size)) - } + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.ServerID) > 0 { + i -= len(m.ServerID) + copy(dAtA[i:], m.ServerID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerID))) i-- dAtA[i] = 0x12 } + if len(m.Version) > 0 { + i -= len(m.Version) + copy(dAtA[i:], m.Version) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Version))) + i-- + dAtA[i] = 0xa + } return len(dAtA) - i, nil } -func (m *GetDomainNameResponse) Marshal() (dAtA []byte, err error) { + +func (m *InventoryHeartbeat) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27853,12 +30650,12 @@ func (m *GetDomainNameResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetDomainNameResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *InventoryHeartbeat) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetDomainNameResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *InventoryHeartbeat) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27867,17 +30664,22 @@ func (m *GetDomainNameResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.DomainName) > 0 { - i -= len(m.DomainName) - copy(dAtA[i:], m.DomainName) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.DomainName))) + if m.SSHServer != nil { + { + size, err := m.SSHServer.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetClusterCACertResponse) Marshal() (dAtA []byte, err error) { +func (m *InventoryStatusRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27887,12 +30689,12 @@ func (m *GetClusterCACertResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetClusterCACertResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *InventoryStatusRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetClusterCACertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *InventoryStatusRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27901,17 +30703,20 @@ func (m *GetClusterCACertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.TLSCA) > 0 { - i -= len(m.TLSCA) - copy(dAtA[i:], m.TLSCA) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.TLSCA))) + if m.Connected { i-- - dAtA[i] = 0xa + if m.Connected { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *GenerateTokenRequest) Marshal() (dAtA []byte, err error) { +func (m *InventoryStatusSummary) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27921,12 +30726,12 @@ func (m *GenerateTokenRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GenerateTokenRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *InventoryStatusSummary) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GenerateTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *InventoryStatusSummary) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -27935,50 +30740,58 @@ func (m *GenerateTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Labels) > 0 { - for k := range m.Labels { - v := m.Labels[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintAuthservice(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintAuthservice(dAtA, i, uint64(len(k))) + if len(m.Connected) > 0 { + for iNdEx := len(m.Connected) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Connected[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0xa - i = encodeVarintAuthservice(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x22 } } - if m.TTL != 0 { - i = encodeVarintAuthservice(dAtA, i, uint64(m.TTL)) - i-- - dAtA[i] = 0x18 + return len(dAtA) - i, nil +} + +func (m *InventoryPingRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - if len(m.Roles) > 0 { - for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Roles[iNdEx]) - copy(dAtA[i:], m.Roles[iNdEx]) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Roles[iNdEx]))) - i-- - dAtA[i] = 0x12 - } + return dAtA[:n], nil +} + +func (m *InventoryPingRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *InventoryPingRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + if len(m.ServerID) > 0 { + i -= len(m.ServerID) + copy(dAtA[i:], m.ServerID) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ServerID))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GenerateTokenResponse) Marshal() (dAtA []byte, err error) { +func (m *InventoryPingResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -27988,12 +30801,12 @@ func (m *GenerateTokenResponse) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GenerateTokenResponse) MarshalTo(dAtA []byte) (int, error) { +func (m *InventoryPingResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GenerateTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *InventoryPingResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -28002,17 +30815,15 @@ func (m *GenerateTokenResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Token) > 0 { - i -= len(m.Token) - copy(dAtA[i:], m.Token) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Token))) + if m.Duration != 0 { + i = encodeVarintAuthservice(dAtA, i, uint64(m.Duration)) i-- - dAtA[i] = 0xa + dAtA[i] = 0x8 } return len(dAtA) - i, nil } -func (m *GetOIDCAuthRequestRequest) Marshal() (dAtA []byte, err error) { +func (m *GetClusterAlertsResponse) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -28022,12 +30833,12 @@ func (m *GetOIDCAuthRequestRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetOIDCAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetClusterAlertsResponse) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetOIDCAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetClusterAlertsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -28036,17 +30847,24 @@ func (m *GetOIDCAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.StateToken) > 0 { - i -= len(m.StateToken) - copy(dAtA[i:], m.StateToken) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StateToken))) - i-- - dAtA[i] = 0xa + if len(m.Alerts) > 0 { + for iNdEx := len(m.Alerts) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Alerts[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } } return len(dAtA) - i, nil } -func (m *GetSAMLAuthRequestRequest) Marshal() (dAtA []byte, err error) { +func (m *UpsertClusterAlertRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -28056,12 +30874,12 @@ func (m *GetSAMLAuthRequestRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSAMLAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *UpsertClusterAlertRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSAMLAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UpsertClusterAlertRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -28070,17 +30888,20 @@ func (m *GetSAMLAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ID) > 0 { - i -= len(m.ID) - copy(dAtA[i:], m.ID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.ID))) - i-- - dAtA[i] = 0xa + { + size, err := m.Alert.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) } + i-- + dAtA[i] = 0xa return len(dAtA) - i, nil } -func (m *GetGithubAuthRequestRequest) Marshal() (dAtA []byte, err error) { +func (m *GetConnectionDiagnosticRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -28090,12 +30911,12 @@ func (m *GetGithubAuthRequestRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetGithubAuthRequestRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *GetConnectionDiagnosticRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetGithubAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *GetConnectionDiagnosticRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -28104,17 +30925,17 @@ func (m *GetGithubAuthRequestRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.StateToken) > 0 { - i -= len(m.StateToken) - copy(dAtA[i:], m.StateToken) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.StateToken))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } return len(dAtA) - i, nil } -func (m *GetSSODiagnosticInfoRequest) Marshal() (dAtA []byte, err error) { +func (m *AppendDiagnosticTraceRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -28124,12 +30945,12 @@ func (m *GetSSODiagnosticInfoRequest) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GetSSODiagnosticInfoRequest) MarshalTo(dAtA []byte) (int, error) { +func (m *AppendDiagnosticTraceRequest) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GetSSODiagnosticInfoRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AppendDiagnosticTraceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -28138,17 +30959,22 @@ func (m *GetSSODiagnosticInfoRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.AuthRequestID) > 0 { - i -= len(m.AuthRequestID) - copy(dAtA[i:], m.AuthRequestID) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AuthRequestID))) + if m.Trace != nil { + { + size, err := m.Trace.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthservice(dAtA, i, uint64(size)) + } i-- dAtA[i] = 0x12 } - if len(m.AuthRequestKind) > 0 { - i -= len(m.AuthRequestKind) - copy(dAtA[i:], m.AuthRequestKind) - i = encodeVarintAuthservice(dAtA, i, uint64(len(m.AuthRequestKind))) + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintAuthservice(dAtA, i, uint64(len(m.Name))) i-- dAtA[i] = 0xa } @@ -28532,6 +31358,18 @@ func (m *Event_SnowflakeSession) Size() (n int) { } return n } +func (m *Event_Installer) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Installer != nil { + l = m.Installer.Size() + n += 2 + l + sovAuthservice(uint64(l)) + } + return n +} func (m *Watch) Size() (n int) { if m == nil { return 0 @@ -28634,6 +31472,16 @@ func (m *HostCertsRequest) Size() (n int) { if m.NoCache { n += 2 } + if len(m.SystemRoles) > 0 { + for _, s := range m.SystemRoles { + l = len(s) + n += 1 + l + sovAuthservice(uint64(l)) + } + } + l = len(m.UnstableSystemRoleAssertionID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -28693,6 +31541,19 @@ func (m *UserCertsRequest) Size() (n int) { } l = m.RouteToWindowsDesktop.Size() n += 1 + l + sovAuthservice(uint64(l)) + if m.UseRoleRequests { + n += 2 + } + if len(m.DropAccessRequests) > 0 { + for _, s := range m.DropAccessRequests { + l = len(s) + n += 1 + l + sovAuthservice(uint64(l)) + } + } + l = len(m.ConnectionDiagnosticID) + if l > 0 { + n += 2 + l + sovAuthservice(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -28998,6 +31859,8 @@ func (m *CreateBotRequest) Size() (n int) { n += 1 + l + sovAuthservice(uint64(l)) } } + l = m.Traits.Size() + n += 1 + l + sovAuthservice(uint64(l)) if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -29100,6 +31963,10 @@ func (m *PingResponse) Size() (n int) { if m.IsBoring { n += 2 } + l = len(m.RemoteAddr) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -29145,6 +32012,12 @@ func (m *Features) Size() (n int) { if m.ModeratedSessions { n += 2 } + if m.MachineID { + n += 2 + } + if m.ResourceAccessRequests { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -30669,6 +33542,10 @@ func (m *DeleteMFADeviceResponseAck) Size() (n int) { } var l int _ = l + if m.Device != nil { + l = m.Device.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -31815,6 +34692,18 @@ func (m *PaginatedResource_KubeCluster) Size() (n int) { } return n } +func (m *PaginatedResource_WindowsDesktopService) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.WindowsDesktopService != nil { + l = m.WindowsDesktopService.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} func (m *ListResourcesRequest) Size() (n int) { if m == nil { return 0 @@ -32199,149 +35088,2443 @@ func (m *GetDomainNameResponse) Size() (n int) { if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } - return n -} + return n +} + +func (m *GetClusterCACertResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.TLSCA) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateTokenRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if len(m.Roles) > 0 { + for _, s := range m.Roles { + l = len(s) + n += 1 + l + sovAuthservice(uint64(l)) + } + } + if m.TTL != 0 { + n += 1 + sovAuthservice(uint64(m.TTL)) + } + if len(m.Labels) > 0 { + for k, v := range m.Labels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovAuthservice(uint64(len(k))) + 1 + len(v) + sovAuthservice(uint64(len(v))) + n += mapEntrySize + 1 + sovAuthservice(uint64(mapEntrySize)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GenerateTokenResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Token) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetOIDCAuthRequestRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.StateToken) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetSAMLAuthRequestRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetGithubAuthRequestRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.StateToken) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetSSODiagnosticInfoRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.AuthRequestKind) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.AuthRequestID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UnstableSystemRoleAssertion) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.AssertionID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.SystemRole) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UnstableSystemRoleAssertionSet) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.AssertionID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if len(m.SystemRoles) > 0 { + for _, s := range m.SystemRoles { + l = len(s) + n += 1 + l + sovAuthservice(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpstreamInventoryOneOf) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Msg != nil { + n += m.Msg.Size() + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpstreamInventoryOneOf_Hello) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Hello != nil { + l = m.Hello.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} +func (m *UpstreamInventoryOneOf_Heartbeat) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Heartbeat != nil { + l = m.Heartbeat.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} +func (m *UpstreamInventoryOneOf_Pong) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Pong != nil { + l = m.Pong.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} +func (m *DownstreamInventoryOneOf) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Msg != nil { + n += m.Msg.Size() + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DownstreamInventoryOneOf_Hello) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Hello != nil { + l = m.Hello.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} +func (m *DownstreamInventoryOneOf_Ping) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Ping != nil { + l = m.Ping.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + return n +} +func (m *DownstreamInventoryPing) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.ID != 0 { + n += 1 + sovAuthservice(uint64(m.ID)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpstreamInventoryPong) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.ID != 0 { + n += 1 + sovAuthservice(uint64(m.ID)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpstreamInventoryHello) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Version) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if len(m.Services) > 0 { + for _, s := range m.Services { + l = len(s) + n += 1 + l + sovAuthservice(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DownstreamInventoryHello) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Version) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InventoryHeartbeat) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.SSHServer != nil { + l = m.SSHServer.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InventoryStatusRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Connected { + n += 2 + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InventoryStatusSummary) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Connected) > 0 { + for _, e := range m.Connected { + l = e.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InventoryPingRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InventoryPingResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Duration != 0 { + n += 1 + sovAuthservice(uint64(m.Duration)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetClusterAlertsResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Alerts) > 0 { + for _, e := range m.Alerts { + l = e.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpsertClusterAlertRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Alert.Size() + n += 1 + l + sovAuthservice(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetConnectionDiagnosticRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AppendDiagnosticTraceRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.Trace != nil { + l = m.Trace.Size() + n += 1 + l + sovAuthservice(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovAuthservice(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozAuthservice(x uint64) (n int) { + return sovAuthservice(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *Event) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Event: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Event: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + m.Type = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Type |= Operation(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceHeader", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ResourceHeader{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ResourceHeader{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CertAuthority", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.CertAuthorityV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_CertAuthority{v} + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StaticTokens", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.StaticTokensV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_StaticTokens{v} + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ProvisionToken", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ProvisionTokenV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ProvisionToken{v} + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ClusterNameV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ClusterName{v} + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.UserV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_User{v} + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.RoleV5{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Role{v} + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.Namespace{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Namespace{v} + iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ServerV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Server{v} + iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ReverseTunnel", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ReverseTunnelV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ReverseTunnel{v} + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TunnelConnection", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.TunnelConnectionV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_TunnelConnection{v} + iNdEx = postIndex + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequest", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.AccessRequestV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_AccessRequest{v} + iNdEx = postIndex + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppSession", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WebSessionV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_AppSession{v} + iNdEx = postIndex + case 16: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RemoteCluster", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.RemoteClusterV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_RemoteCluster{v} + iNdEx = postIndex + case 17: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseServer", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.DatabaseServerV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_DatabaseServer{v} + iNdEx = postIndex + case 18: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WebSession", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WebSessionV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_WebSession{v} + iNdEx = postIndex + case 19: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WebToken", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WebTokenV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_WebToken{v} + iNdEx = postIndex + case 20: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterNetworkingConfig", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ClusterNetworkingConfigV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ClusterNetworkingConfig{v} + iNdEx = postIndex + case 21: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionRecordingConfig", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.SessionRecordingConfigV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_SessionRecordingConfig{v} + iNdEx = postIndex + case 22: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AuthPreference", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.AuthPreferenceV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_AuthPreference{v} + iNdEx = postIndex + case 23: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterAuditConfig", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.ClusterAuditConfigV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_ClusterAuditConfig{v} + iNdEx = postIndex + case 24: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Lock", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.LockV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Lock{v} + iNdEx = postIndex + case 25: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NetworkRestrictions", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.NetworkRestrictionsV4{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_NetworkRestrictions{v} + iNdEx = postIndex + case 26: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WindowsDesktopServiceV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_WindowsDesktopService{v} + iNdEx = postIndex + case 27: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WindowsDesktopV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_WindowsDesktop{v} + iNdEx = postIndex + case 28: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.DatabaseV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Database{v} + iNdEx = postIndex + case 29: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppServer", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.AppServerV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_AppServer{v} + iNdEx = postIndex + case 30: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field App", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.AppV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_App{v} + iNdEx = postIndex + case 31: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SnowflakeSession", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.WebSessionV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_SnowflakeSession{v} + iNdEx = postIndex + case 34: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Installer", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &types.InstallerV1{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &Event_Installer{v} + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } -func (m *GetClusterCACertResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.TLSCA) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + if iNdEx > l { + return io.ErrUnexpectedEOF } - return n + return nil } - -func (m *GenerateTokenRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if len(m.Roles) > 0 { - for _, s := range m.Roles { - l = len(s) - n += 1 + l + sovAuthservice(uint64(l)) +func (m *Watch) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - } - if m.TTL != 0 { - n += 1 + sovAuthservice(uint64(m.TTL)) - } - if len(m.Labels) > 0 { - for k, v := range m.Labels { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovAuthservice(uint64(len(k))) + 1 + len(v) + sovAuthservice(uint64(len(v))) - n += mapEntrySize + 1 + sovAuthservice(uint64(mapEntrySize)) + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Watch: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Watch: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kinds", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kinds = append(m.Kinds, WatchKind{}) + if err := m.Kinds[len(m.Kinds)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy } } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GenerateTokenResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Token) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GetOIDCAuthRequestRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.StateToken) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GetSAMLAuthRequestRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ID) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} -func (m *GetGithubAuthRequestRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.StateToken) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + if iNdEx > l { + return io.ErrUnexpectedEOF } - return n + return nil } - -func (m *GetSSODiagnosticInfoRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.AuthRequestKind) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) - } - l = len(m.AuthRequestID) - if l > 0 { - n += 1 + l + sovAuthservice(uint64(l)) +func (m *WatchKind) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: WatchKind: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: WatchKind: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field LoadSecrets", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.LoadSecrets = bool(v != 0) + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Filter == nil { + m.Filter = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthAuthservice + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthAuthservice + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthAuthservice + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthAuthservice + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Filter[mapkey] = mapvalue + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubKind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + + if iNdEx > l { + return io.ErrUnexpectedEOF } - return n + return nil } +func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: HostCertsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: HostCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.HostID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NodeName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.NodeName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Role = github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AdditionalPrincipals", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AdditionalPrincipals = append(m.AdditionalPrincipals, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DNSNames", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DNSNames = append(m.DNSNames, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicTLSKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PublicTLSKey = append(m.PublicTLSKey[:0], dAtA[iNdEx:postIndex]...) + if m.PublicTLSKey == nil { + m.PublicTLSKey = []byte{} + } + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicSSHKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PublicSSHKey = append(m.PublicSSHKey[:0], dAtA[iNdEx:postIndex]...) + if m.PublicSSHKey == nil { + m.PublicSSHKey = []byte{} + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RemoteAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RemoteAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rotation", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Rotation == nil { + m.Rotation = &types.Rotation{} + } + if err := m.Rotation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field NoCache", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.NoCache = bool(v != 0) + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SystemRoles", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SystemRoles = append(m.SystemRoles, github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UnstableSystemRoleAssertionID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UnstableSystemRoleAssertionID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } -func sovAuthservice(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozAuthservice(x uint64) (n int) { - return sovAuthservice(uint64((x << 1) ^ uint64((int64(x) >> 63)))) + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil } -func (m *Event) Unmarshal(dAtA []byte) error { +func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -32351,30 +37534,129 @@ func (m *Event) Unmarshal(dAtA []byte) error { if shift >= 64 { return ErrIntOverflowAuthservice } - if iNdEx >= l { + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserCertsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) + if m.PublicKey == nil { + m.PublicKey = []byte{} + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + m.Username = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Event: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Event: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - m.Type = 0 + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Format", wireType) + } + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32384,14 +37666,123 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Type |= Operation(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - case 2: + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Format = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceHeader", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RouteToCluster", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RouteToCluster = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RouteToDatabase", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32418,15 +37809,64 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ResourceHeader{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.RouteToDatabase.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &Event_ResourceHeader{v} iNdEx = postIndex - case 3: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CertAuthority", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NodeName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.NodeName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType) + } + m.Usage = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Usage |= UserCertsRequest_CertUsage(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RouteToApp", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32453,15 +37893,45 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.CertAuthorityV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.RouteToApp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &Event_CertAuthority{v} iNdEx = postIndex - case 4: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StaticTokens", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RoleRequests", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RoleRequests = append(m.RoleRequests, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RouteToWindowsDesktop", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32488,17 +37958,246 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.StaticTokensV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.RouteToWindowsDesktop.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 14: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseRoleRequests", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseRoleRequests = bool(v != 0) + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DropAccessRequests", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DropAccessRequests = append(m.DropAccessRequests, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 16: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionDiagnosticID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConnectionDiagnosticID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_StaticTokens{v} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteToDatabase: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteToDatabase: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServiceName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServiceName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Protocol = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProvisionToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32508,32 +38207,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ProvisionTokenV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Database = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_ProvisionToken{v} - iNdEx = postIndex - case 6: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteToWindowsDesktop) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteToWindowsDesktop: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteToWindowsDesktop: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32543,32 +38290,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ClusterNameV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_ClusterName{v} + m.WindowsDesktop = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32578,32 +38322,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.UserV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Login = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_User{v} - iNdEx = postIndex - case 9: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteToApp) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteToApp: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteToApp: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32613,32 +38405,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.RoleV5{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_Role{v} + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32648,32 +38437,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.Namespace{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_Namespace{v} + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32683,32 +38469,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ServerV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_Server{v} + m.PublicAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 12: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ReverseTunnel", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32718,32 +38501,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ReverseTunnelV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_ReverseTunnel{v} + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 13: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TunnelConnection", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32753,32 +38533,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.TunnelConnectionV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_TunnelConnection{v} - iNdEx = postIndex - case 14: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetUserRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetUserRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetUserRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequest", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32788,32 +38616,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.AccessRequestV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_AccessRequest{v} + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppSession", wireType) + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field WithSecrets", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32823,32 +38648,68 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice + m.WithSecrets = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - v := &types.WebSessionV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetUsersRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - m.Resource = &Event_AppSession{v} - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RemoteCluster", wireType) + if iNdEx >= l { + return io.ErrUnexpectedEOF } - var msglen int + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetUsersRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetUsersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field WithSecrets", wireType) + } + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32858,30 +38719,66 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice + m.WithSecrets = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - v := &types.RemoteClusterV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AccessRequests) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - m.Resource = &Event_RemoteCluster{v} - iNdEx = postIndex - case 17: + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AccessRequests: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AccessRequests: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseServer", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32908,15 +38805,65 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.DatabaseServerV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.AccessRequests = append(m.AccessRequests, &types.AccessRequestV3{}) + if err := m.AccessRequests[len(m.AccessRequests)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &Event_DatabaseServer{v} iNdEx = postIndex - case 18: + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginDataSeq) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginDataSeq: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginDataSeq: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WebSession", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PluginData", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32943,52 +38890,67 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.WebSessionV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.PluginData = append(m.PluginData, &types.PluginDataV3{}) + if err := m.PluginData[len(m.PluginData)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &Event_WebSession{v} iNdEx = postIndex - case 19: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WebToken", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - if msglen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RequestStateSetter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - v := &types.WebTokenV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.Resource = &Event_WebToken{v} - iNdEx = postIndex - case 20: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RequestStateSetter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RequestStateSetter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterNetworkingConfig", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -32998,32 +38960,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ClusterNetworkingConfigV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_ClusterNetworkingConfig{v} + m.ID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 21: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionRecordingConfig", wireType) + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) } - var msglen int + m.State = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33033,32 +38992,16 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.State |= types.RequestState(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &types.SessionRecordingConfigV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_SessionRecordingConfig{v} - iNdEx = postIndex - case 22: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuthPreference", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Delegator", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33068,32 +39011,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.AuthPreferenceV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_AuthPreference{v} + m.Delegator = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 23: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterAuditConfig", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33103,30 +39043,27 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ClusterAuditConfigV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_ClusterAuditConfig{v} + m.Reason = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 24: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Lock", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -33153,17 +39090,15 @@ func (m *Event) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.LockV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &Event_Lock{v} iNdEx = postIndex - case 25: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NetworkRestrictions", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33173,67 +39108,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.NetworkRestrictionsV4{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_NetworkRestrictions{v} + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 26: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - if msglen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RequestID) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - v := &types.WindowsDesktopServiceV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.Resource = &Event_WindowsDesktopService{v} - iNdEx = postIndex - case 27: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RequestID: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RequestID: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33243,32 +39191,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.WindowsDesktopV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.ID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_WindowsDesktop{v} - iNdEx = postIndex - case 28: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RotateUserTokenSecretsRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RotateUserTokenSecretsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RotateUserTokenSecretsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33278,32 +39274,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.DatabaseV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_Database{v} - iNdEx = postIndex - case 29: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetResetPasswordTokenRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetResetPasswordTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppServer", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33313,32 +39357,80 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.AppServerV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &Event_AppServer{v} - iNdEx = postIndex - case 30: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CreateResetPasswordTokenRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CreateResetPasswordTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field App", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33348,32 +39440,29 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.AppV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &Event_App{v} + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 31: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SnowflakeSession", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33383,27 +39472,43 @@ func (m *Event) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.WebSessionV2{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + } + m.TTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TTL |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } } - m.Resource = &Event_SnowflakeSession{v} - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -33426,7 +39531,7 @@ func (m *Event) Unmarshal(dAtA []byte) error { } return nil } -func (m *Watch) Unmarshal(dAtA []byte) error { +func (m *RenewableCertsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33449,17 +39554,17 @@ func (m *Watch) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Watch: wiretype end group for non-group") + return fmt.Errorf("proto: RenewableCertsRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Watch: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RenewableCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kinds", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33469,24 +39574,56 @@ func (m *Watch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Kinds = append(m.Kinds, WatchKind{}) - if err := m.Kinds[len(m.Kinds)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) + if m.PublicKey == nil { + m.PublicKey = []byte{} } iNdEx = postIndex default: @@ -33511,7 +39648,7 @@ func (m *Watch) Unmarshal(dAtA []byte) error { } return nil } -func (m *WatchKind) Unmarshal(dAtA []byte) error { +func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33534,15 +39671,15 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: WatchKind: wiretype end group for non-group") + return fmt.Errorf("proto: CreateBotRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: WatchKind: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateBotRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33570,13 +39707,13 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Kind = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LoadSecrets", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) } - var v int + m.TTL = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33586,15 +39723,14 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + m.TTL |= Duration(b&0x7F) << shift if b < 0x80 { break } } - m.LoadSecrets = bool(v != 0) case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33622,13 +39758,13 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.TokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Filter", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33638,124 +39774,29 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Filter == nil { - m.Filter = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthAuthservice - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthAuthservice - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthAuthservice - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthAuthservice - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Filter[mapkey] = mapvalue + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Traits", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -33765,23 +39806,24 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SubKind = string(dAtA[iNdEx:postIndex]) + if err := m.Traits.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -33805,7 +39847,7 @@ func (m *WatchKind) Unmarshal(dAtA []byte) error { } return nil } -func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { +func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33828,15 +39870,15 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HostCertsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CreateBotResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HostCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateBotResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33864,11 +39906,11 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.HostID = string(dAtA[iNdEx:postIndex]) + m.UserName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NodeName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RoleName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33896,11 +39938,11 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.NodeName = string(dAtA[iNdEx:postIndex]) + m.RoleName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33928,11 +39970,298 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Role = github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex]) + m.TokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenTTL", wireType) + } + m.TokenTTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TokenTTL |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field JoinMethod", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.JoinMethod = github_com_gravitational_teleport_api_types.JoinMethod(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DeleteBotRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DeleteBotRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DeleteBotRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetBotUsersRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetBotUsersRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetBotUsersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PingRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PingRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PingRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PingResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PingResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PingResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AdditionalPrincipals", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33960,11 +40289,11 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AdditionalPrincipals = append(m.AdditionalPrincipals, string(dAtA[iNdEx:postIndex])) + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DNSNames", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerVersion", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33992,13 +40321,13 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DNSNames = append(m.DNSNames, string(dAtA[iNdEx:postIndex])) + m.ServerVersion = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicTLSKey", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerFeatures", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34008,31 +40337,33 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicTLSKey = append(m.PublicTLSKey[:0], dAtA[iNdEx:postIndex]...) - if m.PublicTLSKey == nil { - m.PublicTLSKey = []byte{} + if m.ServerFeatures == nil { + m.ServerFeatures = &Features{} + } + if err := m.ServerFeatures.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } iNdEx = postIndex - case 7: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicSSHKey", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ProxyPublicAddr", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34042,31 +40373,29 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicSSHKey = append(m.PublicSSHKey[:0], dAtA[iNdEx:postIndex]...) - if m.PublicSSHKey == nil { - m.PublicSSHKey = []byte{} - } + m.ProxyPublicAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RemoteAddr", wireType) + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field IsBoring", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34076,29 +40405,17 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RemoteAddr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 9: + m.IsBoring = bool(v != 0) + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Rotation", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RemoteAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34108,48 +40425,24 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Rotation == nil { - m.Rotation = &types.Rotation{} - } - if err := m.Rotation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.RemoteAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field NoCache", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.NoCache = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -34172,7 +40465,7 @@ func (m *HostCertsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { +func (m *Features) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34195,17 +40488,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserCertsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: Features: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Features: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Kubernetes", wireType) } - var byteLen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34215,31 +40508,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) - if m.PublicKey == nil { - m.PublicKey = []byte{} - } - iNdEx = postIndex + m.Kubernetes = bool(v != 0) case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field App", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34249,29 +40528,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Username = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.App = bool(v != 0) case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DB", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34281,30 +40548,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex + m.DB = bool(v != 0) case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Format", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field OIDC", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34314,29 +40568,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Format = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.OIDC = bool(v != 0) case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToCluster", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SAML", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34346,29 +40588,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RouteToCluster = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.SAML = bool(v != 0) case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessControls", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34378,29 +40608,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex + m.AccessControls = bool(v != 0) case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AdvancedAccessWorkflows", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34410,29 +40628,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.AdvancedAccessWorkflows = bool(v != 0) case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToDatabase", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Cloud", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34442,30 +40648,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RouteToDatabase.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex + m.Cloud = bool(v != 0) case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NodeName", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field HSM", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34475,29 +40668,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.NodeName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.HSM = bool(v != 0) case 10: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Desktop", wireType) } - m.Usage = 0 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34507,16 +40688,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Usage |= UserCertsRequest_CertUsage(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } + m.Desktop = bool(v != 0) case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToApp", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ModeratedSessions", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34526,30 +40708,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RouteToApp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex + m.ModeratedSessions = bool(v != 0) case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RoleRequests", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MachineID", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34559,29 +40728,17 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RoleRequests = append(m.RoleRequests, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex + m.MachineID = bool(v != 0) case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToWindowsDesktop", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceAccessRequests", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34591,25 +40748,12 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RouteToWindowsDesktop.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex + m.ResourceAccessRequests = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -34632,134 +40776,38 @@ func (m *UserCertsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { +func (m *DeleteUserRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RouteToDatabase: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RouteToDatabase: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServiceName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Protocol = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DeleteUserRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DeleteUserRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34787,7 +40835,7 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Database = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -34811,7 +40859,7 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } return nil } -func (m *RouteToWindowsDesktop) Unmarshal(dAtA []byte) error { +func (m *Semaphores) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34834,17 +40882,17 @@ func (m *RouteToWindowsDesktop) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RouteToWindowsDesktop: wiretype end group for non-group") + return fmt.Errorf("proto: Semaphores: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RouteToWindowsDesktop: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Semaphores: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Semaphores", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34854,55 +40902,25 @@ func (m *RouteToWindowsDesktop) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.WindowsDesktop = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF + m.Semaphores = append(m.Semaphores, &types.SemaphoreV3{}) + if err := m.Semaphores[len(m.Semaphores)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Login = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -34926,7 +40944,7 @@ func (m *RouteToWindowsDesktop) Unmarshal(dAtA []byte) error { } return nil } -func (m *RouteToApp) Unmarshal(dAtA []byte) error { +func (m *AuditStreamRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34949,17 +40967,17 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RouteToApp: wiretype end group for non-group") + return fmt.Errorf("proto: AuditStreamRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RouteToApp: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AuditStreamRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CreateStream", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -34969,29 +40987,32 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + v := &CreateStream{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AuditStreamRequest_CreateStream{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResumeStream", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35001,29 +41022,32 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + v := &ResumeStream{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AuditStreamRequest_ResumeStream{v} iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CompleteStream", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35033,29 +41057,32 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicAddr = string(dAtA[iNdEx:postIndex]) + v := &CompleteStream{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AuditStreamRequest_CompleteStream{v} iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field FlushAndCloseStream", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35065,29 +41092,32 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + v := &FlushAndCloseStream{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AuditStreamRequest_FlushAndCloseStream{v} iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Event", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35097,23 +41127,26 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) + v := &events.OneOf{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AuditStreamRequest_Event{v} iNdEx = postIndex default: iNdEx = preIndex @@ -35137,7 +41170,7 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetUserRequest) Unmarshal(dAtA []byte) error { +func (m *AuditStreamStatus) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35160,15 +41193,15 @@ func (m *GetUserRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetUserRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AuditStreamStatus: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetUserRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AuditStreamStatus: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35196,28 +41229,8 @@ func (m *GetUserRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.UploadID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field WithSecrets", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.WithSecrets = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -35240,7 +41253,7 @@ func (m *GetUserRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetUsersRequest) Unmarshal(dAtA []byte) error { +func (m *CreateStream) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35263,17 +41276,17 @@ func (m *GetUsersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetUsersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CreateStream: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetUsersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateStream: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field WithSecrets", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var v int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35283,12 +41296,24 @@ func (m *GetUsersRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - m.WithSecrets = bool(v != 0) + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SessionID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -35311,7 +41336,7 @@ func (m *GetUsersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AccessRequests) Unmarshal(dAtA []byte) error { +func (m *ResumeStream) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35334,17 +41359,17 @@ func (m *AccessRequests) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AccessRequests: wiretype end group for non-group") + return fmt.Errorf("proto: ResumeStream: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AccessRequests: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ResumeStream: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35354,25 +41379,55 @@ func (m *AccessRequests) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.AccessRequests = append(m.AccessRequests, &types.AccessRequestV3{}) - if err := m.AccessRequests[len(m.AccessRequests)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.SessionID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UploadID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -35396,7 +41451,7 @@ func (m *AccessRequests) Unmarshal(dAtA []byte) error { } return nil } -func (m *PluginDataSeq) Unmarshal(dAtA []byte) error { +func (m *CompleteStream) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35419,46 +41474,12 @@ func (m *PluginDataSeq) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PluginDataSeq: wiretype end group for non-group") + return fmt.Errorf("proto: CompleteStream: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PluginDataSeq: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CompleteStream: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PluginData", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PluginData = append(m.PluginData, &types.PluginDataV3{}) - if err := m.PluginData[len(m.PluginData)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -35481,7 +41502,7 @@ func (m *PluginDataSeq) Unmarshal(dAtA []byte) error { } return nil } -func (m *RequestStateSetter) Unmarshal(dAtA []byte) error { +func (m *FlushAndCloseStream) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35504,192 +41525,12 @@ func (m *RequestStateSetter) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RequestStateSetter: wiretype end group for non-group") + return fmt.Errorf("proto: FlushAndCloseStream: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RequestStateSetter: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: FlushAndCloseStream: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) - } - m.State = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.State |= types.RequestState(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Delegator", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Delegator = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Reason = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -35712,7 +41553,7 @@ func (m *RequestStateSetter) Unmarshal(dAtA []byte) error { } return nil } -func (m *RequestID) Unmarshal(dAtA []byte) error { +func (m *GetApplicationServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35735,15 +41576,15 @@ func (m *RequestID) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RequestID: wiretype end group for non-group") + return fmt.Errorf("proto: GetApplicationServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RequestID: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetApplicationServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35771,7 +41612,7 @@ func (m *RequestID) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ID = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -35795,7 +41636,7 @@ func (m *RequestID) Unmarshal(dAtA []byte) error { } return nil } -func (m *RotateUserTokenSecretsRequest) Unmarshal(dAtA []byte) error { +func (m *GetApplicationServersResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35818,17 +41659,17 @@ func (m *RotateUserTokenSecretsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RotateUserTokenSecretsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetApplicationServersResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RotateUserTokenSecretsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetApplicationServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35838,23 +41679,25 @@ func (m *RotateUserTokenSecretsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.Servers = append(m.Servers, &types.AppServerV3{}) + if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -35878,7 +41721,7 @@ func (m *RotateUserTokenSecretsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { +func (m *UpsertApplicationServerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35901,17 +41744,17 @@ func (m *GetResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetResetPasswordTokenRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UpsertApplicationServerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetResetPasswordTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpsertApplicationServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -35921,23 +41764,27 @@ func (m *GetResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + if m.Server == nil { + m.Server = &types.AppServerV3{} + } + if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -35961,7 +41808,7 @@ func (m *GetResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35984,15 +41831,15 @@ func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateResetPasswordTokenRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteApplicationServerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateResetPasswordTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteApplicationServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36020,11 +41867,11 @@ func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36052,13 +41899,13 @@ func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Type = string(dAtA[iNdEx:postIndex]) + m.HostID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - m.TTL = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36068,11 +41915,24 @@ func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TTL |= Duration(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -36095,7 +41955,7 @@ func (m *CreateResetPasswordTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *RenewableCertsRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteAllApplicationServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36118,15 +41978,15 @@ func (m *RenewableCertsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RenewableCertsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteAllApplicationServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RenewableCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteAllApplicationServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36154,41 +42014,7 @@ func (m *RenewableCertsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) - if m.PublicKey == nil { - m.PublicKey = []byte{} - } + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -36212,7 +42038,7 @@ func (m *RenewableCertsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { +func (m *GetAppServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36235,15 +42061,15 @@ func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateBotRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetAppServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateBotRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAppServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36271,13 +42097,13 @@ func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SkipValidation", wireType) } - m.TTL = 0 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36287,48 +42113,68 @@ func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TTL |= Duration(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + m.SkipValidation = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetAppServersResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetAppServersResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetAppServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36338,23 +42184,25 @@ func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) + m.Servers = append(m.Servers, &types.ServerV2{}) + if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -36378,7 +42226,7 @@ func (m *CreateBotRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { +func (m *UpsertAppServerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36401,17 +42249,17 @@ func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateBotResponse: wiretype end group for non-group") + return fmt.Errorf("proto: UpsertAppServerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateBotResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpsertAppServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36421,59 +42269,82 @@ func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.UserName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RoleName", wireType) + if m.Server == nil { + m.Server = &types.ServerV2{} } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.RoleName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DeleteAppServerRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DeleteAppServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36501,30 +42372,11 @@ func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenTTL", wireType) - } - m.TokenTTL = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.TokenTTL |= Duration(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 5: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field JoinMethod", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36552,7 +42404,7 @@ func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.JoinMethod = github_com_gravitational_teleport_api_types.JoinMethod(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -36576,7 +42428,7 @@ func (m *CreateBotResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteBotRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteAllAppServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36599,15 +42451,15 @@ func (m *DeleteBotRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteBotRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteAllAppServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteBotRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteAllAppServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36629,116 +42481,14 @@ func (m *DeleteBotRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthAuthservice } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GetBotUsersRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetBotUsersRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetBotUsersRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *PingRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: PingRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: PingRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -36761,7 +42511,7 @@ func (m *PingRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *PingResponse) Unmarshal(dAtA []byte) error { +func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36784,15 +42534,15 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PingResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GenerateAppTokenRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PingResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GenerateAppTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36820,11 +42570,11 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerVersion", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -36852,13 +42602,13 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerVersion = string(dAtA[iNdEx:postIndex]) + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerFeatures", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field URI", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36868,33 +42618,29 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.ServerFeatures == nil { - m.ServerFeatures = &Features{} - } - if err := m.ServerFeatures.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.URI = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProxyPublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -36904,44 +42650,25 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.ProxyPublicAddr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field IsBoring", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + return err } - m.IsBoring = bool(v != 0) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -36964,7 +42691,7 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *Features) Unmarshal(dAtA []byte) error { +func (m *GenerateAppTokenResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36987,177 +42714,17 @@ func (m *Features) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Features: wiretype end group for non-group") + return fmt.Errorf("proto: GenerateAppTokenResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Features: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GenerateAppTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Kubernetes", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Kubernetes = bool(v != 0) - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field App", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.App = bool(v != 0) - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DB", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.DB = bool(v != 0) - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OIDC", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.OIDC = bool(v != 0) - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SAML", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.SAML = bool(v != 0) - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessControls", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.AccessControls = bool(v != 0) - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AdvancedAccessWorkflows", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.AdvancedAccessWorkflows = bool(v != 0) - case 8: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Cloud", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Cloud = bool(v != 0) - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field HSM", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } - var v int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -37167,52 +42734,24 @@ func (m *Features) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - m.HSM = bool(v != 0) - case 10: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Desktop", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice } - m.Desktop = bool(v != 0) - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ModeratedSessions", wireType) + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + if postIndex > l { + return io.ErrUnexpectedEOF } - m.ModeratedSessions = bool(v != 0) + m.Token = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -37235,7 +42774,7 @@ func (m *Features) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteUserRequest) Unmarshal(dAtA []byte) error { +func (m *GetAppSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37258,15 +42797,15 @@ func (m *DeleteUserRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteUserRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetAppSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteUserRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -37294,7 +42833,7 @@ func (m *DeleteUserRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -37318,7 +42857,7 @@ func (m *DeleteUserRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *Semaphores) Unmarshal(dAtA []byte) error { +func (m *GetAppSessionResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37341,15 +42880,15 @@ func (m *Semaphores) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Semaphores: wiretype end group for non-group") + return fmt.Errorf("proto: GetAppSessionResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Semaphores: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAppSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Semaphores", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37376,8 +42915,10 @@ func (m *Semaphores) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Semaphores = append(m.Semaphores, &types.SemaphoreV3{}) - if err := m.Semaphores[len(m.Semaphores)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Session == nil { + m.Session = &types.WebSessionV2{} + } + if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -37403,7 +42944,7 @@ func (m *Semaphores) Unmarshal(dAtA []byte) error { } return nil } -func (m *AuditStreamRequest) Unmarshal(dAtA []byte) error { +func (m *GetAppSessionsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37426,155 +42967,15 @@ func (m *AuditStreamRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AuditStreamRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetAppSessionsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AuditStreamRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAppSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CreateStream", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &CreateStream{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AuditStreamRequest_CreateStream{v} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResumeStream", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &ResumeStream{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AuditStreamRequest_ResumeStream{v} - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CompleteStream", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &CompleteStream{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AuditStreamRequest_CompleteStream{v} - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field FlushAndCloseStream", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &FlushAndCloseStream{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AuditStreamRequest_FlushAndCloseStream{v} - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Event", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37601,11 +43002,10 @@ func (m *AuditStreamRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &events.OneOf{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Sessions = append(m.Sessions, &types.WebSessionV2{}) + if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &AuditStreamRequest_Event{v} iNdEx = postIndex default: iNdEx = preIndex @@ -37629,7 +43029,7 @@ func (m *AuditStreamRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AuditStreamStatus) Unmarshal(dAtA []byte) error { +func (m *GetSnowflakeSessionsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37652,17 +43052,17 @@ func (m *AuditStreamStatus) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AuditStreamStatus: wiretype end group for non-group") + return fmt.Errorf("proto: GetSnowflakeSessionsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AuditStreamStatus: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSnowflakeSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -37672,23 +43072,25 @@ func (m *AuditStreamStatus) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.UploadID = string(dAtA[iNdEx:postIndex]) + m.Sessions = append(m.Sessions, &types.WebSessionV2{}) + if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -37712,7 +43114,7 @@ func (m *AuditStreamStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateStream) Unmarshal(dAtA []byte) error { +func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37735,15 +43137,15 @@ func (m *CreateStream) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateStream: wiretype end group for non-group") + return fmt.Errorf("proto: CreateAppSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateStream: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -37771,62 +43173,43 @@ func (m *CreateStream) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ResumeStream) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ResumeStream: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ResumeStream: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.PublicAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -37854,11 +43237,11 @@ func (m *ResumeStream) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -37886,7 +43269,7 @@ func (m *ResumeStream) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.UploadID = string(dAtA[iNdEx:postIndex]) + m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -37910,7 +43293,7 @@ func (m *ResumeStream) Unmarshal(dAtA []byte) error { } return nil } -func (m *CompleteStream) Unmarshal(dAtA []byte) error { +func (m *CreateAppSessionResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37933,63 +43316,48 @@ func (m *CompleteStream) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CompleteStream: wiretype end group for non-group") + return fmt.Errorf("proto: CreateAppSessionResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CompleteStream: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateAppSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *FlushAndCloseStream) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + if m.Session == nil { + m.Session = &types.WebSessionV2{} } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: FlushAndCloseStream: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: FlushAndCloseStream: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { + if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -38012,7 +43380,7 @@ func (m *FlushAndCloseStream) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetApplicationServersRequest) Unmarshal(dAtA []byte) error { +func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38035,15 +43403,15 @@ func (m *GetApplicationServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetApplicationServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CreateSnowflakeSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetApplicationServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38071,8 +43439,59 @@ func (m *GetApplicationServersRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SessionToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenTTL", wireType) + } + m.TokenTTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TokenTTL |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -38095,7 +43514,7 @@ func (m *GetApplicationServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetApplicationServersResponse) Unmarshal(dAtA []byte) error { +func (m *CreateSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38118,15 +43537,15 @@ func (m *GetApplicationServersResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetApplicationServersResponse: wiretype end group for non-group") + return fmt.Errorf("proto: CreateSnowflakeSessionResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetApplicationServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateSnowflakeSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38153,8 +43572,10 @@ func (m *GetApplicationServersResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Servers = append(m.Servers, &types.AppServerV3{}) - if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Session == nil { + m.Session = &types.WebSessionV2{} + } + if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -38180,7 +43601,7 @@ func (m *GetApplicationServersResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *UpsertApplicationServerRequest) Unmarshal(dAtA []byte) error { +func (m *GetSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38203,17 +43624,17 @@ func (m *UpsertApplicationServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UpsertApplicationServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetSnowflakeSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UpsertApplicationServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -38223,27 +43644,23 @@ func (m *UpsertApplicationServerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Server == nil { - m.Server = &types.AppServerV3{} - } - if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -38267,7 +43684,7 @@ func (m *UpsertApplicationServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { +func (m *GetSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38290,17 +43707,17 @@ func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteApplicationServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetSnowflakeSessionResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteApplicationServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSnowflakeSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -38310,59 +43727,82 @@ func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) + if m.Session == nil { + m.Session = &types.WebSessionV2{} } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.HostID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DeleteAppSessionRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DeleteAppSessionRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DeleteAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38390,7 +43830,7 @@ func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -38414,7 +43854,7 @@ func (m *DeleteApplicationServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteAllApplicationServersRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38437,15 +43877,15 @@ func (m *DeleteAllApplicationServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteAllApplicationServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteSnowflakeSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAllApplicationServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38473,7 +43913,7 @@ func (m *DeleteAllApplicationServersRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -38497,7 +43937,7 @@ func (m *DeleteAllApplicationServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAppServersRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteUserAppSessionsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38520,15 +43960,15 @@ func (m *GetAppServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAppServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteUserAppSessionsRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAppServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteUserAppSessionsRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38556,28 +43996,8 @@ func (m *GetAppServersRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SkipValidation", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.SkipValidation = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -38600,7 +44020,7 @@ func (m *GetAppServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAppServersResponse) Unmarshal(dAtA []byte) error { +func (m *GetWebSessionResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38623,15 +44043,15 @@ func (m *GetAppServersResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAppServersResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetWebSessionResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAppServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWebSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38658,8 +44078,10 @@ func (m *GetAppServersResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Servers = append(m.Servers, &types.ServerV2{}) - if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Session == nil { + m.Session = &types.WebSessionV2{} + } + if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -38685,7 +44107,7 @@ func (m *GetAppServersResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *UpsertAppServerRequest) Unmarshal(dAtA []byte) error { +func (m *GetWebSessionsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38708,15 +44130,15 @@ func (m *UpsertAppServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UpsertAppServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetWebSessionsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UpsertAppServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWebSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38743,10 +44165,8 @@ func (m *UpsertAppServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Server == nil { - m.Server = &types.ServerV2{} - } - if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Sessions = append(m.Sessions, &types.WebSessionV2{}) + if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -38772,7 +44192,7 @@ func (m *UpsertAppServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { +func (m *GetWebTokenResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38795,17 +44215,17 @@ func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteAppServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetWebTokenResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAppServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWebTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -38815,29 +44235,84 @@ func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + if m.Token == nil { + m.Token = &types.WebTokenV3{} + } + if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 2: + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetWebTokensResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetWebTokensResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetWebTokensResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Tokens", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -38847,23 +44322,25 @@ func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Tokens = append(m.Tokens, &types.WebTokenV3{}) + if err := m.Tokens[len(m.Tokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -38887,7 +44364,7 @@ func (m *DeleteAppServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteAllAppServersRequest) Unmarshal(dAtA []byte) error { +func (m *GetKubeServicesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38910,44 +44387,12 @@ func (m *DeleteAllAppServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteAllAppServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetKubeServicesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAllAppServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetKubeServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -38970,7 +44415,7 @@ func (m *DeleteAllAppServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { +func (m *GetKubeServicesResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38993,17 +44438,17 @@ func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GenerateAppTokenRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetKubeServicesResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateAppTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetKubeServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -39013,91 +44458,80 @@ func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + m.Servers = append(m.Servers, &types.ServerV2{}) + if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field URI", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UpsertKubeServiceRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.URI = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UpsertKubeServiceRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UpsertKubeServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39124,7 +44558,10 @@ func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + if m.Server == nil { + m.Server = &types.ServerV2{} + } + if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -39150,7 +44587,7 @@ func (m *GenerateAppTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GenerateAppTokenResponse) Unmarshal(dAtA []byte) error { +func (m *DeleteKubeServiceRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39173,15 +44610,15 @@ func (m *GenerateAppTokenResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GenerateAppTokenResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteKubeServiceRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateAppTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteKubeServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39209,7 +44646,7 @@ func (m *GenerateAppTokenResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Token = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -39233,7 +44670,7 @@ func (m *GenerateAppTokenResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAppSessionRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteAllKubeServicesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39256,44 +44693,12 @@ func (m *GetAppSessionRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAppSessionRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteAllKubeServicesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteAllKubeServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SessionID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -39316,7 +44721,7 @@ func (m *GetAppSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAppSessionResponse) Unmarshal(dAtA []byte) error { +func (m *GetDatabaseServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39339,17 +44744,17 @@ func (m *GetAppSessionResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAppSessionResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetDatabaseServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAppSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetDatabaseServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -39359,28 +44764,44 @@ func (m *GetAppSessionResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Session == nil { - m.Session = &types.WebSessionV2{} + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SkipValidation", wireType) } - if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - iNdEx = postIndex + m.SkipValidation = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -39403,7 +44824,7 @@ func (m *GetAppSessionResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAppSessionsResponse) Unmarshal(dAtA []byte) error { +func (m *GetDatabaseServersResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39426,15 +44847,15 @@ func (m *GetAppSessionsResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAppSessionsResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetDatabaseServersResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAppSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetDatabaseServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39461,8 +44882,8 @@ func (m *GetAppSessionsResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Sessions = append(m.Sessions, &types.WebSessionV2{}) - if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Servers = append(m.Servers, &types.DatabaseServerV3{}) + if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -39488,7 +44909,7 @@ func (m *GetAppSessionsResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSnowflakeSessionsResponse) Unmarshal(dAtA []byte) error { +func (m *UpsertDatabaseServerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39511,15 +44932,15 @@ func (m *GetSnowflakeSessionsResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSnowflakeSessionsResponse: wiretype end group for non-group") + return fmt.Errorf("proto: UpsertDatabaseServerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSnowflakeSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpsertDatabaseServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39546,8 +44967,10 @@ func (m *GetSnowflakeSessionsResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Sessions = append(m.Sessions, &types.WebSessionV2{}) - if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Server == nil { + m.Server = &types.DatabaseServerV3{} + } + if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -39573,7 +44996,7 @@ func (m *GetSnowflakeSessionsResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39596,47 +45019,15 @@ func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateAppSessionRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteDatabaseServerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteDatabaseServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Username = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39664,11 +45055,11 @@ func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicAddr = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39696,11 +45087,11 @@ func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + m.HostID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39728,7 +45119,7 @@ func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -39752,7 +45143,7 @@ func (m *CreateAppSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateAppSessionResponse) Unmarshal(dAtA []byte) error { +func (m *DeleteAllDatabaseServersRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39775,17 +45166,17 @@ func (m *CreateAppSessionResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateAppSessionResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteAllDatabaseServersRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateAppSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteAllDatabaseServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -39795,27 +45186,23 @@ func (m *CreateAppSessionResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Session == nil { - m.Session = &types.WebSessionV2{} - } - if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -39839,7 +45226,7 @@ func (m *CreateAppSessionResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { +func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39862,17 +45249,17 @@ func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateSnowflakeSessionRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseCSRRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseCSRRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -39882,27 +45269,29 @@ func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) + m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) + if m.CSR == nil { + m.CSR = []byte{} + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39930,13 +45319,13 @@ func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionToken = string(dAtA[iNdEx:postIndex]) + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenTTL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SignWithDatabaseCA", wireType) } - m.TokenTTL = 0 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -39946,11 +45335,12 @@ func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TokenTTL |= Duration(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } + m.SignWithDatabaseCA = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -39973,7 +45363,7 @@ func (m *CreateSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { +func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39996,17 +45386,17 @@ func (m *CreateSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateSnowflakeSessionResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseCSRResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateSnowflakeSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40016,84 +45406,31 @@ func (m *CreateSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Session == nil { - m.Session = &types.WebSessionV2{} - } - if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) + if m.Cert == nil { + m.Cert = []byte{} } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GetSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetSnowflakeSessionRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CACerts", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40103,23 +45440,23 @@ func (m *GetSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.CACerts = append(m.CACerts, make([]byte, postIndex-iNdEx)) + copy(m.CACerts[len(m.CACerts)-1], dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -40143,7 +45480,7 @@ func (m *GetSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { +func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40166,17 +45503,17 @@ func (m *GetSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSnowflakeSessionResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseCertRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSnowflakeSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseCertRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40186,82 +45523,80 @@ func (m *GetSnowflakeSessionResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Session == nil { - m.Session = &types.WebSessionV2{} - } - if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) + if m.CSR == nil { + m.CSR = []byte{} } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerName", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *DeleteAppSessionRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + m.ServerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: DeleteAppSessionRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.TTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TTL |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerNames", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40289,8 +45624,27 @@ func (m *DeleteAppSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.ServerNames = append(m.ServerNames, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequesterName", wireType) + } + m.RequesterName = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.RequesterName |= DatabaseCertRequest_Requester(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -40313,7 +45667,7 @@ func (m *DeleteAppSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { +func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40336,17 +45690,17 @@ func (m *DeleteSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteSnowflakeSessionRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseCertResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteSnowflakeSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseCertResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40356,23 +45710,57 @@ func (m *DeleteSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) + if m.Cert == nil { + m.Cert = []byte{} + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CACerts", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CACerts = append(m.CACerts, make([]byte, postIndex-iNdEx)) + copy(m.CACerts[len(m.CACerts)-1], dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -40396,7 +45784,7 @@ func (m *DeleteSnowflakeSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteUserAppSessionsRequest) Unmarshal(dAtA []byte) error { +func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40419,15 +45807,15 @@ func (m *DeleteUserAppSessionsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteUserAppSessionsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: SnowflakeJWTRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteUserAppSessionsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SnowflakeJWTRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccountName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40455,64 +45843,13 @@ func (m *DeleteUserAppSessionsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) + m.AccountName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GetWebSessionResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetWebSessionResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetWebSessionResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Session", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40522,27 +45859,23 @@ func (m *GetWebSessionResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Session == nil { - m.Session = &types.WebSessionV2{} - } - if err := m.Session.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.UserName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -40566,7 +45899,7 @@ func (m *GetWebSessionResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWebSessionsResponse) Unmarshal(dAtA []byte) error { +func (m *SnowflakeJWTResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40589,17 +45922,17 @@ func (m *GetWebSessionsResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWebSessionsResponse: wiretype end group for non-group") + return fmt.Errorf("proto: SnowflakeJWTResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWebSessionsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SnowflakeJWTResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Sessions", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40609,25 +45942,23 @@ func (m *GetWebSessionsResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Sessions = append(m.Sessions, &types.WebSessionV2{}) - if err := m.Sessions[len(m.Sessions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -40651,7 +45982,7 @@ func (m *GetWebSessionsResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWebTokenResponse) Unmarshal(dAtA []byte) error { +func (m *GetRoleRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40674,17 +46005,17 @@ func (m *GetWebTokenResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWebTokenResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetRoleRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWebTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetRoleRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -40694,27 +46025,23 @@ func (m *GetWebTokenResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Token == nil { - m.Token = &types.WebTokenV3{} - } - if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -40738,7 +46065,7 @@ func (m *GetWebTokenResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWebTokensResponse) Unmarshal(dAtA []byte) error { +func (m *GetRolesResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40761,15 +46088,15 @@ func (m *GetWebTokensResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWebTokensResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetRolesResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWebTokensResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetRolesResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Tokens", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40796,8 +46123,8 @@ func (m *GetWebTokensResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Tokens = append(m.Tokens, &types.WebTokenV3{}) - if err := m.Tokens[len(m.Tokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Roles = append(m.Roles, &types.RoleV5{}) + if err := m.Roles[len(m.Roles)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -40823,7 +46150,7 @@ func (m *GetWebTokensResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetKubeServicesRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteRoleRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40846,12 +46173,44 @@ func (m *GetKubeServicesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetKubeServicesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteRoleRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetKubeServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteRoleRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -40874,7 +46233,7 @@ func (m *GetKubeServicesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetKubeServicesResponse) Unmarshal(dAtA []byte) error { +func (m *MFAAuthenticateChallenge) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40897,15 +46256,15 @@ func (m *GetKubeServicesResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetKubeServicesResponse: wiretype end group for non-group") + return fmt.Errorf("proto: MFAAuthenticateChallenge: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetKubeServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFAAuthenticateChallenge: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40932,65 +46291,16 @@ func (m *GetKubeServicesResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Servers = append(m.Servers, &types.ServerV2{}) - if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.TOTP == nil { + m.TOTP = &TOTPChallenge{} } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { + if err := m.TOTP.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *UpsertKubeServiceRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: UpsertKubeServiceRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: UpsertKubeServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + iNdEx = postIndex + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WebauthnChallenge", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41017,10 +46327,10 @@ func (m *UpsertKubeServiceRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Server == nil { - m.Server = &types.ServerV2{} + if m.WebauthnChallenge == nil { + m.WebauthnChallenge = &webauthn.CredentialAssertion{} } - if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.WebauthnChallenge.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -41046,7 +46356,7 @@ func (m *UpsertKubeServiceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteKubeServiceRequest) Unmarshal(dAtA []byte) error { +func (m *MFAAuthenticateResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41069,17 +46379,17 @@ func (m *DeleteKubeServiceRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteKubeServiceRequest: wiretype end group for non-group") + return fmt.Errorf("proto: MFAAuthenticateResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteKubeServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFAAuthenticateResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41089,23 +46399,61 @@ func (m *DeleteKubeServiceRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + v := &TOTPResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &MFAAuthenticateResponse_TOTP{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &webauthn.CredentialAssertionResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &MFAAuthenticateResponse_Webauthn{v} iNdEx = postIndex default: iNdEx = preIndex @@ -41129,7 +46477,7 @@ func (m *DeleteKubeServiceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteAllKubeServicesRequest) Unmarshal(dAtA []byte) error { +func (m *TOTPChallenge) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41152,10 +46500,10 @@ func (m *DeleteAllKubeServicesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteAllKubeServicesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: TOTPChallenge: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAllKubeServicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TOTPChallenge: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { default: @@ -41180,7 +46528,7 @@ func (m *DeleteAllKubeServicesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetDatabaseServersRequest) Unmarshal(dAtA []byte) error { +func (m *TOTPResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41203,15 +46551,15 @@ func (m *GetDatabaseServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetDatabaseServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: TOTPResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetDatabaseServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TOTPResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41239,28 +46587,8 @@ func (m *GetDatabaseServersRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Code = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SkipValidation", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.SkipValidation = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -41283,7 +46611,7 @@ func (m *GetDatabaseServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetDatabaseServersResponse) Unmarshal(dAtA []byte) error { +func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41306,15 +46634,15 @@ func (m *GetDatabaseServersResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetDatabaseServersResponse: wiretype end group for non-group") + return fmt.Errorf("proto: MFARegisterChallenge: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetDatabaseServersResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFARegisterChallenge: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Servers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41341,10 +46669,46 @@ func (m *GetDatabaseServersResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Servers = append(m.Servers, &types.DatabaseServerV3{}) - if err := m.Servers[len(m.Servers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &TOTPRegisterChallenge{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &MFARegisterChallenge_TOTP{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &webauthn.CredentialCreation{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Request = &MFARegisterChallenge_Webauthn{v} iNdEx = postIndex default: iNdEx = preIndex @@ -41368,7 +46732,7 @@ func (m *GetDatabaseServersResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *UpsertDatabaseServerRequest) Unmarshal(dAtA []byte) error { +func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41391,15 +46755,15 @@ func (m *UpsertDatabaseServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UpsertDatabaseServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: MFARegisterResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UpsertDatabaseServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFARegisterResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41426,12 +46790,46 @@ func (m *UpsertDatabaseServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Server == nil { - m.Server = &types.DatabaseServerV3{} + v := &TOTPRegisterResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - if err := m.Server.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Response = &MFARegisterResponse_TOTP{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &webauthn.CredentialCreationResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Response = &MFARegisterResponse_Webauthn{v} iNdEx = postIndex default: iNdEx = preIndex @@ -41455,7 +46853,7 @@ func (m *UpsertDatabaseServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { +func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41478,15 +46876,15 @@ func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteDatabaseServerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: TOTPRegisterChallenge: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteDatabaseServerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TOTPRegisterChallenge: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41514,11 +46912,11 @@ func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Secret = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Issuer", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41546,11 +46944,30 @@ func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.HostID = string(dAtA[iNdEx:postIndex]) + m.Issuer = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field PeriodSeconds", wireType) + } + m.PeriodSeconds = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.PeriodSeconds |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Algorithm", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41578,7 +46995,92 @@ func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Algorithm = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Digits", wireType) + } + m.Digits = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Digits |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Account", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Account = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field QRCode", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.QRCode = append(m.QRCode[:0], dAtA[iNdEx:postIndex]...) + if m.QRCode == nil { + m.QRCode = []byte{} + } iNdEx = postIndex default: iNdEx = preIndex @@ -41602,7 +47104,7 @@ func (m *DeleteDatabaseServerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteAllDatabaseServersRequest) Unmarshal(dAtA []byte) error { +func (m *TOTPRegisterResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41625,15 +47127,15 @@ func (m *DeleteAllDatabaseServersRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteAllDatabaseServersRequest: wiretype end group for non-group") + return fmt.Errorf("proto: TOTPRegisterResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteAllDatabaseServersRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TOTPRegisterResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41661,7 +47163,7 @@ func (m *DeleteAllDatabaseServersRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Code = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -41685,7 +47187,7 @@ func (m *DeleteAllDatabaseServersRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { +func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41708,17 +47210,17 @@ func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseCSRRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AddMFADeviceRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseCSRRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AddMFADeviceRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41728,31 +47230,32 @@ func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) - if m.CSR == nil { - m.CSR = []byte{} + v := &AddMFADeviceRequestInit{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.Request = &AddMFADeviceRequest_Init{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAResponse", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41762,29 +47265,32 @@ func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + v := &MFAAuthenticateResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AddMFADeviceRequest_ExistingMFAResponse{v} iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SignWithDatabaseCA", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterResponse", wireType) } - var v int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41794,12 +47300,27 @@ func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - m.SignWithDatabaseCA = bool(v != 0) + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &MFARegisterResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &AddMFADeviceRequest_NewMFARegisterResponse{v} + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -41822,7 +47343,7 @@ func (m *DatabaseCSRRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { +func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41845,17 +47366,17 @@ func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseCSRResponse: wiretype end group for non-group") + return fmt.Errorf("proto: AddMFADeviceResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AddMFADeviceResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAChallenge", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41865,31 +47386,32 @@ func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) - if m.Cert == nil { - m.Cert = []byte{} + v := &MFAAuthenticateChallenge{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.Response = &AddMFADeviceResponse_ExistingMFAChallenge{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CACerts", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterChallenge", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -41899,23 +47421,61 @@ func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CACerts = append(m.CACerts, make([]byte, postIndex-iNdEx)) - copy(m.CACerts[len(m.CACerts)-1], dAtA[iNdEx:postIndex]) + v := &MFARegisterChallenge{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &AddMFADeviceResponse_NewMFARegisterChallenge{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Ack", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &AddMFADeviceResponseAck{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &AddMFADeviceResponse_Ack{v} iNdEx = postIndex default: iNdEx = preIndex @@ -41939,7 +47499,7 @@ func (m *DatabaseCSRResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { +func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -41962,49 +47522,15 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseCertRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AddMFADeviceRequestInit: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseCertRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AddMFADeviceRequestInit: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) - if m.CSR == nil { - m.CSR = []byte{} - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -42032,13 +47558,13 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerName = string(dAtA[iNdEx:postIndex]) + m.DeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) } - m.TTL = 0 + m.DeviceType = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42048,16 +47574,16 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TTL |= Duration(b&0x7F) << shift + m.DeviceType |= DeviceType(b&0x7F) << shift if b < 0x80 { break } } case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerNames", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) } - var stringLen uint64 + m.DeviceUsage = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42067,29 +47593,67 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.DeviceUsage |= DeviceUsage(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.ServerNames = append(m.ServerNames, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequesterName", wireType) + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AddMFADeviceResponseAck) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - m.RequesterName = 0 + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AddMFADeviceResponseAck: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AddMFADeviceResponseAck: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType) + } + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42099,11 +47663,28 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.RequesterName |= DatabaseCertRequest_Requester(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Device == nil { + m.Device = &types.MFADevice{} + } + if err := m.Device.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -42126,7 +47707,7 @@ func (m *DatabaseCertRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { +func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42149,17 +47730,17 @@ func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseCertResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteMFADeviceRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseCertResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteMFADeviceRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42169,31 +47750,32 @@ func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) - if m.Cert == nil { - m.Cert = []byte{} + v := &DeleteMFADeviceRequestInit{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.Request = &DeleteMFADeviceRequest_Init{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CACerts", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFAResponse", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42203,23 +47785,26 @@ func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CACerts = append(m.CACerts, make([]byte, postIndex-iNdEx)) - copy(m.CACerts[len(m.CACerts)-1], dAtA[iNdEx:postIndex]) + v := &MFAAuthenticateResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &DeleteMFADeviceRequest_MFAResponse{v} iNdEx = postIndex default: iNdEx = preIndex @@ -42243,7 +47828,7 @@ func (m *DatabaseCertResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteMFADeviceResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42266,17 +47851,17 @@ func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SnowflakeJWTRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteMFADeviceResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SnowflakeJWTRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteMFADeviceResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccountName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFAChallenge", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42286,29 +47871,32 @@ func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.AccountName = string(dAtA[iNdEx:postIndex]) + v := &MFAAuthenticateChallenge{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &DeleteMFADeviceResponse_MFAChallenge{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Ack", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42318,23 +47906,26 @@ func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.UserName = string(dAtA[iNdEx:postIndex]) + v := &DeleteMFADeviceResponseAck{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Response = &DeleteMFADeviceResponse_Ack{v} iNdEx = postIndex default: iNdEx = preIndex @@ -42358,7 +47949,7 @@ func (m *SnowflakeJWTRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *SnowflakeJWTResponse) Unmarshal(dAtA []byte) error { +func (m *DeleteMFADeviceRequestInit) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42381,15 +47972,15 @@ func (m *SnowflakeJWTResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SnowflakeJWTResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteMFADeviceRequestInit: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SnowflakeJWTResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteMFADeviceRequestInit: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -42417,7 +48008,7 @@ func (m *SnowflakeJWTResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Token = string(dAtA[iNdEx:postIndex]) + m.DeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -42441,7 +48032,7 @@ func (m *SnowflakeJWTResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetRoleRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteMFADeviceResponseAck) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42464,17 +48055,17 @@ func (m *GetRoleRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetRoleRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteMFADeviceResponseAck: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetRoleRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteMFADeviceResponseAck: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42484,23 +48075,27 @@ func (m *GetRoleRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if m.Device == nil { + m.Device = &types.MFADevice{} + } + if err := m.Device.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -42524,7 +48119,7 @@ func (m *GetRoleRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetRolesResponse) Unmarshal(dAtA []byte) error { +func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42547,17 +48142,17 @@ func (m *GetRolesResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetRolesResponse: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteMFADeviceSyncRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetRolesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteMFADeviceSyncRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42567,25 +48162,55 @@ func (m *GetRolesResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, &types.RoleV5{}) - if err := m.Roles[len(m.Roles)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -42609,7 +48234,7 @@ func (m *GetRolesResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteRoleRequest) Unmarshal(dAtA []byte) error { +func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42632,15 +48257,15 @@ func (m *DeleteRoleRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteRoleRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AddMFADeviceSyncRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteRoleRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AddMFADeviceSyncRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -42668,64 +48293,13 @@ func (m *DeleteRoleRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.TokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *MFAAuthenticateChallenge) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: MFAAuthenticateChallenge: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: MFAAuthenticateChallenge: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -42735,31 +48309,27 @@ func (m *MFAAuthenticateChallenge) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.TOTP == nil { - m.TOTP = &TOTPChallenge{} - } - if err := m.TOTP.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.NewDeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WebauthnChallenge", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewMFAResponse", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42786,13 +48356,32 @@ func (m *MFAAuthenticateChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.WebauthnChallenge == nil { - m.WebauthnChallenge = &webauthn.CredentialAssertion{} + if m.NewMFAResponse == nil { + m.NewMFAResponse = &MFARegisterResponse{} } - if err := m.WebauthnChallenge.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.NewMFAResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) + } + m.DeviceUsage = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DeviceUsage |= DeviceUsage(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -42815,7 +48404,7 @@ func (m *MFAAuthenticateChallenge) Unmarshal(dAtA []byte) error { } return nil } -func (m *MFAAuthenticateResponse) Unmarshal(dAtA []byte) error { +func (m *AddMFADeviceSyncResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42838,15 +48427,15 @@ func (m *MFAAuthenticateResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MFAAuthenticateResponse: wiretype end group for non-group") + return fmt.Errorf("proto: AddMFADeviceSyncResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MFAAuthenticateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AddMFADeviceSyncResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 2: + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42873,46 +48462,12 @@ func (m *MFAAuthenticateResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TOTPResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Response = &MFAAuthenticateResponse_TOTP{v} - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF + if m.Device == nil { + m.Device = &types.MFADevice{} } - v := &webauthn.CredentialAssertionResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Device.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &MFAAuthenticateResponse_Webauthn{v} iNdEx = postIndex default: iNdEx = preIndex @@ -42936,7 +48491,7 @@ func (m *MFAAuthenticateResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *TOTPChallenge) Unmarshal(dAtA []byte) error { +func (m *GetMFADevicesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -42959,12 +48514,44 @@ func (m *TOTPChallenge) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TOTPChallenge: wiretype end group for non-group") + return fmt.Errorf("proto: GetMFADevicesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TOTPChallenge: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetMFADevicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -42987,7 +48574,7 @@ func (m *TOTPChallenge) Unmarshal(dAtA []byte) error { } return nil } -func (m *TOTPResponse) Unmarshal(dAtA []byte) error { +func (m *GetMFADevicesResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43010,17 +48597,17 @@ func (m *TOTPResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TOTPResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetMFADevicesResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TOTPResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetMFADevicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Devices", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43030,23 +48617,25 @@ func (m *TOTPResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Code = string(dAtA[iNdEx:postIndex]) + m.Devices = append(m.Devices, &types.MFADevice{}) + if err := m.Devices[len(m.Devices)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -43070,7 +48659,7 @@ func (m *TOTPResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { +func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43093,15 +48682,15 @@ func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MFARegisterChallenge: wiretype end group for non-group") + return fmt.Errorf("proto: UserSingleUseCertsRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MFARegisterChallenge: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserSingleUseCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 2: + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43128,15 +48717,15 @@ func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TOTPRegisterChallenge{} + v := &UserCertsRequest{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &MFARegisterChallenge_TOTP{v} + m.Request = &UserSingleUseCertsRequest_Init{v} iNdEx = postIndex - case 3: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFAResponse", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43163,11 +48752,11 @@ func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &webauthn.CredentialCreation{} + v := &MFAAuthenticateResponse{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &MFARegisterChallenge_Webauthn{v} + m.Request = &UserSingleUseCertsRequest_MFAResponse{v} iNdEx = postIndex default: iNdEx = preIndex @@ -43191,7 +48780,7 @@ func (m *MFARegisterChallenge) Unmarshal(dAtA []byte) error { } return nil } -func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { +func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43214,15 +48803,15 @@ func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MFARegisterResponse: wiretype end group for non-group") + return fmt.Errorf("proto: UserSingleUseCertsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MFARegisterResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserSingleUseCertsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 2: + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TOTP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFAChallenge", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43249,15 +48838,15 @@ func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TOTPRegisterResponse{} + v := &MFAAuthenticateChallenge{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &MFARegisterResponse_TOTP{v} + m.Response = &UserSingleUseCertsResponse_MFAChallenge{v} iNdEx = postIndex - case 3: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43284,11 +48873,11 @@ func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &webauthn.CredentialCreationResponse{} + v := &SingleUseUserCert{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &MFARegisterResponse_Webauthn{v} + m.Response = &UserSingleUseCertsResponse_Cert{v} iNdEx = postIndex default: iNdEx = preIndex @@ -43312,7 +48901,7 @@ func (m *MFARegisterResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { +func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43335,15 +48924,15 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TOTPRegisterChallenge: wiretype end group for non-group") + return fmt.Errorf("proto: IsMFARequiredRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TOTPRegisterChallenge: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: IsMFARequiredRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -43371,13 +48960,13 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Secret = string(dAtA[iNdEx:postIndex]) + m.Target = &IsMFARequiredRequest_KubernetesCluster{string(dAtA[iNdEx:postIndex])} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Issuer", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43387,29 +48976,32 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Issuer = string(dAtA[iNdEx:postIndex]) + v := &RouteToDatabase{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Target = &IsMFARequiredRequest_Database{v} iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field PeriodSeconds", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) } - m.PeriodSeconds = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43419,14 +49011,116 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.PeriodSeconds |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &NodeLogin{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Target = &IsMFARequiredRequest_Node{v} + iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Algorithm", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &RouteToWindowsDesktop{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Target = &IsMFARequiredRequest_WindowsDesktop{v} + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *StreamSessionEventsRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: StreamSessionEventsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: StreamSessionEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -43454,13 +49148,13 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Algorithm = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 2: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Digits", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartIndex", wireType) } - m.Digits = 0 + m.StartIndex = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43470,14 +49164,65 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Digits |= uint32(b&0x7F) << shift + m.StartIndex |= int32(b&0x7F) << shift if b < 0x80 { break } } - case 6: + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *NodeLogin) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: NodeLogin: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: NodeLogin: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Account", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -43505,13 +49250,13 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Account = string(dAtA[iNdEx:postIndex]) + m.Node = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field QRCode", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43521,25 +49266,23 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.QRCode = append(m.QRCode[:0], dAtA[iNdEx:postIndex]...) - if m.QRCode == nil { - m.QRCode = []byte{} - } + m.Login = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -43563,7 +49306,7 @@ func (m *TOTPRegisterChallenge) Unmarshal(dAtA []byte) error { } return nil } -func (m *TOTPRegisterResponse) Unmarshal(dAtA []byte) error { +func (m *IsMFARequiredResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43586,17 +49329,17 @@ func (m *TOTPRegisterResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TOTPRegisterResponse: wiretype end group for non-group") + return fmt.Errorf("proto: IsMFARequiredResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TOTPRegisterResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: IsMFARequiredResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Required", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43606,24 +49349,12 @@ func (m *TOTPRegisterResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Code = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.Required = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -43646,7 +49377,7 @@ func (m *TOTPRegisterResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { +func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43669,17 +49400,17 @@ func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceRequest: wiretype end group for non-group") + return fmt.Errorf("proto: SingleUseUserCert: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SingleUseUserCert: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SSH", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43689,67 +49420,30 @@ func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &AddMFADeviceRequestInit{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AddMFADeviceRequest_Init{v} + v := make([]byte, postIndex-iNdEx) + copy(v, dAtA[iNdEx:postIndex]) + m.Cert = &SingleUseUserCert_SSH{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAResponse", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &MFAAuthenticateResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AddMFADeviceRequest_ExistingMFAResponse{v} - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TLS", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43759,26 +49453,24 @@ func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFARegisterResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &AddMFADeviceRequest_NewMFARegisterResponse{v} + v := make([]byte, postIndex-iNdEx) + copy(v, dAtA[iNdEx:postIndex]) + m.Cert = &SingleUseUserCert_TLS{v} iNdEx = postIndex default: iNdEx = preIndex @@ -43802,7 +49494,7 @@ func (m *AddMFADeviceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { +func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43825,17 +49517,17 @@ func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetEventsRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAChallenge", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -43845,30 +49537,27 @@ func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFAAuthenticateChallenge{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Response = &AddMFADeviceResponse_ExistingMFAChallenge{v} + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterChallenge", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartDate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43895,15 +49584,13 @@ func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFARegisterChallenge{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartDate, dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &AddMFADeviceResponse_NewMFARegisterChallenge{v} iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Ack", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field EndDate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43930,12 +49617,112 @@ func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AddMFADeviceResponseAck{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndDate, dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &AddMFADeviceResponse_Ack{v} iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field EventTypes", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.EventTypes = append(m.EventTypes, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) + } + m.Limit = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Limit |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.StartKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Order", wireType) + } + m.Order = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Order |= Order(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -43958,7 +49745,7 @@ func (m *AddMFADeviceResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { +func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -43981,17 +49768,17 @@ func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceRequestInit: wiretype end group for non-group") + return fmt.Errorf("proto: GetSessionEventsRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceRequestInit: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSessionEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartDate", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44001,29 +49788,63 @@ func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.DeviceName = string(dAtA[iNdEx:postIndex]) + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartDate, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field EndDate", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndDate, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) } - m.DeviceType = 0 + m.Limit = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44033,16 +49854,48 @@ func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.DeviceType |= DeviceType(b&0x7F) << shift + m.Limit |= int32(b&0x7F) << shift if b < 0x80 { break } } case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.StartKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Order", wireType) } - m.DeviceUsage = 0 + m.Order = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44052,7 +49905,7 @@ func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.DeviceUsage |= DeviceUsage(b&0x7F) << shift + m.Order |= Order(b&0x7F) << shift if b < 0x80 { break } @@ -44079,7 +49932,7 @@ func (m *AddMFADeviceRequestInit) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceResponseAck) Unmarshal(dAtA []byte) error { +func (m *Events) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44102,15 +49955,15 @@ func (m *AddMFADeviceResponseAck) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceResponseAck: wiretype end group for non-group") + return fmt.Errorf("proto: Events: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceResponseAck: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Events: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44137,13 +49990,43 @@ func (m *AddMFADeviceResponseAck) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Device == nil { - m.Device = &types.MFADevice{} - } - if err := m.Device.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Items = append(m.Items, &events.OneOf{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LastKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.LastKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -44166,7 +50049,7 @@ func (m *AddMFADeviceResponseAck) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { +func (m *GetLocksRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44189,15 +50072,15 @@ func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteMFADeviceRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetLocksRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteMFADeviceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetLocksRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Targets", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44224,17 +50107,16 @@ func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DeleteMFADeviceRequestInit{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Targets = append(m.Targets, &types.LockTarget{}) + if err := m.Targets[len(m.Targets)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &DeleteMFADeviceRequest_Init{v} iNdEx = postIndex case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFAResponse", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field InForceOnly", wireType) } - var msglen int + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44244,27 +50126,12 @@ func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &MFAAuthenticateResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &DeleteMFADeviceRequest_MFAResponse{v} - iNdEx = postIndex + m.InForceOnly = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -44287,7 +50154,7 @@ func (m *DeleteMFADeviceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteMFADeviceResponse) Unmarshal(dAtA []byte) error { +func (m *GetLocksResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44310,50 +50177,15 @@ func (m *DeleteMFADeviceResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteMFADeviceResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetLocksResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteMFADeviceResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetLocksResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFAChallenge", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &MFAAuthenticateChallenge{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Response = &DeleteMFADeviceResponse_MFAChallenge{v} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Ack", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Locks", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44380,11 +50212,10 @@ func (m *DeleteMFADeviceResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DeleteMFADeviceResponseAck{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Locks = append(m.Locks, &types.LockV2{}) + if err := m.Locks[len(m.Locks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Response = &DeleteMFADeviceResponse_Ack{v} iNdEx = postIndex default: iNdEx = preIndex @@ -44408,7 +50239,7 @@ func (m *DeleteMFADeviceResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteMFADeviceRequestInit) Unmarshal(dAtA []byte) error { +func (m *GetLockRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44431,15 +50262,15 @@ func (m *DeleteMFADeviceRequestInit) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteMFADeviceRequestInit: wiretype end group for non-group") + return fmt.Errorf("proto: GetLockRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteMFADeviceRequestInit: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetLockRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44467,7 +50298,7 @@ func (m *DeleteMFADeviceRequestInit) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DeviceName = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -44491,7 +50322,7 @@ func (m *DeleteMFADeviceRequestInit) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteMFADeviceResponseAck) Unmarshal(dAtA []byte) error { +func (m *DeleteLockRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44514,12 +50345,44 @@ func (m *DeleteMFADeviceResponseAck) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteMFADeviceResponseAck: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteLockRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteMFADeviceResponseAck: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteLockRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -44542,7 +50405,7 @@ func (m *DeleteMFADeviceResponseAck) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { +func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44565,15 +50428,15 @@ func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteMFADeviceSyncRequest: wiretype end group for non-group") + return fmt.Errorf("proto: ReplaceRemoteLocksRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteMFADeviceSyncRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ReplaceRemoteLocksRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44601,13 +50464,13 @@ func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Locks", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44617,23 +50480,25 @@ func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.DeviceName = string(dAtA[iNdEx:postIndex]) + m.Locks = append(m.Locks, &types.LockV2{}) + if err := m.Locks[len(m.Locks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -44657,7 +50522,7 @@ func (m *DeleteMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { +func (m *GetWindowsDesktopServicesResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44680,17 +50545,17 @@ func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceSyncRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetWindowsDesktopServicesResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceSyncRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWindowsDesktopServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44700,61 +50565,82 @@ func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) + m.Services = append(m.Services, &types.WindowsDesktopServiceV3{}) + if err := m.Services[len(m.Services)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.NewDeviceName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetWindowsDesktopServiceRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetWindowsDesktopServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewMFAResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -44764,47 +50650,24 @@ func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.NewMFAResponse == nil { - m.NewMFAResponse = &MFARegisterResponse{} - } - if err := m.NewMFAResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) - } - m.DeviceUsage = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.DeviceUsage |= DeviceUsage(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -44827,7 +50690,7 @@ func (m *AddMFADeviceSyncRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AddMFADeviceSyncResponse) Unmarshal(dAtA []byte) error { +func (m *GetWindowsDesktopServiceResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44850,15 +50713,15 @@ func (m *AddMFADeviceSyncResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AddMFADeviceSyncResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetWindowsDesktopServiceResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AddMFADeviceSyncResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWindowsDesktopServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Device", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44885,10 +50748,10 @@ func (m *AddMFADeviceSyncResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Device == nil { - m.Device = &types.MFADevice{} + if m.Service == nil { + m.Service = &types.WindowsDesktopServiceV3{} } - if err := m.Device.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -44914,7 +50777,7 @@ func (m *AddMFADeviceSyncResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetMFADevicesRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44937,15 +50800,15 @@ func (m *GetMFADevicesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetMFADevicesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteWindowsDesktopServiceRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetMFADevicesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteWindowsDesktopServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44973,7 +50836,7 @@ func (m *GetMFADevicesRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -44997,7 +50860,7 @@ func (m *GetMFADevicesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetMFADevicesResponse) Unmarshal(dAtA []byte) error { +func (m *GetWindowsDesktopsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45020,15 +50883,15 @@ func (m *GetMFADevicesResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetMFADevicesResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetWindowsDesktopsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetMFADevicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetWindowsDesktopsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Devices", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Desktops", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -45055,8 +50918,8 @@ func (m *GetMFADevicesResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Devices = append(m.Devices, &types.MFADevice{}) - if err := m.Devices[len(m.Devices)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Desktops = append(m.Desktops, &types.WindowsDesktopV3{}) + if err := m.Desktops[len(m.Desktops)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -45082,7 +50945,7 @@ func (m *GetMFADevicesResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { +func (m *DeleteWindowsDesktopRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45105,17 +50968,17 @@ func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserSingleUseCertsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DeleteWindowsDesktopRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserSingleUseCertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DeleteWindowsDesktopRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45125,32 +50988,29 @@ func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserCertsRequest{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &UserSingleUseCertsRequest_Init{v} + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFAResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45160,26 +51020,23 @@ func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFAAuthenticateResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &UserSingleUseCertsRequest_MFAResponse{v} + m.HostID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -45203,7 +51060,7 @@ func (m *UserSingleUseCertsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { +func (m *WindowsDesktopCertRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45226,17 +51083,17 @@ func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserSingleUseCertsResponse: wiretype end group for non-group") + return fmt.Errorf("proto: WindowsDesktopCertRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserSingleUseCertsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: WindowsDesktopCertRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFAChallenge", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45246,32 +51103,31 @@ func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFAAuthenticateChallenge{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) + if m.CSR == nil { + m.CSR = []byte{} } - m.Response = &UserSingleUseCertsResponse_MFAChallenge{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CRLEndpoint", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45281,27 +51137,43 @@ func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &SingleUseUserCert{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Response = &UserSingleUseCertsResponse_Cert{v} + m.CRLEndpoint = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + } + m.TTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TTL |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -45324,7 +51196,7 @@ func (m *UserSingleUseCertsResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { +func (m *WindowsDesktopCertResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45347,17 +51219,17 @@ func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: IsMFARequiredRequest: wiretype end group for non-group") + return fmt.Errorf("proto: WindowsDesktopCertResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: IsMFARequiredRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: WindowsDesktopCertResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45367,99 +51239,82 @@ func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Target = &IsMFARequiredRequest_KubernetesCluster{string(dAtA[iNdEx:postIndex])} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) + if m.Cert == nil { + m.Cert = []byte{} } - if msglen < 0 { - return ErrInvalidLengthAuthservice + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - v := &RouteToDatabase{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Target = &IsMFARequiredRequest_Database{v} - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CertAuthorityRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - v := &NodeLogin{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.Target = &IsMFARequiredRequest_Node{v} - iNdEx = postIndex - case 4: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CertAuthorityRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CertAuthorityRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45469,26 +51324,23 @@ func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &RouteToWindowsDesktop{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Target = &IsMFARequiredRequest_WindowsDesktop{v} + m.Type = github_com_gravitational_teleport_api_types.CertAuthType(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -45512,7 +51364,7 @@ func (m *IsMFARequiredRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *StreamSessionEventsRequest) Unmarshal(dAtA []byte) error { +func (m *CRL) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45535,17 +51387,17 @@ func (m *StreamSessionEventsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: StreamSessionEventsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CRL: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: StreamSessionEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CRL: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CRL", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45555,43 +51407,26 @@ func (m *StreamSessionEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StartIndex", wireType) - } - m.StartIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.StartIndex |= int32(b&0x7F) << shift - if b < 0x80 { - break - } + m.CRL = append(m.CRL[:0], dAtA[iNdEx:postIndex]...) + if m.CRL == nil { + m.CRL = []byte{} } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -45614,7 +51449,7 @@ func (m *StreamSessionEventsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *NodeLogin) Unmarshal(dAtA []byte) error { +func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45637,17 +51472,83 @@ func (m *NodeLogin) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: NodeLogin: wiretype end group for non-group") + return fmt.Errorf("proto: ChangeUserAuthenticationRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: NodeLogin: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ChangeUserAuthenticationRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NewPassword", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.NewPassword = append(m.NewPassword[:0], dAtA[iNdEx:postIndex]...) + if m.NewPassword == nil { + m.NewPassword = []byte{} + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterResponse", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45657,27 +51558,31 @@ func (m *NodeLogin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Node = string(dAtA[iNdEx:postIndex]) + if m.NewMFARegisterResponse == nil { + m.NewMFARegisterResponse = &MFARegisterResponse{} + } + if err := m.NewMFARegisterResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 2: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -45705,7 +51610,7 @@ func (m *NodeLogin) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Login = string(dAtA[iNdEx:postIndex]) + m.NewDeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -45729,7 +51634,7 @@ func (m *NodeLogin) Unmarshal(dAtA []byte) error { } return nil } -func (m *IsMFARequiredResponse) Unmarshal(dAtA []byte) error { +func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45752,17 +51657,17 @@ func (m *IsMFARequiredResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: IsMFARequiredResponse: wiretype end group for non-group") + return fmt.Errorf("proto: ChangeUserAuthenticationResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: IsMFARequiredResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ChangeUserAuthenticationResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Required", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WebSession", wireType) } - var v int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45772,12 +51677,64 @@ func (m *IsMFARequiredResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - m.Required = bool(v != 0) + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.WebSession == nil { + m.WebSession = &types.WebSessionV2{} + } + if err := m.WebSession.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Recovery", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Recovery == nil { + m.Recovery = &RecoveryCodes{} + } + if err := m.Recovery.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -45800,7 +51757,7 @@ func (m *IsMFARequiredResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { +func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45823,17 +51780,17 @@ func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SingleUseUserCert: wiretype end group for non-group") + return fmt.Errorf("proto: StartAccountRecoveryRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SingleUseUserCert: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: StartAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SSH", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45843,28 +51800,27 @@ func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := make([]byte, postIndex-iNdEx) - copy(v, dAtA[iNdEx:postIndex]) - m.Cert = &SingleUseUserCert_SSH{v} + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLS", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCode", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { @@ -45891,10 +51847,30 @@ func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := make([]byte, postIndex-iNdEx) - copy(v, dAtA[iNdEx:postIndex]) - m.Cert = &SingleUseUserCert_TLS{v} + m.RecoveryCode = append(m.RecoveryCode[:0], dAtA[iNdEx:postIndex]...) + if m.RecoveryCode == nil { + m.RecoveryCode = []byte{} + } iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RecoverType", wireType) + } + m.RecoverType = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.RecoverType |= types.UserTokenUsage(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -45917,7 +51893,7 @@ func (m *SingleUseUserCert) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { +func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45940,15 +51916,15 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetEventsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: VerifyAccountRecoveryRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: VerifyAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryStartTokenID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -45976,13 +51952,13 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.RecoveryStartTokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartDate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -45992,30 +51968,29 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartDate, dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EndDate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Password", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46025,30 +52000,30 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndDate, dAtA[iNdEx:postIndex]); err != nil { - return err - } + v := make([]byte, postIndex-iNdEx) + copy(v, dAtA[iNdEx:postIndex]) + m.AuthnCred = &VerifyAccountRecoveryRequest_Password{v} iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EventTypes", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFAAuthenticateResponse", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46058,94 +52033,27 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.EventTypes = append(m.EventTypes, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) - } - m.Limit = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Limit |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF + v := &MFAAuthenticateResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.StartKey = string(dAtA[iNdEx:postIndex]) + m.AuthnCred = &VerifyAccountRecoveryRequest_MFAAuthenticateResponse{v} iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Order", wireType) - } - m.Order = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Order |= Order(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -46168,7 +52076,7 @@ func (m *GetEventsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { +func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46191,17 +52099,17 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSessionEventsRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CompleteAccountRecoveryRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSessionEventsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CompleteAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartDate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryApprovedTokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46211,30 +52119,29 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartDate, dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.RecoveryApprovedTokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EndDate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46244,30 +52151,29 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndDate, dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.NewDeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NewPassword", wireType) } - m.Limit = 0 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46277,16 +52183,30 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Limit |= int32(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } + if byteLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := make([]byte, postIndex-iNdEx) + copy(v, dAtA[iNdEx:postIndex]) + m.NewAuthnCred = &CompleteAccountRecoveryRequest_NewPassword{v} + iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NewMFAResponse", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46296,43 +52216,27 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.StartKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Order", wireType) - } - m.Order = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Order |= Order(b&0x7F) << shift - if b < 0x80 { - break - } + v := &MFARegisterResponse{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.NewAuthnCred = &CompleteAccountRecoveryRequest_NewMFAResponse{v} + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -46355,7 +52259,7 @@ func (m *GetSessionEventsRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *Events) Unmarshal(dAtA []byte) error { +func (m *RecoveryCodes) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46378,49 +52282,15 @@ func (m *Events) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Events: wiretype end group for non-group") + return fmt.Errorf("proto: RecoveryCodes: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Events: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RecoveryCodes: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Items = append(m.Items, &events.OneOf{}) - if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LastKey", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Codes", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -46448,62 +52318,11 @@ func (m *Events) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.LastKey = string(dAtA[iNdEx:postIndex]) + m.Codes = append(m.Codes, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GetLocksRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GetLocksRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GetLocksRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Targets", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -46530,31 +52349,10 @@ func (m *GetLocksRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Targets = append(m.Targets, &types.LockTarget{}) - if err := m.Targets[len(m.Targets)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Created, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field InForceOnly", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.InForceOnly = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -46577,7 +52375,7 @@ func (m *GetLocksRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetLocksResponse) Unmarshal(dAtA []byte) error { +func (m *CreateAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46600,17 +52398,17 @@ func (m *GetLocksResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetLocksResponse: wiretype end group for non-group") + return fmt.Errorf("proto: CreateAccountRecoveryCodesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetLocksResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateAccountRecoveryCodesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Locks", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46620,25 +52418,23 @@ func (m *GetLocksResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Locks = append(m.Locks, &types.LockV2{}) - if err := m.Locks[len(m.Locks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.TokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -46662,7 +52458,7 @@ func (m *GetLocksResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetLockRequest) Unmarshal(dAtA []byte) error { +func (m *GetAccountRecoveryTokenRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46685,15 +52481,15 @@ func (m *GetLockRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetLockRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetAccountRecoveryTokenRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetLockRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAccountRecoveryTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryTokenID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -46721,7 +52517,7 @@ func (m *GetLockRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.RecoveryTokenID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -46745,7 +52541,7 @@ func (m *GetLockRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteLockRequest) Unmarshal(dAtA []byte) error { +func (m *GetAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46768,44 +52564,12 @@ func (m *DeleteLockRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteLockRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetAccountRecoveryCodesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteLockRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetAccountRecoveryCodesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -46828,7 +52592,7 @@ func (m *DeleteLockRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { +func (m *UserCredentials) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46851,15 +52615,15 @@ func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ReplaceRemoteLocksRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UserCredentials: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ReplaceRemoteLocksRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserCredentials: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -46887,13 +52651,13 @@ func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + m.Username = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Locks", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Password", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -46903,24 +52667,24 @@ func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Locks = append(m.Locks, &types.LockV2{}) - if err := m.Locks[len(m.Locks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Password = append(m.Password[:0], dAtA[iNdEx:postIndex]...) + if m.Password == nil { + m.Password = []byte{} } iNdEx = postIndex default: @@ -46945,7 +52709,7 @@ func (m *ReplaceRemoteLocksRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWindowsDesktopServicesResponse) Unmarshal(dAtA []byte) error { +func (m *ContextUser) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46968,46 +52732,12 @@ func (m *GetWindowsDesktopServicesResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWindowsDesktopServicesResponse: wiretype end group for non-group") + return fmt.Errorf("proto: ContextUser: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWindowsDesktopServicesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ContextUser: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Services = append(m.Services, &types.WindowsDesktopServiceV3{}) - if err := m.Services[len(m.Services)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -47030,7 +52760,7 @@ func (m *GetWindowsDesktopServicesResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { +func (m *Passwordless) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47053,44 +52783,12 @@ func (m *GetWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWindowsDesktopServiceRequest: wiretype end group for non-group") + return fmt.Errorf("proto: Passwordless: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWindowsDesktopServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Passwordless: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -47113,7 +52811,7 @@ func (m *GetWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWindowsDesktopServiceResponse) Unmarshal(dAtA []byte) error { +func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47136,15 +52834,15 @@ func (m *GetWindowsDesktopServiceResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWindowsDesktopServiceResponse: wiretype end group for non-group") + return fmt.Errorf("proto: CreateAuthenticateChallengeRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWindowsDesktopServiceResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateAuthenticateChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserCredentials", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -47171,12 +52869,113 @@ func (m *GetWindowsDesktopServiceResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Service == nil { - m.Service = &types.WindowsDesktopServiceV3{} + v := &UserCredentials{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Request = &CreateAuthenticateChallengeRequest_UserCredentials{v} + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryStartTokenID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Request = &CreateAuthenticateChallengeRequest_RecoveryStartTokenID{string(dAtA[iNdEx:postIndex])} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ContextUser", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &ContextUser{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Request = &CreateAuthenticateChallengeRequest_ContextUser{v} + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Passwordless", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &Passwordless{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Request = &CreateAuthenticateChallengeRequest_Passwordless{v} iNdEx = postIndex default: iNdEx = preIndex @@ -47200,7 +52999,7 @@ func (m *GetWindowsDesktopServiceResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { +func (m *CreatePrivilegeTokenRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47223,17 +53022,17 @@ func (m *DeleteWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteWindowsDesktopServiceRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CreatePrivilegeTokenRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteWindowsDesktopServiceRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreatePrivilegeTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAResponse", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47243,23 +53042,27 @@ func (m *DeleteWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if m.ExistingMFAResponse == nil { + m.ExistingMFAResponse = &MFAAuthenticateResponse{} + } + if err := m.ExistingMFAResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -47283,7 +53086,7 @@ func (m *DeleteWindowsDesktopServiceRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetWindowsDesktopsResponse) Unmarshal(dAtA []byte) error { +func (m *CreateRegisterChallengeRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47306,17 +53109,17 @@ func (m *GetWindowsDesktopsResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetWindowsDesktopsResponse: wiretype end group for non-group") + return fmt.Errorf("proto: CreateRegisterChallengeRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetWindowsDesktopsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateRegisterChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Desktops", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47326,26 +53129,62 @@ func (m *GetWindowsDesktopsResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Desktops = append(m.Desktops, &types.WindowsDesktopV3{}) - if err := m.Desktops[len(m.Desktops)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.TokenID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) + } + m.DeviceType = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DeviceType |= DeviceType(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) + } + m.DeviceUsage = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DeviceUsage |= DeviceUsage(b&0x7F) << shift + if b < 0x80 { + break + } } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -47368,7 +53207,7 @@ func (m *GetWindowsDesktopsResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *DeleteWindowsDesktopRequest) Unmarshal(dAtA []byte) error { +func (m *PaginatedResource) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47391,17 +53230,17 @@ func (m *DeleteWindowsDesktopRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DeleteWindowsDesktopRequest: wiretype end group for non-group") + return fmt.Errorf("proto: PaginatedResource: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DeleteWindowsDesktopRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PaginatedResource: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseServer", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47411,29 +53250,32 @@ func (m *DeleteWindowsDesktopRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + v := &types.DatabaseServerV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &PaginatedResource_DatabaseServer{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppServer", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47443,80 +53285,67 @@ func (m *DeleteWindowsDesktopRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.HostID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { + v := &types.AppServerV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + m.Resource = &PaginatedResource_AppServer{v} + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WindowsDesktopCertRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + if msglen < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &types.ServerV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WindowsDesktopCertRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WindowsDesktopCertRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Resource = &PaginatedResource_Node{v} + iNdEx = postIndex + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CSR", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeService", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47526,31 +53355,32 @@ func (m *WindowsDesktopCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CSR = append(m.CSR[:0], dAtA[iNdEx:postIndex]...) - if m.CSR == nil { - m.CSR = []byte{} + v := &types.ServerV2{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.Resource = &PaginatedResource_KubeService{v} iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CRLEndpoint", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47560,29 +53390,32 @@ func (m *WindowsDesktopCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CRLEndpoint = string(dAtA[iNdEx:postIndex]) + v := &types.WindowsDesktopV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &PaginatedResource_WindowsDesktop{v} iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubeCluster", wireType) } - m.TTL = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47592,67 +53425,32 @@ func (m *WindowsDesktopCertRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TTL |= Duration(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WindowsDesktopCertResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &types.KubernetesClusterV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WindowsDesktopCertResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WindowsDesktopCertResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Resource = &PaginatedResource_KubeCluster{v} + iNdEx = postIndex + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Cert", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47662,25 +53460,26 @@ func (m *WindowsDesktopCertResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Cert = append(m.Cert[:0], dAtA[iNdEx:postIndex]...) - if m.Cert == nil { - m.Cert = []byte{} + v := &types.WindowsDesktopServiceV3{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + m.Resource = &PaginatedResource_WindowsDesktopService{v} iNdEx = postIndex default: iNdEx = preIndex @@ -47704,7 +53503,7 @@ func (m *WindowsDesktopCertResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *CertAuthorityRequest) Unmarshal(dAtA []byte) error { +func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47727,15 +53526,15 @@ func (m *CertAuthorityRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CertAuthorityRequest: wiretype end group for non-group") + return fmt.Errorf("proto: ListResourcesRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CertAuthorityRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ListResourcesRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceType", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -47763,64 +53562,64 @@ func (m *CertAuthorityRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Type = github_com_gravitational_teleport_api_types.CertAuthType(dAtA[iNdEx:postIndex]) + m.ResourceType = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CRL) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CRL: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CRL: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Limit = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Limit |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CRL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47830,80 +53629,154 @@ func (m *CRL) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.CRL = append(m.CRL[:0], dAtA[iNdEx:postIndex]...) - if m.CRL == nil { - m.CRL = []byte{} - } + m.StartKey = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + if m.Labels == nil { + m.Labels = make(map[string]string) } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ChangeUserAuthenticationRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ChangeUserAuthenticationRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthAuthservice + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthAuthservice + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthAuthservice + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthAuthservice + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Labels[mapkey] = mapvalue + iNdEx = postIndex + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PredicateExpression", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -47931,13 +53804,13 @@ func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.PredicateExpression = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewPassword", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SearchKeywords", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -47947,29 +53820,27 @@ func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.NewPassword = append(m.NewPassword[:0], dAtA[iNdEx:postIndex]...) - if m.NewPassword == nil { - m.NewPassword = []byte{} - } + m.SearchKeywords = append(m.SearchKeywords, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 3: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewMFARegisterResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SortBy", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -47996,18 +53867,35 @@ func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.NewMFARegisterResponse == nil { - m.NewMFARegisterResponse = &MFARegisterResponse{} - } - if err := m.NewMFARegisterResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SortBy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field NeedTotalCount", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.NeedTotalCount = bool(v != 0) + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopFilter", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48017,24 +53905,45 @@ func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.NewDeviceName = string(dAtA[iNdEx:postIndex]) + if err := m.WindowsDesktopFilter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex + case 11: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseSearchAsRoles", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseSearchAsRoles = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -48057,7 +53966,7 @@ func (m *ChangeUserAuthenticationRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { +func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48080,15 +53989,15 @@ func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ChangeUserAuthenticationResponse: wiretype end group for non-group") + return fmt.Errorf("proto: ListResourcesResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ChangeUserAuthenticationResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ListResourcesResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WebSession", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48115,18 +54024,16 @@ func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.WebSession == nil { - m.WebSession = &types.WebSessionV2{} - } - if err := m.WebSession.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Resources = append(m.Resources, &PaginatedResource{}) + if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Recovery", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NextKey", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48136,28 +54043,43 @@ func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if m.Recovery == nil { - m.Recovery = &RecoveryCodes{} + m.NextKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TotalCount", wireType) } - if err := m.Recovery.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.TotalCount = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.TotalCount |= int32(b&0x7F) << shift + if b < 0x80 { + break + } } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -48180,7 +54102,7 @@ func (m *ChangeUserAuthenticationResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { +func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48203,15 +54125,15 @@ func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: StartAccountRecoveryRequest: wiretype end group for non-group") + return fmt.Errorf("proto: CreateSessionTrackerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: StartAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CreateSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48239,13 +54161,13 @@ func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCode", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48255,31 +54177,29 @@ func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.RecoveryCode = append(m.RecoveryCode[:0], dAtA[iNdEx:postIndex]...) - if m.RecoveryCode == nil { - m.RecoveryCode = []byte{} - } + m.Type = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoverType", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) } - m.RecoverType = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48289,65 +54209,27 @@ func (m *StartAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.RecoverType |= types.UserTokenUsage(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: VerifyAccountRecoveryRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: VerifyAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Reason = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryStartTokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Invited", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48375,11 +54257,11 @@ func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RecoveryStartTokenID = string(dAtA[iNdEx:postIndex]) + m.Invited = append(m.Invited, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Hostname", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48407,13 +54289,13 @@ func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) + m.Hostname = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Password", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48423,30 +54305,29 @@ func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := make([]byte, postIndex-iNdEx) - copy(v, dAtA[iNdEx:postIndex]) - m.AuthnCred = &VerifyAccountRecoveryRequest_Password{v} + m.Address = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFAAuthenticateResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48456,81 +54337,27 @@ func (m *VerifyAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFAAuthenticateResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.AuthnCred = &VerifyAccountRecoveryRequest_MFAAuthenticateResponse{v} + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CompleteAccountRecoveryRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CompleteAccountRecoveryRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryApprovedTokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48558,13 +54385,13 @@ func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RecoveryApprovedTokenID = string(dAtA[iNdEx:postIndex]) + m.Login = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewDeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Initiator", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48574,29 +54401,33 @@ func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.NewDeviceName = string(dAtA[iNdEx:postIndex]) + if m.Initiator == nil { + m.Initiator = &types.Participant{} + } + if err := m.Initiator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 3: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewPassword", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48606,30 +54437,30 @@ func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := make([]byte, postIndex-iNdEx) - copy(v, dAtA[iNdEx:postIndex]) - m.NewAuthnCred = &CompleteAccountRecoveryRequest_NewPassword{v} + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 4: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NewMFAResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -48639,81 +54470,59 @@ func (m *CompleteAccountRecoveryRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFARegisterResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.NewAuthnCred = &CompleteAccountRecoveryRequest_NewMFAResponse{v} + m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HostUser", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RecoveryCodes) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RecoveryCodes: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RecoveryCodes: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.HostUser = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Codes", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48741,11 +54550,11 @@ func (m *RecoveryCodes) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Codes = append(m.Codes, string(dAtA[iNdEx:postIndex])) + m.ID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 14: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field HostPolicies", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48772,7 +54581,44 @@ func (m *RecoveryCodes) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Created, dAtA[iNdEx:postIndex]); err != nil { + m.HostPolicies = append(m.HostPolicies, &types.SessionTrackerPolicySet{}) + if err := m.HostPolicies[len(m.HostPolicies)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionTracker", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SessionTracker == nil { + m.SessionTracker = &types.SessionTrackerV1{} + } + if err := m.SessionTracker.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -48798,7 +54644,7 @@ func (m *RecoveryCodes) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { +func (m *GetSessionTrackerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48821,15 +54667,15 @@ func (m *CreateAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateAccountRecoveryCodesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetSessionTrackerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateAccountRecoveryCodesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48857,7 +54703,7 @@ func (m *CreateAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -48881,7 +54727,7 @@ func (m *CreateAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAccountRecoveryTokenRequest) Unmarshal(dAtA []byte) error { +func (m *RemoveSessionTrackerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48904,15 +54750,15 @@ func (m *GetAccountRecoveryTokenRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAccountRecoveryTokenRequest: wiretype end group for non-group") + return fmt.Errorf("proto: RemoveSessionTrackerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAccountRecoveryTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RemoveSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryTokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48940,7 +54786,7 @@ func (m *GetAccountRecoveryTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RecoveryTokenID = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -48964,7 +54810,7 @@ func (m *GetAccountRecoveryTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { +func (m *SessionTrackerUpdateState) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48987,12 +54833,31 @@ func (m *GetAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetAccountRecoveryCodesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: SessionTrackerUpdateState: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetAccountRecoveryCodesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionTrackerUpdateState: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) + } + m.State = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.State |= types.SessionState(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -49015,7 +54880,7 @@ func (m *GetAccountRecoveryCodesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserCredentials) Unmarshal(dAtA []byte) error { +func (m *SessionTrackerAddParticipant) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49038,49 +54903,17 @@ func (m *UserCredentials) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserCredentials: wiretype end group for non-group") + return fmt.Errorf("proto: SessionTrackerAddParticipant: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserCredentials: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionTrackerAddParticipant: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Username = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Password", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Participant", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49090,24 +54923,26 @@ func (m *UserCredentials) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Password = append(m.Password[:0], dAtA[iNdEx:postIndex]...) - if m.Password == nil { - m.Password = []byte{} + if m.Participant == nil { + m.Participant = &types.Participant{} + } + if err := m.Participant.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } iNdEx = postIndex default: @@ -49132,7 +54967,7 @@ func (m *UserCredentials) Unmarshal(dAtA []byte) error { } return nil } -func (m *ContextUser) Unmarshal(dAtA []byte) error { +func (m *SessionTrackerRemoveParticipant) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49155,12 +54990,44 @@ func (m *ContextUser) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ContextUser: wiretype end group for non-group") + return fmt.Errorf("proto: SessionTrackerRemoveParticipant: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ContextUser: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionTrackerRemoveParticipant: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ParticipantID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ParticipantID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -49183,7 +55050,7 @@ func (m *ContextUser) Unmarshal(dAtA []byte) error { } return nil } -func (m *Passwordless) Unmarshal(dAtA []byte) error { +func (m *SessionTrackerUpdateExpiry) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49206,12 +55073,48 @@ func (m *Passwordless) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Passwordless: wiretype end group for non-group") + return fmt.Errorf("proto: SessionTrackerUpdateExpiry: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Passwordless: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionTrackerUpdateExpiry: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Expires == nil { + m.Expires = new(time.Time) + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Expires, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -49234,7 +55137,7 @@ func (m *Passwordless) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { +func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49257,17 +55160,17 @@ func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateAuthenticateChallengeRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UpdateSessionTrackerRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateAuthenticateChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpdateSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserCredentials", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49277,32 +55180,29 @@ func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserCredentials{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Request = &CreateAuthenticateChallengeRequest_UserCredentials{v} + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryStartTokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpdateState", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49312,27 +55212,30 @@ func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Request = &CreateAuthenticateChallengeRequest_RecoveryStartTokenID{string(dAtA[iNdEx:postIndex])} + v := &SessionTrackerUpdateState{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Update = &UpdateSessionTrackerRequest_UpdateState{v} iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ContextUser", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AddParticipant", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -49359,15 +55262,15 @@ func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &ContextUser{} + v := &SessionTrackerAddParticipant{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &CreateAuthenticateChallengeRequest_ContextUser{v} + m.Update = &UpdateSessionTrackerRequest_AddParticipant{v} iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Passwordless", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RemoveParticipant", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -49394,66 +55297,15 @@ func (m *CreateAuthenticateChallengeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &Passwordless{} + v := &SessionTrackerRemoveParticipant{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &CreateAuthenticateChallengeRequest_Passwordless{v} + m.Update = &UpdateSessionTrackerRequest_RemoveParticipant{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CreatePrivilegeTokenRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CreatePrivilegeTokenRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CreatePrivilegeTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExistingMFAResponse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpdateExpiry", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -49480,12 +55332,11 @@ func (m *CreatePrivilegeTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.ExistingMFAResponse == nil { - m.ExistingMFAResponse = &MFAAuthenticateResponse{} - } - if err := m.ExistingMFAResponse.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionTrackerUpdateExpiry{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Update = &UpdateSessionTrackerRequest_UpdateExpiry{v} iNdEx = postIndex default: iNdEx = preIndex @@ -49509,7 +55360,7 @@ func (m *CreatePrivilegeTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateRegisterChallengeRequest) Unmarshal(dAtA []byte) error { +func (m *PresenceMFAChallengeRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49532,15 +55383,15 @@ func (m *CreateRegisterChallengeRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateRegisterChallengeRequest: wiretype end group for non-group") + return fmt.Errorf("proto: PresenceMFAChallengeRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateRegisterChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PresenceMFAChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -49568,46 +55419,8 @@ func (m *CreateRegisterChallengeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TokenID = string(dAtA[iNdEx:postIndex]) + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) - } - m.DeviceType = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.DeviceType |= DeviceType(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceUsage", wireType) - } - m.DeviceUsage = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.DeviceUsage |= DeviceUsage(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -49630,7 +55443,7 @@ func (m *CreateRegisterChallengeRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *PaginatedResource) Unmarshal(dAtA []byte) error { +func (m *PresenceMFAChallengeSend) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49653,85 +55466,15 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PaginatedResource: wiretype end group for non-group") + return fmt.Errorf("proto: PresenceMFAChallengeSend: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PaginatedResource: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PresenceMFAChallengeSend: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseServer", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &types.DatabaseServerV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &PaginatedResource_DatabaseServer{v} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppServer", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &types.AppServerV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Resource = &PaginatedResource_AppServer{v} - iNdEx = postIndex - case 3: + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Node", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ChallengeRequest", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -49758,15 +55501,15 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ServerV2{} + v := &PresenceMFAChallengeRequest{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &PaginatedResource_Node{v} + m.Request = &PresenceMFAChallengeSend_ChallengeRequest{v} iNdEx = postIndex - case 4: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubeService", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ChallengeResponse", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -49793,17 +55536,68 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.ServerV2{} + v := &MFAAuthenticateResponse{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Resource = &PaginatedResource_KubeService{v} + m.Request = &PresenceMFAChallengeSend_ChallengeResponse{v} iNdEx = postIndex - case 5: + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetDomainNameResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetDomainNameResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetDomainNameResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktop", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DomainName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49813,32 +55607,80 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.WindowsDesktopV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.DomainName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { return err } - m.Resource = &PaginatedResource_WindowsDesktop{v} - iNdEx = postIndex - case 6: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthservice + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetClusterCACertResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetClusterCACertResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetClusterCACertResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubeCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TLSCA", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49848,26 +55690,25 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &types.KubernetesClusterV3{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.TLSCA = append(m.TLSCA[:0], dAtA[iNdEx:postIndex]...) + if m.TLSCA == nil { + m.TLSCA = []byte{} } - m.Resource = &PaginatedResource_KubeCluster{v} iNdEx = postIndex default: iNdEx = preIndex @@ -49891,7 +55732,7 @@ func (m *PaginatedResource) Unmarshal(dAtA []byte) error { } return nil } -func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { +func (m *GenerateTokenRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49914,15 +55755,15 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ListResourcesRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GenerateTokenRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ListResourcesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GenerateTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceType", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -49950,11 +55791,11 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourceType = string(dAtA[iNdEx:postIndex]) + m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -49982,13 +55823,13 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.Roles = append(m.Roles, github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 3: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Limit", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) } - m.Limit = 0 + m.TTL = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -49998,44 +55839,12 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Limit |= int32(b&0x7F) << shift + m.TTL |= Duration(b&0x7F) << shift if b < 0x80 { break } } case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartKey", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.StartKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) } @@ -50162,41 +55971,60 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { } m.Labels[mapkey] = mapvalue iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PredicateExpression", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenerateTokenResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.PredicateExpression = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenerateTokenResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenerateTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SearchKeywords", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50224,66 +56052,64 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SearchKeywords = append(m.SearchKeywords, string(dAtA[iNdEx:postIndex])) + m.Token = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SortBy", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - if err := m.SortBy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetOIDCAuthRequestRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field NeedTotalCount", wireType) + if iNdEx >= l { + return io.ErrUnexpectedEOF } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.NeedTotalCount = bool(v != 0) - case 10: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetOIDCAuthRequestRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetOIDCAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopFilter", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -50293,45 +56119,24 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.WindowsDesktopFilter.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.StateToken = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field UseSearchAsRoles", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.UseSearchAsRoles = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -50354,7 +56159,7 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { +func (m *GetSAMLAuthRequestRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -50377,17 +56182,17 @@ func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ListResourcesResponse: wiretype end group for non-group") + return fmt.Errorf("proto: GetSAMLAuthRequestRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ListResourcesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSAMLAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -50397,63 +56202,80 @@ func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.Resources = append(m.Resources, &PaginatedResource{}) - if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.ID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NextKey", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetGithubAuthRequestRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.NextKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TotalCount", wireType) + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.TotalCount = 0 + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetGithubAuthRequestRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetGithubAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) + } + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -50463,11 +56285,24 @@ func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TotalCount |= int32(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.StateToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -50490,7 +56325,7 @@ func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { +func (m *GetSSODiagnosticInfoRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -50513,15 +56348,15 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CreateSessionTrackerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetSSODiagnosticInfoRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CreateSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetSSODiagnosticInfoRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AuthRequestKind", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50549,11 +56384,11 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + m.AuthRequestKind = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AuthRequestID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50581,107 +56416,62 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Type = string(dAtA[iNdEx:postIndex]) + m.AuthRequestID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.Reason = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Invited", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UnstableSystemRoleAssertion) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.Invited = append(m.Invited, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Hostname", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.Hostname = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UnstableSystemRoleAssertion: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UnstableSystemRoleAssertion: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50709,11 +56499,11 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Address = string(dAtA[iNdEx:postIndex]) + m.ServerID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AssertionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50741,11 +56531,11 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + m.AssertionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SystemRole", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50773,80 +56563,62 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Login = string(dAtA[iNdEx:postIndex]) + m.SystemRole = github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Initiator", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice + default: + iNdEx = preIndex + skippy, err := skipAuthservice(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAuthservice } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - if m.Initiator == nil { - m.Initiator = &types.Participant{} - } - if err := m.Initiator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UnstableSystemRoleAssertionSet) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - iNdEx = postIndex - case 11: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UnstableSystemRoleAssertionSet: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UnstableSystemRoleAssertionSet: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50874,11 +56646,11 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) + m.ServerID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 12: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostUser", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AssertionID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50906,11 +56678,11 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.HostUser = string(dAtA[iNdEx:postIndex]) + m.AssertionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 13: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SystemRoles", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50938,77 +56710,7 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field HostPolicies", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.HostPolicies = append(m.HostPolicies, &types.SessionTrackerPolicySet{}) - if err := m.HostPolicies[len(m.HostPolicies)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionTracker", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.SessionTracker == nil { - m.SessionTracker = &types.SessionTrackerV1{} - } - if err := m.SessionTracker.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.SystemRoles = append(m.SystemRoles, github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -51032,7 +56734,7 @@ func (m *CreateSessionTrackerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSessionTrackerRequest) Unmarshal(dAtA []byte) error { +func (m *UpstreamInventoryOneOf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51055,17 +56757,17 @@ func (m *GetSessionTrackerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSessionTrackerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UpstreamInventoryOneOf: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpstreamInventoryOneOf: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Hello", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51075,80 +56777,67 @@ func (m *GetSessionTrackerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { + v := &UpstreamInventoryHello{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice + m.Msg = &UpstreamInventoryOneOf_Hello{v} + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Heartbeat", wireType) } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RemoveSessionTrackerRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + if msglen < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &InventoryHeartbeat{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RemoveSessionTrackerRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RemoveSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Msg = &UpstreamInventoryOneOf_Heartbeat{v} + iNdEx = postIndex + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Pong", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51158,23 +56847,26 @@ func (m *RemoveSessionTrackerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + v := &UpstreamInventoryPong{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Msg = &UpstreamInventoryOneOf_Pong{v} iNdEx = postIndex default: iNdEx = preIndex @@ -51198,7 +56890,7 @@ func (m *RemoveSessionTrackerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionTrackerUpdateState) Unmarshal(dAtA []byte) error { +func (m *DownstreamInventoryOneOf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51221,17 +56913,17 @@ func (m *SessionTrackerUpdateState) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionTrackerUpdateState: wiretype end group for non-group") + return fmt.Errorf("proto: DownstreamInventoryOneOf: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionTrackerUpdateState: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DownstreamInventoryOneOf: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Hello", wireType) } - m.State = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51241,65 +56933,30 @@ func (m *SessionTrackerUpdateState) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.State |= types.SessionState(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - default: - iNdEx = preIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SessionTrackerAddParticipant) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &DownstreamInventoryHello{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SessionTrackerAddParticipant: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionTrackerAddParticipant: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { + m.Msg = &DownstreamInventoryOneOf_Hello{v} + iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Participant", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Ping", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -51326,12 +56983,11 @@ func (m *SessionTrackerAddParticipant) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Participant == nil { - m.Participant = &types.Participant{} - } - if err := m.Participant.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &DownstreamInventoryPing{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Msg = &DownstreamInventoryOneOf_Ping{v} iNdEx = postIndex default: iNdEx = preIndex @@ -51355,7 +57011,7 @@ func (m *SessionTrackerAddParticipant) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionTrackerRemoveParticipant) Unmarshal(dAtA []byte) error { +func (m *DownstreamInventoryPing) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51378,17 +57034,17 @@ func (m *SessionTrackerRemoveParticipant) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionTrackerRemoveParticipant: wiretype end group for non-group") + return fmt.Errorf("proto: DownstreamInventoryPing: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionTrackerRemoveParticipant: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DownstreamInventoryPing: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ParticipantID", wireType) + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } - var stringLen uint64 + m.ID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51398,24 +57054,11 @@ func (m *SessionTrackerRemoveParticipant) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.ID |= uint64(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ParticipantID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -51438,7 +57081,7 @@ func (m *SessionTrackerRemoveParticipant) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionTrackerUpdateExpiry) Unmarshal(dAtA []byte) error { +func (m *UpstreamInventoryPong) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51461,17 +57104,17 @@ func (m *SessionTrackerUpdateExpiry) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionTrackerUpdateExpiry: wiretype end group for non-group") + return fmt.Errorf("proto: UpstreamInventoryPong: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionTrackerUpdateExpiry: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpstreamInventoryPong: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) } - var msglen int + m.ID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51481,28 +57124,11 @@ func (m *SessionTrackerUpdateExpiry) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.ID |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Expires == nil { - m.Expires = new(time.Time) - } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Expires, dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -51525,7 +57151,7 @@ func (m *SessionTrackerUpdateExpiry) Unmarshal(dAtA []byte) error { } return nil } -func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { +func (m *UpstreamInventoryHello) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51548,15 +57174,15 @@ func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UpdateSessionTrackerRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UpstreamInventoryHello: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UpdateSessionTrackerRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpstreamInventoryHello: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -51584,13 +57210,13 @@ func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.Version = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UpdateState", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51600,102 +57226,29 @@ func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionTrackerUpdateState{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Update = &UpdateSessionTrackerRequest_UpdateState{v} + m.ServerID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AddParticipant", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &SessionTrackerAddParticipant{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Update = &UpdateSessionTrackerRequest_AddParticipant{v} - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RemoveParticipant", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &SessionTrackerRemoveParticipant{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Update = &UpdateSessionTrackerRequest_RemoveParticipant{v} - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UpdateExpiry", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Services", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51705,26 +57258,23 @@ func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionTrackerUpdateExpiry{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Update = &UpdateSessionTrackerRequest_UpdateExpiry{v} + m.Services = append(m.Services, github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -51748,7 +57298,7 @@ func (m *UpdateSessionTrackerRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *PresenceMFAChallengeRequest) Unmarshal(dAtA []byte) error { +func (m *DownstreamInventoryHello) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51771,15 +57321,15 @@ func (m *PresenceMFAChallengeRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PresenceMFAChallengeRequest: wiretype end group for non-group") + return fmt.Errorf("proto: DownstreamInventoryHello: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PresenceMFAChallengeRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DownstreamInventoryHello: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -51807,7 +57357,39 @@ func (m *PresenceMFAChallengeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + m.Version = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -51831,7 +57413,7 @@ func (m *PresenceMFAChallengeRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *PresenceMFAChallengeSend) Unmarshal(dAtA []byte) error { +func (m *InventoryHeartbeat) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51854,15 +57436,15 @@ func (m *PresenceMFAChallengeSend) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PresenceMFAChallengeSend: wiretype end group for non-group") + return fmt.Errorf("proto: InventoryHeartbeat: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PresenceMFAChallengeSend: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: InventoryHeartbeat: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ChallengeRequest", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SSHServer", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -51889,46 +57471,12 @@ func (m *PresenceMFAChallengeSend) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &PresenceMFAChallengeRequest{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.SSHServer == nil { + m.SSHServer = &types.ServerV2{} } - m.Request = &PresenceMFAChallengeSend_ChallengeRequest{v} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ChallengeResponse", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &MFAAuthenticateResponse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SSHServer.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Request = &PresenceMFAChallengeSend_ChallengeResponse{v} iNdEx = postIndex default: iNdEx = preIndex @@ -51952,7 +57500,7 @@ func (m *PresenceMFAChallengeSend) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetDomainNameResponse) Unmarshal(dAtA []byte) error { +func (m *InventoryStatusRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -51975,17 +57523,17 @@ func (m *GetDomainNameResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetDomainNameResponse: wiretype end group for non-group") + return fmt.Errorf("proto: InventoryStatusRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetDomainNameResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: InventoryStatusRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DomainName", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Connected", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -51995,24 +57543,12 @@ func (m *GetDomainNameResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DomainName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex + m.Connected = bool(v != 0) default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -52035,7 +57571,7 @@ func (m *GetDomainNameResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetClusterCACertResponse) Unmarshal(dAtA []byte) error { +func (m *InventoryStatusSummary) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52058,17 +57594,17 @@ func (m *GetClusterCACertResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetClusterCACertResponse: wiretype end group for non-group") + return fmt.Errorf("proto: InventoryStatusSummary: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetClusterCACertResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: InventoryStatusSummary: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLSCA", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Connected", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -52078,24 +57614,24 @@ func (m *GetClusterCACertResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.TLSCA = append(m.TLSCA[:0], dAtA[iNdEx:postIndex]...) - if m.TLSCA == nil { - m.TLSCA = []byte{} + m.Connected = append(m.Connected, UpstreamInventoryHello{}) + if err := m.Connected[len(m.Connected)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } iNdEx = postIndex default: @@ -52120,7 +57656,7 @@ func (m *GetClusterCACertResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GenerateTokenRequest) Unmarshal(dAtA []byte) error { +func (m *InventoryPingRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52143,47 +57679,15 @@ func (m *GenerateTokenRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GenerateTokenRequest: wiretype end group for non-group") + return fmt.Errorf("proto: InventoryPingRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateTokenRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: InventoryPingRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -52211,153 +57715,7 @@ func (m *GenerateTokenRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, github_com_gravitational_teleport_api_types.SystemRole(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) - } - m.TTL = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.TTL |= Duration(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Labels == nil { - m.Labels = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthAuthservice - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthAuthservice - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAuthservice - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthAuthservice - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthAuthservice - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipAuthservice(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthAuthservice - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Labels[mapkey] = mapvalue + m.ServerID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -52381,7 +57739,7 @@ func (m *GenerateTokenRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GenerateTokenResponse) Unmarshal(dAtA []byte) error { +func (m *InventoryPingResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52404,17 +57762,17 @@ func (m *GenerateTokenResponse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GenerateTokenResponse: wiretype end group for non-group") + return fmt.Errorf("proto: InventoryPingResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: InventoryPingResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Duration", wireType) } - var stringLen uint64 + m.Duration = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -52424,24 +57782,11 @@ func (m *GenerateTokenResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.Duration |= time.Duration(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAuthservice - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAuthservice - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Token = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) @@ -52464,7 +57809,7 @@ func (m *GenerateTokenResponse) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetOIDCAuthRequestRequest) Unmarshal(dAtA []byte) error { +func (m *GetClusterAlertsResponse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52487,17 +57832,17 @@ func (m *GetOIDCAuthRequestRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetOIDCAuthRequestRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetClusterAlertsResponse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetOIDCAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetClusterAlertsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Alerts", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -52507,23 +57852,25 @@ func (m *GetOIDCAuthRequestRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.StateToken = string(dAtA[iNdEx:postIndex]) + m.Alerts = append(m.Alerts, types.ClusterAlert{}) + if err := m.Alerts[len(m.Alerts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -52547,7 +57894,7 @@ func (m *GetOIDCAuthRequestRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSAMLAuthRequestRequest) Unmarshal(dAtA []byte) error { +func (m *UpsertClusterAlertRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52570,17 +57917,17 @@ func (m *GetSAMLAuthRequestRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSAMLAuthRequestRequest: wiretype end group for non-group") + return fmt.Errorf("proto: UpsertClusterAlertRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSAMLAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpsertClusterAlertRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Alert", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -52590,23 +57937,24 @@ func (m *GetSAMLAuthRequestRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.ID = string(dAtA[iNdEx:postIndex]) + if err := m.Alert.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -52630,7 +57978,7 @@ func (m *GetSAMLAuthRequestRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetGithubAuthRequestRequest) Unmarshal(dAtA []byte) error { +func (m *GetConnectionDiagnosticRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52653,15 +58001,15 @@ func (m *GetGithubAuthRequestRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetGithubAuthRequestRequest: wiretype end group for non-group") + return fmt.Errorf("proto: GetConnectionDiagnosticRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetGithubAuthRequestRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GetConnectionDiagnosticRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -52689,7 +58037,7 @@ func (m *GetGithubAuthRequestRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.StateToken = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -52713,7 +58061,7 @@ func (m *GetGithubAuthRequestRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *GetSSODiagnosticInfoRequest) Unmarshal(dAtA []byte) error { +func (m *AppendDiagnosticTraceRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -52736,15 +58084,15 @@ func (m *GetSSODiagnosticInfoRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GetSSODiagnosticInfoRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AppendDiagnosticTraceRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GetSSODiagnosticInfoRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppendDiagnosticTraceRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuthRequestKind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -52772,13 +58120,13 @@ func (m *GetSSODiagnosticInfoRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AuthRequestKind = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuthRequestID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Trace", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAuthservice @@ -52788,23 +58136,27 @@ func (m *GetSSODiagnosticInfoRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthAuthservice } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAuthservice } if postIndex > l { return io.ErrUnexpectedEOF } - m.AuthRequestID = string(dAtA[iNdEx:postIndex]) + if m.Trace == nil { + m.Trace = &types.ConnectionDiagnosticTrace{} + } + if err := m.Trace.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex diff --git a/api/client/proto/authservice.proto b/api/client/proto/authservice.proto deleted file mode 100644 index e26ab0f70d931..0000000000000 --- a/api/client/proto/authservice.proto +++ /dev/null @@ -1,2319 +0,0 @@ -// Copyright 2021-2022 Gravitational, Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; -package proto; - -import "gogoproto/gogo.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; - -import "certs.proto"; - -import "github.com/gravitational/teleport/api/types/types.proto"; -import "github.com/gravitational/teleport/api/types/webauthn/webauthn.proto"; -import "github.com/gravitational/teleport/api/types/wrappers/wrappers.proto"; -import "github.com/gravitational/teleport/api/types/events/events.proto"; - -option (gogoproto.marshaler_all) = true; -option (gogoproto.unmarshaler_all) = true; -option (gogoproto.goproto_getters_all) = true; - -// Operation identifies type of operation -enum Operation { - // INIT is sent as a first sentinel event - // on the watch channel - INIT = 0; - // PUT identifies created or updated object - PUT = 1; - // DELETE identifies deleted object - DELETE = 2; -} - -// Event returns cluster event -message Event { - reserved 7; - - // Operation identifies operation - Operation Type = 1 [ (gogoproto.jsontag) = "type,omitempty" ]; - // Resource contains the updated resource - oneof Resource { - // ResourceHeader is specified in delete events, - // the full object is not available, so resource - // header is used to provide information about object type - types.ResourceHeader ResourceHeader = 2 [ (gogoproto.jsontag) = "resource,omitempty" ]; - // CertAuthority is filled in certificate-authority related events - types.CertAuthorityV2 CertAuthority = 3 - [ (gogoproto.jsontag) = "cert_authority,omitempty" ]; - // StaticTokens is filled in static-tokens related events - types.StaticTokensV2 StaticTokens = 4 [ (gogoproto.jsontag) = "static_tokens,omitempty" ]; - // ProvisionToken is filled in provision-token related events - types.ProvisionTokenV2 ProvisionToken = 5 - [ (gogoproto.jsontag) = "provision_token,omitempty" ]; - // ClusterNameV2 is a cluster name resource - types.ClusterNameV2 ClusterName = 6 [ (gogoproto.jsontag) = "cluster_name,omitempty" ]; - // User is a user resource - types.UserV2 User = 8 [ (gogoproto.jsontag) = "user,omitempty" ]; - // Role is a role resource - types.RoleV5 Role = 9 [ (gogoproto.jsontag) = "role,omitempty" ]; - // Namespace is a namespace resource - types.Namespace Namespace = 10 [ (gogoproto.jsontag) = "namespace,omitempty" ]; - // Server is a node or proxy resource - types.ServerV2 Server = 11 [ (gogoproto.jsontag) = "server,omitempty" ]; - // ReverseTunnel is a resource with reverse tunnel - types.ReverseTunnelV2 ReverseTunnel = 12 - [ (gogoproto.jsontag) = "reverse_tunnel,omitempty" ]; - // TunnelConnection is a resource for tunnel connnections - types.TunnelConnectionV2 TunnelConnection = 13 - [ (gogoproto.jsontag) = "tunnel_connection,omitempty" ]; - // AccessRequest is a resource for access requests - types.AccessRequestV3 AccessRequest = 14 - [ (gogoproto.jsontag) = "access_request,omitempty" ]; - // AppSession is an application web session. - types.WebSessionV2 AppSession = 15 [ (gogoproto.jsontag) = "app_session,omitempty" ]; - // RemoteCluster is a resource for remote clusters - types.RemoteClusterV3 RemoteCluster = 16 - [ (gogoproto.jsontag) = "remote_cluster,omitempty" ]; - // DatabaseServer is a resource for database servers. - types.DatabaseServerV3 DatabaseServer = 17 - [ (gogoproto.jsontag) = "database_server,omitempty" ]; - // WebSession is a regular web session. - types.WebSessionV2 WebSession = 18 [ (gogoproto.jsontag) = "web_session,omitempty" ]; - // WebToken is a web token. - types.WebTokenV3 WebToken = 19 [ (gogoproto.jsontag) = "web_token,omitempty" ]; - // ClusterNetworkingConfig is a resource for cluster networking configuration. - types.ClusterNetworkingConfigV2 ClusterNetworkingConfig = 20 - [ (gogoproto.jsontag) = "cluster_networking_config,omitempty" ]; - // SessionRecordingConfig is a resource for session recording configuration. - types.SessionRecordingConfigV2 SessionRecordingConfig = 21 - [ (gogoproto.jsontag) = "session_recording_config,omitempty" ]; - // AuthPreference is cluster auth preference. - types.AuthPreferenceV2 AuthPreference = 22 - [ (gogoproto.jsontag) = "auth_preference,omitempty" ]; - // ClusterAuditConfig is a resource for cluster audit configuration. - types.ClusterAuditConfigV2 ClusterAuditConfig = 23 - [ (gogoproto.jsontag) = "cluster_audit_config,omitempty" ]; - // Lock is a lock resource. - types.LockV2 Lock = 24 [ (gogoproto.jsontag) = "lock,omitempty" ]; - // NetworkRestrictions is a resource for network restrictions - types.NetworkRestrictionsV4 NetworkRestrictions = 25 - [ (gogoproto.jsontag) = "network_restrictions,omitempty" ]; - // WindowsDesktopService is a resource for Windows desktop services. - types.WindowsDesktopServiceV3 WindowsDesktopService = 26 - [ (gogoproto.jsontag) = "windows_desktop_service,omitempty" ]; - // WindowsDesktop is a resource for Windows desktop host. - types.WindowsDesktopV3 WindowsDesktop = 27 - [ (gogoproto.jsontag) = "windows_desktop,omitempty" ]; - // Database is a database resource. - types.DatabaseV3 Database = 28 [ (gogoproto.jsontag) = "database,omitempty" ]; - // AppServer is an application server resource. - types.AppServerV3 AppServer = 29 [ (gogoproto.jsontag) = "app_server,omitempty" ]; - // App is an application resource. - types.AppV3 App = 30 [ (gogoproto.jsontag) = "app,omitempty" ]; - // SnowflakeSession is a Snowflake web session. - types.WebSessionV2 SnowflakeSession = 31 - [ (gogoproto.jsontag) = "snowflake_session,omitempty" ]; - } -} - -// Watch specifies watch parameters -message Watch { - // Kinds specifies object kinds to watch - repeated WatchKind Kinds = 1 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "kinds,omitempty" ]; -} - -// WatchKind specifies resource kind to watch -message WatchKind { - // Kind is a resource kind to watch - string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; - // LoadSecrets specifies whether to load secrets - bool LoadSecrets = 2 [ (gogoproto.jsontag) = "load_secrets" ]; - // Name is an optional specific resource type to watch, - // if specified only the events with a specific resource - // name will be sent - string Name = 3 [ (gogoproto.jsontag) = "name" ]; - // Filter is an optional mapping of custom filter parameters. - // Valid values vary by resource kind. - map Filter = 4 [ (gogoproto.jsontag) = "filter,omitempty" ]; - // SubKind is a resource subkind to watch - string SubKind = 5 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; -} - -// HostCertsRequest specifies certificate-generation parameters -// for a server. -message HostCertsRequest { - // HostID is a unique ID of the host. - string HostID = 1 [ (gogoproto.jsontag) = "host_id" ]; - // NodeName is a user-friendly host name. - string NodeName = 2 [ (gogoproto.jsontag) = "node_name" ]; - // Role is a system role assigned to the host. - string Role = 3 [ - (gogoproto.jsontag) = "role", - (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" - ]; - // AdditionalPrincipals is a list of additional principals - // to include in OpenSSH and X509 certificates - repeated string AdditionalPrincipals = 4 - [ (gogoproto.jsontag) = "additional_principals,omitempty" ]; - // DNSNames is a list of DNS names to include in x509 certificates. - repeated string DNSNames = 5 [ (gogoproto.jsontag) = "dns_names,omitempty" ]; - // PublicTLSKey is a PEM encoded public key, which the auth server will use - // to create a signed TLS certificate. This field is required. - bytes PublicTLSKey = 6 [ (gogoproto.jsontag) = "public_tls_key" ]; - // PublicSSHKey is a SSH encoded public key, which the auth server will use - // to create a signed SSH certificate. This field is required. - bytes PublicSSHKey = 7 [ (gogoproto.jsontag) = "public_ssh_key" ]; - // RemoteAddr is the IP address of the remote host requesting a certificate. - // RemoteAddr is used to replace 0.0.0.0 in the list of additional principals. - string RemoteAddr = 8 [ (gogoproto.jsontag) = "remote_addr" ]; - // Rotation allows clients to send the certificate authority rotation state - // expected by the client so that auth servers can avoid the situation when - // clients request certs assuming one state and auth servers issue another. - types.Rotation Rotation = 9 [ (gogoproto.jsontag) = "rotation,omitempty" ]; - // NoCache is argument that only local callers can supply to bypass cache - bool NoCache = 10 [ (gogoproto.jsontag) = "-" ]; -} - -// UserCertRequest specifies certificate-generation parameters -// for a user. -message UserCertsRequest { - // PublicKey is a public key to be signed. - bytes PublicKey = 1 [ (gogoproto.jsontag) = "public_key" ]; - // Username of key owner. - string Username = 2 [ (gogoproto.jsontag) = "username" ]; - // Expires is a desired time of the expiry of the certificate, could - // be adjusted based on the permissions - google.protobuf.Timestamp Expires = 3 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "expires,omitempty" - ]; - // Format encodes the desired SSH Certificate format (either old ssh - // compatibility - // format to remove some metadata causing trouble with old SSH servers) - // or standard SSH cert format with custom extensions - string Format = 4 [ (gogoproto.jsontag) = "format,omitempty" ]; - // RouteToCluster is an optional cluster name to add to the certificate, - // so that requests originating with this certificate will be redirected - // to this cluster - string RouteToCluster = 5 [ (gogoproto.jsontag) = "route_to_cluster,omitempty" ]; - // AccessRequests is an optional list of request IDs indicating requests whose - // escalated privileges should be added to the certificate. - repeated string AccessRequests = 6 [ (gogoproto.jsontag) = "access_requests,omitempty" ]; - // KubernetesCluster specifies the target kubernetes cluster for TLS - // identities. This can be empty on older Teleport clients. - string KubernetesCluster = 7 [ (gogoproto.jsontag) = "kubernetes_cluster,omitempty" ]; - // RouteToDatabase specifies the target database proxy name to encode into - // certificate so database client requests are routed appropriately. - RouteToDatabase RouteToDatabase = 8 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "route_to_database,omitempty" ]; - - // NodeName is the name of the SSH node that this user certificate will be - // scoped to. - string NodeName = 9 [ (gogoproto.jsontag) = "node_name,omitempty" ]; - - enum CertUsage { - // All means a request for both SSH and TLS certificates for the - // overall user session. These certificates are not specific to any SSH - // node, Kubernetes cluster, database or web app. - All = 0; - // SSH means a request for an SSH certificate for access to a specific - // SSH node, as specified by NodeName. - SSH = 1; - // Kubernetes means a request for a TLS certificate for access to a - // specific Kubernetes cluster, as specified by KubernetesCluster. - Kubernetes = 2; - // Database means a request for a TLS certificate for access to a - // specific database, as specified by RouteToDatabase. - Database = 3; - // App means a request for a TLS certificate for access to a specific - // web app, as specified by RouteToApp. - App = 4; - // WindowsDesktop means a request for a TLS certificate for access to a specific - // windows desktop. - WindowsDesktop = 5; - } - // CertUsage limits the resulting user certificate to a single protocol. - CertUsage Usage = 10 [ (gogoproto.jsontag) = "usage,omitempty" ]; - - // RouteToApp specifies application to issue certificate for. - RouteToApp RouteToApp = 11 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "route_to_app,omitempty" ]; - - // RoleRequests specify an alternative set of named roles to apply to the - // certificate, assuming the requestor is allowed to impersonate said roles - // directly. An empty set of requests returns the user's normal set of - // roles. - repeated string RoleRequests = 12 [ (gogoproto.jsontag) = "role_requests,omitempty" ]; - - // RouteToWindowsDesktop specifies the target windows desktop name to encode into - // certificate so windows desktop client requests are routed appropriately. - RouteToWindowsDesktop RouteToWindowsDesktop = 13 [ - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "route_to_windows_desktop,omitempty" - ]; -} - -// RouteToDatabase combines parameters for database service routing information. -message RouteToDatabase { - // ServiceName is the Teleport database proxy service name the cert is for. - string ServiceName = 1 [ (gogoproto.jsontag) = "service_name" ]; - // Protocol is the type of the database the cert is for. - string Protocol = 2 [ (gogoproto.jsontag) = "protocol" ]; - // Username is an optional database username to embed. - string Username = 3 [ (gogoproto.jsontag) = "username,omitempty" ]; - // Database is an optional database name to embed. - string Database = 4 [ (gogoproto.jsontag) = "database,omitempty" ]; -} - -// RouteToWindowsDesktop combines parameters for windows desktop routing information. -message RouteToWindowsDesktop { - // WindowsDesktop is the Windows Desktop server name to embed. - string WindowsDesktop = 1 [ (gogoproto.jsontag) = "windows_desktop" ]; - // Login is the Windows desktop user login to embed. - string Login = 2 [ (gogoproto.jsontag) = "login" ]; -} - -// RouteToApp contains parameters for application access certificate requests. -message RouteToApp { - // Name is the application name certificate is being requested for. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - // SessionID is the ID of the application session. - string SessionID = 2 [ (gogoproto.jsontag) = "session_id" ]; - // PublicAddr is the application public address. - string PublicAddr = 3 [ (gogoproto.jsontag) = "public_addr" ]; - // ClusterName is the cluster where the application resides. - string ClusterName = 4 [ (gogoproto.jsontag) = "cluster_name" ]; - // AWSRoleARN is the AWS role to assume when accessing AWS API. - string AWSRoleARN = 5 [ (gogoproto.jsontag) = "aws_role_arn,omitempty" ]; -} - -// GetUserRequest specifies parameters for the GetUser method. -message GetUserRequest { - // Name is the name of the desired user. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - // WithSecrets specifies whether to load associated secrets. - bool WithSecrets = 2 [ (gogoproto.jsontag) = "with_secrets,omitempty" ]; -} - -// GetUsersRequest specifies parameters for the GetUsers method. -message GetUsersRequest { - // WithSecrets specifies whether to load associated secrets. - bool WithSecrets = 1 [ (gogoproto.jsontag) = "with_secrets" ]; -} - -// AccessRequests is a collection of AccessRequest values. -message AccessRequests { - repeated types.AccessRequestV3 AccessRequests = 1 [ (gogoproto.jsontag) = "access_requests" ]; -} - -// PluginDataSeq is a sequence of plugin data. -message PluginDataSeq { - repeated types.PluginDataV3 PluginData = 1 [ (gogoproto.jsontag) = "plugin_data" ]; -} - -// RequestStateSetter encodes the paramters necessary to update the -// state of a privilege escalation request. -message RequestStateSetter { - // ID is the request ID being targeted - string ID = 1 [ (gogoproto.jsontag) = "id" ]; - // State is the desired state to be set - types.RequestState State = 2 [ (gogoproto.jsontag) = "state" ]; - // Delegator is an optional indicator of who delegated this - // state update (used by plugins to indicate which user approved - // or denied the request). - string Delegator = 3 [ (gogoproto.jsontag) = "delegator,omitempty" ]; - // Reason is an optional message indicating the reason for the - // resolution (approval, denail , etc...). - string Reason = 4 [ (gogoproto.jsontag) = "reason,omitempty" ]; - // Annotations are key/value pairs received from plugins during request - // resolution. They are currently only used to provide additional logging - // information. - wrappers.LabelValues Annotations = 5 [ - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "annotations,omitempty", - (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" - ]; - // Roles, if present, overrides the existing set of roles associated - // with the access request. - repeated string Roles = 6 [ (gogoproto.jsontag) = "roles,omitempty" ]; -} - -// RequestID is the unique identifier of an access request. -message RequestID { string ID = 1 [ (gogoproto.jsontag) = "id" ]; } - -// RotateUserTokenSecretsRequest is a request to rotate token secrets. -message RotateUserTokenSecretsRequest { string TokenID = 1 [ (gogoproto.jsontag) = "token" ]; } - -// GetResetPasswordTokenRequest is a request to get a reset password token. -message GetResetPasswordTokenRequest { string TokenID = 1 [ (gogoproto.jsontag) = "token" ]; } - -// CreateResetPasswordTokenRequest is a request to create a reset password token. -message CreateResetPasswordTokenRequest { - // Name is the user name. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - // Type is a token type. - string Type = 2 [ (gogoproto.jsontag) = "type" ]; - // TTL specifies how long the generated token is valid for. - int64 TTL = 3 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; -} - -// RenewableCertsRequest is a request to generate a first set of renewable -// certificates from a bot join token. -message RenewableCertsRequest { - // Token is a bot join token. - string Token = 1 [ (gogoproto.jsontag) = "token" ]; - - // PublicKey is a public key to be signed. - bytes PublicKey = 2 [ (gogoproto.jsontag) = "public_key" ]; -} - -// CreateBotRequest is used to create a bot User and associated resources. -message CreateBotRequest { - // Name is the name of the bot, i.e. the unprefixed User name. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - - // TTL is the desired TTL for the token if one is created. If unset, a - // server default is used. - int64 TTL = 2 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; - - // TokenID is an optional token name of an EC2/IAM join token should be - // used. If unset, a new random token is created and its name returned. - string TokenID = 3 [ (gogoproto.jsontag) = "token_id" ]; - - // Roles is a list of roles the created bot should be allowed to assume - // via role impersonation. - repeated string Roles = 4 [ (gogoproto.jsontag) = "roles" ]; -} - -// CreateBotResponse returns details for bootstrapping a new bot. -message CreateBotResponse { - // UserName is the name of the associated bot user. - string UserName = 1 [ (gogoproto.jsontag) = "user_name" ]; - // RoleName is the name of the associated bot role. - string RoleName = 2 [ (gogoproto.jsontag) = "role_name" ]; - // TokenID is the name of the join token for the bot. - string TokenID = 3 [ (gogoproto.jsontag) = "token_id" ]; - // TokenTTL is the TTL for the token. If it differs from the requested TTL, - // it may have been limited by server policy. - int64 TokenTTL = 4 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; - // JoinMethod is the join method the bot must use to join the cluster. - string JoinMethod = 5 [ - (gogoproto.jsontag) = "join_method", - (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.JoinMethod" - ]; -} - -// DeleteBotRequest is a request to delete a bot user -message DeleteBotRequest { - // Name is the name of the bot, i.e. the unprefixed User name. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; -} - -// GetBotUsersRequest specifies parameters for the GetUsers method. -message GetBotUsersRequest { - // GetBotUsers currently takes no parameters. -} - -// PingRequest is the input value for the Ping method. -message PingRequest { - // Ping method currently takes no parameters -} - -// PingResponse contains data about the teleport auth server. -message PingResponse { - // ClusterName is the name of the teleport cluster. - string ClusterName = 1 [ (gogoproto.jsontag) = "cluster_name" ]; - // ServerVersion is the version of the auth server. - string ServerVersion = 2 [ (gogoproto.jsontag) = "server_version" ]; - // ServerFeatures are the features supported by the auth server. - Features ServerFeatures = 3 [ (gogoproto.jsontag) = "server_features" ]; - // ProxyPublicAddr is the server's public proxy address. - string ProxyPublicAddr = 4 [ (gogoproto.jsontag) = "proxy_public_addr" ]; - // IsBoring signals whether or not the server was compiled with BoringCrypto. - bool IsBoring = 5 [ (gogoproto.jsontag) = "is_boring" ]; -} - -// Features are auth server features. -message Features { - // Kubernetes enables Kubernetes Access product - bool Kubernetes = 1 [ (gogoproto.jsontag) = "kubernetes" ]; - // App enables Application Access product - bool App = 2 [ (gogoproto.jsontag) = "app" ]; - // DB enables database access product - bool DB = 3 [ (gogoproto.jsontag) = "db" ]; - // OIDC enables OIDC connectors - bool OIDC = 4 [ (gogoproto.jsontag) = "oidc" ]; - // SAML enables SAML connectors - bool SAML = 5 [ (gogoproto.jsontag) = "saml" ]; - // AccessControls enables FIPS access controls - bool AccessControls = 6 [ (gogoproto.jsontag) = "access_controls" ]; - // AdvancedAccessWorkflows enables advanced access workflows - bool AdvancedAccessWorkflows = 7 [ (gogoproto.jsontag) = "advanced_access_workflows" ]; - // Cloud enables some cloud-related features - bool Cloud = 8 [ (gogoproto.jsontag) = "cloud" ]; - // HSM enables PKCS#11 HSM support - bool HSM = 9 [ (gogoproto.jsontag) = "hsm" ]; - // Desktop enables desktop access product - bool Desktop = 10 [ (gogoproto.jsontag) = "desktop" ]; - // ModeratedSessions enables moderated sessions product - bool ModeratedSessions = 11 [ (gogoproto.jsontag) = "moderated_sessions" ]; -} - -// DeleteUserRequest is the input value for the DeleteUser method. -message DeleteUserRequest { - // Name is the user name to delete. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; -} - -// Semaphores is a sequence of Semaphore resources. -message Semaphores { - repeated types.SemaphoreV3 Semaphores = 1 [ (gogoproto.jsontag) = "semaphores" ]; -} - -// AuditStreamRequest contains stream request - event or stream control request -message AuditStreamRequest { - // Request is either stream request - create, resume or complete stream - // or event submitted as a part of the stream - oneof Request { - // CreateStream creates the stream for session ID - // should be the first message sent to the stream - CreateStream CreateStream = 1; - // ResumeStream resumes existing stream, should be the - // first message sent to the stream - ResumeStream ResumeStream = 2; - // CompleteStream completes the stream - CompleteStream CompleteStream = 3; - // FlushAndClose flushes and closes the stream - FlushAndCloseStream FlushAndCloseStream = 4; - // Event contains the stream event - events.OneOf Event = 5; - } -} - -// AuditStreamStatus returns audit stream status -// with corresponding upload ID -message AuditStreamStatus { - // UploadID is upload ID associated with the stream, - // can be used to resume the stream - string UploadID = 1; -} - -// CreateStream creates stream for a new session ID -message CreateStream { string SessionID = 1; } - -// ResumeStream resumes stream that was previously created -message ResumeStream { - // SessionID is a session ID of the stream - string SessionID = 1; - // UploadID is upload ID to resume - string UploadID = 2; -} - -// CompleteStream completes the stream -// and uploads it to the session server -message CompleteStream {} - -// FlushAndCloseStream flushes the stream data and closes the stream -message FlushAndCloseStream {} - -// GetApplicationServersRequest is a request to fetch all registered apps. -// DELETE IN 10.0. -message GetApplicationServersRequest { - // Namespace is the app servers namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; -} - -// GetApplicationServersResponse contains all registered app servers. -// DELETE IN 10.0. -message GetApplicationServersResponse { - // Servers is a list of proxied applications. - repeated types.AppServerV3 Servers = 1 [ (gogoproto.jsontag) = "servers" ]; -} - -// UpsertApplicationServerRequest upserts an app server. -message UpsertApplicationServerRequest { - // Server is an app server resource to register. - types.AppServerV3 Server = 1 [ (gogoproto.jsontag) = "server" ]; -} - -// DeleteApplicationServerRequest is a request to delete an app server. -message DeleteApplicationServerRequest { - // Namespace is the app server namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; - // HostID is the app server host uuid. - string HostID = 2 [ (gogoproto.jsontag) = "host_id" ]; - // Name is the name of the application to delete. - string Name = 3 [ (gogoproto.jsontag) = "name" ]; -} - -// DeleteAllApplicationServersRequest are the parameters used to remove all applications. -message DeleteAllApplicationServersRequest { - // Namespace is the app servers namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; -} - -// GetAppServersRequest are the parameters used to request application servers. -// -// DELETE IN 9.0. Deprecated, use GetApplicationServersRequest. -message GetAppServersRequest { - // Namespace is the namespace for application. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; - // DEPRECATED: SkipValidation is used to skip JSON schema validation. - bool SkipValidation = 2 [ deprecated = true, (gogoproto.jsontag) = "skip_validation" ]; -} - -// GetAppServersResponse contains all requested application servers. -// -// DELETE IN 9.0. Deprecated, use GetApplicationServersResponse. -message GetAppServersResponse { - // Servers is a slice of types.Server that represent applications. - repeated types.ServerV2 Servers = 1 [ (gogoproto.jsontag) = "servers" ]; -} - -// UpsertAppServerRequest are the parameters used to add an application. -// -// DELETE IN 9.0. Deprecated, use UpsertApplicationServerRequest. -message UpsertAppServerRequest { types.ServerV2 Server = 1 [ (gogoproto.jsontag) = "server" ]; } - -// DeleteAppServerRequest are the parameters used to remove an application. -// -// DELETE IN 9.0. Deprecated, use DeleteApplicationServerRequest. -message DeleteAppServerRequest { - // Namespace is the namespace for application. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; - // Name is the name of the application to delete. - string Name = 2 [ (gogoproto.jsontag) = "name" ]; -} - -// DeleteAllAppServersRequest are the parameters used to remove all applications. -// -// DELETE IN 9.0. Deprecated, use DeleteAllApplicationServersRequest. -message DeleteAllAppServersRequest { - // Namespace is the namespace for application. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; -} - -// GenerateAppTokenRequest are the parameters used to request an application -// token. -message GenerateAppTokenRequest { - // Username is the Teleport username. - string Username = 1 [ (gogoproto.jsontag) = "username" ]; - // Roles is a list of Teleport roles assigned to the user. - repeated string Roles = 2 [ (gogoproto.jsontag) = "roles" ]; - // URI is the URI of the application this token is targeting. - string URI = 3 [ (gogoproto.jsontag) = "uri" ]; - // Expires is the time this token expires. - google.protobuf.Timestamp Expires = 4 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "expires" - ]; -} - -// GenerateAppTokenResponse contains a signed application token. -message GenerateAppTokenResponse { string Token = 1 [ (gogoproto.jsontag) = "token" ]; } - -// GetAppSessionRequest are the parameters used to request an application web session. -message GetAppSessionRequest { - // SessionID is the ID of the session being requested. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id" ]; -} - -// GetAppSessionResponse contains the requested application web session. -message GetAppSessionResponse { - // Session is the application web session. - types.WebSessionV2 Session = 1 [ (gogoproto.jsontag) = "session" ]; -} - -// GetAppSessionsResponse contains all the requested application web sessions. -message GetAppSessionsResponse { - // Sessions is a list of application web sessions. - repeated types.WebSessionV2 Sessions = 1 [ (gogoproto.jsontag) = "sessions" ]; -} - -// GetSnowflakeSessionsResponse contains all the requested Snowflake web sessions. -message GetSnowflakeSessionsResponse { - // Sessions is a list of Snowflake web sessions. - repeated types.WebSessionV2 Sessions = 1 [ (gogoproto.jsontag) = "sessions" ]; -} - -// CreateAppSessionRequest contains the parameters to request a application web session. -message CreateAppSessionRequest { - reserved 2; - // Username is the name of the user requesting the session. - string Username = 1 [ (gogoproto.jsontag) = "username" ]; - // PublicAddr is the public address the application. - string PublicAddr = 3 [ (gogoproto.jsontag) = "public_addr" ]; - // ClusterName is cluster within which the application is running. - string ClusterName = 4 [ (gogoproto.jsontag) = "cluster_name" ]; - // AWSRoleARN is AWS role the user wants to assume. - string AWSRoleARN = 5 [ (gogoproto.jsontag) = "aws_role_arn" ]; -} - -// CreateAppSessionResponse contains the requested application web session. -message CreateAppSessionResponse { - // Session is the application web session. - types.WebSessionV2 Session = 1 [ (gogoproto.jsontag) = "session" ]; -} - -// CreateSnowflakeSessionRequest contains data required to create Snowflake web session. -message CreateSnowflakeSessionRequest { - // Username is the name of the user requesting the session. - string Username = 1 [ (gogoproto.jsontag) = "username" ]; - // SessionToken is the Snowflake server session token. - string SessionToken = 2 [ (gogoproto.jsontag) = "session_token" ]; - // TokenTTL is the token validity period. - int64 TokenTTL = 3 [ (gogoproto.jsontag) = "token_ttl", (gogoproto.casttype) = "Duration" ]; -} - -// CreateSnowflakeSessionResponse contains Snowflake WebSession. -message CreateSnowflakeSessionResponse { - types.WebSessionV2 Session = 1 [ (gogoproto.jsontag) = "session" ]; -} - -// GetSnowflakeSessionRequest are the parameters used to request an Snowflake web session. -message GetSnowflakeSessionRequest { - // SessionID is the ID of the session being requested. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id" ]; -} - -// GetSnowflakeSessionResponse contains the requested Snowflake web session. -message GetSnowflakeSessionResponse { - // Session is the Snowflake web session. - types.WebSessionV2 Session = 1 [ (gogoproto.jsontag) = "session" ]; -} - -// DeleteAppSessionRequest contains the parameters used to remove an application web session. -message DeleteAppSessionRequest { string SessionID = 1 [ (gogoproto.jsontag) = "session_id" ]; } - -// DeleteSnowflakeSessionRequest contains the parameters used to remove a Snowflake web session. -message DeleteSnowflakeSessionRequest { - string SessionID = 1 [ (gogoproto.jsontag) = "session_id" ]; -} - -// DeleteUserAppSessionsRequest contains the parameters used to remove the -// user's application web sessions. -message DeleteUserAppSessionsRequest { string Username = 1 [ (gogoproto.jsontag) = "username" ]; } - -// GetWebSessionResponse contains the requested web session. -message GetWebSessionResponse { - // Session is the web session. - types.WebSessionV2 Session = 1 [ (gogoproto.jsontag) = "session" ]; -} - -// GetWebSessionsResponse contains all the requested web sessions. -message GetWebSessionsResponse { - // Sessions is a list of web sessions. - repeated types.WebSessionV2 Sessions = 1 [ (gogoproto.jsontag) = "sessions" ]; -} - -// GetWebTokenResponse contains the requested web token. -message GetWebTokenResponse { - // Token is the web token being requested. - types.WebTokenV3 Token = 1 [ (gogoproto.jsontag) = "token" ]; -} - -// GetWebTokensResponse contains all the requested web tokens. -message GetWebTokensResponse { - // Tokens is a list of web tokens. - repeated types.WebTokenV3 Tokens = 1 [ (gogoproto.jsontag) = "tokens" ]; -} - -// GetKubeServicesRequest are the parameters used to request kubernetes services. -// DELETE IN 10.0 -message GetKubeServicesRequest {} - -// GetKubeServicesResponse contains all requested kubernetes services. -// DELETE IN 10.0 -message GetKubeServicesResponse { - // Servers is a slice of types.Server that represent kubernetes - // services. - repeated types.ServerV2 Servers = 1 [ (gogoproto.jsontag) = "servers" ]; -} - -// UpsertKubeServiceRequest are the parameters used to add or update a -// kubernetes service. -message UpsertKubeServiceRequest { types.ServerV2 Server = 1 [ (gogoproto.jsontag) = "server" ]; } - -// DeleteKubeServiceRequest are the parameters used to remove a kubernetes service. -message DeleteKubeServiceRequest { - // Name is the name of the kubernetes service to delete. - string Name = 2 [ (gogoproto.jsontag) = "name" ]; -} - -// DeleteAllKubeServicesRequest are the parameters used to remove all kubernetes services. -message DeleteAllKubeServicesRequest {} - -// GetDatabaseServersRequest is a request to return all registered database servers. -// DELETE IN 10.0. -message GetDatabaseServersRequest { - // Namespace is the database server namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; - // DEPRECATED: SkipValidation allows to turn off JSON schema validation. - bool SkipValidation = 2 [ deprecated = true, (gogoproto.jsontag) = "skip_validation" ]; -} - -// GetDatabaseServersResponse contains all registered database servers. -// DELETE IN 10.0. -message GetDatabaseServersResponse { - // Servers is a list of database proxy servers. - repeated types.DatabaseServerV3 Servers = 1 [ (gogoproto.jsontag) = "servers" ]; -} - -// UpsertDatabaseServerRequest is a request to register database server. -message UpsertDatabaseServerRequest { - // Server is the database proxy server to register. - types.DatabaseServerV3 Server = 1 [ (gogoproto.jsontag) = "server" ]; -} - -// DeleteDatabaseServerRequest is a request to delete a database server. -message DeleteDatabaseServerRequest { - // Namespace is the database server namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; - // HostID is the ID of the host database server is running on. - string HostID = 2 [ (gogoproto.jsontag) = "host_id" ]; - // Name is the database server name. - string Name = 3 [ (gogoproto.jsontag) = "name" ]; -} - -// DeleteAllDatabaseServersRequest is a request to delete all database servers. -message DeleteAllDatabaseServersRequest { - // Namespace is the database servers namespace. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace" ]; -} - -// DatabaseCSRRequest is a request to generate a client certificate used -// by the proxy to authenticate with a remote database service. -message DatabaseCSRRequest { - // CSR is the request to sign. - bytes CSR = 1 [ (gogoproto.jsontag) = "csr" ]; - // ClusterName is the name of the cluster the request is for. - string ClusterName = 2 [ (gogoproto.jsontag) = "cluster_name" ]; - // SignWithDatabaseCA if set to true will use Database CA to sign the created certificate. - // This flag was created to enable Database CA for new proxies and don't break old one that - // are still using UserCA. - // DELETE IN 11.0. - bool SignWithDatabaseCA = 3 [ (gogoproto.jsontag) = "sign_with_database_ca" ]; -} - -// DatabaseCSRResponse contains the signed database certificate. -message DatabaseCSRResponse { - // Cert is the signed certificate. - bytes Cert = 1 [ (gogoproto.jsontag) = "cert" ]; - // CACerts is a list of certificate authorities. - repeated bytes CACerts = 2 [ (gogoproto.jsontag) = "ca_certs" ]; -} - -// DatabaseCertRequest is a request to generate a client certificate used -// by a database service to authenticate with a database instance. -message DatabaseCertRequest { - // CSR is the request to sign. - bytes CSR = 1 [ (gogoproto.jsontag) = "csr" ]; - // ServerName is the SAN to include in the certificate. - // DEPRECATED: Replaced by ServerNames. - string ServerName = 2 [ (gogoproto.jsontag) = "server_name", deprecated = true ]; - // TTL is the certificate validity period. - int64 TTL = 3 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; - // ServerNames are SANs to include in the certificate. - repeated string ServerNames = 4 [ (gogoproto.jsontag) = "server_names" ]; - // Requester is a name of service that sent the request. - enum Requester { - // UNSPECIFIED is set when the requester in unknown. - UNSPECIFIED = 0; - // TCTL is set when request was sent by tctl tool. - TCTL = 1; - } - // RequesterName identifies who sent the request. - Requester RequesterName = 5 [ (gogoproto.jsontag) = "requester_name" ]; -} - -// DatabaseCertResponse contains the signed certificate. -message DatabaseCertResponse { - // Cert is the signed certificate. - bytes Cert = 1 [ (gogoproto.jsontag) = "cert" ]; - // CACerts is a list of certificate authorities. - repeated bytes CACerts = 2 [ (gogoproto.jsontag) = "ca_certs" ]; -} - -// SnowflakeJWTRequest contains data required to generate Snowflake JWT used for authorization. -message SnowflakeJWTRequest { - string AccountName = 1 [ (gogoproto.jsontag) = "account_name" ]; - string UserName = 2 [ (gogoproto.jsontag) = "user_name" ]; -} - -// SnowflakeJWTResponse contains signed JWT that can be used for Snowflake authentication. -message SnowflakeJWTResponse { string Token = 1 [ (gogoproto.jsontag) = "token" ]; } - -// GetRoleRequest is a request to query a role. -message GetRoleRequest { - // Name is the name of the role to get. - string Name = 1; -} - -// GetRolesResponse is a response to querying for all roles. -message GetRolesResponse { - // Roles is a list of roles. - repeated types.RoleV5 Roles = 1; -} - -// DeleteRoleRequest is a request to delete a role. -message DeleteRoleRequest { - // Name is the role name to delete. - string Name = 1; -} - -// DeviceType describes supported MFA device types. -enum DeviceType { - DEVICE_TYPE_UNSPECIFIED = 0; - // TOTP is a Time-based One-Time Password device. - DEVICE_TYPE_TOTP = 1; - reserved 2; // DEVICE_TYPE_U2F - // Webauthn is a device compatible with the Web Authentication - // specification, registered via Webauthn APIs. - // Supports various kinds of devices: U2F/CTAP1, CTAP2, platform - // authenticators (Touch ID), etc. - DEVICE_TYPE_WEBAUTHN = 3; -} - -enum DeviceUsage { - DEVICE_USAGE_UNSPECIFIED = 0; - - // Device intended for MFA use, but not for passwordless. - // Allows both FIDO and FIDO2 devices. - // Resident keys not required. - DEVICE_USAGE_MFA = 1; - - // Device intended for both MFA and passwordless. - // Requires a FIDO2 device and takes a resident key slot. - DEVICE_USAGE_PASSWORDLESS = 2; -} - -// MFAAuthenticateChallenge is a challenge for all MFA devices registered for a -// user. -message MFAAuthenticateChallenge { - reserved 1; // repeated U2FChallenge U2F - // TOTP is a challenge for all TOTP devices registered for a user. When - // this field is set, any TOTP device a user has registered can be used to - // respond. - TOTPChallenge TOTP = 2; - // WebauthnChallenge contains a Webauthn credential assertion used for - // login/authentication ceremonies. - // Credential assertions hold, among other information, a list of allowed - // credentials for the ceremony (one for each U2F or Webauthn device - // registered by the user). - webauthn.CredentialAssertion WebauthnChallenge = 3; -} - -// MFAAuthenticateResponse is a response to MFAAuthenticateChallenge using one -// of the MFA devices registered for a user. -message MFAAuthenticateResponse { - oneof Response { - // Removed: U2FResponse U2F = 1; - TOTPResponse TOTP = 2; - webauthn.CredentialAssertionResponse Webauthn = 3; - } -} - -// TOTPChallenge is a challenge for all TOTP devices registered for a user. -message TOTPChallenge { - // TOTP protocol has no challenge per se, but the user has to provide a - // valid token in response. TOTPChallenge exists only to signal to the user - // that TOTP MFA is supported, which means that the user has a TOTP device - // registered. -} - -// TOTPResponse is a response to TOTPChallenge. -message TOTPResponse { string Code = 1; } - -// MFARegisterChallenge is a challenge for registering a new MFA device. -message MFARegisterChallenge { - // Request depends on the type of the MFA device being registered. - oneof Request { - // Removed: U2FRegisterChallenge U2F = 1; - TOTPRegisterChallenge TOTP = 2; - webauthn.CredentialCreation Webauthn = 3; - } -} - -// MFARegisterResponse is a response to MFARegisterChallenge. -message MFARegisterResponse { - oneof Response { - // Removed: U2FRegisterResponse U2F = 1; - TOTPRegisterResponse TOTP = 2; - webauthn.CredentialCreationResponse Webauthn = 3; - } -} - -// TOTPRegisterChallenge is a challenge for registering a new TOTP device. -message TOTPRegisterChallenge { - // Secret is a secret shared by client and server to generate codes. - string Secret = 1; - // Issuer is the name of the Teleport cluster. - string Issuer = 2; - // PeriodSeconds is a period for TOTP code rotation, in seconds. - uint32 PeriodSeconds = 3; - // Algorithm is the TOTP hashing algorithm. - string Algorithm = 4; - // Digits is the number of digits in the TOTP code. - uint32 Digits = 5; - // Account is the account name for this user. - string Account = 6; - // QRCode is an optional field for the QR code in PNG format. Used to display a QR code - // image in the UI. - bytes QRCode = 7; -} - -// TOTPRegisterResponse is a response to TOTPRegisterChallenge. -message TOTPRegisterResponse { string Code = 1; } - -// AddMFADeviceRequest is a message sent by the client during AddMFADevice RPC. -message AddMFADeviceRequest { - oneof Request { - // Init describes the new device. - AddMFADeviceRequestInit Init = 1; - // ExistingMFAResponse is a response to ExistingMFAChallenge auth - // challenge. - MFAAuthenticateResponse ExistingMFAResponse = 2; - // NewMFARegisterResponse is a response to NewMFARegisterChallenge - // registration challenge. - MFARegisterResponse NewMFARegisterResponse = 3; - } -} - -// AddMFADeviceResponse is a message sent by the server during AddMFADevice -// RPC. -message AddMFADeviceResponse { - oneof Response { - // ExistingMFAChallenge is an auth challenge using an existing MFA - // device. - MFAAuthenticateChallenge ExistingMFAChallenge = 1; - // NewMFARegisterChallenge is a registration challenge for a new MFA - // device. - MFARegisterChallenge NewMFARegisterChallenge = 2; - // Ack is a confirmation of successful device registration. - AddMFADeviceResponseAck Ack = 3; - } -} - -// AddMFADeviceRequestInit describes the new MFA device. -message AddMFADeviceRequestInit { - string DeviceName = 1; - reserved 2; // LegacyDeviceType LegacyType - DeviceType DeviceType = 3; - // DeviceUsage is the requested usage for the device. - // Defaults to DEVICE_USAGE_MFA. - DeviceUsage DeviceUsage = 4 [ (gogoproto.jsontag) = "device_usage,omitempty" ]; -} - -// AddMFADeviceResponseAck is a confirmation of successful device registration. -message AddMFADeviceResponseAck { types.MFADevice Device = 1; } - -// DeleteMFADeviceRequest is a message sent by the client during -// DeleteMFADevice RPC. -message DeleteMFADeviceRequest { - oneof Request { - // Init describes the device to be deleted. - DeleteMFADeviceRequestInit Init = 1; - // MFAResponse is a response to MFAChallenge auth challenge. - MFAAuthenticateResponse MFAResponse = 2; - } -} - -message DeleteMFADeviceResponse { - oneof Response { - // MFAChallenge is an auth challenge using any existing MFA device. - MFAAuthenticateChallenge MFAChallenge = 1; - // Ack is a confirmation of successful device deletion. - DeleteMFADeviceResponseAck Ack = 2; - } -} - -// DeleteMFADeviceRequestInit describes the device to be deleted. -message DeleteMFADeviceRequestInit { - // DeviceName is an MFA device name or ID to be deleted. - string DeviceName = 1; -} - -// DeleteMFADeviceResponseAck is a confirmation of successful device deletion. -message DeleteMFADeviceResponseAck {} - -// DeleteMFADeviceSyncRequest is a request to delete a MFA device (nonstream). -message DeleteMFADeviceSyncRequest { - // TokenID is the ID of a user token that will be used to verify this request. - // Token types accepted are: - // - Recovery approved token that is obtained with RPC VerifyAccountRecovery - // - Privilege token that is obtained with RPC CreatePrivilegeToken - string TokenID = 1 [ (gogoproto.jsontag) = "token_id" ]; - // DeviceName is the name of the device to delete. - string DeviceName = 2 [ (gogoproto.jsontag) = "device_name" ]; -} - -// AddMFADeviceSyncRequest is a request to add a MFA device (nonstream). -message AddMFADeviceSyncRequest { - // TokenID is the ID of a user token that will be used to verify this request. - // Token types accepted are: - // - Privilege token that is obtained with RPC CreatePrivilegeToken - string TokenID = 1 [ (gogoproto.jsontag) = "token_id" ]; - // NewDeviceName is the name of a new mfa device. - string NewDeviceName = 2 [ (gogoproto.jsontag) = "new_device_name,omitempty" ]; - // NewMFAResponse is a user's new mfa response to a mfa register challenge. - MFARegisterResponse NewMFAResponse = 3 [ (gogoproto.jsontag) = "new_mfa_response,omitempty" ]; - // DeviceUsage is the requested usage for the device. - // Defaults to DEVICE_USAGE_MFA. - DeviceUsage DeviceUsage = 4 [ (gogoproto.jsontag) = "device_usage,omitempty" ]; -} - -// AddMFADeviceSyncResponse is a response to AddMFADeviceSyncRequest. -message AddMFADeviceSyncResponse { types.MFADevice Device = 1 [ (gogoproto.jsontag) = "device" ]; } - -// GetMFADeviceRequest is a request for MFA devices for the calling user. -message GetMFADevicesRequest { - // TokenID is an optional field for the ID of a user token that will be used to - // verify this request. Token is only required if an unauthenticated user wants to view their - // list of devices eg: during account recovery process. An empty field implies the logged in - // user wants to view their devices. - // Token types accepted are: - // - Recovery approved token that is obtained after successful invocation of RPC - // VerifyAccountRecovery - string TokenID = 1 [ (gogoproto.jsontag) = "token_id,omitempty" ]; -} - -// GetMFADeviceResponse is a response for GetMFADevices RPC. -message GetMFADevicesResponse { repeated types.MFADevice Devices = 1; } - -// UserSingleUseCertsRequest is a request for a single-use user certificate. -message UserSingleUseCertsRequest { - oneof Request { - UserCertsRequest Init = 1; - MFAAuthenticateResponse MFAResponse = 2; - } -} - -// UserSingleUseCertsResponse is a response with a single-use user certificate. -message UserSingleUseCertsResponse { - oneof Response { - MFAAuthenticateChallenge MFAChallenge = 1; - SingleUseUserCert Cert = 2; - } -} - -// IsMFARequiredRequest is a request to check whether MFA is required to access -// the Target. -message IsMFARequiredRequest { - oneof Target { - // KubernetesCluster specifies the target kubernetes cluster. - string KubernetesCluster = 1; - // RouteToDatabase specifies the target database proxy name. - RouteToDatabase Database = 2; - // Node specifies the target SSH node. - NodeLogin Node = 3; - // WindowsDesktop specifies the target Windows Desktop. - RouteToWindowsDesktop WindowsDesktop = 4; - } -} - -// StreamSessionEventsRequest is a request containing needed data to fetch a session recording. -message StreamSessionEventsRequest { - // SessionID is the ID for a given session in an UUIDv4 format. - string SessionID = 1; - // StartIndex is the index of the event to resume the stream after. - // A StartIndex of 0 creates a new stream. - int32 StartIndex = 2; -} - -// NodeLogin specifies an SSH node and OS login. -message NodeLogin { - // Node can be node's hostname or UUID. - string Node = 1; - // Login is the OS login name. - string Login = 2; -} - -// IsMFARequiredResponse is a response for MFA requirement check. -message IsMFARequiredResponse { bool Required = 1; } - -// SingleUseUserCert is a single-use user certificate, either SSH or TLS. -message SingleUseUserCert { - oneof Cert { - bytes SSH = 1; - bytes TLS = 2; - } -} - -// Order specifies any ordering of some objects as returned in regards to some aspect -// of said objects which may be trivially ordered such as a timestamp. -enum Order { - DESCENDING = 0; - ASCENDING = 1; -} - -message GetEventsRequest { - // Namespace, if not set, defaults to 'default' - string Namespace = 1; - // StartDate is the oldest date of returned events - google.protobuf.Timestamp StartDate = 2 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false ]; - // EndDate is the newest date of returned events - google.protobuf.Timestamp EndDate = 3 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false ]; - // EventTypes is optional, if not set, returns all events - repeated string EventTypes = 4; - // Limit is the maximum amount of events returned - int32 Limit = 5; - // StartKey is used to resume a query in order to enable pagination. - // If the previous response had LastKey set then this should be - // set to its value. Otherwise leave empty. - string StartKey = 6; - // Order specifies an ascending or descending order of events. - // A value of 0 means a descending order and a value of 1 means an ascending order. - Order Order = 7; -} - -message GetSessionEventsRequest { - // StartDate is the oldest date of returned events - google.protobuf.Timestamp StartDate = 1 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false ]; - // EndDate is the newest date of returned events - google.protobuf.Timestamp EndDate = 2 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false ]; - // Limit is the maximum amount of events to retrieve. - int32 Limit = 3; - // StartKey is used to resume a query in order to enable pagination. - // If the previous response had LastKey set then this should be - // set to its value. Otherwise leave empty. - string StartKey = 4; - // Order specifies an ascending or descending order of events. - // A value of 0 means a descending order and a value of 1 means an ascending order. - Order Order = 5; -} - -message Events { - // Items is a list of typed gRPC formatted audit events. - repeated events.OneOf Items = 1; - // the key of the last event if the returned set did not contain all events found i.e limit < - // actual amount. this is the key clients can supply in another API request to continue fetching - // events from the previous last position - string LastKey = 2; -} - -message GetLocksRequest { - // Targets is a list of targets. Every returned lock must match at least - // one of the targets. - repeated types.LockTarget Targets = 1; - // InForceOnly specifies whether to return only those locks that are in force. - bool InForceOnly = 2; -} - -message GetLocksResponse { - // Locks is a list of locks. - repeated types.LockV2 Locks = 1; -} - -message GetLockRequest { - // Name is the name of the lock to get. - string Name = 1; -} - -message DeleteLockRequest { - // Name is the name of the lock to delete. - string Name = 1; -} - -message ReplaceRemoteLocksRequest { - // ClusterName identifies the cluster from which the locks originate. - string ClusterName = 1; - // Locks is a list of new remote locks to store. - repeated types.LockV2 Locks = 2; -} - -// GetWindowsDesktopServicesResponse contains all registered Windows desktop services. -message GetWindowsDesktopServicesResponse { - // Services is a list of Windows desktop services. - repeated types.WindowsDesktopServiceV3 services = 1 [ (gogoproto.jsontag) = "services" ]; -} - -// GetWindowsDesktopServiceRequest is a request for a specific Windows Desktop Service. -message GetWindowsDesktopServiceRequest { - // Name is the name of the Windows Desktop Service to be requested. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; -} - -// GetWindowsDesktopServiceResponse contains the requested WindowsDesktopService -message GetWindowsDesktopServiceResponse { - // Service is the requested Windows Desktop Service. - types.WindowsDesktopServiceV3 service = 1 [ (gogoproto.jsontag) = "service" ]; -} - -// DeleteWindowsDesktopServiceRequest is a request to delete a Windows desktop service. -message DeleteWindowsDesktopServiceRequest { - // Name is the Windows desktop service name. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; -} - -// GetWindowsDesktopsResponse contains all registered Windows desktop hosts. -message GetWindowsDesktopsResponse { - // Servers is a list of Windows desktop hosts. - repeated types.WindowsDesktopV3 Desktops = 1 [ (gogoproto.jsontag) = "desktops" ]; -} - -// DeleteWindowsDesktopRequest is a request to delete a Windows -// desktop host. If HostID is not specified, all Windows desktops with -// specified Name will be deleted -message DeleteWindowsDesktopRequest { - // Name is the name of the Windows desktop host. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - // HostID is the ID of the Windows Desktop Service reporting the desktop. - string HostID = 2 [ (gogoproto.jsontag) = "host_id" ]; -} - -// WindowsDesktopCertRequest is a request to generate a client certificate used -// for Windows RDP authentication. -message WindowsDesktopCertRequest { - // CSR is the request to sign in PEM format. - bytes CSR = 1; - // CRLEndpoint is the address of the CRL for this certificate. - string CRLEndpoint = 2; - // TTL is the certificate validity period. - int64 TTL = 3 [ (gogoproto.casttype) = "Duration" ]; -} - -// WindowsDesktopCertResponse contains the signed Windows RDP certificate. -message WindowsDesktopCertResponse { - // Cert is the signed certificate in PEM format. - bytes Cert = 1; -} - -// CertAuthorityRequest is a request that identifies a Teleport CA. -message CertAuthorityRequest { - // Type is either user or host certificate authority. - string Type = 1 - [ (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.CertAuthType" ]; -} - -// CRL is the X.509 Certificate Revocation List. -message CRL { - // CRL is the Certificate Revocation List in DER format. - bytes CRL = 1; -} - -// ChangeUserAuthenticationRequest defines a request to change a password and if enabled -// also adds a new MFA device from a user reset or from a new user invite. User can also skip -// setting a new password if passwordless is enabled and just provide a new webauthn register -// response. -// -// After a successful request a new web session is created. -// -// Users may also receive new recovery codes if they meet the necessary requirements. If a user -// previously had recovery codes, the previous codes become invalid as it is replaced with newly -// generated ones. -message ChangeUserAuthenticationRequest { - // TokenID is the ID of a reset or invite token. - // The token allows the user to change their credentials without being logged - // in. - string TokenID = 1 [ (gogoproto.jsontag) = "token_id" ]; - // NewPassword is the new password in plain text. - bytes NewPassword = 2 [ (gogoproto.jsontag) = "new_password" ]; - // NewMFARegisterResponse is a MFA response to a MFA authentication challenge. - // This field can be empty which implies that user chose not to add a new device (allowable when - // cluster settings enable optional second factor), or cluster settings disabled second factor. - MFARegisterResponse NewMFARegisterResponse = 3 - [ (gogoproto.jsontag) = "new_mfa_register_response,omitempty" ]; - // NewDeviceName is the name of a new mfa or passwordless device. - string NewDeviceName = 4 [ (gogoproto.jsontag) = "new_device_name,omitempty" ]; -} - -// ChangeUserAuthenticationResponse is a response for ChangeUserAuthentication. -message ChangeUserAuthenticationResponse { - // WebSession is a user's web sesssion created from successful changing of password. - types.WebSessionV2 WebSession = 1 [ (gogoproto.jsontag) = "web_session" ]; - // Recovery holds user's new recovery related fields. Previous recovery codes become invalid. - // This field can be empty if a user does not meet the following - // requirements to receive recovery codes: - // - cloud feature is enabled - // - username is in valid email format - RecoveryCodes Recovery = 2 [ (gogoproto.jsontag) = "recovery,omitempty" ]; -} - -// StartAccountRecoveryRequest defines a request to create a recovery start token for a user who is -// allowed to recover their account. The tokens ID is used as part of a URL that will be emailed to -// the user (not done in this request). Represents step 1 of the account recovery process, next step -// is RPC VerifyAccountRecovery. -message StartAccountRecoveryRequest { - // Username is the requesting user. The username must meet the following requirements to be - // allowed to recover their account: - // - cloud feature is enabled - // - username is in valid email format - string Username = 1 [ (gogoproto.jsontag) = "username" ]; - // RecoveryCode is one of the user's recovery code in plain text. - bytes RecoveryCode = 2 [ (gogoproto.jsontag) = "recovery_code" ]; - // RecoverType defines what type of authentication user needs to recover. - types.UserTokenUsage RecoverType = 3 [ (gogoproto.jsontag) = "recover_type" ]; -} - -// VerifyAccountRecoveryRequest is a request to create a recovery approved token that allows users -// to perform protected actions while not logged in. Represents step 2 of the account recovery -// process after RPC StartAccountRecovery, next step is RPC CompleteAccountRecovery. -message VerifyAccountRecoveryRequest { - // RecoveryStartTokenID is the ID of a recovery start token that's required to verify this - // request. - string RecoveryStartTokenID = 1 [ (gogoproto.jsontag) = "recovery_start_token_id" ]; - // Username is the name of the user that the token belongs to, used to verify that this name - // is the same as defined in token for use with emails. - string Username = 2 [ (gogoproto.jsontag) = "username" ]; - // AuthnCred is the authentication cred that needs to be verified. - oneof AuthnCred { - // Password is users password in plain text. - bytes Password = 3 [ (gogoproto.jsontag) = "password,omitempty" ]; - // MFAAuthenticateResponse is a response to a MFA challenge. - MFAAuthenticateResponse MFAAuthenticateResponse = 4 - [ (gogoproto.jsontag) = "mfa_authenticate_response,omitempty" ]; - } -} - -// CompleteAccountRecoveryRequest is a request to set either a new password or -// add a new mfa device, allowing the user to regain access to their account with the new -// credentials. Represents the last step in the account recovery process after RPC's -// StartAccountRecovery and VerifyAccountRecovery. -message CompleteAccountRecoveryRequest { - // RecoveryApprovedTokenID is the ID of a recovery approved token that's required to verify this - // request. - string RecoveryApprovedTokenID = 1 [ (gogoproto.jsontag) = "recovery_approved_token_id" ]; - // NewDeviceName is the name of a new mfa device. - // Optional if NewPassword is used. - string NewDeviceName = 2 [ (gogoproto.jsontag) = "new_device_name,omitempty" ]; - // NewAuthnCred contains the new authentication credential. - oneof NewAuthnCred { - // NewPassword is user's new password in plain text. - bytes NewPassword = 3 [ (gogoproto.jsontag) = "new_password,omitempty" ]; - // NewMFAResponse is a user's new mfa response to a mfa register challenge. - MFARegisterResponse NewMFAResponse = 4 - [ (gogoproto.jsontag) = "new_mfa_response,omitempty" ]; - } -} - -// RecoveryCodes describes account recovery fields. Used as a RPC -// response or as part of a RPC response that requires any of these fields. -message RecoveryCodes { - // Codes holds the list of recovery phrase words. - // Field is only used when new recovery codes are generated and returned to user. - repeated string Codes = 1 [ (gogoproto.jsontag) = "codes,omitempty" ]; - // Created is the date the recovery codes were created. - google.protobuf.Timestamp Created = 2 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "created" - ]; -} - -// CreateAccountRecoveryCodesRequest is a request to create new set of recovery codes for a user, -// replacing and invalidating any previously existing codes. Recovery codes can only be given to -// users who meet the following requirements: -// - cloud feature is enabled -// - username is in valid email format -message CreateAccountRecoveryCodesRequest { - // TokenID is the ID of a user token that will be used to verify this request. - // Token types accepted are: - // - Recovery approved token that is obtained with RPC VerifyAccountRecovery - // - Privilege token that is obtained with RPC CreatePrivilegeToken - string TokenID = 1 [ (gogoproto.jsontag) = "token_id" ]; -} - -// GetAccountRecoveryTokenRequest is a request to return a user token resource after verifying that -// the token in the request is not expired and is of the recovery kind. -message GetAccountRecoveryTokenRequest { - // RecoveryTokenID is the ID of a recovery token to verify. - // Recovery tokens are obtained with RPC StartAccountRecovery or VerifyAccountRecovery. - string RecoveryTokenID = 1 [ (gogoproto.jsontag) = "recovery_token_id" ]; -} - -// GetAccountRecoveryCodesRequest is a request to return the user in context their -// recovery codes. This request will not return any secrets (the values of recovery codes). -message GetAccountRecoveryCodesRequest {} - -// UserCredentials describes fields for a user's username and password. -message UserCredentials { - string Username = 1 [ (gogoproto.jsontag) = "username" ]; - bytes Password = 2 [ (gogoproto.jsontag) = "password" ]; -} - -// ContextUser marks requests that rely in the currently authenticated user. -message ContextUser {} - -// Passwordless marks requests for passwordless challenges. -message Passwordless {} - -// CreateAuthenticateChallengeRequest is a request for creating MFA authentication challenges for a -// users mfa devices. -message CreateAuthenticateChallengeRequest { - // Request defines how the request will be verified before creating challenges. - // An empty Request is equivalent to context_user being set. - oneof Request { - // UserCredentials verifies request with username and password. Used with logins or - // when the logged in user wants to change their password. - UserCredentials UserCredentials = 1 [ (gogoproto.jsontag) = "user_credentials,omitempty" ]; - // RecoveryStartTokenID is the ID of a recovery start token obtained with RPC - // StartAccountRecovery. This token allows a user to retrieve their MFA challenges for RPC - // VerifyAccountRecovery (step 2 of the recovery process after RPC StartAccountRecovery). - string RecoveryStartTokenID = 2 - [ (gogoproto.jsontag) = "recovery_start_token_id,omitempty" ]; - // ContextUser issues a challenge for the currently-authenticated user. - // Default option if no other is provided. - ContextUser ContextUser = 3 [ (gogoproto.jsontag) = "context_user,omitempty" ]; - // Passwordless issues a passwordless challenge (authenticated user not - // required). - Passwordless Passwordless = 4 [ (gogoproto.jsontag) = "passwordless,omitempty" ]; - } -} - -// CreatePrivilegeTokenRequest defines a request to obtain a privilege token. -// Only logged in users are allowed to obtain privilege tokens after they have successfully -// re-authenticated with their second factor. -message CreatePrivilegeTokenRequest { - // ExistingMFAResponse is a response to a challenge from the user's existing MFA devices. - // This field can be empty to create a UserTokenTypePrivilegeException token that - // allows a user to bypass second factor re-authentication eg: allowing a user - // with no mfa devices to add a device without re-authenticating. - MFAAuthenticateResponse ExistingMFAResponse = 1 - [ (gogoproto.jsontag) = "existing_mfa_response,omitempty" ]; -} - -// CreateRegisterChallengeRequest is a request for creating MFA register challenge for a -// new MFA device. -message CreateRegisterChallengeRequest { - // TokenID is the ID of a user token that will be used to verify this request. - // All user token types are accepted except UserTokenTypeRecoveryStart. - string TokenID = 1 [ (gogoproto.jsontag) = "token_id" ]; - // DeviceType is the type of MFA device to make a register challenge for. - DeviceType DeviceType = 2 [ (gogoproto.jsontag) = "device_type" ]; - // DeviceUsage is the requested usage for the device. - // Defaults to DEVICE_USAGE_MFA. - DeviceUsage DeviceUsage = 3 [ (gogoproto.jsontag) = "device_usage,omitempty" ]; -} - -// PaginatedResource represents one of the supported resources. -message PaginatedResource { - // Resource is the resource itself. - oneof resource { - // DatabaseServer represents a DatabaseServer resource. - types.DatabaseServerV3 DatabaseServer = 1; - // AppServer represents a AppServer resource. - types.AppServerV3 AppServer = 2; - // Nodes represents a Server resource. - types.ServerV2 Node = 3 [ (gogoproto.jsontag) = "node,omitempty" ]; - // KubeService represents a KubernetesService resource. - types.ServerV2 KubeService = 4 [ (gogoproto.jsontag) = "kube_service,omitempty" ]; - // WindowsDesktop represents a WindowsDesktop resource. - types.WindowsDesktopV3 WindowsDesktop = 5 - [ (gogoproto.jsontag) = "windows_desktop,omitempty" ]; - // KubeCluster represents a KubeCluster resource. - types.KubernetesClusterV3 KubeCluster = 6 - [ (gogoproto.jsontag) = "kube_cluster,omitempty" ]; - } -} - -// ListResourcesRequest defines a request to retrieve resources paginated. Only -// one type of resource can be retrieved per request. -// -// NOTE: There are two paths this request can take: -// 1. ListResources: the more efficient path that retrieves resources by subset -// at a time defined by field 'Limit'. Does NOT de-duplicate matches. -// 2. listResourcesWithSort: the less efficient path that retrieves all resources -// upfront by falling back to the traditional GetXXX calls. Used when sorting (SortBy), -// total count of resources (NeedTotalCount), or ResourceType `KindKubernetesCluster` -// is requested. Matches are de-duplicated. -message ListResourcesRequest { - // ResourceType is the resource that is going to be retrieved. - // This only needs to be set explicitly for the `ListResources` rpc. - string ResourceType = 1 [ (gogoproto.jsontag) = "resource_type,omitempty" ]; - // Namespace is the namespace of resources. - string Namespace = 2 [ (gogoproto.jsontag) = "namespace,omitempty" ]; - // Limit is the maximum amount of resources to retrieve. - int32 Limit = 3 [ (gogoproto.jsontag) = "limit,omitempty" ]; - // StartKey is used to start listing resources from a specific spot. It - // should be set to the previous NextKey value if using pagination, or - // left empty. - string StartKey = 4 [ (gogoproto.jsontag) = "start_key,omitempty" ]; - // Labels is a label-based matcher if non-empty. - map Labels = 5 [ (gogoproto.jsontag) = "labels,omitempty" ]; - // PredicateExpression defines boolean conditions that will be matched against the resource. - string PredicateExpression = 6 [ (gogoproto.jsontag) = "predicate_expression,omitempty" ]; - // SearchKeywords is a list of search keywords to match against resource field values. - repeated string SearchKeywords = 7 [ (gogoproto.jsontag) = "search_keywords,omitempty" ]; - // SortBy describes which resource field and which direction to sort by. - types.SortBy SortBy = 8 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "sort_by,omitempty" ]; - // NeedTotalCount indicates whether or not the caller also wants the total number of resources - // after filtering. - bool NeedTotalCount = 9 [ (gogoproto.jsontag) = "need_total_count,omitempty" ]; - // WindowsDesktopFilter specifies windows desktop specific filters. - types.WindowsDesktopFilter WindowsDesktopFilter = 10 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "windows_desktop_filter,omitempty" ]; - // UseSearchAsRoles indicates that the response should include all resources - // the caller is able to request access to using search_as_roles - bool UseSearchAsRoles = 11 [ (gogoproto.jsontag) = "use_search_as_roles,omitempty" ]; -} - -// ListResourceResponse response of ListResources. -message ListResourcesResponse { - // Resources is a list of resource. - repeated PaginatedResource Resources = 1 [ (gogoproto.jsontag) = "resources,omitempty" ]; - // NextKey is the next Key to use as StartKey in a ListResourcesRequest to - // continue retrieving pages of resource. If NextKey is empty, there are no - // more pages. - string NextKey = 2 [ (gogoproto.jsontag) = "next_key,omitempty" ]; - // TotalCount is the total number of resources available after filter, if any. - int32 TotalCount = 3 [ (gogoproto.jsontag) = "total_count,omitempty" ]; -} - -// CreateSessionTrackerRequest is a request to create a new session. -// -// This is not specific to any session type. Relevant fields should be set for a given session type. -message CreateSessionTrackerRequest { - // Namespace is a session namespace, separating sessions from each other. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Namespace = 1 [ (gogoproto.jsontag) = "namespace,omitempty" ]; - - // Type describes what type of session this is. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Type = 2 [ (gogoproto.jsontag) = "type,omitempty" ]; - - // Reason is an arbitrary string that may be used to describe the session and/or it's - // purpose. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Reason = 3 [ (gogoproto.jsontag) = "reason,omitempty" ]; - - // Invited is a list of invited users, this field is interpreted by different - // clients on a best-effort basis and used for delivering notifications to invited users. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - repeated string Invited = 4 [ (gogoproto.jsontag) = "invited,omitempty" ]; - - // Hostname is the address of the target this session is connected to. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Hostname = 5 [ (gogoproto.jsontag) = "target_hostname,omitempty" ]; - - // Address is the address of the target this session is connected to. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Address = 6 [ (gogoproto.jsontag) = "target_address,omitempty" ]; - - // ClusterName is the name of cluster that this session belongs to. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string ClusterName = 7 [ (gogoproto.jsontag) = "cluster_name,omitempty" ]; - - // Login is the local login/user on the target used by the session. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string Login = 8 [ (gogoproto.jsontag) = "login,omitempty" ]; - - // Initiator is the participant that initiated the session. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - types.Participant Initiator = 9 [ (gogoproto.jsontag) = "initiator,omitempty" ]; - - // Expires encodes the time at which this session expires and becomes invalid. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - google.protobuf.Timestamp Expires = 10 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "expires,omitempty" - ]; - - // The Kubernetes cluster this session belongs to. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string KubernetesCluster = 11 [ (gogoproto.jsontag) = "kubernetes_cluster,omitempty" ]; - - // HostUser is the user regarded as the owner of this session, RBAC checks are performed - // against the require policies of this user. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string HostUser = 12 [ (gogoproto.jsontag) = "host_user,omitempty" ]; - - // ID is the ID of the session. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - string ID = 13 [ (gogoproto.jsontag) = "id,omitempty" ]; - - // HostPolicies is a list of RBAC policy sets held by the host user at the time of session - // creation. - // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. - repeated types.SessionTrackerPolicySet HostPolicies = 14 - [ (gogoproto.jsontag) = "host_policies,omitempty" ]; - - // SessionTracker is the session tracker to be created. - types.SessionTrackerV1 SessionTracker = 15 - [ (gogoproto.jsontag) = "session_tracker,omitempty" ]; -} - -// GetSessionTrackerRequest is a request to fetch a session resource. -message GetSessionTrackerRequest { - // SessionID is unique identifier of this session. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id,omitempty" ]; -} - -// RemoveSessionTrackerRequest is a request to remove a session. -message RemoveSessionTrackerRequest { - // SessionID is unique identifier of this session. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id,omitempty" ]; -} - -message SessionTrackerUpdateState { - // State is the new state of the session tracker. - types.SessionState State = 2 [ (gogoproto.jsontag) = "state,omitempty" ]; -} - -message SessionTrackerAddParticipant { - // Participant is the participant to be added to the session. - types.Participant Participant = 2 [ (gogoproto.jsontag) = "participant,omitempty" ]; -} - -message SessionTrackerRemoveParticipant { - // ParticipantID is unique identifier of the participant. - string ParticipantID = 2 [ (gogoproto.jsontag) = "participant_id,omitempty" ]; -} - -// SessionTrackerUpdateExpiry is used to update the session tracker expiration time. -message SessionTrackerUpdateExpiry { - // Expires is when the session tracker will expire. - google.protobuf.Timestamp Expires = 1 - [ (gogoproto.stdtime) = true, (gogoproto.jsontag) = "expires" ]; -} - -// UpdateSessionTrackerRequest is a request to update some state of a session. -message UpdateSessionTrackerRequest { - // SessionID is unique identifier of this session. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id,omitempty" ]; - - oneof Update { - SessionTrackerUpdateState UpdateState = 2 - [ (gogoproto.jsontag) = "update_state,omitempty" ]; - SessionTrackerAddParticipant AddParticipant = 3 - [ (gogoproto.jsontag) = "add_participant,omitempty" ]; - SessionTrackerRemoveParticipant RemoveParticipant = 4 - [ (gogoproto.jsontag) = "remove_participant,omitempty" ]; - SessionTrackerUpdateExpiry UpdateExpiry = 5 - [ (gogoproto.jsontag) = "update_expiry,omitempty" ]; - } -} - -// PresenceMFAChallengeRequest is a request for a presence MFA challenge. -message PresenceMFAChallengeRequest { - // SessionID is unique identifier of the session you want to request presence for. - string SessionID = 1 [ (gogoproto.jsontag) = "session_id,omitempty" ]; -} - -// PresenceMFAChallengeSend is a presence challenge request or response. -message PresenceMFAChallengeSend { - oneof Request { - PresenceMFAChallengeRequest ChallengeRequest = 1; - MFAAuthenticateResponse ChallengeResponse = 2; - } -} - -// GetDomainNameResponse is a response from GetDomainName. -message GetDomainNameResponse { - // DomainName is the local auth domain of the current auth server. - string DomainName = 1 [ (gogoproto.jsontag) = "domain_name" ]; -} - -// GetClusterCACertResponse is a response from GetClusterCACert. -message GetClusterCACertResponse { - // TLSCA is a PEM-encoded TLS certificate authority. - bytes TLSCA = 1 [ (gogoproto.jsontag) = "tls_ca" ]; -} - -// GenerateTokenRequest is a request to generate auth token. -message GenerateTokenRequest { - // Token sets the token value. If not set, it will be auto generated. - string Token = 1 [ (gogoproto.jsontag) = "token" ]; - // Roles is a list of roles this token authenticates as. - repeated string Roles = 2 [ - (gogoproto.jsontag) = "roles", - (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" - ]; - // TTL specifies how long the generated token will be valid for. - // Defaults to 30 minutes if not set. - int64 TTL = 3 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; - // Labels is a label-based matcher if non-empty. - map Labels = 4 [ (gogoproto.jsontag) = "labels" ]; -} - -// GenerateTokenResponse contains a generated auth token. -message GenerateTokenResponse { - // Token is the generated auth token. - string Token = 1 [ (gogoproto.jsontag) = "token" ]; -} - -// GetOIDCAuthRequestRequest is a request for GetOIDCAuthRequest. -message GetOIDCAuthRequestRequest { - // StateToken is an oidc auth request state token. - string StateToken = 1 [ (gogoproto.jsontag) = "state_token" ]; -} - -// GetSAMLAuthRequestRequest is a request for GetSAMLAuthRequest. -message GetSAMLAuthRequestRequest { - // ID is a saml auth request unique id. - string ID = 1 [ (gogoproto.jsontag) = "id" ]; -} - -// GetGithubAuthRequestRequest is a request for GetGithubAuthRequest. -message GetGithubAuthRequestRequest { - // StateToken is a github auth request state token. - string StateToken = 1 [ (gogoproto.jsontag) = "state_token" ]; -} - -// GetSSODiagnosticInfoRequest is a request for GetSSODiagnosticInfo. -message GetSSODiagnosticInfoRequest { - // AuthRequestKind is the SSO Auth Request kind (oidc, saml, or github). - string AuthRequestKind = 1 [ (gogoproto.jsontag) = "auth_request_kind" ]; - // AuthRequestID is the SSO Auth Request id or state token. - string AuthRequestID = 2 [ (gogoproto.jsontag) = "auth_request_id" ]; -} - -// AuthService is authentication/authorization service implementation -service AuthService { - // MaintainSessionPresence establishes a channel used to continously verify the presence for a - // session. - rpc MaintainSessionPresence(stream PresenceMFAChallengeSend) - returns (stream MFAAuthenticateChallenge); - - // CreateSessionTracker creates a new session tracker resource. - rpc CreateSessionTracker(CreateSessionTrackerRequest) returns (types.SessionTrackerV1); - - // GetSessionTracker fetches a session tracker resource. - rpc GetSessionTracker(GetSessionTrackerRequest) returns (types.SessionTrackerV1); - - // GetActiveSessionTrackers returns a list of active sessions. - rpc GetActiveSessionTrackers(google.protobuf.Empty) returns (stream types.SessionTrackerV1); - - // RemoveSessionTracker removes a session tracker resource. - rpc RemoveSessionTracker(RemoveSessionTrackerRequest) returns (google.protobuf.Empty); - - // UpdateSessionTracker updates some state of a session tracker. - rpc UpdateSessionTracker(UpdateSessionTrackerRequest) returns (google.protobuf.Empty); - - // SendKeepAlives allows node to send a stream of keep alive requests - rpc SendKeepAlives(stream types.KeepAlive) returns (google.protobuf.Empty); - // WatchEvents returns a new stream of cluster events - rpc WatchEvents(Watch) returns (stream Event); - - // GetNode retrieves a node described by the given request. - rpc GetNode(types.ResourceInNamespaceRequest) returns (types.ServerV2); - // UpsertNode upserts a node in a backend. - rpc UpsertNode(types.ServerV2) returns (types.KeepAlive); - // DeleteNode deletes an existing node in a backend described by the given request. - rpc DeleteNode(types.ResourceInNamespaceRequest) returns (google.protobuf.Empty); - // DeleteAllNodes deletes all nodes. - rpc DeleteAllNodes(types.ResourcesInNamespaceRequest) returns (google.protobuf.Empty); - - // GenerateUserCerts generates a set of user certificates. - rpc GenerateUserCerts(UserCertsRequest) returns (Certs); - // GenerateHostCerts generates a set of host certificates. - rpc GenerateHostCerts(HostCertsRequest) returns (Certs); - // GenerateUserSingleUseCerts generates a set of single-use user - // certificates. - rpc GenerateUserSingleUseCerts(stream UserSingleUseCertsRequest) - returns (stream UserSingleUseCertsResponse); - // IsMFARequired checks whether MFA is required to access the specified - // target. - rpc IsMFARequired(IsMFARequiredRequest) returns (IsMFARequiredResponse); - - // GetAccessRequests gets all pending access requests. - // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. - rpc GetAccessRequests(types.AccessRequestFilter) returns (AccessRequests); - // GetAccessRequestsV2 gets all pending access requests. - rpc GetAccessRequestsV2(types.AccessRequestFilter) returns (stream types.AccessRequestV3); - // CreateAccessRequest creates a new access request. - rpc CreateAccessRequest(types.AccessRequestV3) returns (google.protobuf.Empty); - // DeleteAccessRequest deletes an access request. - rpc DeleteAccessRequest(RequestID) returns (google.protobuf.Empty); - // SetAccessRequestState sets the state of an access request. - rpc SetAccessRequestState(RequestStateSetter) returns (google.protobuf.Empty); - // SubmitAccessReview applies a review to a request and returns the post-application state. - rpc SubmitAccessReview(types.AccessReviewSubmission) returns (types.AccessRequestV3); - // GetAccessCapabilities requests the access capabilites of a user. - rpc GetAccessCapabilities(types.AccessCapabilitiesRequest) returns (types.AccessCapabilities); - - // GetPluginData gets all plugin data matching the supplied filter. - rpc GetPluginData(types.PluginDataFilter) returns (PluginDataSeq); - // UpdatePluginData updates a plugin's resource-specific datastore. - rpc UpdatePluginData(types.PluginDataUpdateParams) returns (google.protobuf.Empty); - // Ping gets basic info about the auth server. This method is intended - // to mimic the behavior of the proxy's Ping method, and may be used by - // clients for verification or configuration on startup. - rpc Ping(PingRequest) returns (PingResponse); - - // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. - // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. - rpc RotateResetPasswordTokenSecrets(RotateUserTokenSecretsRequest) - returns (types.UserTokenSecretsV3); - // GetResetPasswordToken returns a reset password token. - rpc GetResetPasswordToken(GetResetPasswordTokenRequest) returns (types.UserTokenV3); - // CreateResetPasswordToken resets users current password and second factors and creates a reset - // password token. - rpc CreateResetPasswordToken(CreateResetPasswordTokenRequest) returns (types.UserTokenV3); - - // CreateBot creates a new bot user. - rpc CreateBot(CreateBotRequest) returns (CreateBotResponse); - // DeleteBot deletes a bot user. - rpc DeleteBot(DeleteBotRequest) returns (google.protobuf.Empty); - // GetBotUsers gets all users with bot labels. - rpc GetBotUsers(GetBotUsersRequest) returns (stream types.UserV2); - - // GetUser gets a user resource by name. - rpc GetUser(GetUserRequest) returns (types.UserV2); - // GetCurrentUser returns current user as seen by the server. - // Useful especially in the context of remote clusters which perform role and trait mapping. - rpc GetCurrentUser(google.protobuf.Empty) returns (types.UserV2); - // GetUsers gets all current user resources. - rpc GetUsers(GetUsersRequest) returns (stream types.UserV2); - // CreateUser inserts a new user entry to a backend. - rpc CreateUser(types.UserV2) returns (google.protobuf.Empty); - // UpdateUser updates an existing user in a backend. - rpc UpdateUser(types.UserV2) returns (google.protobuf.Empty); - // DeleteUser deletes an existing user in a backend by username. - rpc DeleteUser(DeleteUserRequest) returns (google.protobuf.Empty); - - // AcquireSemaphore acquires lease with requested resources from semaphore. - rpc AcquireSemaphore(types.AcquireSemaphoreRequest) returns (types.SemaphoreLease); - // KeepAliveSemaphoreLease updates semaphore lease. - rpc KeepAliveSemaphoreLease(types.SemaphoreLease) returns (google.protobuf.Empty); - // CancelSemaphoreLease cancels semaphore lease early. - rpc CancelSemaphoreLease(types.SemaphoreLease) returns (google.protobuf.Empty); - // GetSemaphores returns a list of all semaphores matching the supplied filter. - rpc GetSemaphores(types.SemaphoreFilter) returns (Semaphores); - // DeleteSemaphore deletes a semaphore matching the supplied filter. - rpc DeleteSemaphore(types.SemaphoreFilter) returns (google.protobuf.Empty); - - // EmitAuditEvent emits audit event - rpc EmitAuditEvent(events.OneOf) returns (google.protobuf.Empty); - // CreateAuditStream creates or resumes audit events streams - rpc CreateAuditStream(stream AuditStreamRequest) returns (stream events.StreamStatus); - - // GetApplicationServers gets all application servers. - // DELETE IN 10.0. Deprecated, use ListResources. - rpc GetApplicationServers(GetApplicationServersRequest) - returns (GetApplicationServersResponse) { - option deprecated = true; - }; - // UpsertApplicationServer adds an application server. - rpc UpsertApplicationServer(UpsertApplicationServerRequest) returns (types.KeepAlive); - // DeleteApplicationServer removes an application server. - rpc DeleteApplicationServer(DeleteApplicationServerRequest) returns (google.protobuf.Empty); - // DeleteAllApplicationServers removes all application servers. - rpc DeleteAllApplicationServers(DeleteAllApplicationServersRequest) - returns (google.protobuf.Empty); - - // GetAppServers gets all application servers. - // - // DELETE IN 9.0. Deprecated, use GetApplicationServers. - rpc GetAppServers(GetAppServersRequest) returns (GetAppServersResponse) { - option deprecated = true; - }; - // UpsertAppServer adds an application server. - // - // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. - rpc UpsertAppServer(UpsertAppServerRequest) returns (types.KeepAlive) { - option deprecated = true; - }; - // DeleteAppServer removes an application server. - // - // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. - rpc DeleteAppServer(DeleteAppServerRequest) returns (google.protobuf.Empty) { - option deprecated = true; - }; - // DeleteAllAppServers removes all application servers. - // - // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. - rpc DeleteAllAppServers(DeleteAllAppServersRequest) returns (google.protobuf.Empty) { - option deprecated = true; - }; - - // GenerateAppToken will generate a JWT token for application access. - rpc GenerateAppToken(GenerateAppTokenRequest) returns (GenerateAppTokenResponse); - - // GetAppSession gets an application web session. - rpc GetAppSession(GetAppSessionRequest) returns (GetAppSessionResponse); - // GetAppSessions gets all application web sessions. - rpc GetAppSessions(google.protobuf.Empty) returns (GetAppSessionsResponse); - // CreateAppSession creates an application web session. Application web - // sessions represent a browser session the client holds. - rpc CreateAppSession(CreateAppSessionRequest) returns (CreateAppSessionResponse); - // DeleteAppSession removes an application web session. - rpc DeleteAppSession(DeleteAppSessionRequest) returns (google.protobuf.Empty); - // DeleteAllAppSessions removes all application web sessions. - rpc DeleteAllAppSessions(google.protobuf.Empty) returns (google.protobuf.Empty); - // DeleteUserAppSessions deletes all user’s application sessions. - rpc DeleteUserAppSessions(DeleteUserAppSessionsRequest) returns (google.protobuf.Empty); - - // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access - // Snowflake integration. - rpc CreateSnowflakeSession(CreateSnowflakeSessionRequest) - returns (CreateSnowflakeSessionResponse); - // GetSnowflakeSession returns a web session with sub kind Snowflake. - rpc GetSnowflakeSession(GetSnowflakeSessionRequest) returns (GetSnowflakeSessionResponse); - // GetSnowflakeSessions gets all Snowflake web sessions. - rpc GetSnowflakeSessions(google.protobuf.Empty) returns (GetSnowflakeSessionsResponse); - // DeleteSnowflakeSession removes a Snowflake web session. - rpc DeleteSnowflakeSession(DeleteSnowflakeSessionRequest) returns (google.protobuf.Empty); - // DeleteAllSnowflakeSessions removes all Snowflake web sessions. - rpc DeleteAllSnowflakeSessions(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetWebSession gets a web session. - rpc GetWebSession(types.GetWebSessionRequest) returns (GetWebSessionResponse); - // GetWebSessions gets all web sessions. - rpc GetWebSessions(google.protobuf.Empty) returns (GetWebSessionsResponse); - // DeleteWebSession deletes a web session. - rpc DeleteWebSession(types.DeleteWebSessionRequest) returns (google.protobuf.Empty); - // DeleteAllWebSessions deletes all web sessions. - rpc DeleteAllWebSessions(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetWebToken gets a web token. - rpc GetWebToken(types.GetWebTokenRequest) returns (GetWebTokenResponse); - // GetWebTokens gets all web tokens. - rpc GetWebTokens(google.protobuf.Empty) returns (GetWebTokensResponse); - // DeleteWebToken deletes a web token. - rpc DeleteWebToken(types.DeleteWebTokenRequest) returns (google.protobuf.Empty); - // DeleteAllWebTokens deletes all web tokens. - rpc DeleteAllWebTokens(google.protobuf.Empty) returns (google.protobuf.Empty); - - // UpdateRemoteCluster updates remote cluster - rpc UpdateRemoteCluster(types.RemoteClusterV3) returns (google.protobuf.Empty); - - // GetKubeServices gets all kubernetes services. - // DELETE IN 10.0. Deprecated, use ListResources. - rpc GetKubeServices(GetKubeServicesRequest) returns (GetKubeServicesResponse) { - option deprecated = true; - }; - // UpsertKubeService adds or updates a kubernetes service. - // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 - rpc UpsertKubeService(UpsertKubeServiceRequest) returns (google.protobuf.Empty) { - option deprecated = true; - }; - // UpsertKubeServiceV2 adds or updates a kubernetes service. - rpc UpsertKubeServiceV2(UpsertKubeServiceRequest) returns (types.KeepAlive); - // DeleteKubeService removes a kubernetes service. - rpc DeleteKubeService(DeleteKubeServiceRequest) returns (google.protobuf.Empty); - // DeleteAllKubeServices removes all kubernetes services. - rpc DeleteAllKubeServices(DeleteAllKubeServicesRequest) returns (google.protobuf.Empty); - - // GetDatabaseServers returns all registered database proxy servers. - // DELETE IN 10.0. Deprecated, use ListResources. - rpc GetDatabaseServers(GetDatabaseServersRequest) returns (GetDatabaseServersResponse) { - option deprecated = true; - }; - // UpsertDatabaseServer registers a new database proxy server. - rpc UpsertDatabaseServer(UpsertDatabaseServerRequest) returns (types.KeepAlive); - // DeleteDatabaseServer removes the specified database proxy server. - rpc DeleteDatabaseServer(DeleteDatabaseServerRequest) returns (google.protobuf.Empty); - // DeleteAllDatabaseServers removes all registered database proxy servers. - rpc DeleteAllDatabaseServers(DeleteAllDatabaseServersRequest) returns (google.protobuf.Empty); - - // SignDatabaseCSR generates client certificate used by proxy to - // authenticate with a remote database service. - rpc SignDatabaseCSR(DatabaseCSRRequest) returns (DatabaseCSRResponse); - // GenerateDatabaseCert generates client certificate used by a database - // service to authenticate with the database instance. - rpc GenerateDatabaseCert(DatabaseCertRequest) returns (DatabaseCertResponse); - /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. - rpc GenerateSnowflakeJWT(SnowflakeJWTRequest) returns (SnowflakeJWTResponse); - - // GetRole retrieves a role described by the given request. - rpc GetRole(GetRoleRequest) returns (types.RoleV5); - // GetRole retrieves all roles. - rpc GetRoles(google.protobuf.Empty) returns (GetRolesResponse); - // UpsertRole upserts a role in a backend. - rpc UpsertRole(types.RoleV5) returns (google.protobuf.Empty); - // DeleteRole deletes an existing role in a backend described by the given request. - rpc DeleteRole(DeleteRoleRequest) returns (google.protobuf.Empty); - - // AddMFADevice adds an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- ExistingMFAChallenge - // -> ExistingMFAResponse - // <- NewMFARegisterChallenge - // -> NewMFARegisterResponse - // <- Ack - rpc AddMFADevice(stream AddMFADeviceRequest) returns (stream AddMFADeviceResponse); - // DeleteMFADevice deletes an MFA device for the user calling this RPC. - // - // The RPC is streaming both ways and the message sequence is: - // (-> means client-to-server, <- means server-to-client) - // -> Init - // <- MFAChallenge - // -> MFAResponse - // <- Ack - rpc DeleteMFADevice(stream DeleteMFADeviceRequest) returns (stream DeleteMFADeviceResponse); - // AddMFADeviceSync adds a new MFA device (nonstream). - rpc AddMFADeviceSync(AddMFADeviceSyncRequest) returns (AddMFADeviceSyncResponse); - // DeleteMFADeviceSync deletes a users MFA device (nonstream). - rpc DeleteMFADeviceSync(DeleteMFADeviceSyncRequest) returns (google.protobuf.Empty); - // GetMFADevices returns all MFA devices registered for the user calling - // this RPC. - rpc GetMFADevices(GetMFADevicesRequest) returns (GetMFADevicesResponse); - // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA - // devices. - rpc CreateAuthenticateChallenge(CreateAuthenticateChallengeRequest) - returns (MFAAuthenticateChallenge); - // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. - rpc CreateRegisterChallenge(CreateRegisterChallengeRequest) returns (MFARegisterChallenge); - - // GetOIDCConnector gets an OIDC connector resource by name. - rpc GetOIDCConnector(types.ResourceWithSecretsRequest) returns (types.OIDCConnectorV3); - // GetOIDCConnectors gets all current OIDC connector resources. - rpc GetOIDCConnectors(types.ResourcesWithSecretsRequest) returns (types.OIDCConnectorV3List); - // UpsertOIDCConnector upserts an OIDC connector in a backend. - rpc UpsertOIDCConnector(types.OIDCConnectorV3) returns (google.protobuf.Empty); - // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. - rpc DeleteOIDCConnector(types.ResourceRequest) returns (google.protobuf.Empty); - // CreateOIDCAuthRequest creates OIDCAuthRequest. - rpc CreateOIDCAuthRequest(types.OIDCAuthRequest) returns (types.OIDCAuthRequest); - // GetOIDCAuthRequest returns OIDC auth request if found. - rpc GetOIDCAuthRequest(GetOIDCAuthRequestRequest) returns (types.OIDCAuthRequest); - - // GetSAMLConnector gets a SAML connector resource by name. - rpc GetSAMLConnector(types.ResourceWithSecretsRequest) returns (types.SAMLConnectorV2); - // GetSAMLConnectors gets all current SAML connector resources. - rpc GetSAMLConnectors(types.ResourcesWithSecretsRequest) returns (types.SAMLConnectorV2List); - // UpsertSAMLConnector upserts a SAML connector in a backend. - rpc UpsertSAMLConnector(types.SAMLConnectorV2) returns (google.protobuf.Empty); - // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. - rpc DeleteSAMLConnector(types.ResourceRequest) returns (google.protobuf.Empty); - // CreateSAMLAuthRequest creates SAMLAuthRequest. - rpc CreateSAMLAuthRequest(types.SAMLAuthRequest) returns (types.SAMLAuthRequest); - // GetSAMLAuthRequest returns SAML auth request if found. - rpc GetSAMLAuthRequest(GetSAMLAuthRequestRequest) returns (types.SAMLAuthRequest); - - // GetGithubConnector gets a Github connector resource by name. - rpc GetGithubConnector(types.ResourceWithSecretsRequest) returns (types.GithubConnectorV3); - // GetGithubConnectors gets all current Github connector resources. - rpc GetGithubConnectors(types.ResourcesWithSecretsRequest) - returns (types.GithubConnectorV3List); - // UpsertGithubConnector upserts a Github connector in a backend. - rpc UpsertGithubConnector(types.GithubConnectorV3) returns (google.protobuf.Empty); - // DeleteGithubConnector deletes an existing Github connector in a backend by name. - rpc DeleteGithubConnector(types.ResourceRequest) returns (google.protobuf.Empty); - // CreateGithubAuthRequest creates GithubAuthRequest. - rpc CreateGithubAuthRequest(types.GithubAuthRequest) returns (types.GithubAuthRequest); - // GetGithubAuthRequest returns Github auth request if found. - rpc GetGithubAuthRequest(GetGithubAuthRequestRequest) returns (types.GithubAuthRequest); - - // GetSSODiagnosticInfo returns SSO diagnostic info records. - rpc GetSSODiagnosticInfo(GetSSODiagnosticInfoRequest) returns (types.SSODiagnosticInfo); - - // GetTrustedCluster gets a Trusted Cluster resource by name. - rpc GetTrustedCluster(types.ResourceRequest) returns (types.TrustedClusterV2); - // GetTrustedClusters gets all current Trusted Cluster resources. - rpc GetTrustedClusters(google.protobuf.Empty) returns (types.TrustedClusterV2List); - // UpsertTrustedCluster upserts a Trusted Cluster in a backend. - rpc UpsertTrustedCluster(types.TrustedClusterV2) returns (types.TrustedClusterV2); - // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. - rpc DeleteTrustedCluster(types.ResourceRequest) returns (google.protobuf.Empty); - - // GetToken retrieves a token described by the given request. - rpc GetToken(types.ResourceRequest) returns (types.ProvisionTokenV2); - // GetToken retrieves all tokens. - rpc GetTokens(google.protobuf.Empty) returns (types.ProvisionTokenV2List); - // UpsertToken upserts a token in a backend. - rpc UpsertToken(types.ProvisionTokenV2) returns (google.protobuf.Empty); - // GenerateToken generates a new auth token. - rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse); - // DeleteToken deletes an existing token in a backend described by the given request. - rpc DeleteToken(types.ResourceRequest) returns (google.protobuf.Empty); - - // GetClusterAuditConfig gets cluster audit configuration. - rpc GetClusterAuditConfig(google.protobuf.Empty) returns (types.ClusterAuditConfigV2); - - // GetClusterNetworkingConfig gets cluster networking configuration. - rpc GetClusterNetworkingConfig(google.protobuf.Empty) returns (types.ClusterNetworkingConfigV2); - // SetClusterNetworkingConfig sets cluster networking configuration. - rpc SetClusterNetworkingConfig(types.ClusterNetworkingConfigV2) returns (google.protobuf.Empty); - // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. - rpc ResetClusterNetworkingConfig(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetSessionRecordingConfig gets session recording configuration. - rpc GetSessionRecordingConfig(google.protobuf.Empty) returns (types.SessionRecordingConfigV2); - // SetSessionRecordingConfig sets session recording configuration. - rpc SetSessionRecordingConfig(types.SessionRecordingConfigV2) returns (google.protobuf.Empty); - // ResetSessionRecordingConfig resets session recording configuration to defaults. - rpc ResetSessionRecordingConfig(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetAuthPreference gets cluster auth preference. - rpc GetAuthPreference(google.protobuf.Empty) returns (types.AuthPreferenceV2); - // SetAuthPreference sets cluster auth preference. - rpc SetAuthPreference(types.AuthPreferenceV2) returns (google.protobuf.Empty); - // ResetAuthPreference resets cluster auth preference to defaults. - rpc ResetAuthPreference(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetEvents gets events from the audit log. - rpc GetEvents(GetEventsRequest) returns (Events); - // GetSessionEvents gets completed session events from the audit log. - rpc GetSessionEvents(GetSessionEventsRequest) returns (Events); - - // GetLock gets a lock by name. - rpc GetLock(GetLockRequest) returns (types.LockV2); - // GetLocks gets all/in-force locks that match at least one of the targets when specified. - rpc GetLocks(GetLocksRequest) returns (GetLocksResponse); - // UpsertLock upserts a lock. - rpc UpsertLock(types.LockV2) returns (google.protobuf.Empty); - // DeleteLock deletes a lock. - rpc DeleteLock(DeleteLockRequest) returns (google.protobuf.Empty); - // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. - rpc ReplaceRemoteLocks(ReplaceRemoteLocksRequest) returns (google.protobuf.Empty); - - // StreamSessionEvents streams audit events from a given session recording. - rpc StreamSessionEvents(StreamSessionEventsRequest) returns (stream events.OneOf); - - // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). - rpc GetNetworkRestrictions(google.protobuf.Empty) returns (types.NetworkRestrictionsV4); - // SetNetworkRestrictions updates the network restrictions. - rpc SetNetworkRestrictions(types.NetworkRestrictionsV4) returns (google.protobuf.Empty); - // DeleteNetworkRestrictions delete the network restrictions. - rpc DeleteNetworkRestrictions(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetApps returns all registered applications. - rpc GetApps(google.protobuf.Empty) returns (types.AppV3List); - // GetApp returns an application by name. - rpc GetApp(types.ResourceRequest) returns (types.AppV3); - // CreateApp creates a new application resource. - rpc CreateApp(types.AppV3) returns (google.protobuf.Empty); - // UpdateApp updates existing application resource. - rpc UpdateApp(types.AppV3) returns (google.protobuf.Empty); - // DeleteApp removes specified application resource. - rpc DeleteApp(types.ResourceRequest) returns (google.protobuf.Empty); - // DeleteAllApps removes all application resources. - rpc DeleteAllApps(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetDatabases returns all registered databases. - rpc GetDatabases(google.protobuf.Empty) returns (types.DatabaseV3List); - // GetDatabase returns a database by name. - rpc GetDatabase(types.ResourceRequest) returns (types.DatabaseV3); - // CreateDatabase creates a new database resource. - rpc CreateDatabase(types.DatabaseV3) returns (google.protobuf.Empty); - // UpdateDatabase updates existing database resource. - rpc UpdateDatabase(types.DatabaseV3) returns (google.protobuf.Empty); - // DeleteDatabase removes specified database resource. - rpc DeleteDatabase(types.ResourceRequest) returns (google.protobuf.Empty); - // DeleteAllDatabases removes all database resources. - rpc DeleteAllDatabases(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetWindowsDesktopServices returns all registered Windows desktop services. - rpc GetWindowsDesktopServices(google.protobuf.Empty) - returns (GetWindowsDesktopServicesResponse); - rpc GetWindowsDesktopService(GetWindowsDesktopServiceRequest) - returns (GetWindowsDesktopServiceResponse); - // UpsertWindowsDesktopService registers a new Windows desktop service. - rpc UpsertWindowsDesktopService(types.WindowsDesktopServiceV3) returns (types.KeepAlive); - // DeleteWindowsDesktopService removes the specified Windows desktop service. - rpc DeleteWindowsDesktopService(DeleteWindowsDesktopServiceRequest) - returns (google.protobuf.Empty); - // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. - rpc DeleteAllWindowsDesktopServices(google.protobuf.Empty) returns (google.protobuf.Empty); - - // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. - rpc GetWindowsDesktops(types.WindowsDesktopFilter) returns (GetWindowsDesktopsResponse); - // CreateWindowsDesktop registers a new Windows desktop host. - rpc CreateWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); - // UpdateWindowsDesktop updates an existing Windows desktop host. - rpc UpdateWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); - // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. - rpc UpsertWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); - // DeleteWindowsDesktop removes the specified Windows desktop host. - // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. - // To delete all desktops, use DeleteAllWindowsDesktops. - rpc DeleteWindowsDesktop(DeleteWindowsDesktopRequest) returns (google.protobuf.Empty); - // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. - rpc DeleteAllWindowsDesktops(google.protobuf.Empty) returns (google.protobuf.Empty); - // GenerateWindowsDesktopCert generates client smartcard certificate used - // by an RDP client to authenticate with Windows. - rpc GenerateWindowsDesktopCert(WindowsDesktopCertRequest) returns (WindowsDesktopCertResponse); - // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. - rpc GenerateCertAuthorityCRL(CertAuthorityRequest) returns (CRL); - - // ChangeUserAuthentication allows a user to change their password and if enabled, - // also adds a new MFA device. After successful invocation, a new web session is created as well - // as a new set of recovery codes (if user meets the requirements to receive them), invalidating - // any existing codes the user previously had. - rpc ChangeUserAuthentication(ChangeUserAuthenticationRequest) - returns (ChangeUserAuthenticationResponse); - - // StartAccountRecovery (exclusive to cloud users) is the first out of two step user - // verification needed to allow a user to recover their account. The first form of verification - // is a user's username and a recovery code. After successful verification, a recovery start - // token is created for the user which its ID will be used as part of a URL that will be emailed - // to the user (not done in this request). The user will be able to finish their second form of - // verification by clicking on this URL and following the prompts. - // - // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, - // user account gets temporarily locked from further recovery attempts and from logging in. - // - // Start tokens last RecoveryStartTokenTTL. - rpc StartAccountRecovery(StartAccountRecoveryRequest) returns (types.UserTokenV3); - // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step - // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. - // The second form of verification is a user's password or their second factor (depending on - // what authentication they needed to recover). After successful verification, a recovery - // approved token is created which allows a user to request protected actions while not logged - // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA - // devices, and generating new recovery codes. - // - // The recovery start token to verify this request becomes deleted before - // creating a recovery approved token, which invalidates the recovery link users received - // to finish their verification. - // - // If user fails to verify themselves for MaxAccountRecoveryAttempts - // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked - // from logging in. If users still have unused recovery codes left, they still have - // opportunities to recover their account. To allow this, users recovery attempts are also - // deleted along with all user tokens which will force the user to restart the recovery process - // from step 1 (RPC StartAccountRecovery). - // - // Recovery approved tokens last RecoveryApprovedTokenTTL. - rpc VerifyAccountRecovery(VerifyAccountRecoveryRequest) returns (types.UserTokenV3); - // CompleteAccountRecovery (exclusive to cloud users) is the last step in account - // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new - // password or adds a new mfa device, allowing the user to regain access to their account with - // the new credentials. When the new authentication is successfully set, any user lock is - // removed so the user can login immediately afterwards. - rpc CompleteAccountRecovery(CompleteAccountRecoveryRequest) returns (google.protobuf.Empty); - - // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a - // user, replacing and invalidating any previously owned codes. Users can only get recovery - // codes if their username is in a valid email format. - rpc CreateAccountRecoveryCodes(CreateAccountRecoveryCodesRequest) returns (RecoveryCodes); - // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after - // verifying that the token requested has not expired and is of the correct recovery kind. - // Besides checking for validity of a token ID, it is also used to get basic information from - // the token e.g: username, state of recovery (started or approved) and the type of recovery - // requested (password or second factor). - rpc GetAccountRecoveryToken(GetAccountRecoveryTokenRequest) returns (types.UserTokenV3); - // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context - // their recovery codes. This request will not return any secrets (the values of recovery - // codes), but instead returns non-sensitive data eg. when the recovery codes were created. - rpc GetAccountRecoveryCodes(GetAccountRecoveryCodesRequest) returns (RecoveryCodes); - - // CreatePrivilegeToken returns a new privilege token after a logged in user successfully - // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and - // is used to gain access to privileged actions eg: deleting/adding a MFA device. - rpc CreatePrivilegeToken(CreatePrivilegeTokenRequest) returns (types.UserTokenV3); - - // ListResources retrieves a paginated list of resources. - rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse); - - // GetDomainName returns local auth domain of the current auth server - rpc GetDomainName(google.protobuf.Empty) returns (GetDomainNameResponse); - // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster - // without signing keys. If the cluster has multiple TLS certs, they will - // all be appended. - rpc GetClusterCACert(google.protobuf.Empty) returns (GetClusterCACertResponse); -} diff --git a/api/client/proto/certs.pb.go b/api/client/proto/certs.pb.go index 6da1089647ce1..1f17e92026fbb 100644 --- a/api/client/proto/certs.pb.go +++ b/api/client/proto/certs.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: certs.proto +// source: teleport/legacy/client/proto/certs.proto package proto @@ -42,7 +42,7 @@ func (m *Certs) Reset() { *m = Certs{} } func (m *Certs) String() string { return proto.CompactTextString(m) } func (*Certs) ProtoMessage() {} func (*Certs) Descriptor() ([]byte, []int) { - return fileDescriptor_78c43cca93027bbd, []int{0} + return fileDescriptor_9c4dbdba9a1559ee, []int{0} } func (m *Certs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -75,22 +75,28 @@ func init() { proto.RegisterType((*Certs)(nil), "proto.Certs") } -func init() { proto.RegisterFile("certs.proto", fileDescriptor_78c43cca93027bbd) } +func init() { + proto.RegisterFile("teleport/legacy/client/proto/certs.proto", fileDescriptor_9c4dbdba9a1559ee) +} -var fileDescriptor_78c43cca93027bbd = []byte{ - // 192 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4e, 0x4e, 0x2d, 0x2a, - 0x29, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x52, 0x22, 0xe9, 0xf9, 0xe9, - 0xf9, 0x60, 0xa6, 0x3e, 0x88, 0x05, 0x91, 0x54, 0x3a, 0xc9, 0xc8, 0xc5, 0xea, 0x0c, 0x52, 0x2c, - 0xa4, 0xcc, 0xc5, 0x1c, 0x1c, 0xec, 0x21, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1, 0xe3, 0x24, 0xf8, 0xea, - 0x9e, 0x3c, 0x6f, 0x71, 0x71, 0x86, 0x4e, 0x7e, 0x6e, 0x66, 0x49, 0x6a, 0x6e, 0x41, 0x49, 0x65, - 0x10, 0x48, 0x16, 0xa4, 0x28, 0xc4, 0x27, 0x58, 0x82, 0x09, 0xa1, 0xa8, 0x24, 0xa7, 0x18, 0x59, - 0x51, 0x88, 0x4f, 0xb0, 0x90, 0x15, 0x17, 0x57, 0x88, 0x4f, 0xb0, 0xb3, 0x23, 0xd8, 0x5c, 0x09, - 0x66, 0x05, 0x66, 0x0d, 0x1e, 0x27, 0xa9, 0x57, 0xf7, 0xe4, 0xc5, 0x4a, 0x72, 0x8a, 0xe3, 0x93, - 0x13, 0xe3, 0xc1, 0x8e, 0x43, 0xd2, 0x84, 0xa4, 0x1a, 0xa4, 0x37, 0x38, 0xd8, 0x03, 0xa6, 0x97, - 0x05, 0xa1, 0xb7, 0xb8, 0x38, 0x03, 0xab, 0x5e, 0x84, 0x6a, 0x27, 0x81, 0x13, 0x0f, 0xe5, 0x18, - 0x4e, 0x3c, 0x92, 0x63, 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x24, 0x36, 0xb0, - 0x27, 0x8d, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0xd5, 0x12, 0x91, 0xaf, 0x10, 0x01, 0x00, 0x00, +var fileDescriptor_9c4dbdba9a1559ee = []byte{ + // 251 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x28, 0x49, 0xcd, 0x49, + 0x2d, 0xc8, 0x2f, 0x2a, 0xd1, 0xcf, 0x49, 0x4d, 0x4f, 0x4c, 0xae, 0xd4, 0x4f, 0xce, 0xc9, 0x4c, + 0xcd, 0x2b, 0xd1, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x4f, 0x4e, 0x2d, 0x2a, 0x29, 0xd6, 0x03, + 0xb3, 0x85, 0x58, 0xc1, 0x94, 0x94, 0x48, 0x7a, 0x7e, 0x7a, 0x3e, 0x44, 0x16, 0xc4, 0x82, 0x48, + 0x2a, 0x9d, 0x64, 0xe4, 0x62, 0x75, 0x06, 0x29, 0x16, 0x52, 0xe6, 0x62, 0x0e, 0x0e, 0xf6, 0x90, + 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x71, 0x12, 0x7c, 0x75, 0x4f, 0x9e, 0xb7, 0xb8, 0x38, 0x43, 0x27, + 0x3f, 0x37, 0xb3, 0x24, 0x35, 0xb7, 0xa0, 0xa4, 0x32, 0x08, 0x24, 0x0b, 0x52, 0x14, 0xe2, 0x13, + 0x2c, 0xc1, 0x84, 0x50, 0x54, 0x92, 0x53, 0x8c, 0xac, 0x28, 0xc4, 0x27, 0x58, 0xc8, 0x8a, 0x8b, + 0x2b, 0xc4, 0x27, 0xd8, 0xd9, 0x11, 0x6c, 0xae, 0x04, 0xb3, 0x02, 0xb3, 0x06, 0x8f, 0x93, 0xd4, + 0xab, 0x7b, 0xf2, 0x62, 0x25, 0x39, 0xc5, 0xf1, 0xc9, 0x89, 0xf1, 0x60, 0xc7, 0x21, 0x69, 0x42, + 0x52, 0x0d, 0xd2, 0x1b, 0x1c, 0xec, 0x01, 0xd3, 0xcb, 0x82, 0xd0, 0x5b, 0x5c, 0x9c, 0x81, 0x55, + 0x2f, 0x42, 0xb5, 0x93, 0xcb, 0x89, 0x87, 0x72, 0x0c, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, + 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0x63, 0x94, 0x51, 0x7a, 0x66, 0x49, 0x46, 0x69, 0x92, 0x5e, 0x72, + 0x7e, 0xae, 0x7e, 0x7a, 0x51, 0x62, 0x59, 0x66, 0x49, 0x62, 0x49, 0x66, 0x7e, 0x5e, 0x62, 0x8e, + 0x3e, 0x3c, 0xf4, 0x12, 0x0b, 0x32, 0x51, 0x82, 0x2e, 0x89, 0x0d, 0x4c, 0x19, 0x03, 0x02, 0x00, + 0x00, 0xff, 0xff, 0x86, 0x6e, 0xe8, 0x40, 0x61, 0x01, 0x00, 0x00, } func (m *Certs) Marshal() (dAtA []byte, err error) { diff --git a/api/client/proto/joinservice.pb.go b/api/client/proto/joinservice.pb.go index 8a57332219eeb..dcf6fed6475d7 100644 --- a/api/client/proto/joinservice.pb.go +++ b/api/client/proto/joinservice.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: joinservice.proto +// source: teleport/legacy/client/proto/joinservice.proto package proto @@ -27,6 +27,7 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +// TODO(nklaassen): Document me. type RegisterUsingIAMMethodRequest struct { // RegisterUsingTokenRequest holds registration parameters common to all // join methods. @@ -44,7 +45,7 @@ func (m *RegisterUsingIAMMethodRequest) Reset() { *m = RegisterUsingIAMM func (m *RegisterUsingIAMMethodRequest) String() string { return proto.CompactTextString(m) } func (*RegisterUsingIAMMethodRequest) ProtoMessage() {} func (*RegisterUsingIAMMethodRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_eef71e659fffadc3, []int{0} + return fileDescriptor_d7e760ce923b836e, []int{0} } func (m *RegisterUsingIAMMethodRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -104,7 +105,7 @@ func (m *RegisterUsingIAMMethodResponse) Reset() { *m = RegisterUsingIAM func (m *RegisterUsingIAMMethodResponse) String() string { return proto.CompactTextString(m) } func (*RegisterUsingIAMMethodResponse) ProtoMessage() {} func (*RegisterUsingIAMMethodResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_eef71e659fffadc3, []int{1} + return fileDescriptor_d7e760ce923b836e, []int{1} } func (m *RegisterUsingIAMMethodResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -152,30 +153,33 @@ func init() { proto.RegisterType((*RegisterUsingIAMMethodResponse)(nil), "proto.RegisterUsingIAMMethodResponse") } -func init() { proto.RegisterFile("joinservice.proto", fileDescriptor_eef71e659fffadc3) } - -var fileDescriptor_eef71e659fffadc3 = []byte{ - // 306 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x50, 0xcd, 0x4a, 0xf3, 0x40, - 0x14, 0x65, 0x3e, 0xe8, 0x07, 0x9d, 0x74, 0xe3, 0x20, 0xa2, 0xa5, 0x86, 0x52, 0x14, 0xba, 0x4a, - 0x4a, 0x5d, 0xb8, 0x56, 0x57, 0x15, 0xba, 0x19, 0x75, 0x1d, 0xa6, 0xe9, 0x25, 0xbd, 0x1a, 0x67, - 0xe2, 0xdc, 0xdb, 0x62, 0xdf, 0xcb, 0x87, 0x70, 0xe9, 0x23, 0x48, 0x9f, 0x44, 0x9a, 0x09, 0x8a, - 0x60, 0x75, 0x33, 0x03, 0xe7, 0xef, 0x1e, 0x8e, 0xdc, 0xbb, 0x77, 0x68, 0x09, 0xfc, 0x0a, 0x73, - 0x48, 0x2a, 0xef, 0xd8, 0xa9, 0x56, 0xfd, 0x75, 0xa3, 0x1c, 0x3c, 0x53, 0xc0, 0xba, 0xe7, 0x05, - 0xf2, 0x62, 0x39, 0x4b, 0x72, 0xf7, 0x98, 0x16, 0xde, 0xac, 0x90, 0x0d, 0xa3, 0xb3, 0xa6, 0x4c, - 0x19, 0x4a, 0xa8, 0x9c, 0xe7, 0xd4, 0x54, 0x98, 0xf2, 0xba, 0x02, 0x0a, 0x6f, 0x30, 0x0e, 0x5e, - 0x84, 0x3c, 0xd6, 0x50, 0x20, 0x31, 0xf8, 0x3b, 0x42, 0x5b, 0x4c, 0x2e, 0xa6, 0x53, 0xe0, 0x85, - 0x9b, 0x6b, 0x78, 0x5a, 0x02, 0xb1, 0x32, 0xb2, 0xe7, 0x1b, 0x41, 0xb6, 0xdc, 0x2a, 0x32, 0x76, - 0x0f, 0x60, 0x33, 0x1f, 0xf8, 0x43, 0xd1, 0x17, 0xc3, 0x68, 0xdc, 0x4f, 0x42, 0xea, 0xb7, 0xac, - 0xdb, 0xad, 0xb0, 0xc9, 0xd1, 0x47, 0x7e, 0x17, 0xa5, 0x46, 0x72, 0x9f, 0x98, 0x32, 0x9c, 0x83, - 0x65, 0xe4, 0xf5, 0x67, 0xf4, 0xbf, 0xbe, 0x18, 0x76, 0xb4, 0x22, 0xa6, 0x49, 0x43, 0x35, 0x8e, - 0xc1, 0x4c, 0xc6, 0xbb, 0x5a, 0x53, 0xe5, 0x2c, 0x81, 0xea, 0xc9, 0x76, 0xbe, 0x30, 0x65, 0x09, - 0xb6, 0x80, 0xba, 0x63, 0x5b, 0x7f, 0x01, 0x6a, 0x20, 0x5b, 0xf5, 0x7c, 0xf5, 0x89, 0x68, 0xdc, - 0x09, 0x6b, 0x24, 0x57, 0x5b, 0x4c, 0x07, 0x6a, 0xfc, 0x2c, 0xa3, 0x6b, 0x87, 0xf6, 0x26, 0x8c, - 0xaf, 0x50, 0x1e, 0xfc, 0x7c, 0x52, 0x9d, 0x34, 0xee, 0x5f, 0x77, 0xec, 0x9e, 0xfe, 0xa1, 0x0a, - 0xbd, 0x87, 0x62, 0x24, 0x2e, 0x3b, 0xaf, 0x9b, 0x58, 0xbc, 0x6d, 0x62, 0xf1, 0xbe, 0x89, 0xc5, - 0xec, 0x7f, 0xed, 0x3b, 0xfb, 0x08, 0x00, 0x00, 0xff, 0xff, 0x2e, 0x96, 0x35, 0xae, 0x0b, 0x02, - 0x00, 0x00, +func init() { + proto.RegisterFile("teleport/legacy/client/proto/joinservice.proto", fileDescriptor_d7e760ce923b836e) +} + +var fileDescriptor_d7e760ce923b836e = []byte{ + // 330 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x52, 0xcd, 0x4a, 0xc3, 0x40, + 0x10, 0x66, 0x85, 0x0a, 0xdd, 0xf6, 0xb4, 0x88, 0x68, 0xa9, 0xa1, 0x16, 0x85, 0x9c, 0x92, 0x12, + 0x5f, 0xc0, 0x9f, 0x53, 0x85, 0x5e, 0xa2, 0x5e, 0xbc, 0x84, 0x6d, 0x3a, 0xa4, 0xa3, 0x71, 0x37, + 0xee, 0x4e, 0x8b, 0x7d, 0x2f, 0x1f, 0xc2, 0xa3, 0x8f, 0x20, 0x7d, 0x12, 0xe9, 0x6e, 0xa8, 0x54, + 0x6c, 0xbd, 0xec, 0xc0, 0x7c, 0x3f, 0x33, 0x7c, 0xb3, 0x3c, 0x22, 0x28, 0xa1, 0xd2, 0x86, 0xe2, + 0x12, 0x0a, 0x99, 0x2f, 0xe2, 0xbc, 0x44, 0x50, 0x14, 0x57, 0x46, 0x93, 0x8e, 0x9f, 0x34, 0x2a, + 0x0b, 0x66, 0x8e, 0x39, 0x44, 0xae, 0x23, 0x1a, 0xae, 0x74, 0xc2, 0x9d, 0xb2, 0x1c, 0x0c, 0x59, + 0x2f, 0xe8, 0x9c, 0xfe, 0x66, 0xd2, 0xa2, 0x02, 0xeb, 0x5f, 0x4f, 0xe9, 0xbf, 0x33, 0x7e, 0x92, + 0x42, 0x81, 0x96, 0xc0, 0x3c, 0x58, 0x54, 0xc5, 0xf0, 0x6a, 0x34, 0x02, 0x9a, 0xea, 0x49, 0x0a, + 0xaf, 0x33, 0xb0, 0x24, 0x24, 0xef, 0x9a, 0x9a, 0x90, 0xcd, 0x56, 0x8c, 0x8c, 0xf4, 0x33, 0xa8, + 0xcc, 0x78, 0xfc, 0x88, 0xf5, 0x58, 0xd8, 0x4a, 0x7a, 0x91, 0x77, 0xdd, 0xf0, 0xba, 0x5f, 0x11, + 0x6b, 0x9f, 0xf4, 0xd8, 0x6c, 0x83, 0xc4, 0x80, 0x1f, 0x58, 0xb2, 0x19, 0x4e, 0x40, 0x11, 0xd2, + 0x62, 0x6d, 0xbd, 0xd7, 0x63, 0x61, 0x3b, 0x15, 0x96, 0xec, 0xb0, 0x86, 0x6a, 0x45, 0x7f, 0xcc, + 0x83, 0x6d, 0x5b, 0xdb, 0x4a, 0x2b, 0x0b, 0xa2, 0xcb, 0x9b, 0xf9, 0x54, 0x96, 0x25, 0xa8, 0x02, + 0xdc, 0x8e, 0xcd, 0xf4, 0xa7, 0x21, 0xfa, 0xbc, 0xe1, 0x82, 0x72, 0x23, 0x5a, 0x49, 0xdb, 0xa7, + 0x11, 0xdd, 0xac, 0x7a, 0xa9, 0x87, 0x92, 0x37, 0xde, 0xba, 0xd5, 0xa8, 0xee, 0xfc, 0x0d, 0x04, + 0xf2, 0xc3, 0xbf, 0x47, 0x8a, 0xb3, 0x5a, 0xbd, 0x33, 0xc7, 0xce, 0xf9, 0x3f, 0x2c, 0xbf, 0x77, + 0xc8, 0x06, 0xec, 0xfa, 0xf2, 0x63, 0x19, 0xb0, 0xcf, 0x65, 0xc0, 0xbe, 0x96, 0x01, 0x7b, 0x4c, + 0x0a, 0xa4, 0xe9, 0x6c, 0x1c, 0xe5, 0xfa, 0x25, 0x2e, 0x8c, 0x9c, 0x23, 0x49, 0x42, 0xad, 0x64, + 0x19, 0xaf, 0xcf, 0x2b, 0x2b, 0xdc, 0xf8, 0x05, 0xe3, 0x7d, 0x57, 0x2e, 0xbe, 0x03, 0x00, 0x00, + 0xff, 0xff, 0x7d, 0x4d, 0xed, 0x8d, 0x63, 0x02, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -291,7 +295,7 @@ var _JoinService_serviceDesc = grpc.ServiceDesc{ ClientStreams: true, }, }, - Metadata: "joinservice.proto", + Metadata: "teleport/legacy/client/proto/joinservice.proto", } func (m *RegisterUsingIAMMethodRequest) Marshal() (dAtA []byte, err error) { diff --git a/api/client/proto/proxyservice.pb.go b/api/client/proto/proxyservice.pb.go index 913bafc1e3997..4b088e27d928d 100644 --- a/api/client/proto/proxyservice.pb.go +++ b/api/client/proto/proxyservice.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: proxyservice.proto +// source: teleport/legacy/client/proto/proxyservice.proto package proto @@ -44,7 +44,7 @@ func (m *Frame) Reset() { *m = Frame{} } func (m *Frame) String() string { return proto.CompactTextString(m) } func (*Frame) ProtoMessage() {} func (*Frame) Descriptor() ([]byte, []int) { - return fileDescriptor_05583632bd3d8a58, []int{0} + return fileDescriptor_b76fff22d4479739, []int{0} } func (m *Frame) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -150,7 +150,7 @@ func (m *DialRequest) Reset() { *m = DialRequest{} } func (m *DialRequest) String() string { return proto.CompactTextString(m) } func (*DialRequest) ProtoMessage() {} func (*DialRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_05583632bd3d8a58, []int{1} + return fileDescriptor_b76fff22d4479739, []int{1} } func (m *DialRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -222,7 +222,7 @@ func (m *NetAddr) Reset() { *m = NetAddr{} } func (m *NetAddr) String() string { return proto.CompactTextString(m) } func (*NetAddr) ProtoMessage() {} func (*NetAddr) Descriptor() ([]byte, []int) { - return fileDescriptor_05583632bd3d8a58, []int{2} + return fileDescriptor_b76fff22d4479739, []int{2} } func (m *NetAddr) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -277,7 +277,7 @@ func (m *Data) Reset() { *m = Data{} } func (m *Data) String() string { return proto.CompactTextString(m) } func (*Data) ProtoMessage() {} func (*Data) Descriptor() ([]byte, []int) { - return fileDescriptor_05583632bd3d8a58, []int{3} + return fileDescriptor_b76fff22d4479739, []int{3} } func (m *Data) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -324,7 +324,7 @@ func (m *ConnectionEstablished) Reset() { *m = ConnectionEstablished{} } func (m *ConnectionEstablished) String() string { return proto.CompactTextString(m) } func (*ConnectionEstablished) ProtoMessage() {} func (*ConnectionEstablished) Descriptor() ([]byte, []int) { - return fileDescriptor_05583632bd3d8a58, []int{4} + return fileDescriptor_b76fff22d4479739, []int{4} } func (m *ConnectionEstablished) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -361,35 +361,39 @@ func init() { proto.RegisterType((*ConnectionEstablished)(nil), "proto.ConnectionEstablished") } -func init() { proto.RegisterFile("proxyservice.proto", fileDescriptor_05583632bd3d8a58) } - -var fileDescriptor_05583632bd3d8a58 = []byte{ - // 400 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x52, 0xc1, 0x6e, 0xd3, 0x40, - 0x10, 0xcd, 0x42, 0x92, 0x92, 0x49, 0xc4, 0x61, 0x54, 0xc0, 0xaa, 0xaa, 0x00, 0x3e, 0xa0, 0x8a, - 0x83, 0x5d, 0x15, 0xa9, 0x48, 0xbd, 0x61, 0x0c, 0x0a, 0x07, 0x2a, 0xb4, 0xcd, 0x89, 0xdb, 0xc6, - 0x1e, 0xb9, 0x2b, 0x5c, 0xaf, 0xd9, 0x5d, 0x17, 0xfc, 0x7d, 0x5c, 0x38, 0x72, 0x47, 0x42, 0x28, - 0x9f, 0xc1, 0x09, 0x79, 0xbd, 0x15, 0xae, 0x14, 0x4e, 0x9e, 0xe7, 0xf7, 0xe6, 0xf9, 0xcd, 0x78, - 0x00, 0x6b, 0xad, 0xbe, 0xb6, 0x86, 0xf4, 0xb5, 0xcc, 0x28, 0xaa, 0xb5, 0xb2, 0x0a, 0x27, 0xee, - 0x71, 0xb0, 0x5f, 0xa8, 0x42, 0xb9, 0x32, 0xee, 0xaa, 0x9e, 0x0c, 0xbf, 0x31, 0x98, 0xbc, 0xd5, - 0xe2, 0x8a, 0xf0, 0x14, 0xe6, 0xa9, 0x14, 0x25, 0xa7, 0xcf, 0x0d, 0x19, 0x1b, 0xb0, 0x27, 0xec, - 0x68, 0x7e, 0x82, 0xbd, 0x2c, 0x1a, 0x30, 0xab, 0x11, 0x1f, 0x0a, 0x71, 0x0d, 0x0f, 0x5e, 0xab, - 0xaa, 0xa2, 0xcc, 0x4a, 0x55, 0xbd, 0x31, 0x56, 0x6c, 0x4a, 0x69, 0x2e, 0x29, 0x0f, 0xee, 0x38, - 0x87, 0x43, 0xef, 0xb0, 0x53, 0xb3, 0x1a, 0xf1, 0xdd, 0xcd, 0xf8, 0x14, 0xc6, 0xa9, 0xb0, 0x22, - 0xb8, 0xeb, 0x4c, 0xe6, 0x37, 0x31, 0x84, 0x15, 0xab, 0x11, 0x77, 0x54, 0x32, 0x83, 0xbd, 0xf7, - 0x64, 0x8c, 0x28, 0x28, 0xfc, 0xc9, 0x6e, 0x85, 0xc7, 0x87, 0x30, 0x3d, 0x57, 0x39, 0xbd, 0x4b, - 0xdd, 0x18, 0x33, 0xee, 0x11, 0x7e, 0x04, 0x58, 0x37, 0x55, 0x45, 0xe5, 0xba, 0xad, 0xc9, 0x05, - 0x9c, 0x25, 0x67, 0x7f, 0x7e, 0x3d, 0x3e, 0x2d, 0xa4, 0xbd, 0x6c, 0x36, 0x51, 0xa6, 0xae, 0xe2, - 0x42, 0x8b, 0x6b, 0x69, 0x45, 0x17, 0x48, 0x94, 0xb1, 0xa5, 0x92, 0x6a, 0xa5, 0x6d, 0x2c, 0x6a, - 0x19, 0xdb, 0xb6, 0x26, 0x13, 0xfd, 0x73, 0xe0, 0x03, 0x37, 0x7c, 0x06, 0xd3, 0x0b, 0xd5, 0xe8, - 0x8c, 0x7c, 0xe6, 0xfb, 0x3e, 0xf3, 0x39, 0xd9, 0x57, 0x79, 0xae, 0xb9, 0x67, 0xf1, 0x18, 0xe6, - 0x29, 0x19, 0x2b, 0x2b, 0xf7, 0x89, 0x60, 0xbc, 0x53, 0x3c, 0x94, 0x84, 0x2f, 0x61, 0xcf, 0xbf, - 0xc7, 0xc0, 0x95, 0x5f, 0x94, 0xfe, 0xe4, 0x27, 0xbb, 0x81, 0x88, 0x30, 0xee, 0x14, 0xfd, 0x50, - 0xdc, 0xd5, 0xe1, 0x61, 0xbf, 0x44, 0xdc, 0x87, 0x49, 0xd2, 0x5a, 0x32, 0xae, 0x67, 0xc1, 0x7b, - 0x10, 0x3e, 0xfa, 0xcf, 0x8f, 0x3b, 0x39, 0x83, 0xc5, 0x87, 0xee, 0x8c, 0x2e, 0xfa, 0x33, 0xc2, - 0xe7, 0x70, 0xaf, 0x5b, 0x6e, 0xb7, 0x43, 0x5c, 0xf8, 0xa0, 0xee, 0x66, 0x0e, 0x6e, 0xa1, 0x23, - 0x76, 0xcc, 0x92, 0xc5, 0xf7, 0xed, 0x92, 0xfd, 0xd8, 0x2e, 0xd9, 0xef, 0xed, 0x92, 0x6d, 0xa6, - 0x8e, 0x7e, 0xf1, 0x37, 0x00, 0x00, 0xff, 0xff, 0x24, 0x14, 0x9c, 0x65, 0x97, 0x02, 0x00, 0x00, +func init() { + proto.RegisterFile("teleport/legacy/client/proto/proxyservice.proto", fileDescriptor_b76fff22d4479739) +} + +var fileDescriptor_b76fff22d4479739 = []byte{ + // 422 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x52, 0x41, 0x6f, 0xd3, 0x30, + 0x14, 0xae, 0xa1, 0xed, 0xe8, 0x4b, 0xc5, 0xc1, 0x1a, 0x10, 0x4d, 0x53, 0x81, 0x1c, 0xd0, 0xc4, + 0x21, 0x99, 0x8a, 0x34, 0xa4, 0x9d, 0x20, 0x04, 0x54, 0x0e, 0x4c, 0xc8, 0xeb, 0x69, 0x37, 0x37, + 0x79, 0xca, 0x2c, 0xb2, 0x38, 0xd8, 0xce, 0x20, 0xbf, 0x8f, 0x0b, 0x47, 0xee, 0x48, 0x08, 0xf5, + 0x67, 0x70, 0x42, 0x71, 0x5c, 0x35, 0x95, 0x8a, 0xc4, 0x25, 0x7e, 0xcf, 0xef, 0x7b, 0x5f, 0xbe, + 0xf7, 0xf9, 0x41, 0x64, 0xb0, 0xc0, 0x4a, 0x2a, 0x13, 0x15, 0x98, 0xf3, 0xb4, 0x89, 0xd2, 0x42, + 0x60, 0x69, 0xa2, 0x4a, 0x49, 0x23, 0xdb, 0xef, 0xd7, 0x46, 0xa3, 0xba, 0x15, 0x29, 0x86, 0xf6, + 0x8a, 0x8e, 0xec, 0x71, 0x74, 0x98, 0xcb, 0x5c, 0x76, 0xa0, 0x36, 0xea, 0x8a, 0xc1, 0x37, 0x02, + 0xa3, 0x77, 0x8a, 0xdf, 0x20, 0x3d, 0x03, 0x2f, 0x11, 0xbc, 0x60, 0xf8, 0xb9, 0x46, 0x6d, 0x7c, + 0xf2, 0x84, 0x9c, 0x78, 0x73, 0xda, 0xc1, 0xc2, 0x5e, 0x65, 0x31, 0x60, 0x7d, 0x20, 0x5d, 0xc2, + 0x83, 0x37, 0xb2, 0x2c, 0x31, 0x35, 0x42, 0x96, 0x6f, 0xb5, 0xe1, 0xab, 0x42, 0xe8, 0x6b, 0xcc, + 0xfc, 0x3b, 0x96, 0xe1, 0xd8, 0x31, 0xec, 0xc5, 0x2c, 0x06, 0x6c, 0x7f, 0x33, 0x7d, 0x0a, 0xc3, + 0x84, 0x1b, 0xee, 0xdf, 0xb5, 0x24, 0xde, 0x46, 0x06, 0x37, 0x7c, 0x31, 0x60, 0xb6, 0x14, 0x4f, + 0xe0, 0xe0, 0x03, 0x6a, 0xcd, 0x73, 0x0c, 0x7e, 0x92, 0x1d, 0xf1, 0xf4, 0x21, 0x8c, 0x2f, 0x64, + 0x86, 0xef, 0x13, 0x3b, 0xc6, 0x84, 0xb9, 0x8c, 0x5e, 0x01, 0x2c, 0xeb, 0xb2, 0xc4, 0x62, 0xd9, + 0x54, 0x68, 0x05, 0x4e, 0xe2, 0xf3, 0x3f, 0xbf, 0x1e, 0x9f, 0xe5, 0xc2, 0x5c, 0xd7, 0xab, 0x30, + 0x95, 0x37, 0x51, 0xae, 0xf8, 0xad, 0x30, 0xbc, 0x15, 0xc4, 0x8b, 0xad, 0xd9, 0xbc, 0x12, 0x91, + 0x69, 0x2a, 0xd4, 0xe1, 0x96, 0x81, 0xf5, 0xd8, 0xe8, 0x33, 0x18, 0x5f, 0xca, 0x5a, 0xa5, 0xe8, + 0x34, 0xdf, 0x77, 0x9a, 0x2f, 0xd0, 0xbc, 0xce, 0x32, 0xc5, 0x5c, 0x95, 0x9e, 0x82, 0x97, 0xa0, + 0x36, 0xa2, 0xb4, 0xbf, 0xf0, 0x87, 0x7b, 0xc1, 0x7d, 0x48, 0xf0, 0x12, 0x0e, 0xdc, 0x3d, 0xf5, + 0x6d, 0xf8, 0x45, 0xaa, 0x4f, 0x6e, 0xb2, 0x4d, 0x4a, 0x29, 0x0c, 0x5b, 0x44, 0x37, 0x14, 0xb3, + 0x71, 0x70, 0xdc, 0x99, 0x48, 0x0f, 0x61, 0x14, 0x37, 0x06, 0xb5, 0xed, 0x99, 0xb2, 0x2e, 0x09, + 0x1e, 0xfd, 0xe3, 0xe1, 0xe6, 0xe7, 0x30, 0xfd, 0xd8, 0xae, 0xd1, 0x65, 0xb7, 0x46, 0xf4, 0x39, + 0xdc, 0x6b, 0xcd, 0x6d, 0x3d, 0xa4, 0x53, 0x27, 0xd4, 0xee, 0xcc, 0xd1, 0x4e, 0x76, 0x42, 0x4e, + 0x49, 0xfc, 0xea, 0xfb, 0x7a, 0x46, 0x7e, 0xac, 0x67, 0xe4, 0xf7, 0x7a, 0x46, 0xae, 0xe6, 0xff, + 0xe7, 0x6b, 0x7f, 0x83, 0x57, 0x63, 0x7b, 0xbc, 0xf8, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xe0, 0x08, + 0x45, 0x85, 0xe8, 0x02, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -503,7 +507,7 @@ var _ProxyService_serviceDesc = grpc.ServiceDesc{ ClientStreams: true, }, }, - Metadata: "proxyservice.proto", + Metadata: "teleport/legacy/client/proto/proxyservice.proto", } func (m *Frame) Marshal() (dAtA []byte, err error) { diff --git a/api/client/proto/types.go b/api/client/proto/types.go index 9e1b789474628..4ceed66177e24 100644 --- a/api/client/proto/types.go +++ b/api/client/proto/types.go @@ -90,3 +90,25 @@ func (req *ListResourcesRequest) CheckAndSetDefaults() error { func (req *ListResourcesRequest) RequiresFakePagination() bool { return req.SortBy.Field != "" || req.NeedTotalCount || req.ResourceType == types.KindKubernetesCluster } + +// UpstreamInventoryMessage is a sealed interface representing the possible +// upstream messages of the inventory control stream after the initial hello. +type UpstreamInventoryMessage interface { + sealedUpstreamInventoryMessage() +} + +func (h UpstreamInventoryHello) sealedUpstreamInventoryMessage() {} + +func (h InventoryHeartbeat) sealedUpstreamInventoryMessage() {} + +func (p UpstreamInventoryPong) sealedUpstreamInventoryMessage() {} + +// DownstreamInventoryMessage is a sealed interface representing the possible +// downstream messages of the inventory controls sream after initial hello. +type DownstreamInventoryMessage interface { + sealedDownstreamInventoryMessage() +} + +func (h DownstreamInventoryHello) sealedDownstreamInventoryMessage() {} + +func (p DownstreamInventoryPing) sealedDownstreamInventoryMessage() {} diff --git a/api/client/proxy.go b/api/client/proxy.go index e6c61164ffbff..c0b92c550a912 100644 --- a/api/client/proxy.go +++ b/api/client/proxy.go @@ -19,6 +19,7 @@ package client import ( "bufio" "context" + "encoding/base64" "net" "net/http" "net/url" @@ -28,23 +29,37 @@ import ( ) // DialProxy creates a connection to a server via an HTTP Proxy. -func DialProxy(ctx context.Context, proxyAddr, addr string) (net.Conn, error) { - return DialProxyWithDialer(ctx, proxyAddr, addr, &net.Dialer{}) +func DialProxy(ctx context.Context, proxyURL *url.URL, addr string) (net.Conn, error) { + return DialProxyWithDialer(ctx, proxyURL, addr, &net.Dialer{}) } // DialProxyWithDialer creates a connection to a server via an HTTP Proxy using a specified dialer. -func DialProxyWithDialer(ctx context.Context, proxyAddr, addr string, dialer ContextDialer) (net.Conn, error) { - conn, err := dialer.DialContext(ctx, "tcp", proxyAddr) +func DialProxyWithDialer(ctx context.Context, proxyURL *url.URL, addr string, dialer ContextDialer) (net.Conn, error) { + if proxyURL == nil { + return nil, trace.BadParameter("missing proxy url") + } + conn, err := dialer.DialContext(ctx, "tcp", proxyURL.Host) if err != nil { - log.Warnf("Unable to dial to proxy: %v: %v.", proxyAddr, err) + log.Warnf("Unable to dial to proxy: %v: %v.", proxyURL.Host, err) return nil, trace.ConvertSystemError(err) } + header := make(http.Header) + if proxyURL.User != nil { + // dont use User.String() because it performs url encoding (rfc 1738), + // which we don't want in our header + password, _ := proxyURL.User.Password() + // empty user/pass is permitted by the spec. The minimum required is a single colon. + // see: https://datatracker.ietf.org/doc/html/rfc1945#section-11 + creds := proxyURL.User.Username() + ":" + password + basicAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)) + header.Add("Proxy-Authorization", basicAuth) + } connectReq := &http.Request{ Method: http.MethodConnect, URL: &url.URL{Opaque: addr}, Host: addr, - Header: make(http.Header), + Header: header, } if err := connectReq.Write(conn); err != nil { diff --git a/api/client/proxy/proxy.go b/api/client/proxy/proxy.go index 017833ac37108..7b95b3ba8a4df 100644 --- a/api/client/proxy/proxy.go +++ b/api/client/proxy/proxy.go @@ -25,8 +25,8 @@ import ( "golang.org/x/net/http/httpproxy" ) -// GetProxyAddress gets the HTTP proxy address to use for a given address, if any. -func GetProxyAddress(dialAddr string) *url.URL { +// GetProxyURL gets the HTTP proxy address to use for a given address, if any. +func GetProxyURL(dialAddr string) *url.URL { addrURL, err := parse(dialAddr) if err != nil || addrURL == nil { return nil diff --git a/api/client/proxy/proxy_test.go b/api/client/proxy/proxy_test.go index 89d30b077e242..633ce6d0c74d2 100644 --- a/api/client/proxy/proxy_test.go +++ b/api/client/proxy/proxy_test.go @@ -21,8 +21,10 @@ import ( "fmt" "net/http" "net/url" + "strings" "testing" + "github.com/gravitational/trace" "github.com/stretchr/testify/require" "golang.org/x/net/http/httpproxy" ) @@ -106,20 +108,69 @@ func TestGetProxyAddress(t *testing.T) { }, } + // used to augment test cases with auth credentials + authTests := []struct { + info string + user string + password string + }{ + {info: "no credentials", user: "", password: ""}, + {info: "plain password", user: "alice", password: "password"}, + {info: "special characters in password", user: "alice", password: " !@#$%^&*()_+-=[]{};:,.<>/?`~\"\\ abc123"}, + } + for i, tt := range tests { - t.Run(fmt.Sprintf("%v: %v", i, tt.info), func(t *testing.T) { - for _, env := range tt.env { - t.Setenv(env.name, env.val) - } - p := GetProxyAddress(tt.targetAddr) - if tt.proxyAddr == "" { - require.Nil(t, p) - } else { + for j, authTest := range authTests { + t.Run(fmt.Sprintf("%v %v: %v with %v", i, j, tt.info, authTest.info), func(t *testing.T) { + for _, env := range tt.env { + switch strings.ToLower(env.name) { + case "http_proxy", "https_proxy": + // add auth test credentials into http(s)_proxy env vars + val, err := buildProxyAddr(env.val, authTest.user, authTest.password) + require.NoError(t, err) + t.Setenv(env.name, val) + case "no_proxy": + t.Setenv(env.name, env.val) + } + } + p := GetProxyURL(tt.targetAddr) + + // is a proxy expected? + if tt.proxyAddr == "" { + require.Nil(t, p) + return + } require.NotNil(t, p) require.Equal(t, tt.proxyAddr, p.Host) - } - }) + + // are auth credentials expected? + if authTest.user == "" && authTest.password == "" { + require.Nil(t, p.User) + return + } + require.NotNil(t, p.User) + require.Equal(t, authTest.user, p.User.Username()) + password, _ := p.User.Password() + require.Equal(t, authTest.password, password) + }) + } + } +} + +func buildProxyAddr(addr, user, pass string) (string, error) { + if user == "" && pass == "" { + return addr, nil + } + userInfo := url.UserPassword(user, pass) + if strings.HasPrefix(addr, "http") { + u, err := url.Parse(addr) + if err != nil { + return "", trace.Wrap(err) + } + u.User = userInfo + return u.String(), nil } + return fmt.Sprintf("%v@%v", userInfo.String(), addr), nil } func TestProxyAwareRoundTripper(t *testing.T) { diff --git a/api/client/sessions.go b/api/client/sessions.go index 16273fdbb851c..230ae6b48df27 100644 --- a/api/client/sessions.go +++ b/api/client/sessions.go @@ -24,7 +24,7 @@ import ( "github.com/gravitational/trace" "github.com/gravitational/trace/trail" - "github.com/golang/protobuf/ptypes/empty" + "google.golang.org/protobuf/types/known/emptypb" ) // GetWebSession returns the web session for the specified request. @@ -49,7 +49,7 @@ func (r *webSessions) Get(ctx context.Context, req types.GetWebSessionRequest) ( // List returns the list of all web sessions func (r *webSessions) List(ctx context.Context) ([]types.WebSession, error) { - resp, err := r.c.grpc.GetWebSessions(ctx, &empty.Empty{}, r.c.callOpts...) + resp, err := r.c.grpc.GetWebSessions(ctx, &emptypb.Empty{}, r.c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -76,7 +76,7 @@ func (r *webSessions) Delete(ctx context.Context, req types.DeleteWebSessionRequ // DeleteAll deletes all web sessions func (r *webSessions) DeleteAll(ctx context.Context) error { - _, err := r.c.grpc.DeleteAllWebSessions(ctx, &empty.Empty{}, r.c.callOpts...) + _, err := r.c.grpc.DeleteAllWebSessions(ctx, &emptypb.Empty{}, r.c.callOpts...) if err != nil { return trail.FromGRPC(err) } @@ -109,7 +109,7 @@ func (r *webTokens) Get(ctx context.Context, req types.GetWebTokenRequest) (type // List returns the list of all web tokens func (r *webTokens) List(ctx context.Context) ([]types.WebToken, error) { - resp, err := r.c.grpc.GetWebTokens(ctx, &empty.Empty{}, r.c.callOpts...) + resp, err := r.c.grpc.GetWebTokens(ctx, &emptypb.Empty{}, r.c.callOpts...) if err != nil { return nil, trail.FromGRPC(err) } @@ -136,7 +136,7 @@ func (r *webTokens) Delete(ctx context.Context, req types.DeleteWebTokenRequest) // DeleteAll deletes all web tokens func (r *webTokens) DeleteAll(ctx context.Context) error { - _, err := r.c.grpc.DeleteAllWebTokens(ctx, &empty.Empty{}, r.c.callOpts...) + _, err := r.c.grpc.DeleteAllWebTokens(ctx, &emptypb.Empty{}, r.c.callOpts...) if err != nil { return trail.FromGRPC(err) } diff --git a/api/client/webclient/webclient.go b/api/client/webclient/webclient.go index 8dca8ca0473e9..92cf5d9cbd325 100644 --- a/api/client/webclient/webclient.go +++ b/api/client/webclient/webclient.go @@ -35,6 +35,7 @@ import ( "github.com/gravitational/teleport/api/client/proxy" "github.com/gravitational/teleport/api/constants" "github.com/gravitational/teleport/api/defaults" + "github.com/gravitational/teleport/api/observability/tracing" "github.com/gravitational/teleport/api/utils" "github.com/gravitational/trace" @@ -94,8 +95,11 @@ func newWebClient(cfg *Config) (*http.Client, error) { }, } return &http.Client{ - Transport: otelhttp.NewTransport(proxy.NewHTTPFallbackRoundTripper(&transport, cfg.Insecure)), - Timeout: cfg.Timeout, + Transport: otelhttp.NewTransport( + proxy.NewHTTPFallbackRoundTripper(&transport, cfg.Insecure), + otelhttp.WithSpanNameFormatter(tracing.HTTPTransportFormatter), + ), + Timeout: cfg.Timeout, }, nil } @@ -205,7 +209,7 @@ func Ping(cfg *Config) (*PingResponse, error) { } pr := &PingResponse{} if err := json.NewDecoder(resp.Body).Decode(pr); err != nil { - return nil, trace.Wrap(err) + return nil, trace.Wrap(err, "cannot parse server response; is %q a Teleport server?", "https://"+cfg.ProxyAddr) } return pr, nil diff --git a/api/constants/constants.go b/api/constants/constants.go index 65ef473e00d73..a0c369f6d0de7 100644 --- a/api/constants/constants.go +++ b/api/constants/constants.go @@ -17,6 +17,12 @@ limitations under the License. // Package constants defines Teleport-specific constants package constants +import ( + "encoding/json" + + "github.com/gravitational/trace" +) + const ( // DefaultImplicitRole is implicit role that gets added to all service.RoleSet // objects. @@ -120,6 +126,13 @@ const ( // AWSConsoleURL is the URL of AWS management console. AWSConsoleURL = "https://console.aws.amazon.com" + // AWSUSGovConsoleURL is the URL of AWS management console for AWS GovCloud + // (US) Partition. + AWSUSGovConsoleURL = "https://console.amazonaws-us-gov.com" + // AWSCNConsoleURL is the URL of AWS management console for AWS China + // Partition. + AWSCNConsoleURL = "https://console.amazonaws.cn" + // AWSAccountIDLabel is the key of the label containing AWS account ID. AWSAccountIDLabel = "aws_account_id" @@ -131,6 +144,9 @@ const ( // DatabaseCAMinVersion is the minimum Teleport version that supports Database Certificate Authority. DatabaseCAMinVersion = "10.0.0" + + // SSHRSAType is the string which specifies an "ssh-rsa" formatted keypair + SSHRSAType = "ssh-rsa" ) // SystemConnectors lists the names of the system-reserved connectors. @@ -163,6 +179,48 @@ const ( SecondFactorOptional = SecondFactorType("optional") ) +// UnmarshalYAML supports parsing off|on into string on SecondFactorType. +func (sft *SecondFactorType) UnmarshalYAML(unmarshal func(interface{}) error) error { + var tmp interface{} + if err := unmarshal(&tmp); err != nil { + return err + } + switch v := tmp.(type) { + case string: + *sft = SecondFactorType(v) + case bool: + if v { + *sft = SecondFactorOn + } else { + *sft = SecondFactorOff + } + default: + return trace.BadParameter("SecondFactorType invalid type %T", v) + } + return nil +} + +// UnmarshalJSON supports parsing off|on into string on SecondFactorType. +func (sft *SecondFactorType) UnmarshalJSON(data []byte) error { + var tmp interface{} + if err := json.Unmarshal(data, &tmp); err != nil { + return err + } + switch v := tmp.(type) { + case string: + *sft = SecondFactorType(v) + case bool: + if v { + *sft = SecondFactorOn + } else { + *sft = SecondFactorOff + } + default: + return trace.BadParameter("SecondFactorType invalid type %T", v) + } + return nil +} + // LockingMode determines how a (possibly stale) set of locks should be applied // to an interaction. type LockingMode string @@ -239,3 +297,43 @@ const ( // session recording fails. SessionRecordingModeBestEffort = SessionRecordingMode("best_effort") ) + +// Constants for Traits +const ( + // TraitLogins is the name of the role variable used to store + // allowed logins. + TraitLogins = "logins" + + // TraitWindowsLogins is the name of the role variable used + // to store allowed Windows logins. + TraitWindowsLogins = "windows_logins" + + // TraitKubeGroups is the name the role variable used to store + // allowed kubernetes groups + TraitKubeGroups = "kubernetes_groups" + + // TraitKubeUsers is the name the role variable used to store + // allowed kubernetes users + TraitKubeUsers = "kubernetes_users" + + // TraitDBNames is the name of the role variable used to store + // allowed database names. + TraitDBNames = "db_names" + + // TraitDBUsers is the name of the role variable used to store + // allowed database users. + TraitDBUsers = "db_users" + + // TraitAWSRoleARNs is the name of the role variable used to store + // allowed AWS role ARNs. + TraitAWSRoleARNs = "aws_role_arns" +) + +// Constants for AWS discovery +const ( + AWSServiceTypeEC2 = "ec2" +) + +// SupportedAWSDiscoveryServices is list of AWS services currently +// supported by the Teleport discovery service +var SupportedAWSDiscoveryServices = []string{AWSServiceTypeEC2} diff --git a/api/go.mod b/api/go.mod index 084ea4a210b71..6c6227d13e978 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,10 +1,9 @@ module github.com/gravitational/teleport/api -go 1.15 +go 1.18 require ( github.com/gogo/protobuf v1.3.2 - github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.7 github.com/gravitational/trace v1.1.17 github.com/jonboulle/clockwork v0.2.2 @@ -16,9 +15,34 @@ require ( go.opentelemetry.io/otel v1.7.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0 + go.opentelemetry.io/otel/sdk v1.7.0 go.opentelemetry.io/otel/trace v1.7.0 + go.opentelemetry.io/proto/otlp v0.16.0 golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd - google.golang.org/grpc v1.46.0 + google.golang.org/grpc v1.49.0 + google.golang.org/protobuf v1.28.0 gopkg.in/yaml.v2 v2.4.0 ) + +require ( + github.com/beevik/etree v1.1.0 // indirect + github.com/cenkalti/backoff/v4 v4.1.3 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/felixge/httpsnoop v1.0.2 // indirect + github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect + github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/russellhaering/goxmldsig v1.1.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0 // indirect + go.opentelemetry.io/otel/metric v0.28.0 // indirect + golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect + golang.org/x/text v0.3.7 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1 // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect +) diff --git a/api/go.sum b/api/go.sum index c9c51f5c5349c..f158c4a5b6c2b 100644 --- a/api/go.sum +++ b/api/go.sum @@ -138,7 +138,6 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gravitational/trace v1.1.17 h1:BkF30oLm1aKMZ5SPVbnlVbYtYEsG26zHxA4dJ+Z46dM= github.com/gravitational/trace v1.1.17/go.mod h1:n0ijrq6psJY0sOI/NzLp+xdd8xl79jjwzVOFHDY6+kQ= -github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= @@ -250,7 +249,6 @@ golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -260,7 +258,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -404,7 +401,6 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -484,8 +480,9 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/api/identityfile/identityfile.go b/api/identityfile/identityfile.go index d69d045830684..261e7f43d9384 100644 --- a/api/identityfile/identityfile.go +++ b/api/identityfile/identityfile.go @@ -28,6 +28,7 @@ import ( "strings" "github.com/gravitational/teleport/api/utils/keypaths" + "github.com/gravitational/teleport/api/utils/keys" "github.com/gravitational/teleport/api/utils/sshutils" "github.com/gravitational/trace" @@ -36,12 +37,20 @@ import ( const ( // FilePermissions defines file permissions for identity files. + // + // Specifically, for postgres, this must be 0600 or 0640 (choosing 0600 as it's more restrictive) + // https://www.postgresql.org/docs/current/libpq-ssl.html + // On Unix systems, the permissions on the private key file must disallow any access to world or group; + // achieve this by a command such as chmod 0600 ~/.postgresql/postgresql.key. + // Alternatively, the file can be owned by root and have group read access (that is, 0640 permissions). + // + // Other services should accept 0600 as well, if not, we must change the Write function (in `lib/client/identityfile/identity.go`) FilePermissions = 0600 ) // IdentityFile represents the basic components of an identity file. type IdentityFile struct { - // PrivateKey is a PEM encoded key. + // PrivateKey is PEM encoded private key data. PrivateKey []byte // Certs contains PEM encoded certificates. Certs Certs @@ -67,7 +76,7 @@ type CACerts struct { // TLSConfig returns the identity file's associated TLSConfig. func (i *IdentityFile) TLSConfig() (*tls.Config, error) { - cert, err := tls.X509KeyPair(i.Certs.TLS, i.PrivateKey) + cert, err := keys.X509KeyPair(i.Certs.TLS, i.PrivateKey) if err != nil { return nil, trace.Wrap(err) } @@ -87,7 +96,17 @@ func (i *IdentityFile) TLSConfig() (*tls.Config, error) { // SSHClientConfig returns the identity file's associated SSHClientConfig. func (i *IdentityFile) SSHClientConfig() (*ssh.ClientConfig, error) { - ssh, err := sshutils.ProxyClientSSHConfig(i.Certs.SSH, i.PrivateKey, i.CACerts.SSH) + sshCert, err := sshutils.ParseCertificate(i.Certs.SSH) + if err != nil { + return nil, trace.Wrap(err) + } + + priv, err := keys.ParsePrivateKey(i.PrivateKey) + if err != nil { + return nil, trace.Wrap(err) + } + + ssh, err := sshutils.ProxyClientSSHConfig(sshCert, priv, i.CACerts.SSH...) if err != nil { return nil, trace.Wrap(err) } diff --git a/api/observability/tracing/client.go b/api/observability/tracing/client.go index acc3bd3b1f30e..9d778ff47b43d 100644 --- a/api/observability/tracing/client.go +++ b/api/observability/tracing/client.go @@ -15,9 +15,13 @@ package tracing import ( + "context" + "sync/atomic" + "github.com/gravitational/trace" "go.opentelemetry.io/otel/exporters/otlp/otlptrace" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" + otlp "go.opentelemetry.io/proto/otlp/trace/v1" "google.golang.org/grpc" ) @@ -25,9 +29,18 @@ import ( // close the underlying grpc.ClientConn. When an otlpgrpc.Client is constructed with // the WithGRPCConn option, it is up to the caller to close the provided grpc.ClientConn. // As such, we wrap and implement io.Closer to allow users to have a way to close the connection. +// +// In the event the client receives a trace.NotImplemented error when uploading spans, it will prevent +// any future spans from being sent. The server receiving the span is not going to change for the life +// of the grpc.ClientConn. In an effort to reduce wasted bandwidth, the client merely drops any spans in +// that case and returns nil. type Client struct { otlptrace.Client conn *grpc.ClientConn + + // notImplementedFlag is set to indicate that the server does + // accept traces. + notImplementedFlag int32 } // NewClient returns a new Client that uses the provided grpc.ClientConn to @@ -39,6 +52,20 @@ func NewClient(conn *grpc.ClientConn) *Client { } } +func (c *Client) UploadTraces(ctx context.Context, protoSpans []*otlp.ResourceSpans) error { + if len(protoSpans) == 0 || atomic.LoadInt32(&c.notImplementedFlag) == 1 { + return nil + } + + err := c.Client.UploadTraces(ctx, protoSpans) + if err != nil && trace.IsNotImplemented(err) { + atomic.StoreInt32(&c.notImplementedFlag, 1) + return nil + } + + return trace.Wrap(err) +} + // Close closes the underlying grpc.ClientConn. This is required since when // using otlptracegrpc.WithGRPCConn the otlptrace.Client does not // close the connection when Shutdown is called. diff --git a/api/observability/tracing/client_test.go b/api/observability/tracing/client_test.go new file mode 100644 index 0000000000000..b7a73d8eeb5c2 --- /dev/null +++ b/api/observability/tracing/client_test.go @@ -0,0 +1,109 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tracing + +import ( + "context" + "testing" + + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" + "go.opentelemetry.io/otel/exporters/otlp/otlptrace" + otlp "go.opentelemetry.io/proto/otlp/trace/v1" +) + +var _ otlptrace.Client = (*mockClient)(nil) + +type mockClient struct { + uploadError error + spans []*otlp.ResourceSpans +} + +func (m mockClient) Start(ctx context.Context) error { + return nil +} + +func (m mockClient) Stop(ctx context.Context) error { + return nil +} + +func (m *mockClient) UploadTraces(ctx context.Context, protoSpans []*otlp.ResourceSpans) error { + m.spans = append(m.spans, protoSpans...) + return m.uploadError +} + +func TestUploadTraces(t *testing.T) { + const ( + spanCount = 10 + uploadCount = 5 + ) + + cases := []struct { + name string + client mockClient + spans []*otlp.ResourceSpans + errorAssertion require.ErrorAssertionFunc + spanAssertion require.ValueAssertionFunc + }{ + { + name: "no spans to upload", + spans: make([]*otlp.ResourceSpans, 0, spanCount), + errorAssertion: require.NoError, + spanAssertion: require.Empty, + }, + { + name: "successfully uploads spans", + spans: make([]*otlp.ResourceSpans, spanCount), + errorAssertion: require.NoError, + spanAssertion: func(t require.TestingT, i interface{}, i2 ...interface{}) { + require.NotEmpty(t, i, i2...) + require.Len(t, i, spanCount*uploadCount, i2...) + }, + }, + { + name: "error uploading spans", + spans: make([]*otlp.ResourceSpans, spanCount), + client: mockClient{uploadError: trace.ConnectionProblem(nil, "test")}, + errorAssertion: require.Error, + spanAssertion: func(t require.TestingT, i interface{}, i2 ...interface{}) { + require.NotEmpty(t, i, i2...) + require.Len(t, i, spanCount*uploadCount, i2...) + }, + }, + { + name: "not implemented", + spans: make([]*otlp.ResourceSpans, spanCount), + client: mockClient{uploadError: trace.NotImplemented("test")}, + errorAssertion: require.NoError, + spanAssertion: func(t require.TestingT, i interface{}, i2 ...interface{}) { + require.NotEmpty(t, i, i2...) + require.Len(t, i, spanCount, i2...) + }, + }, + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + client := &Client{ + Client: &tt.client, + } + + for i := 0; i < uploadCount; i++ { + tt.errorAssertion(t, client.UploadTraces(context.Background(), tt.spans)) + } + tt.spanAssertion(t, tt.client.spans) + }) + } +} diff --git a/api/observability/tracing/option.go b/api/observability/tracing/option.go new file mode 100644 index 0000000000000..5b48637f5ab21 --- /dev/null +++ b/api/observability/tracing/option.go @@ -0,0 +1,73 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tracing + +import ( + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/propagation" + oteltrace "go.opentelemetry.io/otel/trace" +) + +// Option applies an option value for a Config. +type Option interface { + apply(*Config) +} + +// Config stores tracing related properties to customize +// creating Tracers and extracting TraceContext +type Config struct { + TracerProvider oteltrace.TracerProvider + TextMapPropagator propagation.TextMapPropagator +} + +// NewConfig returns a Config configured with all the passed Option. +func NewConfig(opts []Option) *Config { + c := &Config{ + TracerProvider: otel.GetTracerProvider(), + TextMapPropagator: otel.GetTextMapPropagator(), + } + for _, o := range opts { + o.apply(c) + } + return c +} + +type tracerProviderOption struct{ tp oteltrace.TracerProvider } + +func (o tracerProviderOption) apply(c *Config) { + if o.tp != nil { + c.TracerProvider = o.tp + } +} + +// WithTracerProvider returns an Option to use the trace.TracerProvider when +// creating a trace.Tracer. +func WithTracerProvider(tp oteltrace.TracerProvider) Option { + return tracerProviderOption{tp: tp} +} + +type propagatorOption struct{ p propagation.TextMapPropagator } + +func (o propagatorOption) apply(c *Config) { + if o.p != nil { + c.TextMapPropagator = o.p + } +} + +// WithTextMapPropagator returns an Option to use the propagation.TextMapPropagator when extracting +// and injecting trace context. +func WithTextMapPropagator(p propagation.TextMapPropagator) Option { + return propagatorOption{p: p} +} diff --git a/api/observability/tracing/ssh/channel.go b/api/observability/tracing/ssh/channel.go new file mode 100644 index 0000000000000..22691bb05dc51 --- /dev/null +++ b/api/observability/tracing/ssh/channel.go @@ -0,0 +1,106 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "context" + "encoding/json" + "fmt" + + "go.opentelemetry.io/otel/codes" + semconv "go.opentelemetry.io/otel/semconv/v1.10.0" + oteltrace "go.opentelemetry.io/otel/trace" + "golang.org/x/crypto/ssh" + + "github.com/gravitational/teleport/api/observability/tracing" +) + +// Channel is a wrapper around ssh.Channel that adds tracing support. +type Channel struct { + ssh.Channel + tracingSupported tracingCapability + opts []tracing.Option +} + +// NewTraceChannel creates a new Channel. +func NewTraceChannel(ch ssh.Channel, opts ...tracing.Option) *Channel { + return &Channel{ + Channel: ch, + opts: opts, + } +} + +// SendRequest sends a global request, and returns the +// reply. If tracing is enabled, the provided payload +// is wrapped in an Envelope to forward any tracing context. +func (c *Channel) SendRequest(ctx context.Context, name string, wantReply bool, payload []byte) (bool, error) { + config := tracing.NewConfig(c.opts) + tracer := config.TracerProvider.Tracer(instrumentationName) + + ctx, span := tracer.Start( + ctx, + fmt.Sprintf("ssh.ChannelRequest/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Channel"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + ok, err := c.Channel.SendRequest(name, wantReply, wrapPayload(ctx, c.tracingSupported, config.TextMapPropagator, payload)) + if err != nil { + span.SetStatus(codes.Error, err.Error()) + span.RecordError(err) + } + + return ok, err +} + +// NewChannel is a wrapper around ssh.NewChannel that allows an +// Envelope to be provided to new channels. +type NewChannel struct { + ssh.NewChannel + Envelope Envelope +} + +// NewTraceNewChannel wraps the ssh.NewChannel in a new NewChannel +// +// The provided ssh.NewChannel will have any Envelope provided +// via ExtraData extracted so that the original payload can be +// provided to callers of NewCh.ExtraData. +func NewTraceNewChannel(nch ssh.NewChannel) *NewChannel { + ch := &NewChannel{ + NewChannel: nch, + } + + data := nch.ExtraData() + + var envelope Envelope + if err := json.Unmarshal(data, &envelope); err == nil { + ch.Envelope = envelope + } else { + ch.Envelope.Payload = data + } + + return ch +} + +// ExtraData returns the arbitrary payload for this channel, as supplied +// by the client. This data is specific to the channel type. +func (n NewChannel) ExtraData() []byte { + return n.Envelope.Payload +} diff --git a/api/observability/tracing/ssh/client.go b/api/observability/tracing/ssh/client.go new file mode 100644 index 0000000000000..5e6906cdf92f0 --- /dev/null +++ b/api/observability/tracing/ssh/client.go @@ -0,0 +1,426 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "context" + "errors" + "fmt" + "net" + "sync" + + "github.com/gravitational/trace" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + semconv "go.opentelemetry.io/otel/semconv/v1.10.0" + oteltrace "go.opentelemetry.io/otel/trace" + "golang.org/x/crypto/ssh" + + "github.com/gravitational/teleport/api/observability/tracing" +) + +// Client is a wrapper around ssh.Client that adds tracing support. +type Client struct { + *ssh.Client + opts []tracing.Option + + // mu protects capability and rejectedError which may change based + // on the outcome probing the server for tracing capabilities that + // may occur trying to establish a session + mu sync.RWMutex + capability tracingCapability + rejectedError error +} + +type tracingCapability int + +const ( + tracingUnknown tracingCapability = iota + tracingUnsupported + tracingSupported +) + +// NewClient creates a new Client. +// +// The server being connected to is probed to determine if it supports +// ssh tracing. This is done by attempting to open a TracingChannel channel. +// If the channel is successfully opened then all payloads delivered to the +// server will be wrapped in an Envelope with tracing context. All Session +// and Channel created from the returned Client will honor the clients view +// of whether they should provide tracing context. +func NewClient(c ssh.Conn, chans <-chan ssh.NewChannel, reqs <-chan *ssh.Request, opts ...tracing.Option) *Client { + clt := &Client{ + Client: ssh.NewClient(c, chans, reqs), + opts: opts, + } + + clt.capability, clt.rejectedError = isTracingSupported(clt.Client) + + return clt +} + +// isTracingSupported determines whether the ssh server supports +// tracing payloads by trying to open a TracingChannel. +// +// Note: a channel is used instead of a global request in order prevent blocking +// forever in the event that the connection is rejected. In that case, the server +// doesn't service any global requests and writes the error to the first opened +// channel. +func isTracingSupported(clt *ssh.Client) (tracingCapability, error) { + ch, _, err := clt.OpenChannel(TracingChannel, nil) + if err != nil { + var openError *ssh.OpenChannelError + // prohibited errors due to locks and session control are expected by callers of NewSession + if errors.As(err, &openError) { + switch openError.Reason { + case ssh.Prohibited: + return tracingUnknown, err + case ssh.UnknownChannelType: + return tracingUnsupported, nil + } + } + + return tracingUnknown, nil + } + + _ = ch.Close() + return tracingSupported, nil +} + +// DialContext initiates a connection to the addr from the remote host. +// The resulting connection has a zero LocalAddr() and RemoteAddr(). +func (c *Client) DialContext(ctx context.Context, n, addr string) (net.Conn, error) { + tracer := tracing.NewConfig(c.opts).TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + ctx, + "ssh.DialContext", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(c.Conn.RemoteAddr()), + attribute.String("network", n), + attribute.String("address", addr), + semconv.RPCServiceKey.String("ssh.Client"), + semconv.RPCMethodKey.String("Dial"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + + c.mu.RLock() + // create the wrapper while the lock is held + wrapper := &clientWrapper{ + capability: c.capability, + Conn: c.Client.Conn, + opts: c.opts, + ctx: ctx, + contexts: make(map[string][]context.Context), + } + c.mu.RUnlock() + + conn, err := wrapper.Dial(n, addr) + return conn, trace.Wrap(err) +} + +// SendRequest sends a global request, and returns the +// reply. If tracing is enabled, the provided payload +// is wrapped in an Envelope to forward any tracing context. +func (c *Client) SendRequest(ctx context.Context, name string, wantReply bool, payload []byte) (bool, []byte, error) { + config := tracing.NewConfig(c.opts) + tracer := config.TracerProvider.Tracer(instrumentationName) + + ctx, span := tracer.Start( + ctx, + fmt.Sprintf("ssh.GlobalRequest/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(c.Conn.RemoteAddr()), + attribute.Bool("want_reply", wantReply), + semconv.RPCServiceKey.String("ssh.Client"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + + c.mu.RLock() + capability := c.capability + c.mu.RUnlock() + + ok, resp, err := c.Client.SendRequest(name, wantReply, wrapPayload(ctx, capability, config.TextMapPropagator, payload)) + if err != nil { + span.SetStatus(codes.Error, err.Error()) + span.RecordError(err) + } + + return ok, resp, err +} + +// OpenChannel tries to open a channel. If tracing is enabled, +// the provided payload is wrapped in an Envelope to forward +// any tracing context. +func (c *Client) OpenChannel(ctx context.Context, name string, data []byte) (*Channel, <-chan *ssh.Request, error) { + config := tracing.NewConfig(c.opts) + tracer := config.TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + ctx, + fmt.Sprintf("ssh.OpenChannel/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(c.Conn.RemoteAddr()), + semconv.RPCServiceKey.String("ssh.Client"), + semconv.RPCMethodKey.String("OpenChannel"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + + c.mu.RLock() + capability := c.capability + c.mu.RUnlock() + + ch, reqs, err := c.Client.OpenChannel(name, wrapPayload(ctx, capability, config.TextMapPropagator, data)) + if err != nil { + span.SetStatus(codes.Error, err.Error()) + span.RecordError(err) + } + + return &Channel{ + Channel: ch, + opts: c.opts, + }, reqs, err +} + +// NewSession creates a new SSH session that is passed tracing context +// so that spans may be correlated properly over the ssh connection. +func (c *Client) NewSession(ctx context.Context) (*Session, error) { + tracer := tracing.NewConfig(c.opts).TracerProvider.Tracer(instrumentationName) + + ctx, span := tracer.Start( + ctx, + "ssh.NewSession", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(c.Conn.RemoteAddr()), + semconv.RPCServiceKey.String("ssh.Client"), + semconv.RPCMethodKey.String("NewSession"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + + c.mu.Lock() + + // If the TracingChannel was rejected when the client was created, + // the connection was prohibited due to a lock or session control. + // Callers to NewSession are expecting to receive the reason the session + // was rejected, so we need to propagate the rejectedError here. + if c.rejectedError != nil { + err := c.rejectedError + c.rejectedError = nil + c.capability = tracingUnknown + c.mu.Unlock() + return nil, trace.Wrap(err) + } + + // If the tracing capabilities of the server are unknown due to + // prohibited errors from previous attempts to check, we need to + // do another check to see if our connection will be permitted + // this time. + if c.capability == tracingUnknown { + capability, err := isTracingSupported(c.Client) + if err != nil { + c.mu.Unlock() + return nil, trace.Wrap(err) + } + c.capability = capability + } + + // create the wrapper while the lock is still held + wrapper := &clientWrapper{ + capability: c.capability, + Conn: c.Client.Conn, + opts: c.opts, + ctx: ctx, + contexts: make(map[string][]context.Context), + } + + c.mu.Unlock() + + // get a session from the wrapper + session, err := wrapper.NewSession() + return session, trace.Wrap(err) +} + +// clientWrapper wraps the ssh.Conn for individual ssh.Client +// operations to intercept internal calls by the ssh.Client to +// OpenChannel. This allows for internal operations within the +// ssh.Client to have their payload wrapped in an Envelope to +// forward tracing context when tracing is enabled. +type clientWrapper struct { + // Conn is the ssh.Conn that requests will be forwarded to + ssh.Conn + // capability the tracingCapability of the ssh server + capability tracingCapability + // ctx the context which should be used to create spans from + ctx context.Context + // opts the tracing options to use for creating spans with + opts []tracing.Option + + // lock protects the context queue + lock sync.Mutex + // contexts a LIFO queue of context.Context per channel name. + contexts map[string][]context.Context +} + +// NewSession opens a new Session for this client. +func (c *clientWrapper) NewSession() (*Session, error) { + // create a client that will defer to us when + // opening the "session" channel so that we + // can add an Envelope to the request + client := &ssh.Client{ + Conn: c, + } + + session, err := client.NewSession() + if err != nil { + return nil, trace.Wrap(err) + } + + // wrap the session so all session requests on the channel + // can be traced + return &Session{ + Session: session, + wrapper: c, + }, nil +} + +// Dial initiates a connection to the addr from the remote host. +func (c *clientWrapper) Dial(n, addr string) (net.Conn, error) { + // create a client that will defer to us when + // opening the "direct-tcpip" channel so that we + // can add an Envelope to the request + client := &ssh.Client{ + Conn: c, + } + + return client.Dial(n, addr) +} + +// addContext adds the provided context.Context to the end of +// the list for the provided channel name +func (c *clientWrapper) addContext(ctx context.Context, name string) { + c.lock.Lock() + defer c.lock.Unlock() + + c.contexts[name] = append(c.contexts[name], ctx) +} + +// nextContext returns the first context.Context for the provided +// channel name +func (c *clientWrapper) nextContext(name string) context.Context { + c.lock.Lock() + defer c.lock.Unlock() + + contexts, ok := c.contexts[name] + switch { + case !ok, len(contexts) <= 0: + return context.Background() + case len(contexts) == 1: + delete(c.contexts, name) + return contexts[0] + default: + c.contexts[name] = contexts[1:] + return contexts[0] + } +} + +// OpenChannel tries to open a channel. If tracing is enabled, +// the provided payload is wrapped in an Envelope to forward +// any tracing context. +func (c *clientWrapper) OpenChannel(name string, data []byte) (ssh.Channel, <-chan *ssh.Request, error) { + config := tracing.NewConfig(c.opts) + tracer := config.TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + c.ctx, + fmt.Sprintf("ssh.OpenChannel/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(c.Conn.RemoteAddr()), + semconv.RPCServiceKey.String("ssh.Client"), + semconv.RPCMethodKey.String("OpenChannel"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + + ch, reqs, err := c.Conn.OpenChannel(name, wrapPayload(ctx, c.capability, config.TextMapPropagator, data)) + if err != nil { + span.SetStatus(codes.Error, err.Error()) + span.RecordError(err) + } + + return channelWrapper{ + Channel: ch, + manager: c, + }, reqs, err +} + +// channelWrapper wraps an ssh.Channel to allow for requests to +// contain tracing context. +type channelWrapper struct { + ssh.Channel + manager *clientWrapper +} + +// SendRequest sends a channel request. If tracing is enabled, +// the provided payload is wrapped in an Envelope to forward +// any tracing context. +// +// It is the callers' responsibility to ensure that addContext is +// called with the appropriate context.Context prior to any +// requests being sent along the channel. +func (c channelWrapper) SendRequest(name string, wantReply bool, payload []byte) (bool, error) { + config := tracing.NewConfig(c.manager.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + c.manager.nextContext(name), + fmt.Sprintf("ssh.ChannelRequest/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + attribute.Bool("want_reply", wantReply), + semconv.RPCServiceKey.String("ssh.Channel"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + ok, err := c.Channel.SendRequest(name, wantReply, wrapPayload(ctx, c.manager.capability, config.TextMapPropagator, payload)) + if err != nil { + span.SetStatus(codes.Error, err.Error()) + span.RecordError(err) + } + + return ok, err +} diff --git a/api/observability/tracing/ssh/client_test.go b/api/observability/tracing/ssh/client_test.go new file mode 100644 index 0000000000000..ece5506480186 --- /dev/null +++ b/api/observability/tracing/ssh/client_test.go @@ -0,0 +1,252 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "context" + "fmt" + "testing" + + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" + "golang.org/x/crypto/ssh" +) + +func TestIsTracingSupported(t *testing.T) { + rejected := &ssh.OpenChannelError{ + Reason: ssh.Prohibited, + Message: "rejected!", + } + + unknown := &ssh.OpenChannelError{ + Reason: ssh.UnknownChannelType, + Message: "unknown!", + } + + cases := []struct { + name string + channelErr *ssh.OpenChannelError + expectedCapability tracingCapability + errAssertion require.ErrorAssertionFunc + }{ + { + name: "rejected", + channelErr: rejected, + expectedCapability: tracingUnknown, + errAssertion: func(t require.TestingT, err error, i ...interface{}) { + require.Error(t, err) + require.Equal(t, rejected.Error(), err.Error()) + }, + }, + { + name: "unknown", + channelErr: unknown, + expectedCapability: tracingUnsupported, + errAssertion: require.NoError, + }, + { + name: "supported", + channelErr: nil, + expectedCapability: tracingSupported, + errAssertion: require.NoError, + }, + { + name: "other error", + channelErr: &ssh.OpenChannelError{ + Reason: ssh.ConnectionFailed, + Message: "", + }, + expectedCapability: tracingUnknown, + errAssertion: require.NoError, + }, + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + errChan := make(chan error, 5) + + srv := newServer(t, func(conn *ssh.ServerConn, channels <-chan ssh.NewChannel, requests <-chan *ssh.Request) { + for { + select { + case <-ctx.Done(): + return + + case ch := <-channels: + if ch == nil { + return + } + + if tt.channelErr != nil { + if err := ch.Reject(tt.channelErr.Reason, tt.channelErr.Message); err != nil { + errChan <- trace.Wrap(err, "failed to reject channel") + } + return + } + + _, _, err := ch.Accept() + if err != nil { + errChan <- trace.Wrap(err, "failed to accept channel") + return + } + } + } + }) + + go srv.Run(errChan) + + conn, chans, reqs := srv.GetClient(t) + client := ssh.NewClient(conn, chans, reqs) + + capabaility, err := isTracingSupported(client) + require.Equal(t, tt.expectedCapability, capabaility) + tt.errAssertion(t, err) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + }) + } +} + +func TestNewSession(t *testing.T) { + t.Parallel() + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + errChan := make(chan error, 5) + + first := ssh.OpenChannelError{ + Reason: ssh.Prohibited, + Message: "first attempt", + } + + second := ssh.OpenChannelError{ + Reason: ssh.ConnectionFailed, + Message: "second attempt", + } + + srv := newServer(t, func(conn *ssh.ServerConn, channels <-chan ssh.NewChannel, requests <-chan *ssh.Request) { + for i := 0; ; i++ { + select { + case <-ctx.Done(): + return + + case ch := <-channels: + switch { + case ch == nil: + return + case ch.ChannelType() == "session": + _, _, err := ch.Accept() + if err != nil { + errChan <- trace.Wrap(err, "failed to accept session channel") + return + } + case i == 0: + if err := ch.Reject(first.Reason, first.Message); err != nil { + errChan <- err + return + } + case i == 1: + if err := ch.Reject(second.Reason, second.Message); err != nil { + errChan <- err + return + } + case i > 2: + if _, _, err := ch.Accept(); err != nil { + errChan <- err + return + } + default: + if err := ch.Reject(ssh.ConnectionFailed, fmt.Sprintf("unexpected channel %d", i)); err != nil { + errChan <- err + return + } + } + } + } + }) + + go srv.Run(errChan) + + cases := []struct { + name string + assertionFunc func(t *testing.T, clt *Client, session *Session, err error) + }{ + { + name: "session prohibited", + assertionFunc: func(t *testing.T, clt *Client, sess *Session, err error) { + // creating a new session should return any errors captured when creating the client + // and not actually probe the server + require.Error(t, err) + require.Equal(t, trace.Unwrap(err).Error(), first.Error()) + require.Nil(t, sess) + require.Nil(t, clt.rejectedError) + require.Equal(t, clt.capability, tracingUnknown) + }, + }, + { + name: "other failure to open tracing channel", + assertionFunc: func(t *testing.T, clt *Client, sess *Session, err error) { + // this time through we should probe the server without getting a prohibited error, + // but things still failed, so we shouldn't know the capability + require.NoError(t, err) + require.NotNil(t, sess) + require.NoError(t, clt.rejectedError) + require.Equal(t, clt.capability, tracingUnknown) + require.NoError(t, sess.Close()) + }, + }, + { + name: "active session", + assertionFunc: func(t *testing.T, clt *Client, sess *Session, err error) { + // all is good now, we should have an active session + require.NoError(t, err) + require.NotNil(t, sess) + require.NoError(t, clt.rejectedError) + require.Equal(t, clt.capability, tracingSupported) + require.NoError(t, sess.Close()) + }, + }, + } + + // check tracing status after first capability probe from creating the client + conn, chans, reqs := srv.GetClient(t) + client := NewClient(conn, chans, reqs) + require.Error(t, client.rejectedError) + require.Equal(t, client.rejectedError.Error(), first.Error()) + require.Equal(t, client.capability, tracingUnknown) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + sess, err := client.NewSession(ctx) + tt.assertionFunc(t, client, sess, err) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + }) + } +} diff --git a/api/observability/tracing/ssh/session.go b/api/observability/tracing/ssh/session.go new file mode 100644 index 0000000000000..5b53b503fe6af --- /dev/null +++ b/api/observability/tracing/ssh/session.go @@ -0,0 +1,279 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "context" + "fmt" + + "go.opentelemetry.io/otel/attribute" + semconv "go.opentelemetry.io/otel/semconv/v1.10.0" + oteltrace "go.opentelemetry.io/otel/trace" + "golang.org/x/crypto/ssh" + + "github.com/gravitational/teleport/api/observability/tracing" +) + +// Session is a wrapper around ssh.Session that adds tracing support +type Session struct { + *ssh.Session + wrapper *clientWrapper +} + +// SendRequest sends an out-of-band channel request on the SSH channel +// underlying the session. +func (s *Session) SendRequest(ctx context.Context, name string, wantReply bool, payload []byte) (bool, error) { + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.SessionRequest/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + attribute.Bool("want_reply", wantReply), + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + // no need to wrap payload here, the session's channel wrapper will do it for us + s.wrapper.addContext(ctx, name) + return s.Session.SendRequest(name, wantReply, payload) +} + +// Setenv sets an environment variable that will be applied to any +// command executed by Shell or Run. +func (s *Session) Setenv(ctx context.Context, name, value string) error { + const request = "env" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.Setenv/%s", name), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Setenv(name, value) +} + +// RequestPty requests the association of a pty with the session on the remote host. +func (s *Session) RequestPty(ctx context.Context, term string, h, w int, termmodes ssh.TerminalModes) error { + const request = "pty-req" + config := tracing.NewConfig(s.wrapper.opts) + tracer := config.TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + ctx, + fmt.Sprintf("ssh.RequestPty/%s", term), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + attribute.Int("width", w), + attribute.Int("height", h), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.RequestPty(term, h, w, termmodes) +} + +// RequestSubsystem requests the association of a subsystem with the session on the remote host. +// A subsystem is a predefined command that runs in the background when the ssh session is initiated. +func (s *Session) RequestSubsystem(ctx context.Context, subsystem string) error { + const request = "subsystem" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.RequestSubsystem/%s", subsystem), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.RequestSubsystem(subsystem) +} + +// WindowChange informs the remote host about a terminal window dimension change to h rows and w columns. +func (s *Session) WindowChange(ctx context.Context, h, w int) error { + const request = "window-change" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + "ssh.WindowChange", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + attribute.Int("height", h), + attribute.Int("width", w), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.WindowChange(h, w) +} + +// Signal sends the given signal to the remote process. +// sig is one of the SIG* constants. +func (s *Session) Signal(ctx context.Context, sig ssh.Signal) error { + const request = "signal" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.Signal/%s", sig), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Signal(sig) +} + +// Start runs cmd on the remote host. Typically, the remote +// server passes cmd to the shell for interpretation. +// A Session only accepts one call to Run, Start or Shell. +func (s *Session) Start(ctx context.Context, cmd string) error { + const request = "exec" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.Start/%s", cmd), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Start(cmd) +} + +// Shell starts a login shell on the remote host. A Session only +// accepts one call to Run, Start, Shell, Output, or CombinedOutput. +func (s *Session) Shell(ctx context.Context) error { + const request = "shell" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + "ssh.Shell", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Shell() +} + +// Run runs cmd on the remote host. Typically, the remote +// server passes cmd to the shell for interpretation. +// A Session only accepts one call to Run, Start, Shell, Output, +// or CombinedOutput. +// +// The returned error is nil if the command runs, has no problems +// copying stdin, stdout, and stderr, and exits with a zero exit +// status. +// +// If the remote server does not send an exit status, an error of type +// *ExitMissingError is returned. If the command completes +// unsuccessfully or is interrupted by a signal, the error is of type +// *ExitError. Other error types may be returned for I/O problems. +func (s *Session) Run(ctx context.Context, cmd string) error { + const request = "exec" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.Run/%s", cmd), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Run(cmd) +} + +// Output runs cmd on the remote host and returns its standard output. +func (s *Session) Output(ctx context.Context, cmd string) ([]byte, error) { + const request = "exec" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.Output/%s", cmd), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.Output(cmd) +} + +// CombinedOutput runs cmd on the remote host and returns its combined +// standard output and standard error. +func (s *Session) CombinedOutput(ctx context.Context, cmd string) ([]byte, error) { + const request = "exec" + config := tracing.NewConfig(s.wrapper.opts) + ctx, span := config.TracerProvider.Tracer(instrumentationName).Start( + ctx, + fmt.Sprintf("ssh.CombinedOutput/%s", cmd), + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + semconv.RPCServiceKey.String("ssh.Session"), + semconv.RPCMethodKey.String("SendRequest"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + s.wrapper.addContext(ctx, request) + return s.Session.CombinedOutput(cmd) +} diff --git a/api/observability/tracing/ssh/ssh.go b/api/observability/tracing/ssh/ssh.go index f8d7a1bee0157..1f43fd58f7be1 100644 --- a/api/observability/tracing/ssh/ssh.go +++ b/api/observability/tracing/ssh/ssh.go @@ -21,73 +21,124 @@ import ( "net" "time" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/propagation" + semconv "go.opentelemetry.io/otel/semconv/v1.10.0" + oteltrace "go.opentelemetry.io/otel/trace" + "github.com/gravitational/teleport/api/observability/tracing" "github.com/gravitational/teleport/api/utils/sshutils" "github.com/gravitational/trace" log "github.com/sirupsen/logrus" - oteltrace "go.opentelemetry.io/otel/trace" "golang.org/x/crypto/ssh" ) const ( // TracingRequest is sent by clients to server to pass along tracing context. TracingRequest = "tracing@goteleport.com" -) -// Client is a wrapper around ssh.Client that adds tracing support. -type Client struct { - *ssh.Client -} + // TracingChannel is a SSH channel used to indicate that servers support tracing. + TracingChannel = "tracing" -// NewClient creates a new Client. -func NewClient(c ssh.Conn, chans <-chan ssh.NewChannel, reqs <-chan *ssh.Request) *Client { - return &Client{Client: ssh.NewClient(c, chans, reqs)} -} + // instrumentationName is the name of this instrumentation package. + instrumentationName = "otelssh" +) -// NewSession creates a new SSH session that is passed tracing context so that spans may be correlated -// properly over the ssh connection. -func (c *Client) NewSession(ctx context.Context) (*ssh.Session, error) { - session, err := c.Client.NewSession() - if err != nil { - return nil, trace.Wrap(err) +// ContextFromRequest extracts any tracing data provided via an Envelope +// in the ssh.Request payload. If the payload contains an Envelope, then +// the context returned will have tracing data populated from the remote +// tracing context and the ssh.Request payload will be replaced with the +// original payload from the client. +func ContextFromRequest(req *ssh.Request, opts ...tracing.Option) context.Context { + ctx := context.Background() + + var envelope Envelope + if err := json.Unmarshal(req.Payload, &envelope); err != nil { + return ctx } - span := oteltrace.SpanFromContext(ctx) - if !span.IsRecording() { - return session, nil - } + ctx = tracing.WithPropagationContext(ctx, envelope.PropagationContext, opts...) + req.Payload = envelope.Payload - traceCtx := tracing.PropagationContextFromContext(ctx) - if len(traceCtx) == 0 { - return session, nil - } + return ctx +} + +// ContextFromNewChannel extracts any tracing data provided via an Envelope +// in the ssh.NewChannel ExtraData. If the ExtraData contains an Envelope, then +// the context returned will have tracing data populated from the remote +// tracing context and the ssh.NewChannel wrapped in a TraceCh so that the +// original ExtraData from the client is exposed instead of the Envelope +// payload. +func ContextFromNewChannel(nch ssh.NewChannel, opts ...tracing.Option) (context.Context, ssh.NewChannel) { + ch := NewTraceNewChannel(nch) + ctx := tracing.WithPropagationContext(context.Background(), ch.Envelope.PropagationContext, opts...) + + return ctx, ch +} - payload, err := json.Marshal(traceCtx) +// Dial starts a client connection to the given SSH server. It is a +// convenience function that connects to the given network address, +// initiates the SSH handshake, and then sets up a Client. For access +// to incoming channels and requests, use net.Dial with NewClientConn +// instead. +func Dial(ctx context.Context, network, addr string, config *ssh.ClientConfig, opts ...tracing.Option) (*Client, error) { + tracer := tracing.NewConfig(opts).TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + ctx, + "ssh/Dial", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + attribute.String("network", network), + attribute.String("address", addr), + semconv.RPCServiceKey.String("ssh"), + semconv.RPCMethodKey.String("Dial"), + semconv.RPCSystemKey.String("ssh"), + ), + ) + defer span.End() + + dialer := net.Dialer{Timeout: config.Timeout} + conn, err := dialer.DialContext(ctx, network, addr) if err != nil { - return nil, trace.Wrap(err) + return nil, err } - - if _, err := session.SendRequest(TracingRequest, false, payload); err != nil { - return nil, trace.Wrap(err) + c, chans, reqs, err := NewClientConn(ctx, conn, addr, config, opts...) + if err != nil { + return nil, err } - - return session, nil + return NewClient(c, chans, reqs), nil } // NewClientConn creates a new SSH client connection that is passed tracing context so that spans may be correlated // properly over the ssh connection. -func NewClientConn(ctx context.Context, conn net.Conn, addr string, config *ssh.ClientConfig) (ssh.Conn, <-chan ssh.NewChannel, <-chan *ssh.Request, error) { +func NewClientConn(ctx context.Context, conn net.Conn, addr string, config *ssh.ClientConfig, opts ...tracing.Option) (ssh.Conn, <-chan ssh.NewChannel, <-chan *ssh.Request, error) { + tracer := tracing.NewConfig(opts).TracerProvider.Tracer(instrumentationName) + ctx, span := tracer.Start( + ctx, + "ssh/NewClientConn", + oteltrace.WithSpanKind(oteltrace.SpanKindClient), + oteltrace.WithAttributes( + append( + peerAttr(conn.RemoteAddr()), + attribute.String("address", addr), + semconv.RPCServiceKey.String("ssh"), + semconv.RPCMethodKey.String("NewClientConn"), + semconv.RPCSystemKey.String("ssh"), + )..., + ), + ) + defer span.End() + hp := &sshutils.HandshakePayload{ - TracingContext: tracing.PropagationContextFromContext(ctx), + TracingContext: tracing.PropagationContextFromContext(ctx, opts...), } if len(hp.TracingContext) > 0 { payloadJSON, err := json.Marshal(hp) if err == nil { payload := fmt.Sprintf("%s%s\x00", sshutils.ProxyHelloSignature, payloadJSON) - _, err = conn.Write([]byte(payload)) - if err != nil { + if _, err := conn.Write([]byte(payload)); err != nil { log.WithError(err).Warnf("Failed to pass along tracing context to proxy %v", addr) } } @@ -102,13 +153,13 @@ func NewClientConn(ctx context.Context, conn net.Conn, addr string, config *ssh. } // NewClientConnWithDeadline establishes new client connection with specified deadline -func NewClientConnWithDeadline(ctx context.Context, conn net.Conn, addr string, config *ssh.ClientConfig) (*Client, error) { +func NewClientConnWithDeadline(ctx context.Context, conn net.Conn, addr string, config *ssh.ClientConfig, opts ...tracing.Option) (*Client, error) { if config.Timeout > 0 { if err := conn.SetReadDeadline(time.Now().Add(config.Timeout)); err != nil { return nil, trace.Wrap(err) } } - c, chans, reqs, err := NewClientConn(ctx, conn, addr, config) + c, chans, reqs, err := NewClientConn(ctx, conn, addr, config, opts...) if err != nil { return nil, err } @@ -117,5 +168,74 @@ func NewClientConnWithDeadline(ctx context.Context, conn net.Conn, addr string, return nil, trace.Wrap(err) } } - return NewClient(c, chans, reqs), nil + return NewClient(c, chans, reqs, opts...), nil +} + +// peerAttr returns attributes about the peer address. +func peerAttr(addr net.Addr) []attribute.KeyValue { + host, port, err := net.SplitHostPort(addr.String()) + if err != nil { + return nil + } + + if host == "" { + host = "127.0.0.1" + } + + return []attribute.KeyValue{ + semconv.NetPeerIPKey.String(host), + semconv.NetPeerPortKey.String(port), + } +} + +// Envelope wraps the payload of all ssh messages with +// tracing context. Any servers that reply to a TracingChannel +// will attempt to parse the Envelope for all received requests and +// ensure that the original payload is provided to the handlers. +type Envelope struct { + PropagationContext tracing.PropagationContext + Payload []byte +} + +// createEnvelope wraps the provided payload with a tracing envelope +// that is used to propagate trace context . +func createEnvelope(ctx context.Context, propagator propagation.TextMapPropagator, payload []byte) Envelope { + envelope := Envelope{ + Payload: payload, + } + + span := oteltrace.SpanFromContext(ctx) + if !span.IsRecording() { + return envelope + } + + traceCtx := tracing.PropagationContextFromContext(ctx, tracing.WithTextMapPropagator(propagator)) + if len(traceCtx) == 0 { + return envelope + } + + envelope.PropagationContext = traceCtx + + return envelope +} + +// wrapPayload wraps the provided payload within an envelope if tracing is +// enabled and there is any tracing information to propagate. Otherwise, the +// original payload is returned +func wrapPayload(ctx context.Context, supported tracingCapability, propagator propagation.TextMapPropagator, payload []byte) []byte { + if supported != tracingSupported { + return payload + } + + envelope := createEnvelope(ctx, propagator, payload) + if len(envelope.PropagationContext) == 0 { + return payload + } + + wrappedPayload, err := json.Marshal(envelope) + if err == nil { + return wrappedPayload + } + + return payload } diff --git a/api/observability/tracing/ssh/ssh_test.go b/api/observability/tracing/ssh/ssh_test.go new file mode 100644 index 0000000000000..dbe545faab9c0 --- /dev/null +++ b/api/observability/tracing/ssh/ssh_test.go @@ -0,0 +1,454 @@ +// Copyright 2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "context" + "crypto/rand" + "crypto/rsa" + "crypto/subtle" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "net" + "testing" + + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/propagation" + sdktrace "go.opentelemetry.io/otel/sdk/trace" + "golang.org/x/crypto/ssh" + + "github.com/gravitational/teleport/api/observability/tracing" +) + +const testPayload = "test" + +type server struct { + listener net.Listener + config *ssh.ServerConfig + handler func(*ssh.ServerConn, <-chan ssh.NewChannel, <-chan *ssh.Request) + + cSigner ssh.Signer + hSigner ssh.Signer +} + +func (s *server) Run(errC chan error) { + for { + conn, err := s.listener.Accept() + if err != nil { + if !errors.Is(err, net.ErrClosed) { + errC <- err + } + return + } + + go func() { + sconn, chans, reqs, err := ssh.NewServerConn(conn, s.config) + if err != nil { + errC <- err + return + } + s.handler(sconn, chans, reqs) + }() + } +} + +func (s *server) Stop() error { + return s.listener.Close() +} + +func generateSigner(t *testing.T) ssh.Signer { + private, err := rsa.GenerateKey(rand.Reader, 2048) + require.NoError(t, err) + + block := &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(private), + } + + privatePEM := pem.EncodeToMemory(block) + signer, err := ssh.ParsePrivateKey(privatePEM) + require.NoError(t, err) + + return signer +} + +func (s *server) GetClient(t *testing.T) (ssh.Conn, <-chan ssh.NewChannel, <-chan *ssh.Request) { + conn, err := net.Dial("tcp", s.listener.Addr().String()) + require.NoError(t, err) + + sconn, nc, r, err := ssh.NewClientConn(conn, "", &ssh.ClientConfig{ + Auth: []ssh.AuthMethod{ssh.PublicKeys(s.cSigner)}, + HostKeyCallback: ssh.FixedHostKey(s.hSigner.PublicKey()), + }) + require.NoError(t, err) + + return sconn, nc, r +} + +func newServer(t *testing.T, handler func(*ssh.ServerConn, <-chan ssh.NewChannel, <-chan *ssh.Request)) *server { + listener, err := net.Listen("tcp", "localhost:0") + require.NoError(t, err) + + cSigner := generateSigner(t) + hSigner := generateSigner(t) + + config := &ssh.ServerConfig{ + NoClientAuth: true, + } + config.AddHostKey(hSigner) + + srv := &server{ + listener: listener, + config: config, + handler: handler, + cSigner: cSigner, + hSigner: hSigner, + } + + t.Cleanup(func() { require.NoError(t, srv.Stop()) }) + + return srv +} + +type handler struct { + tracingSupported tracingCapability + errChan chan error + ctx context.Context +} + +func (h handler) handle(sconn *ssh.ServerConn, chans <-chan ssh.NewChannel, reqs <-chan *ssh.Request) { + for { + select { + case <-h.ctx.Done(): + return + case req := <-reqs: + if req == nil { + return + } + + h.requestHandler(req) + + case ch := <-chans: + if ch == nil { + return + } + + h.channelHandler(ch) + } + } +} + +func (h handler) requestHandler(req *ssh.Request) { + switch { + case req.Type == TracingChannel && h.tracingSupported == tracingSupported: + if err := req.Reply(true, nil); err != nil { + h.errChan <- err + } + case req.Type == "test": + defer func() { + if req.WantReply { + if err := req.Reply(true, nil); err != nil { + h.errChan <- err + } + } + }() + + switch h.tracingSupported { + case tracingUnsupported: + if subtle.ConstantTimeCompare(req.Payload, []byte(testPayload)) != 1 { + h.errChan <- errors.New("payload mismatch") + } + case tracingSupported: + var envelope Envelope + if err := json.Unmarshal(req.Payload, &envelope); err != nil { + h.errChan <- trace.Wrap(err, "failed to unmarshal envelope") + return + } + if len(envelope.PropagationContext) <= 0 { + h.errChan <- errors.New("empty propagation context") + return + } + if subtle.ConstantTimeCompare(envelope.Payload, []byte(testPayload)) != 1 { + h.errChan <- errors.New("payload mismatch") + return + } + } + default: + if err := req.Reply(false, nil); err != nil { + h.errChan <- err + } + } +} + +func (h handler) channelHandler(ch ssh.NewChannel) { + switch ch.ChannelType() { + case TracingChannel: + switch h.tracingSupported { + case tracingUnsupported: + if err := ch.Reject(ssh.UnknownChannelType, "unknown channel type"); err != nil { + h.errChan <- trace.Wrap(err, "failed to reject channel") + } + case tracingSupported: + ch.Accept() + return + } + case "session": + switch h.tracingSupported { + case tracingUnsupported: + if subtle.ConstantTimeCompare(ch.ExtraData(), []byte(testPayload)) == 1 { + h.errChan <- errors.New("payload mismatch") + } + case tracingSupported: + var envelope Envelope + if err := json.Unmarshal(ch.ExtraData(), &envelope); err != nil { + h.errChan <- trace.Wrap(err, "failed to unmarshal envelope") + ch.Accept() + return + } + if len(envelope.PropagationContext) <= 0 { + h.errChan <- errors.New("empty propagation context") + ch.Accept() + return + } + if len(envelope.Payload) > 0 { + h.errChan <- errors.New("payload mismatch") + ch.Accept() + return + } + } + + _, chReqs, err := ch.Accept() + if err != nil { + h.errChan <- trace.Wrap(err, "failed to accept channel") + return + } + + go func() { + for { + select { + case <-h.ctx.Done(): + return + case req := <-chReqs: + switch req.Type { + case "subsystem": + h.subsystemHandler(req) + } + } + } + }() + default: + if err := ch.Reject(ssh.UnknownChannelType, "unknown channel type"); err != nil { + h.errChan <- trace.Wrap(err, "failed to reject channel") + } + } +} + +type subsystemRequestMsg struct { + Subsystem string +} + +func (h handler) subsystemHandler(req *ssh.Request) { + defer func() { + if req.WantReply { + if err := req.Reply(true, nil); err != nil { + h.errChan <- err + } + } + }() + + switch h.tracingSupported { + case tracingUnsupported: + var msg subsystemRequestMsg + if err := ssh.Unmarshal(req.Payload, &msg); err != nil { + h.errChan <- trace.Wrap(err, "failed to unmarshal payload") + return + } + + if msg.Subsystem != "test" { + h.errChan <- errors.New("received wrong subsystem") + } + case tracingSupported: + var envelope Envelope + if err := json.Unmarshal(req.Payload, &envelope); err != nil { + h.errChan <- trace.Wrap(err, "failed to unmarshal envelope") + return + } + if len(envelope.PropagationContext) <= 0 { + h.errChan <- errors.New("empty propagation context") + return + } + + var msg subsystemRequestMsg + if err := ssh.Unmarshal(envelope.Payload, &msg); err != nil { + h.errChan <- trace.Wrap(err, "failed to unmarshal payload") + return + } + if msg.Subsystem != "test" { + h.errChan <- errors.New("received wrong subsystem") + return + } + default: + if err := req.Reply(false, nil); err != nil { + h.errChan <- err + } + } +} + +func TestClient(t *testing.T) { + cases := []struct { + name string + tracingSupported tracingCapability + }{ + { + name: "server supports tracing", + tracingSupported: tracingSupported, + }, + { + name: "server does not support tracing", + tracingSupported: tracingSupported, + }, + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + + errChan := make(chan error, 5) + + handler := handler{ + tracingSupported: tt.tracingSupported, + errChan: errChan, + ctx: ctx, + } + + srv := newServer(t, handler.handle) + go srv.Run(errChan) + + tp := sdktrace.NewTracerProvider() + conn, chans, reqs := srv.GetClient(t) + client := NewClient( + conn, + chans, + reqs, + tracing.WithTracerProvider(tp), + tracing.WithTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{})), + ) + require.Equal(t, handler.tracingSupported, client.capability) + + ctx, span := tp.Tracer("test").Start(context.Background(), "test") + ok, resp, err := client.SendRequest(ctx, "test", true, []byte("test")) + span.End() + require.True(t, ok) + require.Empty(t, resp) + require.NoError(t, err) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + + session, err := client.NewSession(ctx) + require.NoError(t, err) + require.NotNil(t, session) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + + require.NoError(t, session.RequestSubsystem(ctx, "test")) + + select { + case err := <-errChan: + require.NoError(t, err) + default: + } + }) + } +} + +func TestWrapPayload(t *testing.T) { + testPayload := []byte("test") + + nonRecordingCtx, nonRecordingSpan := otel.GetTracerProvider().Tracer("non-recording").Start(context.Background(), "test") + nonRecordingSpan.End() + + emptyCtx, emptySpan := sdktrace.NewTracerProvider().Tracer("empty-trace-context").Start(context.Background(), "test") + t.Cleanup(func() { emptySpan.End() }) + + recordingCtx, recordingSpan := sdktrace.NewTracerProvider().Tracer("recording").Start(context.Background(), "test") + t.Cleanup(func() { recordingSpan.End() }) + cases := []struct { + name string + ctx context.Context + supported tracingCapability + propagator propagation.TextMapPropagator + payloadAssertion require.ComparisonAssertionFunc + }{ + { + name: "unsupported returns provided payload", + ctx: recordingCtx, + supported: tracingUnsupported, + payloadAssertion: require.Equal, + }, + { + + name: "non-recording spans aren't propagated", + supported: tracingSupported, + ctx: nonRecordingCtx, + payloadAssertion: require.Equal, + }, + { + name: "empty trace context is not propagated", + supported: tracingSupported, + ctx: emptyCtx, + payloadAssertion: require.Equal, + }, + { + name: "recording spans are propagated", + supported: tracingSupported, + ctx: recordingCtx, + propagator: propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}), + payloadAssertion: func(t require.TestingT, i interface{}, i2 interface{}, i3 ...interface{}) { + payload, ok := i2.([]byte) + require.True(t, ok) + + require.NotEqual(t, testPayload, payload) + + var envelope Envelope + require.NoError(t, json.Unmarshal(payload, &envelope)) + require.Equal(t, testPayload, envelope.Payload) + require.NotEmpty(t, envelope.PropagationContext) + }, + }, + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + if tt.propagator == nil { + tt.propagator = otel.GetTextMapPropagator() + } + payload := wrapPayload(tt.ctx, tt.supported, tt.propagator, testPayload) + tt.payloadAssertion(t, testPayload, payload) + }) + } +} diff --git a/api/observability/tracing/tracing.go b/api/observability/tracing/tracing.go index e9ba4a674cf93..a8fcece011801 100644 --- a/api/observability/tracing/tracing.go +++ b/api/observability/tracing/tracing.go @@ -16,9 +16,11 @@ package tracing import ( "context" + "net/http" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/propagation" + oteltrace "go.opentelemetry.io/otel/trace" ) // PropagationContext contains tracing information to be passed across service boundaries @@ -26,14 +28,33 @@ type PropagationContext map[string]string // PropagationContextFromContext creates a PropagationContext from the given context.Context. If the context // does not contain any tracing information, the PropagationContext will be empty. -func PropagationContextFromContext(ctx context.Context) PropagationContext { +func PropagationContextFromContext(ctx context.Context, opts ...Option) PropagationContext { carrier := propagation.MapCarrier{} - otel.GetTextMapPropagator().Inject(ctx, &carrier) + NewConfig(opts).TextMapPropagator.Inject(ctx, &carrier) return PropagationContext(carrier) } // WithPropagationContext injects any tracing information from the given PropagationContext into the // given context.Context. -func WithPropagationContext(ctx context.Context, pc PropagationContext) context.Context { - return otel.GetTextMapPropagator().Extract(ctx, propagation.MapCarrier(pc)) +func WithPropagationContext(ctx context.Context, pc PropagationContext, opts ...Option) context.Context { + return NewConfig(opts).TextMapPropagator.Extract(ctx, propagation.MapCarrier(pc)) +} + +// DefaultProvider returns the global default TracerProvider. +func DefaultProvider() oteltrace.TracerProvider { + return otel.GetTracerProvider() +} + +// HTTPTransportFormatter is a span formatter that may be provided to +// otelhttp.WithSpanNameFormatter to include the url path in the span +// names generated by an otelhttp.Transport +func HTTPTransportFormatter(_ string, r *http.Request) string { + return "HTTP " + r.Method + " " + r.URL.Path +} + +// HTTPHandlerFormatter is a span formatter that may be provided to +// otelhttp.WithSpanNameFormatter to include the component and url path in the span +// names generated by otelhttp.NewHandler +func HTTPHandlerFormatter(operation string, r *http.Request) string { + return operation + " " + r.Method + " " + r.URL.Path } diff --git a/api/profile/profile.go b/api/profile/profile.go index acd08fa99ab7e..901543f85741b 100644 --- a/api/profile/profile.go +++ b/api/profile/profile.go @@ -28,6 +28,7 @@ import ( "strings" "github.com/gravitational/teleport/api/utils/keypaths" + "github.com/gravitational/teleport/api/utils/keys" "github.com/gravitational/teleport/api/utils/sshutils" "github.com/gravitational/trace" @@ -71,10 +72,7 @@ type Profile struct { // Username is the Teleport username for the client. Username string `yaml:"user,omitempty"` - // AuthType (like "google") - AuthType string `yaml:"auth_type,omitempty"` - - // SiteName is equivalient to --cluster argument + // SiteName is equivalent to the --cluster flag SiteName string `yaml:"cluster,omitempty"` // ForwardedPorts is the list of ports to forward to the target node. @@ -90,6 +88,10 @@ type Profile struct { // TLSRoutingEnabled indicates that proxy supports ALPN SNI server where // all proxy services are exposed on a single TLS listener (Proxy Web Listener). TLSRoutingEnabled bool `yaml:"tls_routing_enabled,omitempty"` + + // AuthConnector (like "google", "passwordless"). + // Equivalent to the --auth tsh flag. + AuthConnector string `yaml:"auth_connector,omitempty"` } // Name returns the name of the profile. @@ -104,7 +106,7 @@ func (p *Profile) Name() string { // TLSConfig returns the profile's associated TLSConfig. func (p *Profile) TLSConfig() (*tls.Config, error) { - cert, err := tls.LoadX509KeyPair(p.TLSCertPath(), p.UserKeyPath()) + cert, err := keys.LoadX509KeyPair(p.TLSCertPath(), p.UserKeyPath()) if err != nil { return nil, trace.Wrap(err) } @@ -184,7 +186,7 @@ func (p *Profile) SSHClientConfig() (*ssh.ClientConfig, error) { return nil, trace.Wrap(err) } - key, err := os.ReadFile(p.UserKeyPath()) + sshCert, err := sshutils.ParseCertificate(cert) if err != nil { return nil, trace.Wrap(err) } @@ -194,7 +196,12 @@ func (p *Profile) SSHClientConfig() (*ssh.ClientConfig, error) { return nil, trace.Wrap(err) } - ssh, err := sshutils.ProxyClientSSHConfig(cert, key, [][]byte{caCerts}) + priv, err := keys.LoadPrivateKey(p.UserKeyPath()) + if err != nil { + return nil, trace.Wrap(err) + } + + ssh, err := sshutils.ProxyClientSSHConfig(sshCert, priv, caCerts) if err != nil { return nil, trace.Wrap(err) } @@ -407,6 +414,11 @@ func (p *Profile) SSHCertPath() string { return keypaths.SSHCertPath(p.Dir, p.Name(), p.Username, p.SiteName) } +// PPKFilePath returns the path to the profile's PuTTY PPK-formatted keypair. +func (p *Profile) PPKFilePath() string { + return keypaths.PPKFilePath(p.Dir, p.Name(), p.Username) +} + // KnownHostsPath returns the path to the profile's ssh certificate authorities. func (p *Profile) KnownHostsPath() string { return keypaths.KnownHostsPath(p.Dir) diff --git a/api/profile/profile_test.go b/api/profile/profile_test.go index 3b15fc45a3267..dd60d0298fc0a 100644 --- a/api/profile/profile_test.go +++ b/api/profile/profile_test.go @@ -43,6 +43,7 @@ func TestProfileBasics(t *testing.T) { DynamicForwardedPorts: []string{"localhost:8080"}, Dir: dir, SiteName: "example.com", + AuthConnector: "passwordless", } // verify that profile name is proxy host component diff --git a/api/proto/buf-legacy.yaml b/api/proto/buf-legacy.yaml new file mode 100644 index 0000000000000..7a2db93335bea --- /dev/null +++ b/api/proto/buf-legacy.yaml @@ -0,0 +1,31 @@ +version: v1 +deps: + # gogo/protobuf v1.3.2, keep in sync with build.assets/Makefile. + - buf.build/gogo/protobuf:b03c65ea87cdc3521ede29f62fe3ce239267c1bc +lint: + use: + - DEFAULT + - PACKAGE_NO_IMPORT_CYCLE + # Top-level types require comments. + # TODO(codingllama): Fix messages and enable linters below. + # - COMMENT_ENUM + # - COMMENT_MESSAGE + - COMMENT_RPC + - COMMENT_SERVICE + except: + # MINIMAL + - PACKAGE_DIRECTORY_MATCH + # BASIC + - ENUM_VALUE_UPPER_SNAKE_CASE + - FIELD_LOWER_SNAKE_CASE + - ONEOF_LOWER_SNAKE_CASE + # DEFAULT + - ENUM_VALUE_PREFIX + - ENUM_ZERO_VALUE_SUFFIX + - PACKAGE_VERSION_SUFFIX + - RPC_REQUEST_RESPONSE_UNIQUE + - RPC_REQUEST_STANDARD_NAME + - RPC_RESPONSE_STANDARD_NAME +breaking: + use: + - FILE diff --git a/api/proto/buf.lock b/api/proto/buf.lock new file mode 100644 index 0000000000000..29bee66775d37 --- /dev/null +++ b/api/proto/buf.lock @@ -0,0 +1,7 @@ +# Generated by buf. DO NOT EDIT. +version: v1 +deps: + - remote: buf.build + owner: gogo + repository: protobuf + commit: b03c65ea87cdc3521ede29f62fe3ce239267c1bc diff --git a/api/proto/buf.yaml b/api/proto/buf.yaml new file mode 100644 index 0000000000000..4f065d70ad2c5 --- /dev/null +++ b/api/proto/buf.yaml @@ -0,0 +1,36 @@ +version: v1 +deps: + # gogo/protobuf v1.3.2, keep in sync with build.assets/Makefile. + - buf.build/gogo/protobuf:b03c65ea87cdc3521ede29f62fe3ce239267c1bc +lint: + use: + - DEFAULT + - PACKAGE_NO_IMPORT_CYCLE + # Top-level types require comments. + - COMMENT_ENUM + - COMMENT_MESSAGE + - COMMENT_RPC + - COMMENT_SERVICE + except: + # Allow Google API-style responses (CreateFoo returns Foo). + # See https://cloud.google.com/apis/design/standard_methods. + - RPC_RESPONSE_STANDARD_NAME + ignore: + - teleport/legacy/client/proto/authservice.proto + - teleport/legacy/client/proto/certs.proto + - teleport/legacy/client/proto/proxyservice.proto + - teleport/legacy/types/events/events.proto + - teleport/legacy/types/types.proto + - teleport/legacy/types/wrappers/wrappers.proto + ignore_only: + # Allow package/directory mismatch for legacy protos. + PACKAGE_DIRECTORY_MATCH: + - teleport/legacy/client/proto/joinservice.proto + - teleport/legacy/types/webauthn/webauthn.proto + # Allow non-versioned packages for legacy protos. + PACKAGE_VERSION_SUFFIX: + - teleport/legacy/client/proto/joinservice.proto + - teleport/legacy/types/webauthn/webauthn.proto +breaking: + use: + - FILE diff --git a/api/proto/teleport/legacy/client/proto/authservice.proto b/api/proto/teleport/legacy/client/proto/authservice.proto new file mode 100644 index 0000000000000..fbe1b07163e2e --- /dev/null +++ b/api/proto/teleport/legacy/client/proto/authservice.proto @@ -0,0 +1,2605 @@ +// Copyright 2021-2022 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package proto; + +import "gogoproto/gogo.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/timestamp.proto"; +import "teleport/legacy/client/proto/certs.proto"; +import "teleport/legacy/types/events/events.proto"; +import "teleport/legacy/types/types.proto"; +import "teleport/legacy/types/webauthn/webauthn.proto"; +import "teleport/legacy/types/wrappers/wrappers.proto"; + +option go_package = "github.com/gravitational/teleport/api/client/proto"; +option (gogoproto.goproto_getters_all) = true; +option (gogoproto.marshaler_all) = true; +option (gogoproto.unmarshaler_all) = true; + +// Operation identifies type of operation +enum Operation { + // INIT is sent as a first sentinel event + // on the watch channel + INIT = 0; + // PUT identifies created or updated object + PUT = 1; + // DELETE identifies deleted object + DELETE = 2; +} + +// Event returns cluster event +message Event { + reserved 7; + + // Operation identifies operation + Operation Type = 1 [(gogoproto.jsontag) = "type,omitempty"]; + // Resource contains the updated resource + oneof Resource { + // ResourceHeader is specified in delete events, + // the full object is not available, so resource + // header is used to provide information about object type + types.ResourceHeader ResourceHeader = 2 [(gogoproto.jsontag) = "resource,omitempty"]; + // CertAuthority is filled in certificate-authority related events + types.CertAuthorityV2 CertAuthority = 3 [(gogoproto.jsontag) = "cert_authority,omitempty"]; + // StaticTokens is filled in static-tokens related events + types.StaticTokensV2 StaticTokens = 4 [(gogoproto.jsontag) = "static_tokens,omitempty"]; + // ProvisionToken is filled in provision-token related events + types.ProvisionTokenV2 ProvisionToken = 5 [(gogoproto.jsontag) = "provision_token,omitempty"]; + // ClusterNameV2 is a cluster name resource + types.ClusterNameV2 ClusterName = 6 [(gogoproto.jsontag) = "cluster_name,omitempty"]; + // User is a user resource + types.UserV2 User = 8 [(gogoproto.jsontag) = "user,omitempty"]; + // Role is a role resource + types.RoleV5 Role = 9 [(gogoproto.jsontag) = "role,omitempty"]; + // Namespace is a namespace resource + types.Namespace Namespace = 10 [(gogoproto.jsontag) = "namespace,omitempty"]; + // Server is a node or proxy resource + types.ServerV2 Server = 11 [(gogoproto.jsontag) = "server,omitempty"]; + // ReverseTunnel is a resource with reverse tunnel + types.ReverseTunnelV2 ReverseTunnel = 12 [(gogoproto.jsontag) = "reverse_tunnel,omitempty"]; + // TunnelConnection is a resource for tunnel connnections + types.TunnelConnectionV2 TunnelConnection = 13 [(gogoproto.jsontag) = "tunnel_connection,omitempty"]; + // AccessRequest is a resource for access requests + types.AccessRequestV3 AccessRequest = 14 [(gogoproto.jsontag) = "access_request,omitempty"]; + // AppSession is an application web session. + types.WebSessionV2 AppSession = 15 [(gogoproto.jsontag) = "app_session,omitempty"]; + // RemoteCluster is a resource for remote clusters + types.RemoteClusterV3 RemoteCluster = 16 [(gogoproto.jsontag) = "remote_cluster,omitempty"]; + // DatabaseServer is a resource for database servers. + types.DatabaseServerV3 DatabaseServer = 17 [(gogoproto.jsontag) = "database_server,omitempty"]; + // WebSession is a regular web session. + types.WebSessionV2 WebSession = 18 [(gogoproto.jsontag) = "web_session,omitempty"]; + // WebToken is a web token. + types.WebTokenV3 WebToken = 19 [(gogoproto.jsontag) = "web_token,omitempty"]; + // ClusterNetworkingConfig is a resource for cluster networking configuration. + types.ClusterNetworkingConfigV2 ClusterNetworkingConfig = 20 [(gogoproto.jsontag) = "cluster_networking_config,omitempty"]; + // SessionRecordingConfig is a resource for session recording configuration. + types.SessionRecordingConfigV2 SessionRecordingConfig = 21 [(gogoproto.jsontag) = "session_recording_config,omitempty"]; + // AuthPreference is cluster auth preference. + types.AuthPreferenceV2 AuthPreference = 22 [(gogoproto.jsontag) = "auth_preference,omitempty"]; + // ClusterAuditConfig is a resource for cluster audit configuration. + types.ClusterAuditConfigV2 ClusterAuditConfig = 23 [(gogoproto.jsontag) = "cluster_audit_config,omitempty"]; + // Lock is a lock resource. + types.LockV2 Lock = 24 [(gogoproto.jsontag) = "lock,omitempty"]; + // NetworkRestrictions is a resource for network restrictions + types.NetworkRestrictionsV4 NetworkRestrictions = 25 [(gogoproto.jsontag) = "network_restrictions,omitempty"]; + // WindowsDesktopService is a resource for Windows desktop services. + types.WindowsDesktopServiceV3 WindowsDesktopService = 26 [(gogoproto.jsontag) = "windows_desktop_service,omitempty"]; + // WindowsDesktop is a resource for Windows desktop host. + types.WindowsDesktopV3 WindowsDesktop = 27 [(gogoproto.jsontag) = "windows_desktop,omitempty"]; + // Database is a database resource. + types.DatabaseV3 Database = 28 [(gogoproto.jsontag) = "database,omitempty"]; + // AppServer is an application server resource. + types.AppServerV3 AppServer = 29 [(gogoproto.jsontag) = "app_server,omitempty"]; + // App is an application resource. + types.AppV3 App = 30 [(gogoproto.jsontag) = "app,omitempty"]; + // SnowflakeSession is a Snowflake web session. + types.WebSessionV2 SnowflakeSession = 31 [(gogoproto.jsontag) = "snowflake_session,omitempty"]; + + // Installer is an installer resource + types.InstallerV1 Installer = 34 [(gogoproto.jsontag) = "installer,omitempty"]; + } +} + +// Watch specifies watch parameters +message Watch { + // Kinds specifies object kinds to watch + repeated WatchKind Kinds = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "kinds,omitempty" + ]; +} + +// WatchKind specifies resource kind to watch +message WatchKind { + // Kind is a resource kind to watch + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // LoadSecrets specifies whether to load secrets + bool LoadSecrets = 2 [(gogoproto.jsontag) = "load_secrets"]; + // Name is an optional specific resource type to watch, + // if specified only the events with a specific resource + // name will be sent + string Name = 3 [(gogoproto.jsontag) = "name"]; + // Filter is an optional mapping of custom filter parameters. + // Valid values vary by resource kind. + map Filter = 4 [(gogoproto.jsontag) = "filter,omitempty"]; + // SubKind is a resource subkind to watch + string SubKind = 5 [(gogoproto.jsontag) = "sub_kind,omitempty"]; +} + +// HostCertsRequest specifies certificate-generation parameters +// for a server. +message HostCertsRequest { + // HostID is a unique ID of the host. + string HostID = 1 [(gogoproto.jsontag) = "host_id"]; + // NodeName is a user-friendly host name. + string NodeName = 2 [(gogoproto.jsontag) = "node_name"]; + // Role is a system role assigned to the host. + string Role = 3 [ + (gogoproto.jsontag) = "role", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" + ]; + // AdditionalPrincipals is a list of additional principals + // to include in OpenSSH and X509 certificates + repeated string AdditionalPrincipals = 4 [(gogoproto.jsontag) = "additional_principals,omitempty"]; + // DNSNames is a list of DNS names to include in x509 certificates. + repeated string DNSNames = 5 [(gogoproto.jsontag) = "dns_names,omitempty"]; + // PublicTLSKey is a PEM encoded public key, which the auth server will use + // to create a signed TLS certificate. This field is required. + bytes PublicTLSKey = 6 [(gogoproto.jsontag) = "public_tls_key"]; + // PublicSSHKey is a SSH encoded public key, which the auth server will use + // to create a signed SSH certificate. This field is required. + bytes PublicSSHKey = 7 [(gogoproto.jsontag) = "public_ssh_key"]; + // RemoteAddr is the IP address of the remote host requesting a certificate. + // RemoteAddr is used to replace 0.0.0.0 in the list of additional principals. + string RemoteAddr = 8 [(gogoproto.jsontag) = "remote_addr"]; + // Rotation allows clients to send the certificate authority rotation state + // expected by the client so that auth servers can avoid the situation when + // clients request certs assuming one state and auth servers issue another. + types.Rotation Rotation = 9 [(gogoproto.jsontag) = "rotation,omitempty"]; + // NoCache is argument that only local callers can supply to bypass cache + bool NoCache = 10 [(gogoproto.jsontag) = "-"]; + // SystemRoles is a list of system roles held by the host. Most host certs are + // single-role and only specify the Role field. The SystemRoles field is only + // currently used on Instance certs, which need to express all roles held by + // the instance. + repeated string SystemRoles = 11 [ + (gogoproto.jsontag) = "system_roles,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" + ]; + // UnstableSystemRoleAssertionID is not a stable part of the public API. Used by + // older instances to requisition a multi-role cert by individually proving which + // system roles are held. + // DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) + string UnstableSystemRoleAssertionID = 12 [(gogoproto.jsontag) = "system_role_assertion_id,omitempty"]; +} + +// UserCertRequest specifies certificate-generation parameters +// for a user. +message UserCertsRequest { + // PublicKey is a public key to be signed. + bytes PublicKey = 1 [(gogoproto.jsontag) = "public_key"]; + // Username of key owner. + string Username = 2 [(gogoproto.jsontag) = "username"]; + // Expires is a desired time of the expiry of the certificate, could + // be adjusted based on the permissions + google.protobuf.Timestamp Expires = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // Format encodes the desired SSH Certificate format (either old ssh + // compatibility + // format to remove some metadata causing trouble with old SSH servers) + // or standard SSH cert format with custom extensions + string Format = 4 [(gogoproto.jsontag) = "format,omitempty"]; + // RouteToCluster is an optional cluster name to add to the certificate, + // so that requests originating with this certificate will be redirected + // to this cluster + string RouteToCluster = 5 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + // AccessRequests is an optional list of request IDs indicating requests whose + // escalated privileges should be added to the certificate. + repeated string AccessRequests = 6 [(gogoproto.jsontag) = "access_requests,omitempty"]; + // KubernetesCluster specifies the target kubernetes cluster for TLS + // identities. This can be empty on older Teleport clients. + string KubernetesCluster = 7 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + // RouteToDatabase specifies the target database proxy name to encode into + // certificate so database client requests are routed appropriately. + RouteToDatabase RouteToDatabase = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "route_to_database,omitempty" + ]; + + // NodeName is the name of the SSH node that this user certificate will be + // scoped to. + string NodeName = 9 [(gogoproto.jsontag) = "node_name,omitempty"]; + + enum CertUsage { + // All means a request for both SSH and TLS certificates for the + // overall user session. These certificates are not specific to any SSH + // node, Kubernetes cluster, database or web app. + All = 0; + // SSH means a request for an SSH certificate for access to a specific + // SSH node, as specified by NodeName. + SSH = 1; + // Kubernetes means a request for a TLS certificate for access to a + // specific Kubernetes cluster, as specified by KubernetesCluster. + Kubernetes = 2; + // Database means a request for a TLS certificate for access to a + // specific database, as specified by RouteToDatabase. + Database = 3; + // App means a request for a TLS certificate for access to a specific + // web app, as specified by RouteToApp. + App = 4; + // WindowsDesktop means a request for a TLS certificate for access to a specific + // windows desktop. + WindowsDesktop = 5; + } + // CertUsage limits the resulting user certificate to a single protocol. + CertUsage Usage = 10 [(gogoproto.jsontag) = "usage,omitempty"]; + + // RouteToApp specifies application to issue certificate for. + RouteToApp RouteToApp = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "route_to_app,omitempty" + ]; + + // RoleRequests specify an alternative set of named roles to apply to the + // certificate, assuming the requestor is allowed to impersonate said roles + // directly. An empty set of requests returns the user's normal set of + // roles. + repeated string RoleRequests = 12 [(gogoproto.jsontag) = "role_requests,omitempty"]; + + // RouteToWindowsDesktop specifies the target windows desktop name to encode into + // certificate so windows desktop client requests are routed appropriately. + RouteToWindowsDesktop RouteToWindowsDesktop = 13 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "route_to_windows_desktop,omitempty" + ]; + + // UseRoleRequests is used to ensure a certificate request is intended to + // use role impersonation, even if the list of role requests is empty. + bool UseRoleRequests = 14 [(gogoproto.jsontag) = "use_role_requests,omitempty"]; + + // DropAccessRequests is an optional list of request IDs indicating requests + // whose escalated privileges should be removed from the certificate. + repeated string DropAccessRequests = 15 [(gogoproto.jsontag) = "drop_access_requests,omitempty"]; + + // ConnectionDiagnosticID is the ID of the ConnectionDiagnostic resource we should use to add + // traces as we pass certain checkpoints. + string ConnectionDiagnosticID = 16 [(gogoproto.jsontag) = "connection_diagnostic_id,omitempty"]; +} + +// RouteToDatabase combines parameters for database service routing information. +message RouteToDatabase { + // ServiceName is the Teleport database proxy service name the cert is for. + string ServiceName = 1 [(gogoproto.jsontag) = "service_name"]; + // Protocol is the type of the database the cert is for. + string Protocol = 2 [(gogoproto.jsontag) = "protocol"]; + // Username is an optional database username to embed. + string Username = 3 [(gogoproto.jsontag) = "username,omitempty"]; + // Database is an optional database name to embed. + string Database = 4 [(gogoproto.jsontag) = "database,omitempty"]; +} + +// RouteToWindowsDesktop combines parameters for windows desktop routing information. +message RouteToWindowsDesktop { + // WindowsDesktop is the Windows Desktop server name to embed. + string WindowsDesktop = 1 [(gogoproto.jsontag) = "windows_desktop"]; + // Login is the Windows desktop user login to embed. + string Login = 2 [(gogoproto.jsontag) = "login"]; +} + +// RouteToApp contains parameters for application access certificate requests. +message RouteToApp { + // Name is the application name certificate is being requested for. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // SessionID is the ID of the application session. + string SessionID = 2 [(gogoproto.jsontag) = "session_id"]; + // PublicAddr is the application public address. + string PublicAddr = 3 [(gogoproto.jsontag) = "public_addr"]; + // ClusterName is the cluster where the application resides. + string ClusterName = 4 [(gogoproto.jsontag) = "cluster_name"]; + // AWSRoleARN is the AWS role to assume when accessing AWS API. + string AWSRoleARN = 5 [(gogoproto.jsontag) = "aws_role_arn,omitempty"]; +} + +// GetUserRequest specifies parameters for the GetUser method. +message GetUserRequest { + // Name is the name of the desired user. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // WithSecrets specifies whether to load associated secrets. + bool WithSecrets = 2 [(gogoproto.jsontag) = "with_secrets,omitempty"]; +} + +// GetUsersRequest specifies parameters for the GetUsers method. +message GetUsersRequest { + // WithSecrets specifies whether to load associated secrets. + bool WithSecrets = 1 [(gogoproto.jsontag) = "with_secrets"]; +} + +// AccessRequests is a collection of AccessRequest values. +message AccessRequests { + repeated types.AccessRequestV3 AccessRequests = 1 [(gogoproto.jsontag) = "access_requests"]; +} + +// PluginDataSeq is a sequence of plugin data. +message PluginDataSeq { + repeated types.PluginDataV3 PluginData = 1 [(gogoproto.jsontag) = "plugin_data"]; +} + +// RequestStateSetter encodes the paramters necessary to update the +// state of a privilege escalation request. +message RequestStateSetter { + // ID is the request ID being targeted + string ID = 1 [(gogoproto.jsontag) = "id"]; + // State is the desired state to be set + types.RequestState State = 2 [(gogoproto.jsontag) = "state"]; + // Delegator is an optional indicator of who delegated this + // state update (used by plugins to indicate which user approved + // or denied the request). + string Delegator = 3 [(gogoproto.jsontag) = "delegator,omitempty"]; + // Reason is an optional message indicating the reason for the + // resolution (approval, denail , etc...). + string Reason = 4 [(gogoproto.jsontag) = "reason,omitempty"]; + // Annotations are key/value pairs received from plugins during request + // resolution. They are currently only used to provide additional logging + // information. + wrappers.LabelValues Annotations = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "annotations,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + // Roles, if present, overrides the existing set of roles associated + // with the access request. + repeated string Roles = 6 [(gogoproto.jsontag) = "roles,omitempty"]; +} + +// RequestID is the unique identifier of an access request. +message RequestID { + string ID = 1 [(gogoproto.jsontag) = "id"]; +} + +// RotateUserTokenSecretsRequest is a request to rotate token secrets. +message RotateUserTokenSecretsRequest { + string TokenID = 1 [(gogoproto.jsontag) = "token"]; +} + +// GetResetPasswordTokenRequest is a request to get a reset password token. +message GetResetPasswordTokenRequest { + string TokenID = 1 [(gogoproto.jsontag) = "token"]; +} + +// CreateResetPasswordTokenRequest is a request to create a reset password token. +message CreateResetPasswordTokenRequest { + // Name is the user name. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // Type is a token type. + string Type = 2 [(gogoproto.jsontag) = "type"]; + // TTL specifies how long the generated token is valid for. + int64 TTL = 3 [ + (gogoproto.jsontag) = "ttl", + (gogoproto.casttype) = "Duration" + ]; +} + +// RenewableCertsRequest is a request to generate a first set of renewable +// certificates from a bot join token. +message RenewableCertsRequest { + // Token is a bot join token. + string Token = 1 [(gogoproto.jsontag) = "token"]; + + // PublicKey is a public key to be signed. + bytes PublicKey = 2 [(gogoproto.jsontag) = "public_key"]; +} + +// CreateBotRequest is used to create a bot User and associated resources. +message CreateBotRequest { + // Name is the name of the bot, i.e. the unprefixed User name. + string Name = 1 [(gogoproto.jsontag) = "name"]; + + // TTL is the desired TTL for the token if one is created. If unset, a + // server default is used. + int64 TTL = 2 [ + (gogoproto.jsontag) = "ttl", + (gogoproto.casttype) = "Duration" + ]; + + // TokenID is an optional token name of an EC2/IAM join token should be + // used. If unset, a new random token is created and its name returned. + string TokenID = 3 [(gogoproto.jsontag) = "token_id"]; + + // Roles is a list of roles the created bot should be allowed to assume + // via role impersonation. + repeated string Roles = 4 [(gogoproto.jsontag) = "roles"]; + + // Traits are used to populate role variables. These will propagate to + // role impersonated certificates generated by the bot. + wrappers.LabelValues Traits = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "traits,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; +} + +// CreateBotResponse returns details for bootstrapping a new bot. +message CreateBotResponse { + // UserName is the name of the associated bot user. + string UserName = 1 [(gogoproto.jsontag) = "user_name"]; + // RoleName is the name of the associated bot role. + string RoleName = 2 [(gogoproto.jsontag) = "role_name"]; + // TokenID is the name of the join token for the bot. + string TokenID = 3 [(gogoproto.jsontag) = "token_id"]; + // TokenTTL is the TTL for the token. If it differs from the requested TTL, + // it may have been limited by server policy. + int64 TokenTTL = 4 [ + (gogoproto.jsontag) = "ttl", + (gogoproto.casttype) = "Duration" + ]; + // JoinMethod is the join method the bot must use to join the cluster. + string JoinMethod = 5 [ + (gogoproto.jsontag) = "join_method", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.JoinMethod" + ]; +} + +// DeleteBotRequest is a request to delete a bot user +message DeleteBotRequest { + // Name is the name of the bot, i.e. the unprefixed User name. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// GetBotUsersRequest specifies parameters for the GetUsers method. +message GetBotUsersRequest { + // GetBotUsers currently takes no parameters. +} + +// PingRequest is the input value for the Ping method. +message PingRequest { + // Ping method currently takes no parameters +} + +// PingResponse contains data about the teleport auth server. +message PingResponse { + // ClusterName is the name of the teleport cluster. + string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; + // ServerVersion is the version of the auth server. + string ServerVersion = 2 [(gogoproto.jsontag) = "server_version"]; + // ServerFeatures are the features supported by the auth server. + Features ServerFeatures = 3 [(gogoproto.jsontag) = "server_features"]; + // ProxyPublicAddr is the server's public proxy address. + string ProxyPublicAddr = 4 [(gogoproto.jsontag) = "proxy_public_addr"]; + // IsBoring signals whether or not the server was compiled with BoringCrypto. + bool IsBoring = 5 [(gogoproto.jsontag) = "is_boring"]; + // RemoteAddr is the client peer addr as seen from the auth server (used to assist + // instances in guessing their external IP when none is configured). + string RemoteAddr = 7 [(gogoproto.jsontag) = "remote_addr"]; +} + +// Features are auth server features. +message Features { + // Kubernetes enables Kubernetes Access product + bool Kubernetes = 1 [(gogoproto.jsontag) = "kubernetes"]; + // App enables Application Access product + bool App = 2 [(gogoproto.jsontag) = "app"]; + // DB enables database access product + bool DB = 3 [(gogoproto.jsontag) = "db"]; + // OIDC enables OIDC connectors + bool OIDC = 4 [(gogoproto.jsontag) = "oidc"]; + // SAML enables SAML connectors + bool SAML = 5 [(gogoproto.jsontag) = "saml"]; + // AccessControls enables FIPS access controls + bool AccessControls = 6 [(gogoproto.jsontag) = "access_controls"]; + // AdvancedAccessWorkflows enables advanced access workflows + bool AdvancedAccessWorkflows = 7 [(gogoproto.jsontag) = "advanced_access_workflows"]; + // Cloud enables some cloud-related features + bool Cloud = 8 [(gogoproto.jsontag) = "cloud"]; + // HSM enables PKCS#11 HSM support + bool HSM = 9 [(gogoproto.jsontag) = "hsm"]; + // Desktop enables desktop access product + bool Desktop = 10 [(gogoproto.jsontag) = "desktop"]; + // ModeratedSessions enables moderated sessions product + bool ModeratedSessions = 11 [(gogoproto.jsontag) = "moderated_sessions"]; + // MachineID enables MachineID product + bool MachineID = 12 [(gogoproto.jsontag) = "machine_id"]; + // ResourceAccessRequests enables resource access requests product + bool ResourceAccessRequests = 13 [(gogoproto.jsontag) = "resource_access_requests"]; +} + +// DeleteUserRequest is the input value for the DeleteUser method. +message DeleteUserRequest { + // Name is the user name to delete. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// Semaphores is a sequence of Semaphore resources. +message Semaphores { + repeated types.SemaphoreV3 Semaphores = 1 [(gogoproto.jsontag) = "semaphores"]; +} + +// AuditStreamRequest contains stream request - event or stream control request +message AuditStreamRequest { + // Request is either stream request - create, resume or complete stream + // or event submitted as a part of the stream + oneof Request { + // CreateStream creates the stream for session ID + // should be the first message sent to the stream + CreateStream CreateStream = 1; + // ResumeStream resumes existing stream, should be the + // first message sent to the stream + ResumeStream ResumeStream = 2; + // CompleteStream completes the stream + CompleteStream CompleteStream = 3; + // FlushAndClose flushes and closes the stream + FlushAndCloseStream FlushAndCloseStream = 4; + // Event contains the stream event + events.OneOf Event = 5; + } +} + +// AuditStreamStatus returns audit stream status +// with corresponding upload ID +message AuditStreamStatus { + // UploadID is upload ID associated with the stream, + // can be used to resume the stream + string UploadID = 1; +} + +// CreateStream creates stream for a new session ID +message CreateStream { + string SessionID = 1; +} + +// ResumeStream resumes stream that was previously created +message ResumeStream { + // SessionID is a session ID of the stream + string SessionID = 1; + // UploadID is upload ID to resume + string UploadID = 2; +} + +// CompleteStream completes the stream +// and uploads it to the session server +message CompleteStream {} + +// FlushAndCloseStream flushes the stream data and closes the stream +message FlushAndCloseStream {} + +// GetApplicationServersRequest is a request to fetch all registered apps. +// DELETE IN 10.0. +message GetApplicationServersRequest { + // Namespace is the app servers namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; +} + +// GetApplicationServersResponse contains all registered app servers. +// DELETE IN 10.0. +message GetApplicationServersResponse { + // Servers is a list of proxied applications. + repeated types.AppServerV3 Servers = 1 [(gogoproto.jsontag) = "servers"]; +} + +// UpsertApplicationServerRequest upserts an app server. +message UpsertApplicationServerRequest { + // Server is an app server resource to register. + types.AppServerV3 Server = 1 [(gogoproto.jsontag) = "server"]; +} + +// DeleteApplicationServerRequest is a request to delete an app server. +message DeleteApplicationServerRequest { + // Namespace is the app server namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; + // HostID is the app server host uuid. + string HostID = 2 [(gogoproto.jsontag) = "host_id"]; + // Name is the name of the application to delete. + string Name = 3 [(gogoproto.jsontag) = "name"]; +} + +// DeleteAllApplicationServersRequest are the parameters used to remove all applications. +message DeleteAllApplicationServersRequest { + // Namespace is the app servers namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; +} + +// GetAppServersRequest are the parameters used to request application servers. +// +// DELETE IN 9.0. Deprecated, use GetApplicationServersRequest. +message GetAppServersRequest { + // Namespace is the namespace for application. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; + // DEPRECATED: SkipValidation is used to skip JSON schema validation. + bool SkipValidation = 2 [ + deprecated = true, + (gogoproto.jsontag) = "skip_validation" + ]; +} + +// GetAppServersResponse contains all requested application servers. +// +// DELETE IN 9.0. Deprecated, use GetApplicationServersResponse. +message GetAppServersResponse { + // Servers is a slice of types.Server that represent applications. + repeated types.ServerV2 Servers = 1 [(gogoproto.jsontag) = "servers"]; +} + +// UpsertAppServerRequest are the parameters used to add an application. +// +// DELETE IN 9.0. Deprecated, use UpsertApplicationServerRequest. +message UpsertAppServerRequest { + types.ServerV2 Server = 1 [(gogoproto.jsontag) = "server"]; +} + +// DeleteAppServerRequest are the parameters used to remove an application. +// +// DELETE IN 9.0. Deprecated, use DeleteApplicationServerRequest. +message DeleteAppServerRequest { + // Namespace is the namespace for application. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; + // Name is the name of the application to delete. + string Name = 2 [(gogoproto.jsontag) = "name"]; +} + +// DeleteAllAppServersRequest are the parameters used to remove all applications. +// +// DELETE IN 9.0. Deprecated, use DeleteAllApplicationServersRequest. +message DeleteAllAppServersRequest { + // Namespace is the namespace for application. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; +} + +// GenerateAppTokenRequest are the parameters used to request an application +// token. +message GenerateAppTokenRequest { + // Username is the Teleport username. + string Username = 1 [(gogoproto.jsontag) = "username"]; + // Roles is a list of Teleport roles assigned to the user. + repeated string Roles = 2 [(gogoproto.jsontag) = "roles"]; + // URI is the URI of the application this token is targeting. + string URI = 3 [(gogoproto.jsontag) = "uri"]; + // Expires is the time this token expires. + google.protobuf.Timestamp Expires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; +} + +// GenerateAppTokenResponse contains a signed application token. +message GenerateAppTokenResponse { + string Token = 1 [(gogoproto.jsontag) = "token"]; +} + +// GetAppSessionRequest are the parameters used to request an application web session. +message GetAppSessionRequest { + // SessionID is the ID of the session being requested. + string SessionID = 1 [(gogoproto.jsontag) = "session_id"]; +} + +// GetAppSessionResponse contains the requested application web session. +message GetAppSessionResponse { + // Session is the application web session. + types.WebSessionV2 Session = 1 [(gogoproto.jsontag) = "session"]; +} + +// GetAppSessionsResponse contains all the requested application web sessions. +message GetAppSessionsResponse { + // Sessions is a list of application web sessions. + repeated types.WebSessionV2 Sessions = 1 [(gogoproto.jsontag) = "sessions"]; +} + +// GetSnowflakeSessionsResponse contains all the requested Snowflake web sessions. +message GetSnowflakeSessionsResponse { + // Sessions is a list of Snowflake web sessions. + repeated types.WebSessionV2 Sessions = 1 [(gogoproto.jsontag) = "sessions"]; +} + +// CreateAppSessionRequest contains the parameters to request a application web session. +message CreateAppSessionRequest { + reserved 2; + // Username is the name of the user requesting the session. + string Username = 1 [(gogoproto.jsontag) = "username"]; + // PublicAddr is the public address the application. + string PublicAddr = 3 [(gogoproto.jsontag) = "public_addr"]; + // ClusterName is cluster within which the application is running. + string ClusterName = 4 [(gogoproto.jsontag) = "cluster_name"]; + // AWSRoleARN is AWS role the user wants to assume. + string AWSRoleARN = 5 [(gogoproto.jsontag) = "aws_role_arn"]; +} + +// CreateAppSessionResponse contains the requested application web session. +message CreateAppSessionResponse { + // Session is the application web session. + types.WebSessionV2 Session = 1 [(gogoproto.jsontag) = "session"]; +} + +// CreateSnowflakeSessionRequest contains data required to create Snowflake web session. +message CreateSnowflakeSessionRequest { + // Username is the name of the user requesting the session. + string Username = 1 [(gogoproto.jsontag) = "username"]; + // SessionToken is the Snowflake server session token. + string SessionToken = 2 [(gogoproto.jsontag) = "session_token"]; + // TokenTTL is the token validity period. + int64 TokenTTL = 3 [ + (gogoproto.jsontag) = "token_ttl", + (gogoproto.casttype) = "Duration" + ]; +} + +// CreateSnowflakeSessionResponse contains Snowflake WebSession. +message CreateSnowflakeSessionResponse { + types.WebSessionV2 Session = 1 [(gogoproto.jsontag) = "session"]; +} + +// GetSnowflakeSessionRequest are the parameters used to request an Snowflake web session. +message GetSnowflakeSessionRequest { + // SessionID is the ID of the session being requested. + string SessionID = 1 [(gogoproto.jsontag) = "session_id"]; +} + +// GetSnowflakeSessionResponse contains the requested Snowflake web session. +message GetSnowflakeSessionResponse { + // Session is the Snowflake web session. + types.WebSessionV2 Session = 1 [(gogoproto.jsontag) = "session"]; +} + +// DeleteAppSessionRequest contains the parameters used to remove an application web session. +message DeleteAppSessionRequest { + string SessionID = 1 [(gogoproto.jsontag) = "session_id"]; +} + +// DeleteSnowflakeSessionRequest contains the parameters used to remove a Snowflake web session. +message DeleteSnowflakeSessionRequest { + string SessionID = 1 [(gogoproto.jsontag) = "session_id"]; +} + +// DeleteUserAppSessionsRequest contains the parameters used to remove the +// user's application web sessions. +message DeleteUserAppSessionsRequest { + string Username = 1 [(gogoproto.jsontag) = "username"]; +} + +// GetWebSessionResponse contains the requested web session. +message GetWebSessionResponse { + // Session is the web session. + types.WebSessionV2 Session = 1 [(gogoproto.jsontag) = "session"]; +} + +// GetWebSessionsResponse contains all the requested web sessions. +message GetWebSessionsResponse { + // Sessions is a list of web sessions. + repeated types.WebSessionV2 Sessions = 1 [(gogoproto.jsontag) = "sessions"]; +} + +// GetWebTokenResponse contains the requested web token. +message GetWebTokenResponse { + // Token is the web token being requested. + types.WebTokenV3 Token = 1 [(gogoproto.jsontag) = "token"]; +} + +// GetWebTokensResponse contains all the requested web tokens. +message GetWebTokensResponse { + // Tokens is a list of web tokens. + repeated types.WebTokenV3 Tokens = 1 [(gogoproto.jsontag) = "tokens"]; +} + +// GetKubeServicesRequest are the parameters used to request kubernetes services. +// DELETE IN 10.0 +message GetKubeServicesRequest {} + +// GetKubeServicesResponse contains all requested kubernetes services. +// DELETE IN 10.0 +message GetKubeServicesResponse { + // Servers is a slice of types.Server that represent kubernetes + // services. + repeated types.ServerV2 Servers = 1 [(gogoproto.jsontag) = "servers"]; +} + +// UpsertKubeServiceRequest are the parameters used to add or update a +// kubernetes service. +message UpsertKubeServiceRequest { + types.ServerV2 Server = 1 [(gogoproto.jsontag) = "server"]; +} + +// DeleteKubeServiceRequest are the parameters used to remove a kubernetes service. +message DeleteKubeServiceRequest { + // Name is the name of the kubernetes service to delete. + string Name = 2 [(gogoproto.jsontag) = "name"]; +} + +// DeleteAllKubeServicesRequest are the parameters used to remove all kubernetes services. +message DeleteAllKubeServicesRequest {} + +// GetDatabaseServersRequest is a request to return all registered database servers. +// DELETE IN 10.0. +message GetDatabaseServersRequest { + // Namespace is the database server namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; + // DEPRECATED: SkipValidation allows to turn off JSON schema validation. + bool SkipValidation = 2 [ + deprecated = true, + (gogoproto.jsontag) = "skip_validation" + ]; +} + +// GetDatabaseServersResponse contains all registered database servers. +// DELETE IN 10.0. +message GetDatabaseServersResponse { + // Servers is a list of database proxy servers. + repeated types.DatabaseServerV3 Servers = 1 [(gogoproto.jsontag) = "servers"]; +} + +// UpsertDatabaseServerRequest is a request to register database server. +message UpsertDatabaseServerRequest { + // Server is the database proxy server to register. + types.DatabaseServerV3 Server = 1 [(gogoproto.jsontag) = "server"]; +} + +// DeleteDatabaseServerRequest is a request to delete a database server. +message DeleteDatabaseServerRequest { + // Namespace is the database server namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; + // HostID is the ID of the host database server is running on. + string HostID = 2 [(gogoproto.jsontag) = "host_id"]; + // Name is the database server name. + string Name = 3 [(gogoproto.jsontag) = "name"]; +} + +// DeleteAllDatabaseServersRequest is a request to delete all database servers. +message DeleteAllDatabaseServersRequest { + // Namespace is the database servers namespace. + string Namespace = 1 [(gogoproto.jsontag) = "namespace"]; +} + +// DatabaseCSRRequest is a request to generate a client certificate used +// by the proxy to authenticate with a remote database service. +message DatabaseCSRRequest { + // CSR is the request to sign. + bytes CSR = 1 [(gogoproto.jsontag) = "csr"]; + // ClusterName is the name of the cluster the request is for. + string ClusterName = 2 [(gogoproto.jsontag) = "cluster_name"]; + // SignWithDatabaseCA if set to true will use Database CA to sign the created certificate. + // This flag was created to enable Database CA for new proxies and don't break old one that + // are still using UserCA. + // DELETE IN 11.0. + bool SignWithDatabaseCA = 3 [(gogoproto.jsontag) = "sign_with_database_ca"]; +} + +// DatabaseCSRResponse contains the signed database certificate. +message DatabaseCSRResponse { + // Cert is the signed certificate. + bytes Cert = 1 [(gogoproto.jsontag) = "cert"]; + // CACerts is a list of certificate authorities. + repeated bytes CACerts = 2 [(gogoproto.jsontag) = "ca_certs"]; +} + +// DatabaseCertRequest is a request to generate a client certificate used +// by a database service to authenticate with a database instance. +message DatabaseCertRequest { + // CSR is the request to sign. + bytes CSR = 1 [(gogoproto.jsontag) = "csr"]; + // ServerName is the SAN to include in the certificate. + // DEPRECATED: Replaced by ServerNames. + string ServerName = 2 [ + (gogoproto.jsontag) = "server_name", + deprecated = true + ]; + // TTL is the certificate validity period. + int64 TTL = 3 [ + (gogoproto.jsontag) = "ttl", + (gogoproto.casttype) = "Duration" + ]; + // ServerNames are SANs to include in the certificate. + repeated string ServerNames = 4 [(gogoproto.jsontag) = "server_names"]; + // Requester is a name of service that sent the request. + enum Requester { + // UNSPECIFIED is set when the requester in unknown. + UNSPECIFIED = 0; + // TCTL is set when request was sent by tctl tool. + TCTL = 1; + } + // RequesterName identifies who sent the request. + Requester RequesterName = 5 [(gogoproto.jsontag) = "requester_name"]; +} + +// DatabaseCertResponse contains the signed certificate. +message DatabaseCertResponse { + // Cert is the signed certificate. + bytes Cert = 1 [(gogoproto.jsontag) = "cert"]; + // CACerts is a list of certificate authorities. + repeated bytes CACerts = 2 [(gogoproto.jsontag) = "ca_certs"]; +} + +// SnowflakeJWTRequest contains data required to generate Snowflake JWT used for authorization. +message SnowflakeJWTRequest { + string AccountName = 1 [(gogoproto.jsontag) = "account_name"]; + string UserName = 2 [(gogoproto.jsontag) = "user_name"]; +} + +// SnowflakeJWTResponse contains signed JWT that can be used for Snowflake authentication. +message SnowflakeJWTResponse { + string Token = 1 [(gogoproto.jsontag) = "token"]; +} + +// GetRoleRequest is a request to query a role. +message GetRoleRequest { + // Name is the name of the role to get. + string Name = 1; +} + +// GetRolesResponse is a response to querying for all roles. +message GetRolesResponse { + // Roles is a list of roles. + repeated types.RoleV5 Roles = 1; +} + +// DeleteRoleRequest is a request to delete a role. +message DeleteRoleRequest { + // Name is the role name to delete. + string Name = 1; +} + +// DeviceType describes supported MFA device types. +enum DeviceType { + DEVICE_TYPE_UNSPECIFIED = 0; + // TOTP is a Time-based One-Time Password device. + DEVICE_TYPE_TOTP = 1; + reserved 2; // DEVICE_TYPE_U2F + // Webauthn is a device compatible with the Web Authentication + // specification, registered via Webauthn APIs. + // Supports various kinds of devices: U2F/CTAP1, CTAP2, platform + // authenticators (Touch ID), etc. + DEVICE_TYPE_WEBAUTHN = 3; +} + +enum DeviceUsage { + DEVICE_USAGE_UNSPECIFIED = 0; + + // Device intended for MFA use, but not for passwordless. + // Allows both FIDO and FIDO2 devices. + // Resident keys not required. + DEVICE_USAGE_MFA = 1; + + // Device intended for both MFA and passwordless. + // Requires a FIDO2 device and takes a resident key slot. + DEVICE_USAGE_PASSWORDLESS = 2; +} + +// MFAAuthenticateChallenge is a challenge for all MFA devices registered for a +// user. +message MFAAuthenticateChallenge { + reserved 1; // repeated U2FChallenge U2F + // TOTP is a challenge for all TOTP devices registered for a user. When + // this field is set, any TOTP device a user has registered can be used to + // respond. + TOTPChallenge TOTP = 2; + // WebauthnChallenge contains a Webauthn credential assertion used for + // login/authentication ceremonies. + // Credential assertions hold, among other information, a list of allowed + // credentials for the ceremony (one for each U2F or Webauthn device + // registered by the user). + webauthn.CredentialAssertion WebauthnChallenge = 3; +} + +// MFAAuthenticateResponse is a response to MFAAuthenticateChallenge using one +// of the MFA devices registered for a user. +message MFAAuthenticateResponse { + oneof Response { + // Removed: U2FResponse U2F = 1; + TOTPResponse TOTP = 2; + webauthn.CredentialAssertionResponse Webauthn = 3; + } +} + +// TOTPChallenge is a challenge for all TOTP devices registered for a user. +message TOTPChallenge { + // TOTP protocol has no challenge per se, but the user has to provide a + // valid token in response. TOTPChallenge exists only to signal to the user + // that TOTP MFA is supported, which means that the user has a TOTP device + // registered. +} + +// TOTPResponse is a response to TOTPChallenge. +message TOTPResponse { + string Code = 1; +} + +// MFARegisterChallenge is a challenge for registering a new MFA device. +message MFARegisterChallenge { + // Request depends on the type of the MFA device being registered. + oneof Request { + // Removed: U2FRegisterChallenge U2F = 1; + TOTPRegisterChallenge TOTP = 2; + webauthn.CredentialCreation Webauthn = 3; + } +} + +// MFARegisterResponse is a response to MFARegisterChallenge. +message MFARegisterResponse { + oneof Response { + // Removed: U2FRegisterResponse U2F = 1; + TOTPRegisterResponse TOTP = 2; + webauthn.CredentialCreationResponse Webauthn = 3; + } +} + +// TOTPRegisterChallenge is a challenge for registering a new TOTP device. +message TOTPRegisterChallenge { + // Secret is a secret shared by client and server to generate codes. + string Secret = 1; + // Issuer is the name of the Teleport cluster. + string Issuer = 2; + // PeriodSeconds is a period for TOTP code rotation, in seconds. + uint32 PeriodSeconds = 3; + // Algorithm is the TOTP hashing algorithm. + string Algorithm = 4; + // Digits is the number of digits in the TOTP code. + uint32 Digits = 5; + // Account is the account name for this user. + string Account = 6; + // QRCode is an optional field for the QR code in PNG format. Used to display a QR code + // image in the UI. + bytes QRCode = 7; +} + +// TOTPRegisterResponse is a response to TOTPRegisterChallenge. +message TOTPRegisterResponse { + string Code = 1; +} + +// AddMFADeviceRequest is a message sent by the client during AddMFADevice RPC. +message AddMFADeviceRequest { + oneof Request { + // Init describes the new device. + AddMFADeviceRequestInit Init = 1; + // ExistingMFAResponse is a response to ExistingMFAChallenge auth + // challenge. + MFAAuthenticateResponse ExistingMFAResponse = 2; + // NewMFARegisterResponse is a response to NewMFARegisterChallenge + // registration challenge. + MFARegisterResponse NewMFARegisterResponse = 3; + } +} + +// AddMFADeviceResponse is a message sent by the server during AddMFADevice +// RPC. +message AddMFADeviceResponse { + oneof Response { + // ExistingMFAChallenge is an auth challenge using an existing MFA + // device. + MFAAuthenticateChallenge ExistingMFAChallenge = 1; + // NewMFARegisterChallenge is a registration challenge for a new MFA + // device. + MFARegisterChallenge NewMFARegisterChallenge = 2; + // Ack is a confirmation of successful device registration. + AddMFADeviceResponseAck Ack = 3; + } +} + +// AddMFADeviceRequestInit describes the new MFA device. +message AddMFADeviceRequestInit { + string DeviceName = 1; + reserved 2; // LegacyDeviceType LegacyType + DeviceType DeviceType = 3; + // DeviceUsage is the requested usage for the device. + // Defaults to DEVICE_USAGE_MFA. + DeviceUsage DeviceUsage = 4 [(gogoproto.jsontag) = "device_usage,omitempty"]; +} + +// AddMFADeviceResponseAck is a confirmation of successful device registration. +message AddMFADeviceResponseAck { + types.MFADevice Device = 1; +} + +// DeleteMFADeviceRequest is a message sent by the client during +// DeleteMFADevice RPC. +message DeleteMFADeviceRequest { + oneof Request { + // Init describes the device to be deleted. + DeleteMFADeviceRequestInit Init = 1; + // MFAResponse is a response to MFAChallenge auth challenge. + MFAAuthenticateResponse MFAResponse = 2; + } +} + +message DeleteMFADeviceResponse { + oneof Response { + // MFAChallenge is an auth challenge using any existing MFA device. + MFAAuthenticateChallenge MFAChallenge = 1; + // Ack is a confirmation of successful device deletion. + DeleteMFADeviceResponseAck Ack = 2; + } +} + +// DeleteMFADeviceRequestInit describes the device to be deleted. +message DeleteMFADeviceRequestInit { + // DeviceName is an MFA device name or ID to be deleted. + string DeviceName = 1; +} + +// DeleteMFADeviceResponseAck is a confirmation of successful device deletion. +message DeleteMFADeviceResponseAck { + types.MFADevice Device = 1; +} + +// DeleteMFADeviceSyncRequest is a request to delete a MFA device (nonstream). +message DeleteMFADeviceSyncRequest { + // TokenID is the ID of a user token that will be used to verify this request. + // Token types accepted are: + // - Recovery approved token that is obtained with RPC VerifyAccountRecovery + // - Privilege token that is obtained with RPC CreatePrivilegeToken + string TokenID = 1 [(gogoproto.jsontag) = "token_id"]; + // DeviceName is the name of the device to delete. + string DeviceName = 2 [(gogoproto.jsontag) = "device_name"]; +} + +// AddMFADeviceSyncRequest is a request to add a MFA device (nonstream). +message AddMFADeviceSyncRequest { + // TokenID is the ID of a user token that will be used to verify this request. + // Token types accepted are: + // - Privilege token that is obtained with RPC CreatePrivilegeToken + string TokenID = 1 [(gogoproto.jsontag) = "token_id"]; + // NewDeviceName is the name of a new mfa device. + string NewDeviceName = 2 [(gogoproto.jsontag) = "new_device_name,omitempty"]; + // NewMFAResponse is a user's new mfa response to a mfa register challenge. + MFARegisterResponse NewMFAResponse = 3 [(gogoproto.jsontag) = "new_mfa_response,omitempty"]; + // DeviceUsage is the requested usage for the device. + // Defaults to DEVICE_USAGE_MFA. + DeviceUsage DeviceUsage = 4 [(gogoproto.jsontag) = "device_usage,omitempty"]; +} + +// AddMFADeviceSyncResponse is a response to AddMFADeviceSyncRequest. +message AddMFADeviceSyncResponse { + types.MFADevice Device = 1 [(gogoproto.jsontag) = "device"]; +} + +// GetMFADeviceRequest is a request for MFA devices for the calling user. +message GetMFADevicesRequest { + // TokenID is an optional field for the ID of a user token that will be used to + // verify this request. Token is only required if an unauthenticated user wants to view their + // list of devices eg: during account recovery process. An empty field implies the logged in + // user wants to view their devices. + // Token types accepted are: + // - Recovery approved token that is obtained after successful invocation of RPC + // VerifyAccountRecovery + string TokenID = 1 [(gogoproto.jsontag) = "token_id,omitempty"]; +} + +// GetMFADeviceResponse is a response for GetMFADevices RPC. +message GetMFADevicesResponse { + repeated types.MFADevice Devices = 1; +} + +// UserSingleUseCertsRequest is a request for a single-use user certificate. +message UserSingleUseCertsRequest { + oneof Request { + UserCertsRequest Init = 1; + MFAAuthenticateResponse MFAResponse = 2; + } +} + +// UserSingleUseCertsResponse is a response with a single-use user certificate. +message UserSingleUseCertsResponse { + oneof Response { + MFAAuthenticateChallenge MFAChallenge = 1; + SingleUseUserCert Cert = 2; + } +} + +// IsMFARequiredRequest is a request to check whether MFA is required to access +// the Target. +message IsMFARequiredRequest { + oneof Target { + // KubernetesCluster specifies the target kubernetes cluster. + string KubernetesCluster = 1; + // RouteToDatabase specifies the target database proxy name. + RouteToDatabase Database = 2; + // Node specifies the target SSH node. + NodeLogin Node = 3; + // WindowsDesktop specifies the target Windows Desktop. + RouteToWindowsDesktop WindowsDesktop = 4; + } +} + +// StreamSessionEventsRequest is a request containing needed data to fetch a session recording. +message StreamSessionEventsRequest { + // SessionID is the ID for a given session in an UUIDv4 format. + string SessionID = 1; + // StartIndex is the index of the event to resume the stream after. + // A StartIndex of 0 creates a new stream. + int32 StartIndex = 2; +} + +// NodeLogin specifies an SSH node and OS login. +message NodeLogin { + // Node can be node's hostname or UUID. + string Node = 1; + // Login is the OS login name. + string Login = 2; +} + +// IsMFARequiredResponse is a response for MFA requirement check. +message IsMFARequiredResponse { + bool Required = 1; +} + +// SingleUseUserCert is a single-use user certificate, either SSH or TLS. +message SingleUseUserCert { + oneof Cert { + bytes SSH = 1; + bytes TLS = 2; + } +} + +// Order specifies any ordering of some objects as returned in regards to some aspect +// of said objects which may be trivially ordered such as a timestamp. +enum Order { + DESCENDING = 0; + ASCENDING = 1; +} + +message GetEventsRequest { + // Namespace, if not set, defaults to 'default' + string Namespace = 1; + // StartDate is the oldest date of returned events + google.protobuf.Timestamp StartDate = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + // EndDate is the newest date of returned events + google.protobuf.Timestamp EndDate = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + // EventTypes is optional, if not set, returns all events + repeated string EventTypes = 4; + // Limit is the maximum amount of events returned + int32 Limit = 5; + // StartKey is used to resume a query in order to enable pagination. + // If the previous response had LastKey set then this should be + // set to its value. Otherwise leave empty. + string StartKey = 6; + // Order specifies an ascending or descending order of events. + // A value of 0 means a descending order and a value of 1 means an ascending order. + Order Order = 7; +} + +message GetSessionEventsRequest { + // StartDate is the oldest date of returned events + google.protobuf.Timestamp StartDate = 1 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + // EndDate is the newest date of returned events + google.protobuf.Timestamp EndDate = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + // Limit is the maximum amount of events to retrieve. + int32 Limit = 3; + // StartKey is used to resume a query in order to enable pagination. + // If the previous response had LastKey set then this should be + // set to its value. Otherwise leave empty. + string StartKey = 4; + // Order specifies an ascending or descending order of events. + // A value of 0 means a descending order and a value of 1 means an ascending order. + Order Order = 5; +} + +message Events { + // Items is a list of typed gRPC formatted audit events. + repeated events.OneOf Items = 1; + // the key of the last event if the returned set did not contain all events found i.e limit < + // actual amount. this is the key clients can supply in another API request to continue fetching + // events from the previous last position + string LastKey = 2; +} + +message GetLocksRequest { + // Targets is a list of targets. Every returned lock must match at least + // one of the targets. + repeated types.LockTarget Targets = 1; + // InForceOnly specifies whether to return only those locks that are in force. + bool InForceOnly = 2; +} + +message GetLocksResponse { + // Locks is a list of locks. + repeated types.LockV2 Locks = 1; +} + +message GetLockRequest { + // Name is the name of the lock to get. + string Name = 1; +} + +message DeleteLockRequest { + // Name is the name of the lock to delete. + string Name = 1; +} + +message ReplaceRemoteLocksRequest { + // ClusterName identifies the cluster from which the locks originate. + string ClusterName = 1; + // Locks is a list of new remote locks to store. + repeated types.LockV2 Locks = 2; +} + +// GetWindowsDesktopServicesResponse contains all registered Windows desktop services. +message GetWindowsDesktopServicesResponse { + // Services is a list of Windows desktop services. + repeated types.WindowsDesktopServiceV3 services = 1 [(gogoproto.jsontag) = "services"]; +} + +// GetWindowsDesktopServiceRequest is a request for a specific Windows Desktop Service. +message GetWindowsDesktopServiceRequest { + // Name is the name of the Windows Desktop Service to be requested. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// GetWindowsDesktopServiceResponse contains the requested WindowsDesktopService +message GetWindowsDesktopServiceResponse { + // Service is the requested Windows Desktop Service. + types.WindowsDesktopServiceV3 service = 1 [(gogoproto.jsontag) = "service"]; +} + +// DeleteWindowsDesktopServiceRequest is a request to delete a Windows desktop service. +message DeleteWindowsDesktopServiceRequest { + // Name is the Windows desktop service name. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// GetWindowsDesktopsResponse contains all registered Windows desktop hosts. +message GetWindowsDesktopsResponse { + // Servers is a list of Windows desktop hosts. + repeated types.WindowsDesktopV3 Desktops = 1 [(gogoproto.jsontag) = "desktops"]; +} + +// DeleteWindowsDesktopRequest is a request to delete a Windows +// desktop host. If HostID is not specified, all Windows desktops with +// specified Name will be deleted +message DeleteWindowsDesktopRequest { + // Name is the name of the Windows desktop host. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // HostID is the ID of the Windows Desktop Service reporting the desktop. + string HostID = 2 [(gogoproto.jsontag) = "host_id"]; +} + +// WindowsDesktopCertRequest is a request to generate a client certificate used +// for Windows RDP authentication. +message WindowsDesktopCertRequest { + // CSR is the request to sign in PEM format. + bytes CSR = 1; + // CRLEndpoint is the address of the CRL for this certificate. + string CRLEndpoint = 2; + // TTL is the certificate validity period. + int64 TTL = 3 [(gogoproto.casttype) = "Duration"]; +} + +// WindowsDesktopCertResponse contains the signed Windows RDP certificate. +message WindowsDesktopCertResponse { + // Cert is the signed certificate in PEM format. + bytes Cert = 1; +} + +// CertAuthorityRequest is a request that identifies a Teleport CA. +message CertAuthorityRequest { + // Type is either user or host certificate authority. + string Type = 1 [(gogoproto.casttype) = "github.com/gravitational/teleport/api/types.CertAuthType"]; +} + +// CRL is the X.509 Certificate Revocation List. +message CRL { + // CRL is the Certificate Revocation List in DER format. + bytes CRL = 1; +} + +// ChangeUserAuthenticationRequest defines a request to change a password and if enabled +// also adds a new MFA device from a user reset or from a new user invite. User can also skip +// setting a new password if passwordless is enabled and just provide a new webauthn register +// response. +// +// After a successful request a new web session is created. +// +// Users may also receive new recovery codes if they meet the necessary requirements. If a user +// previously had recovery codes, the previous codes become invalid as it is replaced with newly +// generated ones. +message ChangeUserAuthenticationRequest { + // TokenID is the ID of a reset or invite token. + // The token allows the user to change their credentials without being logged + // in. + string TokenID = 1 [(gogoproto.jsontag) = "token_id"]; + // NewPassword is the new password in plain text. + bytes NewPassword = 2 [(gogoproto.jsontag) = "new_password"]; + // NewMFARegisterResponse is a MFA response to a MFA authentication challenge. + // This field can be empty which implies that user chose not to add a new device (allowable when + // cluster settings enable optional second factor), or cluster settings disabled second factor. + MFARegisterResponse NewMFARegisterResponse = 3 [(gogoproto.jsontag) = "new_mfa_register_response,omitempty"]; + // NewDeviceName is the name of a new mfa or passwordless device. + string NewDeviceName = 4 [(gogoproto.jsontag) = "new_device_name,omitempty"]; +} + +// ChangeUserAuthenticationResponse is a response for ChangeUserAuthentication. +message ChangeUserAuthenticationResponse { + // WebSession is a user's web sesssion created from successful changing of password. + types.WebSessionV2 WebSession = 1 [(gogoproto.jsontag) = "web_session"]; + // Recovery holds user's new recovery related fields. Previous recovery codes become invalid. + // This field can be empty if a user does not meet the following + // requirements to receive recovery codes: + // - cloud feature is enabled + // - username is in valid email format + RecoveryCodes Recovery = 2 [(gogoproto.jsontag) = "recovery,omitempty"]; +} + +// StartAccountRecoveryRequest defines a request to create a recovery start token for a user who is +// allowed to recover their account. The tokens ID is used as part of a URL that will be emailed to +// the user (not done in this request). Represents step 1 of the account recovery process, next step +// is RPC VerifyAccountRecovery. +message StartAccountRecoveryRequest { + // Username is the requesting user. The username must meet the following requirements to be + // allowed to recover their account: + // - cloud feature is enabled + // - username is in valid email format + string Username = 1 [(gogoproto.jsontag) = "username"]; + // RecoveryCode is one of the user's recovery code in plain text. + bytes RecoveryCode = 2 [(gogoproto.jsontag) = "recovery_code"]; + // RecoverType defines what type of authentication user needs to recover. + types.UserTokenUsage RecoverType = 3 [(gogoproto.jsontag) = "recover_type"]; +} + +// VerifyAccountRecoveryRequest is a request to create a recovery approved token that allows users +// to perform protected actions while not logged in. Represents step 2 of the account recovery +// process after RPC StartAccountRecovery, next step is RPC CompleteAccountRecovery. +message VerifyAccountRecoveryRequest { + // RecoveryStartTokenID is the ID of a recovery start token that's required to verify this + // request. + string RecoveryStartTokenID = 1 [(gogoproto.jsontag) = "recovery_start_token_id"]; + // Username is the name of the user that the token belongs to, used to verify that this name + // is the same as defined in token for use with emails. + string Username = 2 [(gogoproto.jsontag) = "username"]; + // AuthnCred is the authentication cred that needs to be verified. + oneof AuthnCred { + // Password is users password in plain text. + bytes Password = 3 [(gogoproto.jsontag) = "password,omitempty"]; + // MFAAuthenticateResponse is a response to a MFA challenge. + MFAAuthenticateResponse MFAAuthenticateResponse = 4 [(gogoproto.jsontag) = "mfa_authenticate_response,omitempty"]; + } +} + +// CompleteAccountRecoveryRequest is a request to set either a new password or +// add a new mfa device, allowing the user to regain access to their account with the new +// credentials. Represents the last step in the account recovery process after RPC's +// StartAccountRecovery and VerifyAccountRecovery. +message CompleteAccountRecoveryRequest { + // RecoveryApprovedTokenID is the ID of a recovery approved token that's required to verify this + // request. + string RecoveryApprovedTokenID = 1 [(gogoproto.jsontag) = "recovery_approved_token_id"]; + // NewDeviceName is the name of a new mfa device. + // Optional if NewPassword is used. + string NewDeviceName = 2 [(gogoproto.jsontag) = "new_device_name,omitempty"]; + // NewAuthnCred contains the new authentication credential. + oneof NewAuthnCred { + // NewPassword is user's new password in plain text. + bytes NewPassword = 3 [(gogoproto.jsontag) = "new_password,omitempty"]; + // NewMFAResponse is a user's new mfa response to a mfa register challenge. + MFARegisterResponse NewMFAResponse = 4 [(gogoproto.jsontag) = "new_mfa_response,omitempty"]; + } +} + +// RecoveryCodes describes account recovery fields. Used as a RPC +// response or as part of a RPC response that requires any of these fields. +message RecoveryCodes { + // Codes holds the list of recovery phrase words. + // Field is only used when new recovery codes are generated and returned to user. + repeated string Codes = 1 [(gogoproto.jsontag) = "codes,omitempty"]; + // Created is the date the recovery codes were created. + google.protobuf.Timestamp Created = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created" + ]; +} + +// CreateAccountRecoveryCodesRequest is a request to create new set of recovery codes for a user, +// replacing and invalidating any previously existing codes. Recovery codes can only be given to +// users who meet the following requirements: +// - cloud feature is enabled +// - username is in valid email format +message CreateAccountRecoveryCodesRequest { + // TokenID is the ID of a user token that will be used to verify this request. + // Token types accepted are: + // - Recovery approved token that is obtained with RPC VerifyAccountRecovery + // - Privilege token that is obtained with RPC CreatePrivilegeToken + string TokenID = 1 [(gogoproto.jsontag) = "token_id"]; +} + +// GetAccountRecoveryTokenRequest is a request to return a user token resource after verifying that +// the token in the request is not expired and is of the recovery kind. +message GetAccountRecoveryTokenRequest { + // RecoveryTokenID is the ID of a recovery token to verify. + // Recovery tokens are obtained with RPC StartAccountRecovery or VerifyAccountRecovery. + string RecoveryTokenID = 1 [(gogoproto.jsontag) = "recovery_token_id"]; +} + +// GetAccountRecoveryCodesRequest is a request to return the user in context their +// recovery codes. This request will not return any secrets (the values of recovery codes). +message GetAccountRecoveryCodesRequest {} + +// UserCredentials describes fields for a user's username and password. +message UserCredentials { + string Username = 1 [(gogoproto.jsontag) = "username"]; + bytes Password = 2 [(gogoproto.jsontag) = "password"]; +} + +// ContextUser marks requests that rely in the currently authenticated user. +message ContextUser {} + +// Passwordless marks requests for passwordless challenges. +message Passwordless {} + +// CreateAuthenticateChallengeRequest is a request for creating MFA authentication challenges for a +// users mfa devices. +message CreateAuthenticateChallengeRequest { + // Request defines how the request will be verified before creating challenges. + // An empty Request is equivalent to context_user being set. + oneof Request { + // UserCredentials verifies request with username and password. Used with logins or + // when the logged in user wants to change their password. + UserCredentials UserCredentials = 1 [(gogoproto.jsontag) = "user_credentials,omitempty"]; + // RecoveryStartTokenID is the ID of a recovery start token obtained with RPC + // StartAccountRecovery. This token allows a user to retrieve their MFA challenges for RPC + // VerifyAccountRecovery (step 2 of the recovery process after RPC StartAccountRecovery). + string RecoveryStartTokenID = 2 [(gogoproto.jsontag) = "recovery_start_token_id,omitempty"]; + // ContextUser issues a challenge for the currently-authenticated user. + // Default option if no other is provided. + ContextUser ContextUser = 3 [(gogoproto.jsontag) = "context_user,omitempty"]; + // Passwordless issues a passwordless challenge (authenticated user not + // required). + Passwordless Passwordless = 4 [(gogoproto.jsontag) = "passwordless,omitempty"]; + } +} + +// CreatePrivilegeTokenRequest defines a request to obtain a privilege token. +// Only logged in users are allowed to obtain privilege tokens after they have successfully +// re-authenticated with their second factor. +message CreatePrivilegeTokenRequest { + // ExistingMFAResponse is a response to a challenge from the user's existing MFA devices. + // This field can be empty to create a UserTokenTypePrivilegeException token that + // allows a user to bypass second factor re-authentication eg: allowing a user + // with no mfa devices to add a device without re-authenticating. + MFAAuthenticateResponse ExistingMFAResponse = 1 [(gogoproto.jsontag) = "existing_mfa_response,omitempty"]; +} + +// CreateRegisterChallengeRequest is a request for creating MFA register challenge for a +// new MFA device. +message CreateRegisterChallengeRequest { + // TokenID is the ID of a user token that will be used to verify this request. + // All user token types are accepted except UserTokenTypeRecoveryStart. + string TokenID = 1 [(gogoproto.jsontag) = "token_id"]; + // DeviceType is the type of MFA device to make a register challenge for. + DeviceType DeviceType = 2 [(gogoproto.jsontag) = "device_type"]; + // DeviceUsage is the requested usage for the device. + // Defaults to DEVICE_USAGE_MFA. + DeviceUsage DeviceUsage = 3 [(gogoproto.jsontag) = "device_usage,omitempty"]; +} + +// PaginatedResource represents one of the supported resources. +message PaginatedResource { + // Resource is the resource itself. + oneof resource { + // DatabaseServer represents a DatabaseServer resource. + types.DatabaseServerV3 DatabaseServer = 1; + // AppServer represents a AppServer resource. + types.AppServerV3 AppServer = 2; + // Nodes represents a Server resource. + types.ServerV2 Node = 3 [(gogoproto.jsontag) = "node,omitempty"]; + // KubeService represents a KubernetesService resource. + types.ServerV2 KubeService = 4 [(gogoproto.jsontag) = "kube_service,omitempty"]; + // WindowsDesktop represents a WindowsDesktop resource. + types.WindowsDesktopV3 WindowsDesktop = 5 [(gogoproto.jsontag) = "windows_desktop,omitempty"]; + // KubeCluster represents a KubeCluster resource. + types.KubernetesClusterV3 KubeCluster = 6 [(gogoproto.jsontag) = "kube_cluster,omitempty"]; + // WindowsDesktopService represents a WindowsDesktopServiceV3 resource. + types.WindowsDesktopServiceV3 WindowsDesktopService = 8 [(gogoproto.jsontag) = "windows_desktop_service,omitempty"]; + } +} + +// ListResourcesRequest defines a request to retrieve resources paginated. Only +// one type of resource can be retrieved per request. +// +// NOTE: There are two paths this request can take: +// 1. ListResources: the more efficient path that retrieves resources by subset +// at a time defined by field 'Limit'. Does NOT de-duplicate matches. +// 2. listResourcesWithSort: the less efficient path that retrieves all resources +// upfront by falling back to the traditional GetXXX calls. Used when sorting (SortBy), +// total count of resources (NeedTotalCount), or ResourceType `KindKubernetesCluster` +// is requested. Matches are de-duplicated. +message ListResourcesRequest { + // ResourceType is the resource that is going to be retrieved. + // This only needs to be set explicitly for the `ListResources` rpc. + string ResourceType = 1 [(gogoproto.jsontag) = "resource_type,omitempty"]; + // Namespace is the namespace of resources. + string Namespace = 2 [(gogoproto.jsontag) = "namespace,omitempty"]; + // Limit is the maximum amount of resources to retrieve. + int32 Limit = 3 [(gogoproto.jsontag) = "limit,omitempty"]; + // StartKey is used to start listing resources from a specific spot. It + // should be set to the previous NextKey value if using pagination, or + // left empty. + string StartKey = 4 [(gogoproto.jsontag) = "start_key,omitempty"]; + // Labels is a label-based matcher if non-empty. + map Labels = 5 [(gogoproto.jsontag) = "labels,omitempty"]; + // PredicateExpression defines boolean conditions that will be matched against the resource. + string PredicateExpression = 6 [(gogoproto.jsontag) = "predicate_expression,omitempty"]; + // SearchKeywords is a list of search keywords to match against resource field values. + repeated string SearchKeywords = 7 [(gogoproto.jsontag) = "search_keywords,omitempty"]; + // SortBy describes which resource field and which direction to sort by. + types.SortBy SortBy = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "sort_by,omitempty" + ]; + // NeedTotalCount indicates whether or not the caller also wants the total number of resources + // after filtering. + bool NeedTotalCount = 9 [(gogoproto.jsontag) = "need_total_count,omitempty"]; + // WindowsDesktopFilter specifies windows desktop specific filters. + types.WindowsDesktopFilter WindowsDesktopFilter = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "windows_desktop_filter,omitempty" + ]; + // UseSearchAsRoles indicates that the response should include all resources + // the caller is able to request access to using search_as_roles + bool UseSearchAsRoles = 11 [(gogoproto.jsontag) = "use_search_as_roles,omitempty"]; +} + +// ListResourceResponse response of ListResources. +message ListResourcesResponse { + // Resources is a list of resource. + repeated PaginatedResource Resources = 1 [(gogoproto.jsontag) = "resources,omitempty"]; + // NextKey is the next Key to use as StartKey in a ListResourcesRequest to + // continue retrieving pages of resource. If NextKey is empty, there are no + // more pages. + string NextKey = 2 [(gogoproto.jsontag) = "next_key,omitempty"]; + // TotalCount is the total number of resources available after filter, if any. + int32 TotalCount = 3 [(gogoproto.jsontag) = "total_count,omitempty"]; +} + +// CreateSessionTrackerRequest is a request to create a new session. +// +// This is not specific to any session type. Relevant fields should be set for a given session type. +message CreateSessionTrackerRequest { + // Namespace is a session namespace, separating sessions from each other. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Namespace = 1 [(gogoproto.jsontag) = "namespace,omitempty"]; + + // Type describes what type of session this is. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Type = 2 [(gogoproto.jsontag) = "type,omitempty"]; + + // Reason is an arbitrary string that may be used to describe the session and/or it's + // purpose. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Reason = 3 [(gogoproto.jsontag) = "reason,omitempty"]; + + // Invited is a list of invited users, this field is interpreted by different + // clients on a best-effort basis and used for delivering notifications to invited users. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + repeated string Invited = 4 [(gogoproto.jsontag) = "invited,omitempty"]; + + // Hostname is the address of the target this session is connected to. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Hostname = 5 [(gogoproto.jsontag) = "target_hostname,omitempty"]; + + // Address is the address of the target this session is connected to. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Address = 6 [(gogoproto.jsontag) = "target_address,omitempty"]; + + // ClusterName is the name of cluster that this session belongs to. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string ClusterName = 7 [(gogoproto.jsontag) = "cluster_name,omitempty"]; + + // Login is the local login/user on the target used by the session. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string Login = 8 [(gogoproto.jsontag) = "login,omitempty"]; + + // Initiator is the participant that initiated the session. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + types.Participant Initiator = 9 [(gogoproto.jsontag) = "initiator,omitempty"]; + + // Expires encodes the time at which this session expires and becomes invalid. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + google.protobuf.Timestamp Expires = 10 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + + // The Kubernetes cluster this session belongs to. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string KubernetesCluster = 11 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + + // HostUser is the user regarded as the owner of this session, RBAC checks are performed + // against the require policies of this user. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string HostUser = 12 [(gogoproto.jsontag) = "host_user,omitempty"]; + + // ID is the ID of the session. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + string ID = 13 [(gogoproto.jsontag) = "id,omitempty"]; + + // HostPolicies is a list of RBAC policy sets held by the host user at the time of session + // creation. + // DELETE IN V11 - deprecated/reserve in favor of SessionTracker field. + repeated types.SessionTrackerPolicySet HostPolicies = 14 [(gogoproto.jsontag) = "host_policies,omitempty"]; + + // SessionTracker is the session tracker to be created. + types.SessionTrackerV1 SessionTracker = 15 [(gogoproto.jsontag) = "session_tracker,omitempty"]; +} + +// GetSessionTrackerRequest is a request to fetch a session resource. +message GetSessionTrackerRequest { + // SessionID is unique identifier of this session. + string SessionID = 1 [(gogoproto.jsontag) = "session_id,omitempty"]; +} + +// RemoveSessionTrackerRequest is a request to remove a session. +message RemoveSessionTrackerRequest { + // SessionID is unique identifier of this session. + string SessionID = 1 [(gogoproto.jsontag) = "session_id,omitempty"]; +} + +message SessionTrackerUpdateState { + // State is the new state of the session tracker. + types.SessionState State = 2 [(gogoproto.jsontag) = "state,omitempty"]; +} + +message SessionTrackerAddParticipant { + // Participant is the participant to be added to the session. + types.Participant Participant = 2 [(gogoproto.jsontag) = "participant,omitempty"]; +} + +message SessionTrackerRemoveParticipant { + // ParticipantID is unique identifier of the participant. + string ParticipantID = 2 [(gogoproto.jsontag) = "participant_id,omitempty"]; +} + +// SessionTrackerUpdateExpiry is used to update the session tracker expiration time. +message SessionTrackerUpdateExpiry { + // Expires is when the session tracker will expire. + google.protobuf.Timestamp Expires = 1 [ + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "expires" + ]; +} + +// UpdateSessionTrackerRequest is a request to update some state of a session. +message UpdateSessionTrackerRequest { + // SessionID is unique identifier of this session. + string SessionID = 1 [(gogoproto.jsontag) = "session_id,omitempty"]; + + oneof Update { + SessionTrackerUpdateState UpdateState = 2 [(gogoproto.jsontag) = "update_state,omitempty"]; + SessionTrackerAddParticipant AddParticipant = 3 [(gogoproto.jsontag) = "add_participant,omitempty"]; + SessionTrackerRemoveParticipant RemoveParticipant = 4 [(gogoproto.jsontag) = "remove_participant,omitempty"]; + SessionTrackerUpdateExpiry UpdateExpiry = 5 [(gogoproto.jsontag) = "update_expiry,omitempty"]; + } +} + +// PresenceMFAChallengeRequest is a request for a presence MFA challenge. +message PresenceMFAChallengeRequest { + // SessionID is unique identifier of the session you want to request presence for. + string SessionID = 1 [(gogoproto.jsontag) = "session_id,omitempty"]; +} + +// PresenceMFAChallengeSend is a presence challenge request or response. +message PresenceMFAChallengeSend { + oneof Request { + PresenceMFAChallengeRequest ChallengeRequest = 1; + MFAAuthenticateResponse ChallengeResponse = 2; + } +} + +// GetDomainNameResponse is a response from GetDomainName. +message GetDomainNameResponse { + // DomainName is the local auth domain of the current auth server. + string DomainName = 1 [(gogoproto.jsontag) = "domain_name"]; +} + +// GetClusterCACertResponse is a response from GetClusterCACert. +message GetClusterCACertResponse { + // TLSCA is a PEM-encoded TLS certificate authority. + bytes TLSCA = 1 [(gogoproto.jsontag) = "tls_ca"]; +} + +// GenerateTokenRequest is a request to generate auth token. +message GenerateTokenRequest { + // Token sets the token value. If not set, it will be auto generated. + string Token = 1 [(gogoproto.jsontag) = "token"]; + // Roles is a list of roles this token authenticates as. + repeated string Roles = 2 [ + (gogoproto.jsontag) = "roles", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" + ]; + // TTL specifies how long the generated token will be valid for. + // Defaults to 30 minutes if not set. + int64 TTL = 3 [ + (gogoproto.jsontag) = "ttl", + (gogoproto.casttype) = "Duration" + ]; + // Labels is a label-based matcher if non-empty. + map Labels = 4 [(gogoproto.jsontag) = "labels"]; +} + +// GenerateTokenResponse contains a generated auth token. +message GenerateTokenResponse { + // Token is the generated auth token. + string Token = 1 [(gogoproto.jsontag) = "token"]; +} + +// GetOIDCAuthRequestRequest is a request for GetOIDCAuthRequest. +message GetOIDCAuthRequestRequest { + // StateToken is an oidc auth request state token. + string StateToken = 1 [(gogoproto.jsontag) = "state_token"]; +} + +// GetSAMLAuthRequestRequest is a request for GetSAMLAuthRequest. +message GetSAMLAuthRequestRequest { + // ID is a saml auth request unique id. + string ID = 1 [(gogoproto.jsontag) = "id"]; +} + +// GetGithubAuthRequestRequest is a request for GetGithubAuthRequest. +message GetGithubAuthRequestRequest { + // StateToken is a github auth request state token. + string StateToken = 1 [(gogoproto.jsontag) = "state_token"]; +} + +// GetSSODiagnosticInfoRequest is a request for GetSSODiagnosticInfo. +message GetSSODiagnosticInfoRequest { + // AuthRequestKind is the SSO Auth Request kind (oidc, saml, or github). + string AuthRequestKind = 1 [(gogoproto.jsontag) = "auth_request_kind"]; + // AuthRequestID is the SSO Auth Request id or state token. + string AuthRequestID = 2 [(gogoproto.jsontag) = "auth_request_id"]; +} + +// UnstableSystemRoleAssertion is not a stable part of the public API. Used by older instances +// to prove that they hold a given system role. +// DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) +message UnstableSystemRoleAssertion { + string ServerID = 1 [(gogoproto.jsontag) = "server_id,omitempty"]; + string AssertionID = 2 [(gogoproto.jsontag) = "assertion_id,omitempty"]; + string SystemRole = 3 [ + (gogoproto.jsontag) = "system_role,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" + ]; +} + +// UnstableSystemRoleAssertionSet is not a stable part of the public API. Records the sum of system +// role assertions provided by a given instance. +// DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) +message UnstableSystemRoleAssertionSet { + string ServerID = 1 [(gogoproto.jsontag) = "server_id,omitempty"]; + string AssertionID = 2 [(gogoproto.jsontag) = "assertion_id,omitempty"]; + repeated string SystemRoles = 3 [ + (gogoproto.jsontag) = "system_roles,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole" + ]; +} + +// UpstreamInventoryOneOf is the upstream message for the inventory control stream, +// sent from teleport instances to the auth server. +message UpstreamInventoryOneOf { + oneof Msg { + // Hello is the first message sent up the control stream. + UpstreamInventoryHello Hello = 1; + // Heartbeat advertises instance status/liveness. + InventoryHeartbeat Heartbeat = 2; + // UpstreamInventoryPong is a response to a ping (used for testing/debug). + UpstreamInventoryPong Pong = 3; + } +} + +// DownstreamInventoryOneOf is the downstream message for the inventory control stream, +// sent from auth servers to teleport instances. +message DownstreamInventoryOneOf { + oneof Msg { + // Hello is the first message sent down the control stream. + DownstreamInventoryHello Hello = 1; + // Ping triggers an upstream pong (used for testing/debug). + DownstreamInventoryPing Ping = 2; + } +} + +// DownstreamInventoryPing is sent down the inventory control stream for testing/debug +// purposes. +message DownstreamInventoryPing { + uint64 ID = 1; +} + +// UpstreamInventoryPong is sent up the inventory control stream in response to a downstream +// ping (used for testing/debug purposes). +message UpstreamInventoryPong { + uint64 ID = 1; +} + +// UpstreamInventoryHello is the hello message sent up the inventory control stream. +message UpstreamInventoryHello { + // Version advertises the teleport version of the instance. + string Version = 1; + // ServerID advertises the server ID of the instance. + string ServerID = 2; + // Services advertises the currently live services of the instance. note: this is + // distinct from the SystemRoles associated with a certificate in that a service may + // hold a system role that is not currently in use if it was granted that role by + // its auth token. i.e. Services is the subset of SystemRoles that are currently + // active. + repeated string Services = 3 [(gogoproto.casttype) = "github.com/gravitational/teleport/api/types.SystemRole"]; + +// TODO(fspmarshall): look into what other info can safely be stated here once, instead of +// being repeatedly announced (e.g. addrs, static labels, etc). may be able to achieve a +// non-trivial reduction in network usage by doing this. +} + +// DownstreamInventoryHello is the hello message sent down the inventory control stream. +message DownstreamInventoryHello { + // Version advertises the version of the auth server. + string Version = 1; + // ServerID advertises the server ID of the auth server. + string ServerID = 2; +} + +// InventoryHeartbeat announces information about instance state. +message InventoryHeartbeat { + // SSHServer is a complete ssh server spec to be heartbeated (note: the full spec is heartbeated + // in the interest of simple conversion from the old logic of heartbeating via UpsertNode, but + // we should be able to cut down on network usage fairly significantly by moving static values + // to the hello message and only heartbeating dynamic values here). + types.ServerV2 SSHServer = 1; +} + +// InventoryStatusRequest requests inventory status info. +message InventoryStatusRequest { + // Connected requests summary of the inventory control streams registered with + // the auth server that handles the request. + bool Connected = 1; +} + +// InventoryStatusSummary is the status summary returned by the GetInventoryStatus rpc. +message InventoryStatusSummary { + // Connected is a summary of the instances connected to the current auth server. Only set if + // the Connected flag in the status request is true. + repeated UpstreamInventoryHello Connected = 1 [(gogoproto.nullable) = false]; +} + +// InventoryPingRequest is used to request that the specified server be sent an inventory ping +// if it has a control stream registered. +message InventoryPingRequest { + string ServerID = 1; +} + +// InventoryPingResponse returns the result of an inventory ping initiated via an +// inventory ping request. +message InventoryPingResponse { + int64 Duration = 1 [(gogoproto.casttype) = "time.Duration"]; +} + +// GetClusterAlertsResponse contains the result of a cluster alerts query. +message GetClusterAlertsResponse { + // Alerts is the list of matching alerts. + repeated types.ClusterAlert Alerts = 1 [(gogoproto.nullable) = false]; +} + +// UpsertClusterAlertRequest is used to create a cluster alert. +message UpsertClusterAlertRequest { + // Alert is the alert being created. + types.ClusterAlert Alert = 1 [(gogoproto.nullable) = false]; +} + +// GetConnectionDiagnosticRequest is a request to return a connection diagnostic. +message GetConnectionDiagnosticRequest { + // Name is the name of the connection diagnostic. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// AppendDiagnosticTraceRequest is a request to append a trace into a DiagnosticConnection. +message AppendDiagnosticTraceRequest { + // Name is the name of the connection diagnostic. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // Trace is the ConnectionDiagnosticTrace to append into the DiagnosticConnection. + types.ConnectionDiagnosticTrace Trace = 2 [(gogoproto.jsontag) = "trace"]; +} + +// AuthService is authentication/authorization service implementation +service AuthService { + // InventoryControlStream is the per-instance stream used to advertise teleport instance + // presence/version/etc to the auth server. + rpc InventoryControlStream(stream UpstreamInventoryOneOf) returns (stream DownstreamInventoryOneOf); + + // GetInventoryStatus gets information about current instance inventory. + rpc GetInventoryStatus(InventoryStatusRequest) returns (InventoryStatusSummary); + + // PingInventory attempts to trigger a downstream inventory ping (used in testing/debug). + rpc PingInventory(InventoryPingRequest) returns (InventoryPingResponse); + + // GetClusterAlerts loads cluster-level alert messages. + rpc GetClusterAlerts(types.GetClusterAlertsRequest) returns (GetClusterAlertsResponse); + + // UpsertClusterAlert creates a cluster alert. + rpc UpsertClusterAlert(UpsertClusterAlertRequest) returns (google.protobuf.Empty); + + // MaintainSessionPresence establishes a channel used to continously verify the presence for a + // session. + rpc MaintainSessionPresence(stream PresenceMFAChallengeSend) returns (stream MFAAuthenticateChallenge); + + // CreateSessionTracker creates a new session tracker resource. + rpc CreateSessionTracker(CreateSessionTrackerRequest) returns (types.SessionTrackerV1); + + // GetSessionTracker fetches a session tracker resource. + rpc GetSessionTracker(GetSessionTrackerRequest) returns (types.SessionTrackerV1); + + // GetActiveSessionTrackers returns a list of active sessions. + rpc GetActiveSessionTrackers(google.protobuf.Empty) returns (stream types.SessionTrackerV1); + + // RemoveSessionTracker removes a session tracker resource. + rpc RemoveSessionTracker(RemoveSessionTrackerRequest) returns (google.protobuf.Empty); + + // UpdateSessionTracker updates some state of a session tracker. + rpc UpdateSessionTracker(UpdateSessionTrackerRequest) returns (google.protobuf.Empty); + + // SendKeepAlives allows node to send a stream of keep alive requests + rpc SendKeepAlives(stream types.KeepAlive) returns (google.protobuf.Empty); + // WatchEvents returns a new stream of cluster events + rpc WatchEvents(Watch) returns (stream Event); + + // GetNode retrieves a node described by the given request. + rpc GetNode(types.ResourceInNamespaceRequest) returns (types.ServerV2); + // UpsertNode upserts a node in a backend. + rpc UpsertNode(types.ServerV2) returns (types.KeepAlive); + // DeleteNode deletes an existing node in a backend described by the given request. + rpc DeleteNode(types.ResourceInNamespaceRequest) returns (google.protobuf.Empty); + // DeleteAllNodes deletes all nodes. + rpc DeleteAllNodes(types.ResourcesInNamespaceRequest) returns (google.protobuf.Empty); + + // GenerateUserCerts generates a set of user certificates. + rpc GenerateUserCerts(UserCertsRequest) returns (Certs); + // GenerateHostCerts generates a set of host certificates. + rpc GenerateHostCerts(HostCertsRequest) returns (Certs); + // GenerateUserSingleUseCerts generates a set of single-use user + // certificates. + rpc GenerateUserSingleUseCerts(stream UserSingleUseCertsRequest) returns (stream UserSingleUseCertsResponse); + // IsMFARequired checks whether MFA is required to access the specified + // target. + rpc IsMFARequired(IsMFARequiredRequest) returns (IsMFARequiredResponse); + + // GetAccessRequests gets all pending access requests. + // DEPRECATED, DELETE IN 11.0.0: Use GetAccessRequestsV2 instead. + rpc GetAccessRequests(types.AccessRequestFilter) returns (AccessRequests); + // GetAccessRequestsV2 gets all pending access requests. + rpc GetAccessRequestsV2(types.AccessRequestFilter) returns (stream types.AccessRequestV3); + // CreateAccessRequest creates a new access request. + rpc CreateAccessRequest(types.AccessRequestV3) returns (google.protobuf.Empty); + // DeleteAccessRequest deletes an access request. + rpc DeleteAccessRequest(RequestID) returns (google.protobuf.Empty); + // SetAccessRequestState sets the state of an access request. + rpc SetAccessRequestState(RequestStateSetter) returns (google.protobuf.Empty); + // SubmitAccessReview applies a review to a request and returns the post-application state. + rpc SubmitAccessReview(types.AccessReviewSubmission) returns (types.AccessRequestV3); + // GetAccessCapabilities requests the access capabilites of a user. + rpc GetAccessCapabilities(types.AccessCapabilitiesRequest) returns (types.AccessCapabilities); + + // GetPluginData gets all plugin data matching the supplied filter. + rpc GetPluginData(types.PluginDataFilter) returns (PluginDataSeq); + // UpdatePluginData updates a plugin's resource-specific datastore. + rpc UpdatePluginData(types.PluginDataUpdateParams) returns (google.protobuf.Empty); + // Ping gets basic info about the auth server. This method is intended + // to mimic the behavior of the proxy's Ping method, and may be used by + // clients for verification or configuration on startup. + rpc Ping(PingRequest) returns (PingResponse); + + // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. + // DELETE IN: 9.0.0 in favor of CreateRegisterChallenge. + rpc RotateResetPasswordTokenSecrets(RotateUserTokenSecretsRequest) returns (types.UserTokenSecretsV3); + // GetResetPasswordToken returns a reset password token. + rpc GetResetPasswordToken(GetResetPasswordTokenRequest) returns (types.UserTokenV3); + // CreateResetPasswordToken resets users current password and second factors and creates a reset + // password token. + rpc CreateResetPasswordToken(CreateResetPasswordTokenRequest) returns (types.UserTokenV3); + + // CreateBot creates a new bot user. + rpc CreateBot(CreateBotRequest) returns (CreateBotResponse); + // DeleteBot deletes a bot user. + rpc DeleteBot(DeleteBotRequest) returns (google.protobuf.Empty); + // GetBotUsers gets all users with bot labels. + rpc GetBotUsers(GetBotUsersRequest) returns (stream types.UserV2); + + // GetUser gets a user resource by name. + rpc GetUser(GetUserRequest) returns (types.UserV2); + // GetCurrentUser returns current user as seen by the server. + // Useful especially in the context of remote clusters which perform role and trait mapping. + rpc GetCurrentUser(google.protobuf.Empty) returns (types.UserV2); + // GetCurrentUserRoles returns current user's roles. + rpc GetCurrentUserRoles(google.protobuf.Empty) returns (stream types.RoleV5); + // GetUsers gets all current user resources. + rpc GetUsers(GetUsersRequest) returns (stream types.UserV2); + // CreateUser inserts a new user entry to a backend. + rpc CreateUser(types.UserV2) returns (google.protobuf.Empty); + // UpdateUser updates an existing user in a backend. + rpc UpdateUser(types.UserV2) returns (google.protobuf.Empty); + // DeleteUser deletes an existing user in a backend by username. + rpc DeleteUser(DeleteUserRequest) returns (google.protobuf.Empty); + + // AcquireSemaphore acquires lease with requested resources from semaphore. + rpc AcquireSemaphore(types.AcquireSemaphoreRequest) returns (types.SemaphoreLease); + // KeepAliveSemaphoreLease updates semaphore lease. + rpc KeepAliveSemaphoreLease(types.SemaphoreLease) returns (google.protobuf.Empty); + // CancelSemaphoreLease cancels semaphore lease early. + rpc CancelSemaphoreLease(types.SemaphoreLease) returns (google.protobuf.Empty); + // GetSemaphores returns a list of all semaphores matching the supplied filter. + rpc GetSemaphores(types.SemaphoreFilter) returns (Semaphores); + // DeleteSemaphore deletes a semaphore matching the supplied filter. + rpc DeleteSemaphore(types.SemaphoreFilter) returns (google.protobuf.Empty); + + // EmitAuditEvent emits audit event + rpc EmitAuditEvent(events.OneOf) returns (google.protobuf.Empty); + // CreateAuditStream creates or resumes audit events streams + rpc CreateAuditStream(stream AuditStreamRequest) returns (stream events.StreamStatus); + + // GetApplicationServers gets all application servers. + // DELETE IN 10.0. Deprecated, use ListResources. + rpc GetApplicationServers(GetApplicationServersRequest) returns (GetApplicationServersResponse) { + option deprecated = true; + } + + // UpsertApplicationServer adds an application server. + rpc UpsertApplicationServer(UpsertApplicationServerRequest) returns (types.KeepAlive); + // DeleteApplicationServer removes an application server. + rpc DeleteApplicationServer(DeleteApplicationServerRequest) returns (google.protobuf.Empty); + // DeleteAllApplicationServers removes all application servers. + rpc DeleteAllApplicationServers(DeleteAllApplicationServersRequest) returns (google.protobuf.Empty); + + // GetAppServers gets all application servers. + // + // DELETE IN 9.0. Deprecated, use GetApplicationServers. + rpc GetAppServers(GetAppServersRequest) returns (GetAppServersResponse) { + option deprecated = true; + } + + // UpsertAppServer adds an application server. + // + // DELETE IN 9.0. Deprecated, use UpsertApplicationServer. + rpc UpsertAppServer(UpsertAppServerRequest) returns (types.KeepAlive) { + option deprecated = true; + } + + // DeleteAppServer removes an application server. + // + // DELETE IN 9.0. Deprecated, use DeleteApplicationServer. + rpc DeleteAppServer(DeleteAppServerRequest) returns (google.protobuf.Empty) { + option deprecated = true; + } + + // DeleteAllAppServers removes all application servers. + // + // DELETE IN 9.0. Deprecated, use DeleteAllApplicationServers. + rpc DeleteAllAppServers(DeleteAllAppServersRequest) returns (google.protobuf.Empty) { + option deprecated = true; + } + + // GenerateAppToken will generate a JWT token for application access. + rpc GenerateAppToken(GenerateAppTokenRequest) returns (GenerateAppTokenResponse); + + // GetAppSession gets an application web session. + rpc GetAppSession(GetAppSessionRequest) returns (GetAppSessionResponse); + // GetAppSessions gets all application web sessions. + rpc GetAppSessions(google.protobuf.Empty) returns (GetAppSessionsResponse); + // CreateAppSession creates an application web session. Application web + // sessions represent a browser session the client holds. + rpc CreateAppSession(CreateAppSessionRequest) returns (CreateAppSessionResponse); + // DeleteAppSession removes an application web session. + rpc DeleteAppSession(DeleteAppSessionRequest) returns (google.protobuf.Empty); + // DeleteAllAppSessions removes all application web sessions. + rpc DeleteAllAppSessions(google.protobuf.Empty) returns (google.protobuf.Empty); + // DeleteUserAppSessions deletes all user’s application sessions. + rpc DeleteUserAppSessions(DeleteUserAppSessionsRequest) returns (google.protobuf.Empty); + + // CreateSnowflakeSession creates web session with sub kind Snowflake used by Database access + // Snowflake integration. + rpc CreateSnowflakeSession(CreateSnowflakeSessionRequest) returns (CreateSnowflakeSessionResponse); + // GetSnowflakeSession returns a web session with sub kind Snowflake. + rpc GetSnowflakeSession(GetSnowflakeSessionRequest) returns (GetSnowflakeSessionResponse); + // GetSnowflakeSessions gets all Snowflake web sessions. + rpc GetSnowflakeSessions(google.protobuf.Empty) returns (GetSnowflakeSessionsResponse); + // DeleteSnowflakeSession removes a Snowflake web session. + rpc DeleteSnowflakeSession(DeleteSnowflakeSessionRequest) returns (google.protobuf.Empty); + // DeleteAllSnowflakeSessions removes all Snowflake web sessions. + rpc DeleteAllSnowflakeSessions(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetWebSession gets a web session. + rpc GetWebSession(types.GetWebSessionRequest) returns (GetWebSessionResponse); + // GetWebSessions gets all web sessions. + rpc GetWebSessions(google.protobuf.Empty) returns (GetWebSessionsResponse); + // DeleteWebSession deletes a web session. + rpc DeleteWebSession(types.DeleteWebSessionRequest) returns (google.protobuf.Empty); + // DeleteAllWebSessions deletes all web sessions. + rpc DeleteAllWebSessions(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetWebToken gets a web token. + rpc GetWebToken(types.GetWebTokenRequest) returns (GetWebTokenResponse); + // GetWebTokens gets all web tokens. + rpc GetWebTokens(google.protobuf.Empty) returns (GetWebTokensResponse); + // DeleteWebToken deletes a web token. + rpc DeleteWebToken(types.DeleteWebTokenRequest) returns (google.protobuf.Empty); + // DeleteAllWebTokens deletes all web tokens. + rpc DeleteAllWebTokens(google.protobuf.Empty) returns (google.protobuf.Empty); + + // UpdateRemoteCluster updates remote cluster + rpc UpdateRemoteCluster(types.RemoteClusterV3) returns (google.protobuf.Empty); + + // GetKubeServices gets all kubernetes services. + // DELETE IN 10.0. Deprecated, use ListResources. + rpc GetKubeServices(GetKubeServicesRequest) returns (GetKubeServicesResponse) { + option deprecated = true; + } + + // UpsertKubeService adds or updates a kubernetes service. + // DELETE IN 11.0. Deprecated, use UpsertKubeServiceV2 + rpc UpsertKubeService(UpsertKubeServiceRequest) returns (google.protobuf.Empty) { + option deprecated = true; + } + + // UpsertKubeServiceV2 adds or updates a kubernetes service. + rpc UpsertKubeServiceV2(UpsertKubeServiceRequest) returns (types.KeepAlive); + // DeleteKubeService removes a kubernetes service. + rpc DeleteKubeService(DeleteKubeServiceRequest) returns (google.protobuf.Empty); + // DeleteAllKubeServices removes all kubernetes services. + rpc DeleteAllKubeServices(DeleteAllKubeServicesRequest) returns (google.protobuf.Empty); + + // GetDatabaseServers returns all registered database proxy servers. + // DELETE IN 10.0. Deprecated, use ListResources. + rpc GetDatabaseServers(GetDatabaseServersRequest) returns (GetDatabaseServersResponse) { + option deprecated = true; + } + + // UpsertDatabaseServer registers a new database proxy server. + rpc UpsertDatabaseServer(UpsertDatabaseServerRequest) returns (types.KeepAlive); + // DeleteDatabaseServer removes the specified database proxy server. + rpc DeleteDatabaseServer(DeleteDatabaseServerRequest) returns (google.protobuf.Empty); + // DeleteAllDatabaseServers removes all registered database proxy servers. + rpc DeleteAllDatabaseServers(DeleteAllDatabaseServersRequest) returns (google.protobuf.Empty); + + // SignDatabaseCSR generates client certificate used by proxy to + // authenticate with a remote database service. + rpc SignDatabaseCSR(DatabaseCSRRequest) returns (DatabaseCSRResponse); + // GenerateDatabaseCert generates client certificate used by a database + // service to authenticate with the database instance. + rpc GenerateDatabaseCert(DatabaseCertRequest) returns (DatabaseCertResponse); + /// GenerateSnowflakeJWT generates JWT in the format required by Snowflake. + rpc GenerateSnowflakeJWT(SnowflakeJWTRequest) returns (SnowflakeJWTResponse); + + // GetRole retrieves a role described by the given request. + rpc GetRole(GetRoleRequest) returns (types.RoleV5); + // GetRole retrieves all roles. + rpc GetRoles(google.protobuf.Empty) returns (GetRolesResponse); + // UpsertRole upserts a role in a backend. + rpc UpsertRole(types.RoleV5) returns (google.protobuf.Empty); + // DeleteRole deletes an existing role in a backend described by the given request. + rpc DeleteRole(DeleteRoleRequest) returns (google.protobuf.Empty); + + // AddMFADevice adds an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- ExistingMFAChallenge + // -> ExistingMFAResponse + // <- NewMFARegisterChallenge + // -> NewMFARegisterResponse + // <- Ack + rpc AddMFADevice(stream AddMFADeviceRequest) returns (stream AddMFADeviceResponse); + // DeleteMFADevice deletes an MFA device for the user calling this RPC. + // + // The RPC is streaming both ways and the message sequence is: + // (-> means client-to-server, <- means server-to-client) + // -> Init + // <- MFAChallenge + // -> MFAResponse + // <- Ack + rpc DeleteMFADevice(stream DeleteMFADeviceRequest) returns (stream DeleteMFADeviceResponse); + // AddMFADeviceSync adds a new MFA device (nonstream). + rpc AddMFADeviceSync(AddMFADeviceSyncRequest) returns (AddMFADeviceSyncResponse); + // DeleteMFADeviceSync deletes a users MFA device (nonstream). + rpc DeleteMFADeviceSync(DeleteMFADeviceSyncRequest) returns (google.protobuf.Empty); + // GetMFADevices returns all MFA devices registered for the user calling + // this RPC. + rpc GetMFADevices(GetMFADevicesRequest) returns (GetMFADevicesResponse); + // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA + // devices. + rpc CreateAuthenticateChallenge(CreateAuthenticateChallengeRequest) returns (MFAAuthenticateChallenge); + // CreateRegisterChallenge creates and returns MFA register challenge for a new MFA device. + rpc CreateRegisterChallenge(CreateRegisterChallengeRequest) returns (MFARegisterChallenge); + + // GetOIDCConnector gets an OIDC connector resource by name. + rpc GetOIDCConnector(types.ResourceWithSecretsRequest) returns (types.OIDCConnectorV3); + // GetOIDCConnectors gets all current OIDC connector resources. + rpc GetOIDCConnectors(types.ResourcesWithSecretsRequest) returns (types.OIDCConnectorV3List); + // UpsertOIDCConnector upserts an OIDC connector in a backend. + rpc UpsertOIDCConnector(types.OIDCConnectorV3) returns (google.protobuf.Empty); + // DeleteOIDCConnector deletes an existing OIDC connector in a backend by name. + rpc DeleteOIDCConnector(types.ResourceRequest) returns (google.protobuf.Empty); + // CreateOIDCAuthRequest creates OIDCAuthRequest. + rpc CreateOIDCAuthRequest(types.OIDCAuthRequest) returns (types.OIDCAuthRequest); + // GetOIDCAuthRequest returns OIDC auth request if found. + rpc GetOIDCAuthRequest(GetOIDCAuthRequestRequest) returns (types.OIDCAuthRequest); + + // GetSAMLConnector gets a SAML connector resource by name. + rpc GetSAMLConnector(types.ResourceWithSecretsRequest) returns (types.SAMLConnectorV2); + // GetSAMLConnectors gets all current SAML connector resources. + rpc GetSAMLConnectors(types.ResourcesWithSecretsRequest) returns (types.SAMLConnectorV2List); + // UpsertSAMLConnector upserts a SAML connector in a backend. + rpc UpsertSAMLConnector(types.SAMLConnectorV2) returns (google.protobuf.Empty); + // DeleteSAMLConnector deletes an existing SAML connector in a backend by name. + rpc DeleteSAMLConnector(types.ResourceRequest) returns (google.protobuf.Empty); + // CreateSAMLAuthRequest creates SAMLAuthRequest. + rpc CreateSAMLAuthRequest(types.SAMLAuthRequest) returns (types.SAMLAuthRequest); + // GetSAMLAuthRequest returns SAML auth request if found. + rpc GetSAMLAuthRequest(GetSAMLAuthRequestRequest) returns (types.SAMLAuthRequest); + + // GetGithubConnector gets a Github connector resource by name. + rpc GetGithubConnector(types.ResourceWithSecretsRequest) returns (types.GithubConnectorV3); + // GetGithubConnectors gets all current Github connector resources. + rpc GetGithubConnectors(types.ResourcesWithSecretsRequest) returns (types.GithubConnectorV3List); + // UpsertGithubConnector upserts a Github connector in a backend. + rpc UpsertGithubConnector(types.GithubConnectorV3) returns (google.protobuf.Empty); + // DeleteGithubConnector deletes an existing Github connector in a backend by name. + rpc DeleteGithubConnector(types.ResourceRequest) returns (google.protobuf.Empty); + // CreateGithubAuthRequest creates GithubAuthRequest. + rpc CreateGithubAuthRequest(types.GithubAuthRequest) returns (types.GithubAuthRequest); + // GetGithubAuthRequest returns Github auth request if found. + rpc GetGithubAuthRequest(GetGithubAuthRequestRequest) returns (types.GithubAuthRequest); + + // GetSSODiagnosticInfo returns SSO diagnostic info records. + rpc GetSSODiagnosticInfo(GetSSODiagnosticInfoRequest) returns (types.SSODiagnosticInfo); + + // GetTrustedCluster gets a Trusted Cluster resource by name. + rpc GetTrustedCluster(types.ResourceRequest) returns (types.TrustedClusterV2); + // GetTrustedClusters gets all current Trusted Cluster resources. + rpc GetTrustedClusters(google.protobuf.Empty) returns (types.TrustedClusterV2List); + // UpsertTrustedCluster upserts a Trusted Cluster in a backend. + rpc UpsertTrustedCluster(types.TrustedClusterV2) returns (types.TrustedClusterV2); + // DeleteTrustedCluster deletes an existing Trusted Cluster in a backend by name. + rpc DeleteTrustedCluster(types.ResourceRequest) returns (google.protobuf.Empty); + + // GetToken retrieves a token described by the given request. + rpc GetToken(types.ResourceRequest) returns (types.ProvisionTokenV2); + // GetToken retrieves all tokens. + rpc GetTokens(google.protobuf.Empty) returns (types.ProvisionTokenV2List); + // UpsertToken upserts a token in a backend. + rpc UpsertToken(types.ProvisionTokenV2) returns (google.protobuf.Empty); + // CreateToken creates a token in a backend. + rpc CreateToken(types.ProvisionTokenV2) returns (google.protobuf.Empty); + // GenerateToken generates a new auth token. + rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse); + // DeleteToken deletes an existing token in a backend described by the given request. + rpc DeleteToken(types.ResourceRequest) returns (google.protobuf.Empty); + + // GetClusterAuditConfig gets cluster audit configuration. + rpc GetClusterAuditConfig(google.protobuf.Empty) returns (types.ClusterAuditConfigV2); + + // GetClusterNetworkingConfig gets cluster networking configuration. + rpc GetClusterNetworkingConfig(google.protobuf.Empty) returns (types.ClusterNetworkingConfigV2); + // SetClusterNetworkingConfig sets cluster networking configuration. + rpc SetClusterNetworkingConfig(types.ClusterNetworkingConfigV2) returns (google.protobuf.Empty); + // ResetClusterNetworkingConfig resets cluster networking configuration to defaults. + rpc ResetClusterNetworkingConfig(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetSessionRecordingConfig gets session recording configuration. + rpc GetSessionRecordingConfig(google.protobuf.Empty) returns (types.SessionRecordingConfigV2); + // SetSessionRecordingConfig sets session recording configuration. + rpc SetSessionRecordingConfig(types.SessionRecordingConfigV2) returns (google.protobuf.Empty); + // ResetSessionRecordingConfig resets session recording configuration to defaults. + rpc ResetSessionRecordingConfig(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetAuthPreference gets cluster auth preference. + rpc GetAuthPreference(google.protobuf.Empty) returns (types.AuthPreferenceV2); + // SetAuthPreference sets cluster auth preference. + rpc SetAuthPreference(types.AuthPreferenceV2) returns (google.protobuf.Empty); + // ResetAuthPreference resets cluster auth preference to defaults. + rpc ResetAuthPreference(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetEvents gets events from the audit log. + rpc GetEvents(GetEventsRequest) returns (Events); + // GetSessionEvents gets completed session events from the audit log. + rpc GetSessionEvents(GetSessionEventsRequest) returns (Events); + + // GetLock gets a lock by name. + rpc GetLock(GetLockRequest) returns (types.LockV2); + // GetLocks gets all/in-force locks that match at least one of the targets when specified. + rpc GetLocks(GetLocksRequest) returns (GetLocksResponse); + // UpsertLock upserts a lock. + rpc UpsertLock(types.LockV2) returns (google.protobuf.Empty); + // DeleteLock deletes a lock. + rpc DeleteLock(DeleteLockRequest) returns (google.protobuf.Empty); + // ReplaceRemoteLocks replaces the set of locks associated with a remote cluster. + rpc ReplaceRemoteLocks(ReplaceRemoteLocksRequest) returns (google.protobuf.Empty); + + // StreamSessionEvents streams audit events from a given session recording. + rpc StreamSessionEvents(StreamSessionEventsRequest) returns (stream events.OneOf); + + // GetNetworkRestrictions retrieves all the network restrictions (allow/deny lists). + rpc GetNetworkRestrictions(google.protobuf.Empty) returns (types.NetworkRestrictionsV4); + // SetNetworkRestrictions updates the network restrictions. + rpc SetNetworkRestrictions(types.NetworkRestrictionsV4) returns (google.protobuf.Empty); + // DeleteNetworkRestrictions delete the network restrictions. + rpc DeleteNetworkRestrictions(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetApps returns all registered applications. + rpc GetApps(google.protobuf.Empty) returns (types.AppV3List); + // GetApp returns an application by name. + rpc GetApp(types.ResourceRequest) returns (types.AppV3); + // CreateApp creates a new application resource. + rpc CreateApp(types.AppV3) returns (google.protobuf.Empty); + // UpdateApp updates existing application resource. + rpc UpdateApp(types.AppV3) returns (google.protobuf.Empty); + // DeleteApp removes specified application resource. + rpc DeleteApp(types.ResourceRequest) returns (google.protobuf.Empty); + // DeleteAllApps removes all application resources. + rpc DeleteAllApps(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetDatabases returns all registered databases. + rpc GetDatabases(google.protobuf.Empty) returns (types.DatabaseV3List); + // GetDatabase returns a database by name. + rpc GetDatabase(types.ResourceRequest) returns (types.DatabaseV3); + // CreateDatabase creates a new database resource. + rpc CreateDatabase(types.DatabaseV3) returns (google.protobuf.Empty); + // UpdateDatabase updates existing database resource. + rpc UpdateDatabase(types.DatabaseV3) returns (google.protobuf.Empty); + // DeleteDatabase removes specified database resource. + rpc DeleteDatabase(types.ResourceRequest) returns (google.protobuf.Empty); + // DeleteAllDatabases removes all database resources. + rpc DeleteAllDatabases(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetWindowsDesktopServices returns all registered Windows desktop services. + rpc GetWindowsDesktopServices(google.protobuf.Empty) returns (GetWindowsDesktopServicesResponse); + // TODO(zmb3): Document me. + rpc GetWindowsDesktopService(GetWindowsDesktopServiceRequest) returns (GetWindowsDesktopServiceResponse); + // UpsertWindowsDesktopService registers a new Windows desktop service. + rpc UpsertWindowsDesktopService(types.WindowsDesktopServiceV3) returns (types.KeepAlive); + // DeleteWindowsDesktopService removes the specified Windows desktop service. + rpc DeleteWindowsDesktopService(DeleteWindowsDesktopServiceRequest) returns (google.protobuf.Empty); + // DeleteAllWindowsDesktopServices removes all registered Windows desktop services. + rpc DeleteAllWindowsDesktopServices(google.protobuf.Empty) returns (google.protobuf.Empty); + + // GetWindowsDesktops returns all registered Windows desktop hosts matching the supplied filter. + rpc GetWindowsDesktops(types.WindowsDesktopFilter) returns (GetWindowsDesktopsResponse); + // CreateWindowsDesktop registers a new Windows desktop host. + rpc CreateWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); + // UpdateWindowsDesktop updates an existing Windows desktop host. + rpc UpdateWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); + // UpsertWindowsDesktop updates a Windows desktop host, creating it if it doesn't exist. + rpc UpsertWindowsDesktop(types.WindowsDesktopV3) returns (google.protobuf.Empty); + // DeleteWindowsDesktop removes the specified Windows desktop host. + // Unlike GetWindowsDesktops, this call will delete at-most 1 desktop. + // To delete all desktops, use DeleteAllWindowsDesktops. + rpc DeleteWindowsDesktop(DeleteWindowsDesktopRequest) returns (google.protobuf.Empty); + // DeleteAllWindowsDesktops removes all registered Windows desktop hosts. + rpc DeleteAllWindowsDesktops(google.protobuf.Empty) returns (google.protobuf.Empty); + // GenerateWindowsDesktopCert generates client smartcard certificate used + // by an RDP client to authenticate with Windows. + rpc GenerateWindowsDesktopCert(WindowsDesktopCertRequest) returns (WindowsDesktopCertResponse); + // GenerateCertAuthorityCRL creates an empty CRL for the specified CA. + rpc GenerateCertAuthorityCRL(CertAuthorityRequest) returns (CRL); + + // CreateConnectionDiagnostic creates a new connection diagnostic. + rpc CreateConnectionDiagnostic(types.ConnectionDiagnosticV1) returns (google.protobuf.Empty); + // UpdateConnectionDiagnostic updates a connection diagnostic. + rpc UpdateConnectionDiagnostic(types.ConnectionDiagnosticV1) returns (google.protobuf.Empty); + // GetConnectionDiagnostic reads a connection diagnostic. + rpc GetConnectionDiagnostic(GetConnectionDiagnosticRequest) returns (types.ConnectionDiagnosticV1); + // AppendDiagnosticTrace appends a Trace to the ConnectionDiagnostic. + rpc AppendDiagnosticTrace(AppendDiagnosticTraceRequest) returns (types.ConnectionDiagnosticV1); + + // ChangeUserAuthentication allows a user to change their password and if enabled, + // also adds a new MFA device. After successful invocation, a new web session is created as well + // as a new set of recovery codes (if user meets the requirements to receive them), invalidating + // any existing codes the user previously had. + rpc ChangeUserAuthentication(ChangeUserAuthenticationRequest) returns (ChangeUserAuthenticationResponse); + + // StartAccountRecovery (exclusive to cloud users) is the first out of two step user + // verification needed to allow a user to recover their account. The first form of verification + // is a user's username and a recovery code. After successful verification, a recovery start + // token is created for the user which its ID will be used as part of a URL that will be emailed + // to the user (not done in this request). The user will be able to finish their second form of + // verification by clicking on this URL and following the prompts. + // + // If a valid user fails to provide correct recovery code for MaxAccountRecoveryAttempts, + // user account gets temporarily locked from further recovery attempts and from logging in. + // + // Start tokens last RecoveryStartTokenTTL. + rpc StartAccountRecovery(StartAccountRecoveryRequest) returns (types.UserTokenV3); + // VerifyAccountRecovery (exclusive to cloud users) is the second step of the two step + // verification needed to allow a user to recover their account, after RPC StartAccountRecovery. + // The second form of verification is a user's password or their second factor (depending on + // what authentication they needed to recover). After successful verification, a recovery + // approved token is created which allows a user to request protected actions while not logged + // in e.g: setting a new password or a mfa device, viewing their MFA devices, deleting their MFA + // devices, and generating new recovery codes. + // + // The recovery start token to verify this request becomes deleted before + // creating a recovery approved token, which invalidates the recovery link users received + // to finish their verification. + // + // If user fails to verify themselves for MaxAccountRecoveryAttempts + // (combined attempts with RPC StartAccountRecovery), users account will be temporarily locked + // from logging in. If users still have unused recovery codes left, they still have + // opportunities to recover their account. To allow this, users recovery attempts are also + // deleted along with all user tokens which will force the user to restart the recovery process + // from step 1 (RPC StartAccountRecovery). + // + // Recovery approved tokens last RecoveryApprovedTokenTTL. + rpc VerifyAccountRecovery(VerifyAccountRecoveryRequest) returns (types.UserTokenV3); + // CompleteAccountRecovery (exclusive to cloud users) is the last step in account + // recovery, after RPC's StartAccountRecovery and VerifyAccountRecovery. This step sets a new + // password or adds a new mfa device, allowing the user to regain access to their account with + // the new credentials. When the new authentication is successfully set, any user lock is + // removed so the user can login immediately afterwards. + rpc CompleteAccountRecovery(CompleteAccountRecoveryRequest) returns (google.protobuf.Empty); + + // CreateAccountRecoveryCodes (exclusive to cloud users) creates new set of recovery codes for a + // user, replacing and invalidating any previously owned codes. Users can only get recovery + // codes if their username is in a valid email format. + rpc CreateAccountRecoveryCodes(CreateAccountRecoveryCodesRequest) returns (RecoveryCodes); + // GetAccountRecoveryToken (exclusive to cloud users) returns a user token resource after + // verifying that the token requested has not expired and is of the correct recovery kind. + // Besides checking for validity of a token ID, it is also used to get basic information from + // the token e.g: username, state of recovery (started or approved) and the type of recovery + // requested (password or second factor). + rpc GetAccountRecoveryToken(GetAccountRecoveryTokenRequest) returns (types.UserTokenV3); + // GetAccountRecoveryCodes (exclusive to cloud users) is a request to return the user in context + // their recovery codes. This request will not return any secrets (the values of recovery + // codes), but instead returns non-sensitive data eg. when the recovery codes were created. + rpc GetAccountRecoveryCodes(GetAccountRecoveryCodesRequest) returns (RecoveryCodes); + + // CreatePrivilegeToken returns a new privilege token after a logged in user successfully + // re-authenticates with their second factor device. Privilege token lasts PrivilegeTokenTTL and + // is used to gain access to privileged actions eg: deleting/adding a MFA device. + rpc CreatePrivilegeToken(CreatePrivilegeTokenRequest) returns (types.UserTokenV3); + + // GetInstaller retrieves the installer script resource + rpc GetInstaller(types.ResourceRequest) returns (types.InstallerV1); + // GetInstallers retrieves all of installer script resources. + rpc GetInstallers(google.protobuf.Empty) returns (types.InstallerV1List); + + // SetInstaller sets the installer script resource + rpc SetInstaller(types.InstallerV1) returns (google.protobuf.Empty); + + // DeleteInstaller removes the specified installer script resource + rpc DeleteInstaller(types.ResourceRequest) returns (google.protobuf.Empty); + // DeleteAllInstallers removes all installer script resources + rpc DeleteAllInstallers(google.protobuf.Empty) returns (google.protobuf.Empty); + + // ListResources retrieves a paginated list of resources. + rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse); + + // GetDomainName returns local auth domain of the current auth server + rpc GetDomainName(google.protobuf.Empty) returns (GetDomainNameResponse); + // GetClusterCACert returns the PEM-encoded TLS certs for the local cluster + // without signing keys. If the cluster has multiple TLS certs, they will + // all be appended. + rpc GetClusterCACert(google.protobuf.Empty) returns (GetClusterCACertResponse); + + // UnstableAssertSystemRole is not a stable part of the public API. Used by older + // instances to prove that they hold a given system role. + // DELETE IN: 12.0 (deprecated in v11, but required for back-compat with v10 clients) + rpc UnstableAssertSystemRole(UnstableSystemRoleAssertion) returns (google.protobuf.Empty); +} diff --git a/api/client/proto/certs.proto b/api/proto/teleport/legacy/client/proto/certs.proto similarity index 61% rename from api/client/proto/certs.proto rename to api/proto/teleport/legacy/client/proto/certs.proto index a88ca0d8b4067..31f99fda7c2c6 100644 --- a/api/client/proto/certs.proto +++ b/api/proto/teleport/legacy/client/proto/certs.proto @@ -13,22 +13,24 @@ // limitations under the License. syntax = "proto3"; + package proto; import "gogoproto/gogo.proto"; +option go_package = "github.com/gravitational/teleport/api/client/proto"; +option (gogoproto.goproto_getters_all) = false; option (gogoproto.marshaler_all) = true; option (gogoproto.unmarshaler_all) = true; -option (gogoproto.goproto_getters_all) = false; // Set of certificates corresponding to a single public key. message Certs { - // SSH X509 cert (PEM-encoded). - bytes SSH = 1 [ (gogoproto.jsontag) = "ssh,omitempty" ]; - // TLS X509 cert (PEM-encoded). - bytes TLS = 2 [ (gogoproto.jsontag) = "tls,omitempty" ]; - // TLSCACerts is a list of TLS certificate authorities. - repeated bytes TLSCACerts = 3 [ (gogoproto.jsontag) = "tls_ca_certs,omitempty" ]; - // SSHCACerts is a list of SSH certificate authorities. - repeated bytes SSHCACerts = 4 [ (gogoproto.jsontag) = "ssh_ca_certs,omitempty" ]; + // SSH X509 cert (PEM-encoded). + bytes SSH = 1 [(gogoproto.jsontag) = "ssh,omitempty"]; + // TLS X509 cert (PEM-encoded). + bytes TLS = 2 [(gogoproto.jsontag) = "tls,omitempty"]; + // TLSCACerts is a list of TLS certificate authorities. + repeated bytes TLSCACerts = 3 [(gogoproto.jsontag) = "tls_ca_certs,omitempty"]; + // SSHCACerts is a list of SSH certificate authorities. + repeated bytes SSHCACerts = 4 [(gogoproto.jsontag) = "ssh_ca_certs,omitempty"]; } diff --git a/api/client/proto/joinservice.proto b/api/proto/teleport/legacy/client/proto/joinservice.proto similarity index 54% rename from api/client/proto/joinservice.proto rename to api/proto/teleport/legacy/client/proto/joinservice.proto index 5c80bee4c79a2..9ab389617aac0 100644 --- a/api/client/proto/joinservice.proto +++ b/api/proto/teleport/legacy/client/proto/joinservice.proto @@ -13,30 +13,33 @@ // limitations under the License. syntax = "proto3"; + package proto; -import "certs.proto"; +import "teleport/legacy/client/proto/certs.proto"; +import "teleport/legacy/types/types.proto"; -import "github.com/gravitational/teleport/api/types/types.proto"; +option go_package = "github.com/gravitational/teleport/api/client/proto"; +// TODO(nklaassen): Document me. message RegisterUsingIAMMethodRequest { - // RegisterUsingTokenRequest holds registration parameters common to all - // join methods. - types.RegisterUsingTokenRequest register_using_token_request = 1; - // StsIdentityRequest is a signed HTTP request to the AWS - // sts:GetCallerIdentity API endpoint used to prove the AWS identity of a - // joining node. It must include the challenge string as a signed header. - bytes sts_identity_request = 2; + // RegisterUsingTokenRequest holds registration parameters common to all + // join methods. + types.RegisterUsingTokenRequest register_using_token_request = 1; + // StsIdentityRequest is a signed HTTP request to the AWS + // sts:GetCallerIdentity API endpoint used to prove the AWS identity of a + // joining node. It must include the challenge string as a signed header. + bytes sts_identity_request = 2; } // RegisterUsingIAMMethodResponse is a stream response and will contain either a // Challenge or signed Certs to join the cluster. message RegisterUsingIAMMethodResponse { - // Challenge is a crypto-random string that should be included in the signed - // sts:GetCallerIdentity request. - string challenge = 1; - // Certs is the returned signed certs. - Certs certs = 2; + // Challenge is a crypto-random string that should be included in the signed + // sts:GetCallerIdentity request. + string challenge = 1; + // Certs is the returned signed certs. + Certs certs = 2; } // JoinService provides methods which allow Teleport nodes, proxies, and other @@ -45,8 +48,7 @@ message RegisterUsingIAMMethodResponse { // the needs of both nodes connecting directly to the Auth server and IoT mode // nodes connecting only to the Proxy. service JoinService { - // RegisterUsingIAMMethod is used to register a new node to the cluster using - // the IAM join method. - rpc RegisterUsingIAMMethod(stream RegisterUsingIAMMethodRequest) - returns (stream RegisterUsingIAMMethodResponse); + // RegisterUsingIAMMethod is used to register a new node to the cluster using + // the IAM join method. + rpc RegisterUsingIAMMethod(stream RegisterUsingIAMMethodRequest) returns (stream RegisterUsingIAMMethodResponse); } diff --git a/api/client/proto/proxyservice.proto b/api/proto/teleport/legacy/client/proto/proxyservice.proto similarity index 51% rename from api/client/proto/proxyservice.proto rename to api/proto/teleport/legacy/client/proto/proxyservice.proto index 4b6b01ffcdf70..0cabcc6f2c8e8 100644 --- a/api/client/proto/proxyservice.proto +++ b/api/proto/teleport/legacy/client/proto/proxyservice.proto @@ -13,49 +13,53 @@ // limitations under the License. syntax = "proto3"; + package proto; import "gogoproto/gogo.proto"; +option go_package = "github.com/gravitational/teleport/api/client/proto"; + // ProxyPeerService is a proxy to proxy api. service ProxyService { - // DialNode opens a bidrectional stream to the requested node. - rpc DialNode(stream Frame) returns (stream Frame); + // DialNode opens a bidrectional stream to the requested node. + rpc DialNode(stream Frame) returns (stream Frame); } // Frame wraps different message types to be sent over a stream. message Frame { - oneof Message { - DialRequest DialRequest = 1; - ConnectionEstablished ConnectionEstablished = 2; - Data Data = 3; - } + oneof Message { + DialRequest DialRequest = 1; + ConnectionEstablished ConnectionEstablished = 2; + Data Data = 3; + } } // DialRequest contains details for connecting to a node. message DialRequest { - // NodeID is the {UUID}.{ClusterName} of the node to connect to. - string NodeID = 1; - // TunnelType is the type of service being accessed. This differentiates agents that - // create multiple reverse tunnels for different services. - string TunnelType = 2 - [ (gogoproto.casttype) = "github.com/gravitational/teleport/api/types.TunnelType" ]; - // Source is the original source address of the client. - NetAddr Source = 3; - // Destination is the destination address to connect to over the reverse tunnel. - NetAddr Destination = 4; + // NodeID is the {UUID}.{ClusterName} of the node to connect to. + string NodeID = 1; + // TunnelType is the type of service being accessed. This differentiates agents that + // create multiple reverse tunnels for different services. + string TunnelType = 2 [(gogoproto.casttype) = "github.com/gravitational/teleport/api/types.TunnelType"]; + // Source is the original source address of the client. + NetAddr Source = 3; + // Destination is the destination address to connect to over the reverse tunnel. + NetAddr Destination = 4; } // Addr is a network address. message NetAddr { - // Network is the type of network socket. For example tcp or udp. - string Network = 1; - // Addr is the host:port address. For example 'localhost:22' - string Addr = 2; + // Network is the type of network socket. For example tcp or udp. + string Network = 1; + // Addr is the host:port address. For example 'localhost:22' + string Addr = 2; } // Data contains the raw bytes of a connection. -message Data { bytes Bytes = 1; } +message Data { + bytes Bytes = 1; +} // ConnectionEstablished signals to the client a connection to the node has been established. message ConnectionEstablished {} diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto new file mode 100644 index 0000000000000..fb688882df74f --- /dev/null +++ b/api/proto/teleport/legacy/types/events/events.proto @@ -0,0 +1,3857 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package events; + +import "gogoproto/gogo.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; +import "teleport/legacy/types/types.proto"; +import "teleport/legacy/types/wrappers/wrappers.proto"; + +option go_package = "github.com/gravitational/teleport/api/types/events"; +option (gogoproto.goproto_getters_all) = false; +option (gogoproto.marshaler_all) = true; +option (gogoproto.unmarshaler_all) = true; + +// Metadata is a common event metadata +message Metadata { + // Index is a monotonicaly incremented index in the event sequence + int64 Index = 1 [(gogoproto.jsontag) = "ei"]; + + // Type is the event type + string Type = 2 [(gogoproto.jsontag) = "event"]; + + // ID is a unique event identifier + string ID = 3 [(gogoproto.jsontag) = "uid,omitempty"]; + + // Code is a unique event code + string Code = 4 [(gogoproto.jsontag) = "code,omitempty"]; + + // Time is event time + google.protobuf.Timestamp Time = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "time" + ]; + + // ClusterName identifies the originating teleport cluster + string ClusterName = 6 [(gogoproto.jsontag) = "cluster_name,omitempty"]; +} + +// SesssionMetadata is a common session event metadata +message SessionMetadata { + // SessionID is a unique UUID of the session. + string SessionID = 1 [(gogoproto.jsontag) = "sid"]; + // WithMFA is a UUID of an MFA device used to start this session. + string WithMFA = 2 [(gogoproto.jsontag) = "with_mfa,omitempty"]; +} + +// UserMetadata is a common user event metadata +message UserMetadata { + // User is teleport user name + string User = 1 [(gogoproto.jsontag) = "user,omitempty"]; + + // Login is OS login + string Login = 2 [(gogoproto.jsontag) = "login,omitempty"]; + + // Impersonator is a user acting on behalf of another user + string Impersonator = 3 [(gogoproto.jsontag) = "impersonator,omitempty"]; + + // AWSRoleARN is AWS IAM role user assumes when accessing AWS console. + string AWSRoleARN = 4 [(gogoproto.jsontag) = "aws_role_arn,omitempty"]; + + // AccessRequests are the IDs of access requests created by the user + repeated string AccessRequests = 5 [(gogoproto.jsontag) = "access_requests,omitempty"]; +} + +// Server is a server metadata +message ServerMetadata { + // ServerNamespace is a namespace of the server event + string ServerNamespace = 1 [(gogoproto.jsontag) = "namespace,omitempty"]; + + // ServerID is the UUID of the server the session occurred on. + string ServerID = 2 [(gogoproto.jsontag) = "server_id"]; + + // ServerHostname is the hostname of the server the session occurred on. + string ServerHostname = 3 [(gogoproto.jsontag) = "server_hostname,omitempty"]; + + // ServerAddr is the address of the server the session occurred on. + string ServerAddr = 4 [(gogoproto.jsontag) = "server_addr,omitempty"]; + + // ServerLabels are the labels (static and dynamic) of the server the + // session occurred on. + map ServerLabels = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "server_labels,omitempty" + ]; + + // ForwardedBy tells us if the metadata was sent by the node itself or by another node in it's + // place. We can't verify emit permissions fully for these events so care should be taken with + // them. + string ForwardedBy = 6 [(gogoproto.jsontag) = "forwarded_by,omitempty"]; +} + +// Connection contains connection info +message ConnectionMetadata { + // LocalAddr is a target address on the host + string LocalAddr = 1 [(gogoproto.jsontag) = "addr.local,omitempty"]; + + // RemoteAddr is a client (user's) address + string RemoteAddr = 2 [(gogoproto.jsontag) = "addr.remote,omitempty"]; + + // Protocol specifies protocol that was captured + string Protocol = 3 [(gogoproto.jsontag) = "proto,omitempty"]; +} + +// ClientMetadata identifies the originating client for an event. +message ClientMetadata { + // UserAgent identifies the type of client that attempted the event. + string UserAgent = 1 [(gogoproto.jsontag) = "user_agent,omitempty"]; +} + +// KubernetesClusterMetadata contains common metadata for kubernetes-related +// events. +message KubernetesClusterMetadata { + // KubernetesCluster is a kubernetes cluster name. + string KubernetesCluster = 1 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + // KubernetesUsers is a list of kubernetes usernames for the user. + repeated string KubernetesUsers = 2 [(gogoproto.jsontag) = "kubernetes_users,omitempty"]; + // KubernetesGroups is a list of kubernetes groups for the user. + repeated string KubernetesGroups = 3 [(gogoproto.jsontag) = "kubernetes_groups,omitempty"]; + // KubernetesLabels are the labels (static and dynamic) of the kubernetes cluster the + // session occurred on. + map KubernetesLabels = 4 [(gogoproto.jsontag) = "kubernetes_labels,omitempty"]; +} + +// KubernetesPodMetadata contains common metadata for kubernetes pod-related +// events. +message KubernetesPodMetadata { + // KubernetesPodName is the name of the pod. + string KubernetesPodName = 1 [(gogoproto.jsontag) = "kubernetes_pod_name,omitempty"]; + // KubernetesPodNamespace is the namespace of the pod. + string KubernetesPodNamespace = 2 [(gogoproto.jsontag) = "kubernetes_pod_namespace,omitempty"]; + // KubernetesContainerName is the name of the container within the pod. + string KubernetesContainerName = 3 [(gogoproto.jsontag) = "kubernetes_container_name,omitempty"]; + // KubernetesContainerImage is the image of the container within the pod. + string KubernetesContainerImage = 4 [(gogoproto.jsontag) = "kubernetes_container_image,omitempty"]; + // KubernetesNodeName is the node that runs the pod. + string KubernetesNodeName = 5 [(gogoproto.jsontag) = "kubernetes_node_name,omitempty"]; +} + +// SessionStart is a session start event +message SessionStart { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // TerminalSize is expressed as 'W:H' + string TerminalSize = 6 [(gogoproto.jsontag) = "size,omitempty"]; + + // KubernetesCluster has information about a kubernetes cluster, if + // applicable. + KubernetesClusterMetadata KubernetesCluster = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesPod has information about a kubernetes pod, if applicable. + KubernetesPodMetadata KubernetesPod = 8 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // InitialCommand is the command used to start this session. + repeated string InitialCommand = 9 [(gogoproto.jsontag) = "initial_command,omitempty"]; + + // SessionRecording is the type of session recording. + string SessionRecording = 10 [(gogoproto.jsontag) = "session_recording,omitempty"]; + + // AccessRequests used to be here, it is now part of UserMetadata + reserved "AccessRequests"; + reserved 11; + // reserved jsontag "access_requests" +} + +// SessionJoin emitted when another user joins a session +message SessionJoin { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesCluster has information about a kubernetes cluster, if + // applicable. + KubernetesClusterMetadata KubernetesCluster = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SessionPrint event happens every time a write occurs to +// temirnal I/O during a session +message SessionPrint { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ChunkIndex is a monotonicaly incremented index for ordering print events + int64 ChunkIndex = 2 [(gogoproto.jsontag) = "ci"]; + + // Data is data transferred, it is not marshaled to JSON format + bytes Data = 3 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "-" + ]; + + // Bytes says how many bytes have been written into the session + // during "print" event + int64 Bytes = 4 [(gogoproto.jsontag) = "bytes"]; + + // DelayMilliseconds is the delay in milliseconds from the start of the session + int64 DelayMilliseconds = 5 [(gogoproto.jsontag) = "ms"]; + + // Offset is the offset in bytes in the session file + int64 Offset = 6 [(gogoproto.jsontag) = "offset"]; +} + +// DesktopRecording happens when a Teleport Desktop Protocol message +// is captured during a Desktop Access Session. +message DesktopRecording { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Message is the encoded TDP message. + bytes Message = 2 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "message" + ]; + + // DelayMilliseconds is the delay in milliseconds from the start of the session + int64 DelayMilliseconds = 3 [(gogoproto.jsontag) = "ms"]; // JSON tag intentionally matches SessionPrintEvent +} + +// DesktopClipboardReceive is emitted when Teleport receives +// clipboard data from a remote desktop. +message DesktopClipboardReceive { + // Metadata is common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Connection holds information about the connection. + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // DesktopAddr is the address of the desktop being accessed. + string DesktopAddr = 5 [(gogoproto.jsontag) = "desktop_addr"]; + // Length is the number of bytes of data received from the remote clipboard. + int32 Length = 6 [(gogoproto.jsontag) = "length"]; +} + +// DesktopClipboardSend is emitted when clipboard data is +// sent from a user's workstation to Teleport. +message DesktopClipboardSend { + // Metadata is common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Connection holds information about the connection. + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // DesktopAddr is the address of the desktop being accessed. + string DesktopAddr = 5 [(gogoproto.jsontag) = "desktop_addr"]; + // Length is the number of bytes of data sent. + int32 Length = 6 [(gogoproto.jsontag) = "length"]; +} + +// SessionReject event happens when a user hits a session control restriction. +message SessionReject { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Reason is a field that specifies reason for event, e.g. in disconnect + // event it explains why server disconnected the client + string Reason = 5 [(gogoproto.jsontag) = "reason"]; + + // Maximum is an event field specifying a maximal value (e.g. the value + // of `max_connections` for a `session.rejected` event). + int64 Maximum = 6 [(gogoproto.jsontag) = "max"]; +} + +// SessionConnect is emitted when a non-Teleport connection is made over net.Dial. +message SessionConnect { + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + ServerMetadata Server = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// Resize means that some user resized PTY on the client +message Resize { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // TerminalSize is expressed as 'W:H' + string TerminalSize = 6 [(gogoproto.jsontag) = "size,omitempty"]; + + // KubernetesCluster has information about a kubernetes cluster, if + // applicable. + KubernetesClusterMetadata KubernetesCluster = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesPod has information about a kubernetes pod, if applicable. + KubernetesPodMetadata KubernetesPod = 8 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SessionEnd is a session end event +message SessionEnd { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // EnhancedRecording is used to indicate if the recording was an + // enhanced recording or not. + bool EnhancedRecording = 6 [(gogoproto.jsontag) = "enhanced_recording"]; + + // Interactive is used to indicate if the session was interactive + // (has PTY attached) or not (exec session). + bool Interactive = 7 [(gogoproto.jsontag) = "interactive"]; + + // Participants is a list of participants in the session. + repeated string Participants = 8 [(gogoproto.jsontag) = "participants"]; + + // StartTime is the timestamp at which the session began. + google.protobuf.Timestamp StartTime = 9 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "session_start,omitempty" + ]; + + // EndTime is the timestamp at which the session ended. + google.protobuf.Timestamp EndTime = 10 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "session_stop,omitempty" + ]; + + // KubernetesCluster has information about a kubernetes cluster, if + // applicable. + KubernetesClusterMetadata KubernetesCluster = 11 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesPod has information about a kubernetes pod, if applicable. + KubernetesPodMetadata KubernetesPod = 12 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // InitialCommand is the command used to start this session. + repeated string InitialCommand = 13 [(gogoproto.jsontag) = "initial_command,omitempty"]; + + // SessionRecording is the type of session recording. + string SessionRecording = 14 [(gogoproto.jsontag) = "session_recording,omitempty"]; +} + +// BPFMetadata is a common BPF process metadata +message BPFMetadata { + // PID is the ID of the process. + uint64 PID = 1 [(gogoproto.jsontag) = "pid"]; + + // CgroupID is the internal cgroupv2 ID of the event. + uint64 CgroupID = 2 [(gogoproto.jsontag) = "cgroup_id"]; + + // Program is name of the executable. + string Program = 3 [(gogoproto.jsontag) = "program"]; +} + +// Status contains common command or operation status fields +message Status { + // Success indicates the success or failure of the operation + bool Success = 1 [(gogoproto.jsontag) = "success"]; + + // Error includes system error message for the failed attempt + string Error = 2 [(gogoproto.jsontag) = "error,omitempty"]; + + // UserMessage is a user-friendly message for successfull or unsuccessfull auth attempt + string UserMessage = 3 [(gogoproto.jsontag) = "message,omitempty"]; +} + +// SessionCommand is a session command event +message SessionCommand { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // BPFMetadata is a common BPF subsystem metadata + BPFMetadata BPF = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // PPID is the PID of the parent process. + uint64 PPID = 6 [(gogoproto.jsontag) = "ppid"]; + + // Path is the full path to the executable. + string Path = 7 [(gogoproto.jsontag) = "path"]; + + // Argv is the list of arguments to the program. Note, the first element does + // not contain the name of the process. + repeated string Argv = 8 [(gogoproto.jsontag) = "argv"]; + + // ReturnCode is the return code of execve. + int32 ReturnCode = 9 [(gogoproto.jsontag) = "return_code"]; +} + +// SessionDisk is a session disk access event +message SessionDisk { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // BPFMetadata is a common BPF subsystem metadata + BPFMetadata BPF = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Path is the full path to the executable. + string Path = 6 [(gogoproto.jsontag) = "path"]; + + // Flags are the flags passed to open. + int32 Flags = 7 [(gogoproto.jsontag) = "flags"]; + + // ReturnCode is the return code of disk open + int32 ReturnCode = 8 [(gogoproto.jsontag) = "return_code"]; +} + +// Action communicates what was done in response to the event +enum EventAction { + OBSERVED = 0; + DENIED = 1; +} + +// SessionNetwork is a network event +message SessionNetwork { + // Operation is the network operation that was performed or attempted + enum NetworkOperation { + // TCP connection establishment or binding a UDP socket to a remote address + CONNECT = 0; + // Transmission of data to a remote endpoint + SEND = 1; + } + + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // BPFMetadata is a common BPF subsystem metadata + BPFMetadata BPF = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SrcAddr is the source IP address of the connection. + string SrcAddr = 6 [(gogoproto.jsontag) = "src_addr"]; + + // DstAddr is the destination IP address of the connection. + string DstAddr = 7 [(gogoproto.jsontag) = "dst_addr"]; + + // DstPort is the destination port of the connection. + int32 DstPort = 8 [(gogoproto.jsontag) = "dst_port"]; + + // TCPVersion is the version of TCP (4 or 6). + int32 TCPVersion = 9 [(gogoproto.jsontag) = "version"]; + + // Operation denotes what network operation was performed (e.g. connect) + NetworkOperation Operation = 10 [(gogoproto.jsontag) = "operation"]; + + // Action denotes what happened in response to the event + EventAction Action = 11 [(gogoproto.jsontag) = "action"]; +} + +// SessionData is emitted to report session data usage. +message SessionData { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // BytesTransmitted is the amount of bytes transmitted + uint64 BytesTransmitted = 6 [(gogoproto.jsontag) = "tx"]; + + // BytesReceived is the amount of bytes received + uint64 BytesReceived = 7 [(gogoproto.jsontag) = "rx"]; +} + +// SessionLeave is emitted to report that a user left the session +message SessionLeave { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// UserLogin records a successfull or failed user login event +message UserLogin { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Status contains common command or operation status fields + Status Status = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Method is the event field indicating how the login was performed + string Method = 4 [(gogoproto.jsontag) = "method,omitempty"]; + + // IdentityAttributes is a map of user attributes received from identity provider + google.protobuf.Struct IdentityAttributes = 5 [ + (gogoproto.jsontag) = "attributes,omitempty", + (gogoproto.casttype) = "Struct" + ]; + + // MFA is the MFA device used during the login. + MFADeviceMetadata MFADevice = 6 [(gogoproto.jsontag) = "mfa_device,omitempty"]; + + // Client is the common client event metadata + ClientMetadata Client = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 8 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// ResourceMetadata is a common resource metadata +message ResourceMetadata { + // ResourceName is a resource name + string Name = 1 [(gogoproto.jsontag) = "name,omitempty"]; + + // Expires is set if resource expires + google.protobuf.Timestamp Expires = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + + // UpdatedBy if set indicates the user who modified the resource + string UpdatedBy = 3 [(gogoproto.jsontag) = "updated_by,omitempty"]; + + // TTL is a TTL of reset password token represented as duration, e.g. "10m" + // used for compatibility purposes for some events, Expires should be used instead + // as it's more useful (contains exact expiration date/time) + string TTL = 4 [(gogoproto.jsontag) = "ttl,omitempty"]; +} + +// UserCreate is emitted when the user is created or updated (upsert). +message UserCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Roles is a list of roles for the user. + repeated string Roles = 4 [(gogoproto.jsontag) = "roles"]; + + // Connector is the connector used to create the user. + string Connector = 5 [(gogoproto.jsontag) = "connector"]; +} + +// UserDelete is emitted when a user gets deleted +message UserDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// UserPasswordChange is emitted when the user changes their own password. +message UserPasswordChange { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AccessRequestCreate is emitted when access request has been created or updated +message AccessRequestCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Roles is a list of roles for the user. + repeated string Roles = 4 [(gogoproto.jsontag) = "roles,omitempty"]; + + // RequestID is access request ID + string RequestID = 5 [(gogoproto.jsontag) = "id"]; + + // RequestState is access request state (in the access_request.review variant of + // the event this represents the post-review state of the request). + string RequestState = 6 [(gogoproto.jsontag) = "state"]; + + // Delegator is used by teleport plugins to indicate the identity + // which caused them to update state. + string Delegator = 7 [(gogoproto.jsontag) = "delegator,omitempty"]; + + // Reason is an optional description of why the request is being + // created or updated. + string Reason = 8 [(gogoproto.jsontag) = "reason,omitempty"]; + + // Annotations is an optional set of attributes supplied by a plugin during + // approval/denail of the request. + google.protobuf.Struct Annotations = 9 [ + (gogoproto.jsontag) = "annotations,omitempty", + (gogoproto.casttype) = "Struct" + ]; + + // Reviewer is the author of the review (only used in the access_request.review event variant). + string Reviewer = 10 [(gogoproto.jsontag) = "reviewer,omitempty"]; + + // ProposedState is the state proposed by a review (only used in the access_request.review event + // variant). + string ProposedState = 11 [(gogoproto.jsontag) = "proposed_state,omitempty"]; + + // RequestedResourceIDs is the set of resources to which access is being requested. + repeated ResourceID RequestedResourceIDs = 12 [ + (gogoproto.jsontag) = "resource_ids,omitempty", + (gogoproto.nullable) = false + ]; +} + +// ResourceID is a unique identifier for a teleport resource. This is duplicated +// from api/types/types.proto to decouple the api and events types and because +// neither file currently imports the other. +message ResourceID { + // ClusterName is the name of the cluster the resource is in. + string ClusterName = 1 [(gogoproto.jsontag) = "cluster"]; + // Kind is the resource kind. + string Kind = 2 [(gogoproto.jsontag) = "kind"]; + // Name is the name of the specific resource. + string Name = 3 [(gogoproto.jsontag) = "name"]; +} + +// AccessRequestDelete is emitted when an access request has been deleted. +message AccessRequestDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // RequestID is access request ID + string RequestID = 3 [(gogoproto.jsontag) = "id"]; +} + +// PortForward is emitted when a user requests port forwarding. +message PortForward { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Status contains operation success or failure status + Status Status = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Addr is a target port forwarding address + string Addr = 5 [(gogoproto.jsontag) = "addr"]; +} + +// X11Forward is emitted when a user requests X11 protocol forwarding +message X11Forward { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Status contains operation success or failure status + Status Status = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// CommandMetadata specifies common command fields +message CommandMetadata { + // Command is the executed command name + string Command = 1 [(gogoproto.jsontag) = "command"]; + // ExitCode specifies command exit code + string ExitCode = 2 [(gogoproto.jsontag) = "exitCode,omitempty"]; + // Error is an optional exit error, set if command has failed + string Error = 3 [(gogoproto.jsontag) = "exitError,omitempty"]; +} + +// Exec specifies command exec event +message Exec { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // CommandMetadata is a common command metadata + CommandMetadata Command = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesCluster has information about a kubernetes cluster, if + // applicable. + KubernetesClusterMetadata KubernetesCluster = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // KubernetesPod has information about a kubernetes pod, if applicable. + KubernetesPodMetadata KubernetesPod = 8 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SCP is emitted when data transfer has occurred between server and client +message SCP { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // CommandMetadata is a common command metadata + CommandMetadata Command = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Path is a copy path + string Path = 7 [(gogoproto.jsontag) = "path"]; + + // Action is upload or download + string Action = 8 [(gogoproto.jsontag) = "action"]; +} + +// SFTPAttributes are file metadata sent over SFTP +message SFTPAttributes { + // FileSize is file size + google.protobuf.UInt64Value FileSize = 1 [ + (gogoproto.wktpointer) = true, + (gogoproto.jsontag) = "file_size" + ]; + + // UID is the user owner of a file + google.protobuf.UInt32Value UID = 2 [ + (gogoproto.wktpointer) = true, + (gogoproto.jsontag) = "uid" + ]; + + // GID is the group owner of the file + google.protobuf.UInt32Value GID = 3 [ + (gogoproto.wktpointer) = true, + (gogoproto.jsontag) = "gid" + ]; + + // Permissions is the file permissions + google.protobuf.UInt32Value Permissions = 4 [ + (gogoproto.wktpointer) = true, + (gogoproto.jsontag) = "permissions" + ]; + + // AccessTime is when the file was last read + google.protobuf.Timestamp AccessTime = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "access_time,omitempty" + ]; + + // ModificationTime was when the file was last changed + google.protobuf.Timestamp ModificationTime = 6 [ + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "modification_time,omitempty" + ]; +} + +// SFTPAction denotes what type of SFTP request was made. +// These actions were taken from https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02. +enum SFTPAction { + INVALID = 0; + OPEN = 1; + CLOSE = 2; + READ = 3; + WRITE = 4; + LSTAT = 5; + FSTAT = 6; + SETSTAT = 7; + FSETSTAT = 8; + OPENDIR = 9; + READDIR = 10; + REMOVE = 11; + MKDIR = 12; + RMDIR = 13; + REALPATH = 14; + STAT = 15; + RENAME = 16; + READLINK = 17; + SYMLINK = 18; +} + +// SFTP is emitted when file operations have occurred between server and client +message SFTP { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // WorkingDirectory is the current directory the SFTP server is in + string WorkingDirectory = 6 [(gogoproto.jsontag) = "working_directory"]; + + // Path is the filepath that was operated on. It is the exact path that + // was sent by the client, so it may be relative or absolute. + string Path = 7 [(gogoproto.jsontag) = "path"]; + + // TargetPath is the new path in file renames, or the path of the symlink + // when creating symlinks. It is the exact path that wassent by the client, + // so it may be relative or absolute. + string TargetPath = 8 [(gogoproto.jsontag) = "target_path,omitempty"]; + + // Flags is options that were passed that affect file creation events + uint32 Flags = 9 [(gogoproto.jsontag) = "flags,omitempty"]; + + // Attributes is file metadata that the user requested to be changed + SFTPAttributes Attributes = 10 [(gogoproto.jsontag) = "attributes,omitempty"]; + + // Action is what kind of file operation + SFTPAction Action = 11 [(gogoproto.jsontag) = "action"]; + + // Error is the optional error that may have occurred + string Error = 12 [(gogoproto.jsontag) = "error,omitempty"]; +} + +// Subsystem is emitted when a user requests a new subsystem. +message Subsystem { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Name is a subsystem name + string Name = 4 [(gogoproto.jsontag) = "name"]; + + // Error contains error in case of unsucessfull attempt + string Error = 5 [(gogoproto.jsontag) = "exitError"]; +} + +// ClientDisconnect is emitted when client is disconnected +// by the server due to inactivity or any other reason +message ClientDisconnect { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Reason is a field that specifies reason for event, e.g. in disconnect + // event it explains why server disconnected the client + string Reason = 5 [(gogoproto.jsontag) = "reason"]; +} + +// AuthAttempt is emitted upon a failed or successfull authentication attempt. +message AuthAttempt { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Status contains common command or operation status fields + Status Status = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// UserTokenCreate is emitted when a user token is created. +message UserTokenCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// RoleCreate is emitted when a role is created/updated. +message RoleCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// RoleDelete is emitted when a role is deleted +message RoleDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// TrustedClusterCreate is the event for creating a trusted cluster. +message TrustedClusterCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// TrustedClusterDelete is the event for removing a trusted cluster. +message TrustedClusterDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// TrustedClusterTokenCreate is the event for +// creating new join token for a trusted cluster. +message TrustedClusterTokenCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// GithubConnectorCreate fires when a Github connector is created/updated. +message GithubConnectorCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// GithubConnectorDelete fires when a Github connector is deleted. +message GithubConnectorDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// OIDCConnectorCreate fires when OIDC connector is created/updated. +message OIDCConnectorCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// OIDCConnectorDelete fires when OIDC connector is deleted. +message OIDCConnectorDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SAMLConnectorCreate fires when SAML connector is created/updated. +message SAMLConnectorCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SAMLConnectorDelete fires when SAML connector is deleted. +message SAMLConnectorDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// KubeRequest specifies a Kubernetes API request event. +message KubeRequest { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // RequestPath is the raw request URL path. + string RequestPath = 5 [(gogoproto.jsontag) = "request_path"]; + // Verb is the HTTP verb used for this request (e.g. GET, POST, etc) + string Verb = 6 [(gogoproto.jsontag) = "verb"]; + // ResourceAPIGroup is the resource API group. + string ResourceAPIGroup = 7 [(gogoproto.jsontag) = "resource_api_group,omitempty"]; + // ResourceNamespace is the resource namespace. + string ResourceNamespace = 8 [(gogoproto.jsontag) = "resource_namespace,omitempty"]; + // ResourceKind is the API resource kind (e.g. "pod", "service", etc). + string ResourceKind = 9 [(gogoproto.jsontag) = "resource_kind,omitempty"]; + // ResourceName is the API resource name. + string ResourceName = 10 [(gogoproto.jsontag) = "resource_name,omitempty"]; + // ResponseCode is the HTTP response code for this request. + int32 ResponseCode = 11 [(gogoproto.jsontag) = "response_code"]; + + // Kubernetes has information about a kubernetes cluster, if applicable. + KubernetesClusterMetadata Kubernetes = 12 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppMetadata contains common application information. +message AppMetadata { + // AppURI is the application endpoint. + string AppURI = 1 [(gogoproto.jsontag) = "app_uri,omitempty"]; + // AppPublicAddr is the configured application public address. + string AppPublicAddr = 2 [(gogoproto.jsontag) = "app_public_addr,omitempty"]; + // AppLabels are the configured application labels. + map AppLabels = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "app_labels,omitempty" + ]; + // AppName is the configured application name. + string AppName = 4 [(gogoproto.jsontag) = "app_name,omitempty"]; +} + +// AppCreate is emitted when a new application resource is created. +message AppCreate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // AppMetadata is a common application resource metadata. + AppMetadata App = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppUpdate is emitted when an existing application resource is updated. +message AppUpdate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // AppMetadata is a common application resource metadata. + AppMetadata App = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppDelete is emitted when an application resource is deleted. +message AppDelete { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppSessionStart is emitted when a user is issued an application certificate. +message AppSessionStart { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // PublicAddr is the public address of the application being requested. + // DELETE IN 10.0: this information is also present on the AppMetadata. + string PublicAddr = 7 [ + (gogoproto.jsontag) = "public_addr", + deprecated = true + ]; + + // App is a common application resource metadata. + AppMetadata App = 8 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppSessionEnd is emitted when an application session ends. +message AppSessionEnd { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // App is a common application resource metadata. + AppMetadata App = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppSessionChunk is emitted at the start of a 5 minute chunk on each +// proxy. This chunk is used to buffer 5 minutes of audit events at a time +// for applications. +message AppSessionChunk { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ServerMetadata is a common server metadata + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ConnectionMetadata holds information about the connection + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionChunkID is the ID of the session that was created for this 5 minute + // application log chunk. + string SessionChunkID = 6 [(gogoproto.jsontag) = "session_chunk_id"]; + + // App is a common application resource metadata. + AppMetadata App = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AppSessionRequest is an HTTP request and response. +message AppSessionRequest { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // StatusCode the HTTP response code for the request. + uint32 StatusCode = 2 [(gogoproto.jsontag) = "status_code"]; + // Path is relative path in the URL. + string Path = 3 [(gogoproto.jsontag) = "path"]; + // RawQuery are the encoded query values. + string RawQuery = 4 [(gogoproto.jsontag) = "raw_query"]; + // Method is the request HTTP method, like GET/POST/DELETE/etc. + string Method = 5 [(gogoproto.jsontag) = "method"]; + // App is a common application resource metadata. + AppMetadata App = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // AWS contains extra AWS metadata of the request. + AWSRequestMetadata AWS = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// AWSRequestMetadata contains extra AWS metadata of an AppSessionRequest. +message AWSRequestMetadata { + // AWSRegion is the requested AWS region. + string AWSRegion = 1 [(gogoproto.jsontag) = "aws_region,omitempty"]; + // AWSService is the requested AWS service name. + string AWSService = 2 [(gogoproto.jsontag) = "aws_service,omitempty"]; + // AWSHost is the requested host of the AWS service. + string AWSHost = 3 [(gogoproto.jsontag) = "aws_host,omitempty"]; +} + +// DatabaseMetadata contains common database information. +message DatabaseMetadata { + // DatabaseService is the name of the database service proxying the database. + string DatabaseService = 1 [(gogoproto.jsontag) = "db_service,omitempty"]; + // DatabaseProtocol is the database type, e.g. postgres or mysql. + string DatabaseProtocol = 2 [(gogoproto.jsontag) = "db_protocol"]; + // DatabaseURI is the database URI to connect to. + string DatabaseURI = 3 [(gogoproto.jsontag) = "db_uri"]; + // DatabaseName is the name of the database a user is connecting to. + string DatabaseName = 4 [(gogoproto.jsontag) = "db_name,omitempty"]; + // DatabaseUser is the database username used to connect. + string DatabaseUser = 5 [(gogoproto.jsontag) = "db_user,omitempty"]; + // DatabaseLabels is the database resource labels. + map DatabaseLabels = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "db_labels,omitempty" + ]; + // DatabaseAWSRegion is AWS regions for AWS hosted databases. + string DatabaseAWSRegion = 7 [(gogoproto.jsontag) = "db_aws_region,omitempty"]; + // DatabaseAWSRegion is cluster ID for Redshift databases. + string DatabaseAWSRedshiftClusterID = 8 [(gogoproto.jsontag) = "db_aws_redshift_cluster_id,omitempty"]; + // DatabaseGCPProjectID is project ID for GCP hosted databases. + string DatabaseGCPProjectID = 9 [(gogoproto.jsontag) = "db_gcp_project_id,omitempty"]; + // DatabaseGCPInstanceID is instance ID for GCP hosted databases. + string DatabaseGCPInstanceID = 10 [(gogoproto.jsontag) = "db_gcp_instance_id,omitempty"]; +} + +// DatabaseCreate is emitted when a new database resource is created. +message DatabaseCreate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // DatabaseMetadata is a common database resource metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// DatabaseUpdate is emitted when an existing database resource is updated. +message DatabaseUpdate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // DatabaseMetadata is a common database resource metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// DatabaseDelete is emitted when a database resource is deleted. +message DatabaseDelete { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// DatabaseSessionStart is emitted when a user connects to a database. +message DatabaseSessionStart { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Server is a common server metadata. + ServerMetadata Server = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Connection holds information about the connection. + ConnectionMetadata Connection = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Status indicates whether the connection was successful or denied. + Status Status = 6 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// DatabaseSessionQuery is emitted when a user executes a database query. +message DatabaseSessionQuery { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // DatabaseQuery is the executed query string. + string DatabaseQuery = 5 [(gogoproto.jsontag) = "db_query"]; + // DatabaseQueryParameters are the query parameters for prepared statements. + repeated string DatabaseQueryParameters = 6 [(gogoproto.jsontag) = "db_query_parameters,omitempty"]; + // Status indicates whether the query was successfully sent to the database. + Status Status = 7 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// PostgresParse is emitted when a Postgres client creates a prepared statement +// using extended query protocol. +message PostgresParse { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementName is the prepared statement name. + string StatementName = 5 [(gogoproto.jsontag) = "statement_name"]; + // Query is the prepared statement query. + string Query = 6 [(gogoproto.jsontag) = "query"]; +} + +// PostgresBind is emitted when a Postgres client readies a prepared statement +// for execution and binds it to parameters. +message PostgresBind { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementName is the name of prepared statement that's being bound to parameters. + string StatementName = 5 [(gogoproto.jsontag) = "statement_name"]; + // PortalName is the destination portal name that binds statement to parameters. + string PortalName = 6 [(gogoproto.jsontag) = "portal_name"]; + // Parameters are the query bind parameters. + repeated string Parameters = 7 [(gogoproto.jsontag) = "parameters"]; +} + +// PostgresExecute is emitted when a Postgres client executes a previously +// bound prepared statement. +message PostgresExecute { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // PortalName is the name of destination portal that's being executed. + string PortalName = 5 [(gogoproto.jsontag) = "portal_name"]; +} + +// PostgresClose is emitted when a Postgres client closes an existing prepared +// statement. +message PostgresClose { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementName is the name of prepared statement that's being closed. + string StatementName = 5 [(gogoproto.jsontag) = "statement_name"]; + // PortalName is the name of destination portal that's being closed. + string PortalName = 6 [(gogoproto.jsontag) = "portal_name"]; +} + +// PostgresFunctionCall is emitted when a Postgres client calls internal +// database function. +message PostgresFunctionCall { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // FunctionOID is the Postgres object ID of the called function. + uint32 FunctionOID = 5 [(gogoproto.jsontag) = "function_oid"]; + // FunctionArgs contains formatted function arguments. + repeated string FunctionArgs = 6 [(gogoproto.jsontag) = "function_args,omitempty"]; +} + +// WindowsDesktopSessionStart is emitted when a user connects to a desktop. +message WindowsDesktopSessionStart { + // Metadata is common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Connection holds information about the connection. + ConnectionMetadata Connection = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Status indicates whether the connection was successful or denied. + Status Status = 5 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // WindowsDesktopService is the name of the service proxying the RDP session. + string WindowsDesktopService = 6 [(gogoproto.jsontag) = "windows_desktop_service"]; + // DesktopAddr is the address of the desktop being accessed. + string DesktopAddr = 7 [(gogoproto.jsontag) = "desktop_addr"]; + // Domain is the Active Directory domain of the desktop being accessed. + string Domain = 8 [(gogoproto.jsontag) = "windows_domain"]; + // WindowsUser is the Windows username used to connect. + string WindowsUser = 9 [(gogoproto.jsontag) = "windows_user"]; + // DesktopLabels are the labels on the desktop resource. + map DesktopLabels = 10 [(gogoproto.jsontag) = "desktop_labels"]; + // DesktopName is the name of the desktop resource. + string DesktopName = 11 [(gogoproto.jsontag) = "desktop_name"]; +} + +// DatabaseSessionEnd is emitted when a user ends the database session. +message DatabaseSessionEnd { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// MFADeviceMetadata is a common MFA device metadata. +message MFADeviceMetadata { + // Name is the user-specified name of the MFA device. + string DeviceName = 1 [(gogoproto.jsontag) = "mfa_device_name"]; + // ID is the UUID of the MFA device generated by Teleport. + string DeviceID = 2 [(gogoproto.jsontag) = "mfa_device_uuid"]; + // Type is the type of this MFA device. + string DeviceType = 3 [(gogoproto.jsontag) = "mfa_device_type"]; +} + +// MFADeviceAdd is emitted when a user adds an MFA device. +message MFADeviceAdd { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Device is the new MFA device added by the user. + MFADeviceMetadata Device = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// MFADeviceDelete is emitted when a user deletes an MFA device. +message MFADeviceDelete { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Device is the MFA device deleted by the user. + MFADeviceMetadata Device = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// BillingInformationUpdate is emitted when a user updates the billing information. +message BillingInformationUpdate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// BillingCardCreate is emitted when a user creates or updates a credit card. +message BillingCardCreate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// BillingCardDelete is emitted when a user deletes a credit card. +message BillingCardDelete { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// LockCreate is emitted when a lock is created/updated. +// Locks are used to restrict access to a Teleport environment by disabling +// interactions involving a user, an RBAC role, a node, etc. +// See rfd/0009-locking.md for more details. +message LockCreate { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Target describes the set of interactions that the lock applies to + types.LockTarget Target = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "target" + ]; +} + +// LockDelete is emitted when a lock is deleted +message LockDelete { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ResourceMetadata is a common resource event metadata + ResourceMetadata Resource = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // User is a common user event metadata + UserMetadata User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// RecoveryCodeGenerate is emitted when a user's new recovery codes are generated and updated. +message RecoveryCodeGenerate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// RecoveryCodeUsed is emitted when a user's recovery code was used successfully or +// unsuccessfully. +message RecoveryCodeUsed { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Status contains fields to indicate whether attempt was successful or not. + Status Status = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// WindowsDesktopSessionEnd is emitted when a user ends a Windows desktop session. +message WindowsDesktopSessionEnd { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Session is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // WindowsDesktopService is the name of the service proxying the RDP session. + string WindowsDesktopService = 4 [(gogoproto.jsontag) = "windows_desktop_service"]; + // DesktopAddr is the address of the desktop being accessed. + string DesktopAddr = 5 [(gogoproto.jsontag) = "desktop_addr"]; + // Domain is the Active Directory domain of the desktop being accessed. + string Domain = 6 [(gogoproto.jsontag) = "windows_domain"]; + // WindowsUser is the Windows username used to connect. + string WindowsUser = 7 [(gogoproto.jsontag) = "windows_user"]; + // DesktopLabels are the labels on the desktop resource. + map DesktopLabels = 8 [(gogoproto.jsontag) = "desktop_labels"]; + // StartTime is the timestamp at which the session began. + google.protobuf.Timestamp StartTime = 9 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "session_start,omitempty" // JSON tag intentionally matches SessionEnd event + ]; + // EndTime is the timestamp at which the session ended. + google.protobuf.Timestamp EndTime = 10 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "session_stop,omitempty" + ]; + // DesktopName is the name of the desktop resource. + string DesktopName = 11 [(gogoproto.jsontag) = "desktop_name"]; + // Recorded is true if the session was recorded, false otherwise. + bool Recorded = 12 [(gogoproto.jsontag) = "recorded"]; + // Participants is a list of participants in the session. + repeated string Participants = 13 [(gogoproto.jsontag) = "participants"]; +} + +// CertificateCreate is emitted when a certificate is issued. +message CertificateCreate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // CertificateType is the type of certificate that was just issued. + string CertificateType = 2 [(gogoproto.jsontag) = "cert_type,omitempty"]; + + // Identity is the identity associated with the certificate, as interpreted by Teleport. + Identity Identity = 3 [(gogoproto.jsontag) = "identity"]; +} + +// RenewableCertificateGenerationMismatch is emitted when a renewable +// certificiate's generation counter fails to validate, possibly indicating a +// stolen certificate and an invalid renewal attempt. +message RenewableCertificateGenerationMismatch { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // UserMetadata is a common user event metadata. + UserMetadata UserMetadata = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// Unknown is a fallback event used when we don't recognize an event from the backend. +message Unknown { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // UnknownType is the event type extracted from the unknown event. + string UnknownType = 2 [(gogoproto.jsontag) = "unknown_event"]; + + // UnknownCode is the event code extracted from the unknown event. + string UnknownCode = 3 [(gogoproto.jsontag) = "unknown_code,omitempty"]; + + // Data is the serialized JSON data of the unknown event. + string Data = 4 [(gogoproto.jsontag) = "data"]; +} + +// OneOf is a union of one of audit events submitted to the auth service +message OneOf { + // Event is one of the audit events + oneof Event { + events.UserLogin UserLogin = 1; + events.UserCreate UserCreate = 2; + events.UserDelete UserDelete = 3; + events.UserPasswordChange UserPasswordChange = 4; + events.SessionStart SessionStart = 5; + events.SessionJoin SessionJoin = 6; + events.SessionPrint SessionPrint = 7; + events.SessionReject SessionReject = 8; + events.Resize Resize = 9; + events.SessionEnd SessionEnd = 10; + events.SessionCommand SessionCommand = 11; + events.SessionDisk SessionDisk = 12; + events.SessionNetwork SessionNetwork = 13; + events.SessionData SessionData = 14; + events.SessionLeave SessionLeave = 15; + events.PortForward PortForward = 16; + events.X11Forward X11Forward = 17; + events.SCP SCP = 18; + events.Exec Exec = 19; + events.Subsystem Subsystem = 20; + events.ClientDisconnect ClientDisconnect = 21; + events.AuthAttempt AuthAttempt = 22; + events.AccessRequestCreate AccessRequestCreate = 23; + events.UserTokenCreate UserTokenCreate = 24; + events.RoleCreate RoleCreate = 25; + events.RoleDelete RoleDelete = 26; + events.TrustedClusterCreate TrustedClusterCreate = 27; + events.TrustedClusterDelete TrustedClusterDelete = 28; + events.TrustedClusterTokenCreate TrustedClusterTokenCreate = 29; + events.GithubConnectorCreate GithubConnectorCreate = 30; + events.GithubConnectorDelete GithubConnectorDelete = 31; + events.OIDCConnectorCreate OIDCConnectorCreate = 32; + events.OIDCConnectorDelete OIDCConnectorDelete = 33; + events.SAMLConnectorCreate SAMLConnectorCreate = 34; + events.SAMLConnectorDelete SAMLConnectorDelete = 35; + events.KubeRequest KubeRequest = 36; + events.AppSessionStart AppSessionStart = 37; + events.AppSessionChunk AppSessionChunk = 38; + events.AppSessionRequest AppSessionRequest = 39; + events.DatabaseSessionStart DatabaseSessionStart = 40; + events.DatabaseSessionEnd DatabaseSessionEnd = 41; + events.DatabaseSessionQuery DatabaseSessionQuery = 42; + events.SessionUpload SessionUpload = 43; + events.MFADeviceAdd MFADeviceAdd = 44; + events.MFADeviceDelete MFADeviceDelete = 45; + events.BillingInformationUpdate BillingInformationUpdate = 46; + events.BillingCardCreate BillingCardCreate = 47; + events.BillingCardDelete BillingCardDelete = 48; + events.LockCreate LockCreate = 49; + events.LockDelete LockDelete = 50; + events.RecoveryCodeGenerate RecoveryCodeGenerate = 51; + events.RecoveryCodeUsed RecoveryCodeUsed = 52; + events.DatabaseCreate DatabaseCreate = 53; + events.DatabaseUpdate DatabaseUpdate = 54; + events.DatabaseDelete DatabaseDelete = 55; + events.AppCreate AppCreate = 56; + events.AppUpdate AppUpdate = 57; + events.AppDelete AppDelete = 58; + events.WindowsDesktopSessionStart WindowsDesktopSessionStart = 59; + events.WindowsDesktopSessionEnd WindowsDesktopSessionEnd = 60; + events.PostgresParse PostgresParse = 61; + events.PostgresBind PostgresBind = 62; + events.PostgresExecute PostgresExecute = 63; + events.PostgresClose PostgresClose = 64; + events.PostgresFunctionCall PostgresFunctionCall = 65; + events.AccessRequestDelete AccessRequestDelete = 66; + events.SessionConnect SessionConnect = 67; + events.CertificateCreate CertificateCreate = 68; + events.DesktopRecording DesktopRecording = 69; + events.DesktopClipboardSend DesktopClipboardSend = 70; + events.DesktopClipboardReceive DesktopClipboardReceive = 71; + events.MySQLStatementPrepare MySQLStatementPrepare = 72; + events.MySQLStatementExecute MySQLStatementExecute = 73; + events.MySQLStatementSendLongData MySQLStatementSendLongData = 74; + events.MySQLStatementClose MySQLStatementClose = 75; + events.MySQLStatementReset MySQLStatementReset = 76; + events.MySQLStatementFetch MySQLStatementFetch = 77; + events.MySQLStatementBulkExecute MySQLStatementBulkExecute = 78; + events.RenewableCertificateGenerationMismatch RenewableCertificateGenerationMismatch = 79; + events.Unknown Unknown = 80; + events.MySQLInitDB MySQLInitDB = 81; + events.MySQLCreateDB MySQLCreateDB = 82; + events.MySQLDropDB MySQLDropDB = 83; + events.MySQLShutDown MySQLShutDown = 84; + events.MySQLProcessKill MySQLProcessKill = 85; + events.MySQLDebug MySQLDebug = 86; + events.MySQLRefresh MySQLRefresh = 87; + events.AccessRequestResourceSearch AccessRequestResourceSearch = 88; + events.SQLServerRPCRequest SQLServerRPCRequest = 89; + events.DatabaseSessionMalformedPacket DatabaseSessionMalformedPacket = 90; + events.SFTP SFTP = 91; + events.UpgradeWindowStartUpdate UpgradeWindowStartUpdate = 92; + events.AppSessionEnd AppSessionEnd = 93; + events.SessionRecordingAccess SessionRecordingAccess = 94; + events.KubernetesClusterCreate KubernetesClusterCreate = 96; + events.KubernetesClusterUpdate KubernetesClusterUpdate = 97; + events.KubernetesClusterDelete KubernetesClusterDelete = 98; + events.SSMRun SSMRun = 99; + events.ElasticsearchRequest ElasticsearchRequest = 100; + } +} + +// StreamStatus reflects stream status +message StreamStatus { + // UploadID represents upload ID + string UploadID = 1; + // LastEventIndex updates last event index + int64 LastEventIndex = 2; + // LastUploadTime is the time of the last upload + google.protobuf.Timestamp LastUploadTime = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; +} + +// SessionUpload is a session upload +message SessionUpload { + // Metadata is a common event metadata + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // SessionMetadata is a common event session metadata + SessionMetadata SessionMetadata = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // ID is a unique event identifier + string UID = 4 [(gogoproto.jsontag) = "uid,omitempty"]; + + // URL is where the url the session event data upload is at + string SessionURL = 5 [(gogoproto.jsontag) = "url"]; +} + +// Identity matches github.com/gravitational/teleport/lib/tlsca.Identity except +// for RouteToApp and RouteToDatabase which are nullable and Traits which is +// represented as a google.protobuf.Struct (still containing a map from string +// to strings). Field names match other names already used in other events +// rather than the field names in tlsca.Identity. +message Identity { + // User is a username or name of the node connection + string User = 1 [(gogoproto.jsontag) = "user,omitempty"]; + // Impersonator is a username of a user impersonating this user + string Impersonator = 2 [(gogoproto.jsontag) = "impersonator,omitempty"]; + // Roles is a list of groups (Teleport roles) encoded in the identity + repeated string Roles = 3 [(gogoproto.jsontag) = "roles,omitempty"]; + // Usage is a list of usage restrictions encoded in the identity + repeated string Usage = 4 [(gogoproto.jsontag) = "usage,omitempty"]; + // Logins is a list of Unix logins allowed. + repeated string Logins = 5 [(gogoproto.jsontag) = "logins,omitempty"]; + // KubernetesGroups is a list of Kubernetes groups allowed + repeated string KubernetesGroups = 6 [(gogoproto.jsontag) = "kubernetes_groups,omitempty"]; + // KubernetesUsers is a list of Kubernetes users allowed + repeated string KubernetesUsers = 7 [(gogoproto.jsontag) = "kubernetes_users,omitempty"]; + // Expires specifies whenever the session will expire + google.protobuf.Timestamp Expires = 8 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + // RouteToCluster specifies the target cluster + // if present in the session + string RouteToCluster = 9 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + // KubernetesCluster specifies the target kubernetes cluster for TLS + // identities. This can be empty on older Teleport clients. + string KubernetesCluster = 10 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + // Traits hold claim data used to populate a role at runtime. + wrappers.LabelValues Traits = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "traits,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + // RouteToApp holds routing information for applications. Routing metadata + // allows Teleport web proxy to route HTTP requests to the appropriate + // cluster and Teleport application proxy within the cluster. + RouteToApp RouteToApp = 12 [(gogoproto.jsontag) = "route_to_app,omitempty"]; + // TeleportCluster is the name of the teleport cluster that this identity + // originated from. For TLS certs this may not be the same as cert issuer, + // in case of multi-hop requests that originate from a remote cluster. + string TeleportCluster = 13 [(gogoproto.jsontag) = "teleport_cluster,omitempty"]; + // RouteToDatabase contains routing information for databases. + RouteToDatabase RouteToDatabase = 14 [(gogoproto.jsontag) = "route_to_database,omitempty"]; + // DatabaseNames is a list of allowed database names. + repeated string DatabaseNames = 15 [(gogoproto.jsontag) = "database_names,omitempty"]; + // DatabaseUsers is a list of allowed database users. + repeated string DatabaseUsers = 16 [(gogoproto.jsontag) = "database_users,omitempty"]; + // MFADeviceUUID is the UUID of an MFA device when this Identity was + // confirmed immediately after an MFA check. + string MFADeviceUUID = 17 [(gogoproto.jsontag) = "mfa_device_uuid,omitempty"]; + // ClientIP is an observed IP of the client that this Identity represents. + string ClientIP = 18 [(gogoproto.jsontag) = "client_ip,omitempty"]; + // AWSRoleARNs is a list of allowed AWS role ARNs user can assume. + repeated string AWSRoleARNs = 19 [(gogoproto.jsontag) = "aws_role_arns,omitempty"]; + // AccessRequests is a list of UUIDs of active requests for this Identity. + repeated string AccessRequests = 20 [(gogoproto.jsontag) = "access_requests,omitempty"]; + // DisallowReissue is a flag that, if set, instructs the auth server to + // deny any attempts to reissue new certificates while authenticated with + // this certificate. + bool DisallowReissue = 21 [(gogoproto.jsontag) = "disallow_reissue,omitempty"]; + // AllowedResourceIds is the list of resources which the identity will be + // allowed to access. An empty list indicates that no resource-specific + // restrictions will be applied. + repeated ResourceID AllowedResourceIDs = 22 [ + (gogoproto.jsontag) = "allowed_resource_ids,omitempty", + (gogoproto.nullable) = false + ]; +} + +// RouteToApp contains parameters for application access certificate requests. +message RouteToApp { + // Name is the application name certificate is being requested for. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // SessionID is the ID of the application session. + string SessionID = 2 [(gogoproto.jsontag) = "session_id"]; + // PublicAddr is the application public address. + string PublicAddr = 3 [(gogoproto.jsontag) = "public_addr"]; + // ClusterName is the cluster where the application resides. + string ClusterName = 4 [(gogoproto.jsontag) = "cluster_name"]; + // AWSRoleARN is the AWS role to assume when accessing AWS API. + string AWSRoleARN = 5 [(gogoproto.jsontag) = "aws_role_arn,omitempty"]; +} + +// RouteToDatabase combines parameters for database service routing information. +message RouteToDatabase { + // ServiceName is the Teleport database proxy service name the cert is for. + string ServiceName = 1 [(gogoproto.jsontag) = "service_name"]; + // Protocol is the type of the database the cert is for. + string Protocol = 2 [(gogoproto.jsontag) = "protocol"]; + // Username is an optional database username to embed. + string Username = 3 [(gogoproto.jsontag) = "username,omitempty"]; + // Database is an optional database name to embed. + string Database = 4 [(gogoproto.jsontag) = "database,omitempty"]; +} + +// AccessRequestResourceSearch is emitted when a user searches for resources as +// part of a search-based access request +message AccessRequestResourceSearch { + // Metadata is common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is common user metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SearchAsRoles is the list of roles the search was performed as. + repeated string SearchAsRoles = 3 [(gogoproto.jsontag) = "search_as_roles"]; + // ResourceType is the type of resource being searched for. + string ResourceType = 4 [(gogoproto.jsontag) = "resource_type,omitempty"]; + // Namespace is the namespace of resources. + string Namespace = 5 [(gogoproto.jsontag) = "namespace,omitempty"]; + // Labels is the label-based matcher used for the search. + map Labels = 6 [(gogoproto.jsontag) = "labels,omitempty"]; + // PredicateExpression is the list of boolean conditions that were used for the search. + string PredicateExpression = 7 [(gogoproto.jsontag) = "predicate_expression,omitempty"]; + // SearchKeywords is the list of search keywords used to match against resource field values. + repeated string SearchKeywords = 8 [(gogoproto.jsontag) = "search_keywords,omitempty"]; +} + +// MySQLStatementPrepare is emitted when a MySQL client creates a prepared +// statement using the prepared statement protocol. +message MySQLStatementPrepare { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Query is the prepared statement query. + string Query = 5 [(gogoproto.jsontag) = "query"]; +} + +// MySQLStatementExecute is emitted when a MySQL client executes a prepared +// statement using the prepared statement protocol. +message MySQLStatementExecute { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; + // Parameters are the parameters used to execute the prepared statement. + repeated string Parameters = 6 [(gogoproto.jsontag) = "parameters"]; +} + +// MySQLStatementSendLongData is emitted when a MySQL client sends long bytes +// stream using the prepared statement protocol. +message MySQLStatementSendLongData { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; + // ParameterID is the identifier of the parameter. + uint32 ParameterID = 6 [(gogoproto.jsontag) = "parameter_id"]; + // DataSize is the size of the data. + uint32 DataSize = 7 [(gogoproto.jsontag) = "data_size"]; +} + +// MySQLStatementClose is emitted when a MySQL client deallocates a prepared +// statement using the prepared statement protocol. +message MySQLStatementClose { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; +} + +// MySQLStatementReset is emitted when a MySQL client resets the data of a +// prepared statement using the prepared statement protocol. +message MySQLStatementReset { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; +} + +// MySQLStatementFetch is emitted when a MySQL client fetches rows from a +// prepared statement using the prepared statement protocol. +message MySQLStatementFetch { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; + // RowsCount is the number of rows to fetch. + uint32 RowsCount = 6 [(gogoproto.jsontag) = "rows_count"]; +} + +// MySQLStatementBulkExecute is emitted when a MySQL client executes a bulk +// insert of a prepared statement using the prepared statement protocol. +message MySQLStatementBulkExecute { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // StatementID is the identifier of the prepared statement. + uint32 StatementID = 5 [(gogoproto.jsontag) = "statement_id"]; + // Parameters are the parameters used to execute the prepared statement. + repeated string Parameters = 6 [(gogoproto.jsontag) = "parameters"]; +} + +// MySQLInitDB is emitted when a MySQL client changes the default schema for +// the connection. +message MySQLInitDB { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SchemaName is the name of the schema to use. + string SchemaName = 5 [(gogoproto.jsontag) = "schema_name"]; +} + +// MySQLCreateDB is emitted when a MySQL client creates a schema. +message MySQLCreateDB { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SchemaName is the name of the schema to create. + string SchemaName = 5 [(gogoproto.jsontag) = "schema_name"]; +} + +// MySQLDropDB is emitted when a MySQL client drops a schema. +message MySQLDropDB { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SchemaName is the name of the schema to drop. + string SchemaName = 5 [(gogoproto.jsontag) = "schema_name"]; +} + +// MySQLShutDown is emitted when a MySQL client asks the server to shut down. +message MySQLShutDown { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// MySQLProcessKill is emitted when a MySQL client asks the server to terminate +// a connection. +message MySQLProcessKill { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ProcessID is the process ID of a connection. + uint32 ProcessID = 5 [(gogoproto.jsontag) = "process_id"]; +} + +// MySQLDebug is emitted when a MySQL client asks the server to dump internal +// debug info to stdout. +message MySQLDebug { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// MySQLRefresh is emitted when a MySQL client sends refresh commands. +message MySQLRefresh { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Subcommand is the string representation of the subcommand. + string Subcommand = 5 [(gogoproto.jsontag) = "subcommand"]; +} + +// SQLServerRPCRequest is emitted when a user executes a MSSQL Server RPC command. +message SQLServerRPCRequest { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Procname is the RPC SQL Server procedure name. + string Procname = 5 [(gogoproto.jsontag) = "proc_name,omitempty"]; + // Parameters are the RPC parameters used to execute RPC Procedure.. + repeated string Parameters = 6 [(gogoproto.jsontag) = "parameters,omitempty"]; +} + +// DatabaseSessionMalformedPacket is emitted when a database sends a malformed packet. +message DatabaseSessionMalformedPacket { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Payload is the malformed packet payload. + bytes Payload = 5 [(gogoproto.jsontag) = "payload,omitempty"]; +} + +// ElasticsearchCategory specifies Elasticsearch request category. +enum ElasticsearchCategory { + // GENERAL is for otherwise uncategorized calls. + GENERAL = 0; + // SECURITY is for _security and _ssl APIs. + SECURITY = 1; + // SEARCH is for search-related APIs. + SEARCH = 2; + // SQL covers _sql API. + SQL = 3; +} + +// ElasticsearchRequest is emitted when user executes an Elasticsearch request, which isn't +// covered by API-specific events. +message ElasticsearchRequest { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // Database contains database related metadata. + DatabaseMetadata Database = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // Path is relative path in the URL. + string Path = 5 [(gogoproto.jsontag) = "path"]; + // RawQuery are the encoded query values. + string RawQuery = 6 [(gogoproto.jsontag) = "raw_query"]; + // Method is the request HTTP method, like GET/POST/DELETE/etc. + string Method = 7 [(gogoproto.jsontag) = "method"]; + // Body is the request HTTP body. + bytes Body = 8 [(gogoproto.jsontag) = "body"]; + // Headers are the HTTP request headers. + wrappers.LabelValues Headers = 9 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "headers,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // Category represents the category if API being accessed in a given request. + ElasticsearchCategory Category = 10 [(gogoproto.jsontag) = "category"]; + + // Target is an optional field indicating the target index or set of indices used as a subject of request. + string Target = 11 [(gogoproto.jsontag) = "target"]; + + // Query is an optional text of query (e.g. an SQL select statement for _sql API), if a request includes it. + string Query = 12 [(gogoproto.jsontag) = "query"]; +} + +// UpgradeWindowStartMetadata contains common upgrade window information. +message UpgradeWindowStartMetadata { + // UpgradeWindowStart is the upgrade window time. + string UpgradeWindowStart = 1 [(gogoproto.jsontag) = "upgrade_window_start,omitempty"]; +} + +// UpgradeWindowStartUpdate is emitted when a user updates the cloud upgrade window start time. +message UpgradeWindowStartUpdate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionMetadata is a common event session metadata. + SessionMetadata Session = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // UpgradeWindowStartMetadata contains upgrade window related metadata. + UpgradeWindowStartMetadata UpgradeWindowStart = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SessionRecordingAccess is emitted when a session recording is accessed, allowing +// session views to be included in the audit log +message SessionRecordingAccess { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // SessionID is the ID of the session. + string SessionID = 2 [(gogoproto.jsontag) = "sid"]; + // UserMetadata is a common user event metadata. + UserMetadata UserMetadata = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// KubeClusterMetadata contains common kubernetes cluster information. +message KubeClusterMetadata { + // KubeLabels are the configured cluster labels. + map KubeLabels = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "kube_labels,omitempty" + ]; +} + +// KubernetesClusterCreate is emitted when a new kubernetes cluster resource is created. +message KubernetesClusterCreate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // KubeClusterMetadata is a common kubernetes resource metadata. + KubeClusterMetadata KubeClusterMetadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// KubernetesClusterUpdate is emitted when an existing kubernetes cluster resource is updated. +message KubernetesClusterUpdate { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // KubeClusterMetadata is a common kubernetes resource metadata. + KubeClusterMetadata KubeClusterMetadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// KubernetesClusterDelete is emitted when a kubernetes cluster resource is deleted. +message KubernetesClusterDelete { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // User is a common user event metadata. + UserMetadata User = 2 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + // ResourceMetadata is a common resource event metadata. + ResourceMetadata Resource = 3 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; +} + +// SSMRun is emitted after an AWS SSM document completes execution. +message SSMRun { + // Metadata is a common event metadata. + Metadata Metadata = 1 [ + (gogoproto.nullable) = false, + (gogoproto.embed) = true, + (gogoproto.jsontag) = "" + ]; + + // CommandID is the id of the SSM command that was run. + string CommandID = 2 [(gogoproto.jsontag) = "command_id"]; + + // InstanceID is the id of the EC2 instance the command was run on. + string InstanceID = 3 [(gogoproto.jsontag) = "instance_id"]; + + // ExitCode is the exit code resulting from the script run. + int64 ExitCode = 4 [(gogoproto.jsontag) = "exit_code"]; + + // Status represents the success or failure status of a script run. + string Status = 5 [(gogoproto.jsontag) = "status"]; + + // AccountID is the id of the AWS account that ran the command. + string AccountID = 6 [(gogoproto.jsontag) = "account_id"]; + + // Region is the AWS region the command was ran in. + string Region = 7 [(gogoproto.jsontag) = "region"]; +} diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto new file mode 100644 index 0000000000000..c0318db7a242c --- /dev/null +++ b/api/proto/teleport/legacy/types/types.proto @@ -0,0 +1,4189 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package types; + +import "gogoproto/gogo.proto"; +import "google/protobuf/timestamp.proto"; +import "teleport/legacy/types/wrappers/wrappers.proto"; + +option go_package = "github.com/gravitational/teleport/api/types"; +option (gogoproto.goproto_getters_all) = false; +option (gogoproto.marshaler_all) = true; +option (gogoproto.unmarshaler_all) = true; + +message KeepAlive { + // Name of the resource to keep alive. + string Name = 1 [(gogoproto.jsontag) = "server_name"]; + // Namespace is the namespace of the resource. + string Namespace = 2 [(gogoproto.jsontag) = "namespace"]; + // LeaseID is ID of the lease. + int64 LeaseID = 3 [(gogoproto.jsontag) = "lease_id"]; + // Expires is set to update expiry time of the resource. + google.protobuf.Timestamp Expires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + // Type is the type of keep alive, used by servers. At the moment only + // "node", "app" and "database" are supported. + enum KeepAliveType { + UNKNOWN = 0; + NODE = 1; + APP = 2; + DATABASE = 3; + WINDOWS_DESKTOP = 4; + KUBERNETES = 5; + } + KeepAliveType Type = 9 [(gogoproto.jsontag) = "type"]; + // HostID is an optional UUID of the host the resource belongs to. + string HostID = 10 [(gogoproto.jsontag) = "host_id,omitempty"]; +} + +// Metadata is resource metadata +message Metadata { + // Name is an object name + string Name = 1 [(gogoproto.jsontag) = "name"]; + // Namespace is object namespace. The field should be called "namespace" + // when it returns in Teleport 2.4. + string Namespace = 2 [(gogoproto.jsontag) = "-"]; + // Description is object description + string Description = 3 [(gogoproto.jsontag) = "description,omitempty"]; + // Labels is a set of labels + map Labels = 5 [(gogoproto.jsontag) = "labels,omitempty"]; + // Expires is a global expiry time header can be set on any resource in the + // system. + google.protobuf.Timestamp Expires = 6 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // ID is a record ID + int64 ID = 7 [(gogoproto.jsontag) = "id,omitempty"]; +} + +// Rotation is a status of the rotation of the certificate authority +message Rotation { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // State could be one of "init" or "in_progress". + string State = 1 [(gogoproto.jsontag) = "state,omitempty"]; + // Phase is the current rotation phase. + string Phase = 2 [(gogoproto.jsontag) = "phase,omitempty"]; + // Mode sets manual or automatic rotation mode. + string Mode = 3 [(gogoproto.jsontag) = "mode,omitempty"]; + // CurrentID is the ID of the rotation operation + // to differentiate between rotation attempts. + string CurrentID = 4 [(gogoproto.jsontag) = "current_id"]; + // Started is set to the time when rotation has been started + // in case if the state of the rotation is "in_progress". + google.protobuf.Timestamp Started = 5 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "started,omitempty" + ]; + // GracePeriod is a period during which old and new CA + // are valid for checking purposes, but only new CA is issuing certificates. + int64 GracePeriod = 6 [ + (gogoproto.jsontag) = "grace_period,omitempty", + (gogoproto.casttype) = "Duration" + ]; + // LastRotated specifies the last time of the completed rotation. + google.protobuf.Timestamp LastRotated = 7 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "last_rotated,omitempty" + ]; + // Schedule is a rotation schedule - used in + // automatic mode to switch beetween phases. + RotationSchedule Schedule = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "schedule,omitempty" + ]; +} + +// RotationSchedule is a rotation schedule setting time switches +// for different phases. +message RotationSchedule { + // UpdateClients specifies time to switch to the "Update clients" phase + google.protobuf.Timestamp UpdateClients = 1 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "update_clients,omitempty" + ]; + // UpdateServers specifies time to switch to the "Update servers" phase. + google.protobuf.Timestamp UpdateServers = 2 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "update_servers,omitempty" + ]; + // Standby specifies time to switch to the "Standby" phase. + google.protobuf.Timestamp Standby = 3 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "standby,omitempty" + ]; +} + +// ResorceHeader is a shared resource header +// used in cases when only type and name is known +message ResourceHeader { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind,omitempty"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version,omitempty"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata,omitempty" + ]; +} + +// DatabaseServerV3 represents a database access server. +message DatabaseServerV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is the database server resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the database server metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the database server spec. + DatabaseServerSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// DatabaseServerSpecV3 is the database server spec. +message DatabaseServerSpecV3 { + // Description is a free-form text describing this database server. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + string Description = 1 [ + (gogoproto.jsontag) = "description,omitempty", + deprecated = true + ]; + // Protocol is the database type e.g. postgres, mysql, etc. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + string Protocol = 2 [ + (gogoproto.jsontag) = "protocol", + deprecated = true + ]; + // URI is the database connection address. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + string URI = 3 [ + (gogoproto.jsontag) = "uri", + deprecated = true + ]; + // CACert is an optional base64-encoded database CA certificate. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + bytes CACert = 4 [ + (gogoproto.jsontag) = "ca_cert,omitempty", + deprecated = true + ]; + // AWS contains AWS specific settings for RDS/Aurora databases. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + AWS AWS = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "aws", + deprecated = true + ]; + // Version is the Teleport version that the server is running. + string Version = 6 [(gogoproto.jsontag) = "version"]; + // Hostname is the database server hostname. + string Hostname = 7 [(gogoproto.jsontag) = "hostname"]; + // HostID is the ID of the host the database server is running on. + string HostID = 8 [(gogoproto.jsontag) = "host_id"]; + // DynamicLabels is the database server dynamic labels. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + map DynamicLabels = 9 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "dynamic_labels,omitempty", + deprecated = true + ]; + // Rotation contains the server CA rotation information. + Rotation Rotation = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rotation,omitempty" + ]; + // GCP contains parameters specific to GCP Cloud SQL databases. + // + // DEPRECATED: Moved to DatabaseSpecV3. DELETE IN 9.0. + GCPCloudSQL GCP = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "gcp,omitempty", + deprecated = true + ]; + // Database is the database proxied by this database server. + DatabaseV3 Database = 12 [(gogoproto.jsontag) = "database,omitempty"]; + // ProxyIDs is a list of proxy IDs this server is expected to be connected to. + repeated string ProxyIDs = 13 [(gogoproto.jsontag) = "proxy_ids,omitempty"]; +} + +// DatabaseV3List represents a list of databases. +message DatabaseV3List { + // Databases is a list of database resources. + repeated DatabaseV3 Databases = 1; +} + +// DatabaseV3 represents a single proxied database. +message DatabaseV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is the database resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the database metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the database spec. + DatabaseSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; + // Status is the database runtime information. + DatabaseStatusV3 Status = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "status" + ]; +} + +// DatabaseSpecV3 is the database spec. +message DatabaseSpecV3 { + // Protocol is the database protocol: postgres, mysql, mongodb, etc. + string Protocol = 1 [(gogoproto.jsontag) = "protocol"]; + // URI is the database connection endpoint. + string URI = 2 [(gogoproto.jsontag) = "uri"]; + // CACert is the PEM-encoded database CA certificate. + // + // DEPRECATED: Moved to TLS.CACert. DELETE IN 10.0. + string CACert = 3 [ + (gogoproto.jsontag) = "ca_cert,omitempty", + deprecated = true + ]; + // DynamicLabels is the database dynamic labels. + map DynamicLabels = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "dynamic_labels,omitempty" + ]; + // AWS contains AWS specific settings for RDS/Aurora/Redshift databases. + AWS AWS = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "aws,omitempty" + ]; + // GCP contains parameters specific to GCP Cloud SQL databases. + GCPCloudSQL GCP = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "gcp,omitempty" + ]; + // Azure contains Azure specific database metadata. + Azure Azure = 7 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "azure,omitempty" + ]; + // TLS is the TLS configuration used when establishing connection to target database. + // Allows to provide custom CA cert or override server name. + DatabaseTLS TLS = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "tls,omitempty" + ]; + // AD is the Active Directory configuration for the database. + AD AD = 9 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "ad,omitempty" + ]; + // MySQL is an additional section with MySQL database options. + MySQLOptions MySQL = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "mysql,omitempty" + ]; +} + +// DatabaseStatusV3 contains runtime information about the database. +message DatabaseStatusV3 { + // CACert is the auto-downloaded cloud database CA certificate. + string CACert = 1 [(gogoproto.jsontag) = "ca_cert,omitempty"]; + // AWS is the auto-discovered AWS cloud database metadata. + AWS AWS = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "aws" + ]; + // MySQL is an additional section with MySQL runtime database information. + MySQLOptions MySQL = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "mysql,omitempty" + ]; + // ManagedUsers is a list of database users that are managed by Teleport. + repeated string ManagedUsers = 4 [(gogoproto.jsontag) = "managed_users,omitempty"]; + // Azure is the auto-discovered Azure cloud database metadata. + Azure Azure = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "azure" + ]; +} + +// AWS contains AWS metadata about the database. +message AWS { + // Region is a AWS cloud region. + string Region = 1 [(gogoproto.jsontag) = "region,omitempty"]; + // Redshift contains Redshift specific metadata. + Redshift Redshift = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "redshift,omitempty" + ]; + // RDS contains RDS specific metadata. + RDS RDS = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rds,omitempty" + ]; + // AccountID is the AWS account ID this database belongs to. + string AccountID = 4 [(gogoproto.jsontag) = "account_id,omitempty"]; + // ElastiCache contains AWS ElastiCache Redis specific metadata. + ElastiCache ElastiCache = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "elasticache,omitempty" + ]; + // SecretStore contains secret store configurations. + SecretStore SecretStore = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "secret_store,omitempty" + ]; + // MemoryDB contains AWS MemoryDB specific metadata. + MemoryDB MemoryDB = 7 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "memorydb,omitempty" + ]; +} + +// SecretStore contains secret store configurations. +message SecretStore { + // KeyPrefix specifies the secret key prefix. + string KeyPrefix = 1 [(gogoproto.jsontag) = "key_prefix,omitempty"]; + // KMSKeyID specifies the AWS KMS key for encryption. + string KMSKeyID = 2 [(gogoproto.jsontag) = "kms_key_id,omitempty"]; +} + +// Redshift contains AWS Redshift specific database metadata. +message Redshift { + // ClusterID is the Redshift cluster identifier. + string ClusterID = 1 [(gogoproto.jsontag) = "cluster_id,omitempty"]; +} + +// RDS contains AWS RDS specific database metadata. +message RDS { + // InstanceID is the RDS instance identifier. + string InstanceID = 1 [(gogoproto.jsontag) = "instance_id,omitempty"]; + // ClusterID is the RDS cluster (Aurora) identifier. + string ClusterID = 2 [(gogoproto.jsontag) = "cluster_id,omitempty"]; + // ResourceID is the RDS instance resource identifier (db-xxx). + string ResourceID = 3 [(gogoproto.jsontag) = "resource_id,omitempty"]; + // IAMAuth indicates whether database IAM authentication is enabled. + bool IAMAuth = 4 [(gogoproto.jsontag) = "iam_auth"]; +} + +// ElastiCache contains AWS ElastiCache Redis specific metadata. +message ElastiCache { + // ReplicationGroupID is the Redis replication group ID. + string ReplicationGroupID = 1 [(gogoproto.jsontag) = "replication_group_id,omitempty"]; + // UserGroupIDs is a list of user group IDs. + repeated string UserGroupIDs = 2 [(gogoproto.jsontag) = "user_group_ids,omitempty"]; + // TransitEncryptionEnabled indicates whether in-transit encryption (TLS) is enabled. + bool TransitEncryptionEnabled = 3 [(gogoproto.jsontag) = "transit_encryption_enabled,omitempty"]; + // EndpointType is the type of the endpoint. + string EndpointType = 4 [(gogoproto.jsontag) = "endpoint_type,omitempty"]; +} + +// MemoryDB contains AWS MemoryDB specific metadata. +message MemoryDB { + // ClusterName is the name of the MemoryDB cluster. + string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name,omitempty"]; + // ACLName is the name of the ACL associated with the cluster. + string ACLName = 2 [(gogoproto.jsontag) = "acl_name,omitempty"]; + // TLSEnabled indicates whether in-transit encryption (TLS) is enabled. + bool TLSEnabled = 3 [(gogoproto.jsontag) = "tls_enabled,omitempty"]; + // EndpointType is the type of the endpoint. + string EndpointType = 4 [(gogoproto.jsontag) = "endpoint_type,omitempty"]; +} + +// GCPCloudSQL contains parameters specific to GCP Cloud SQL databases. +message GCPCloudSQL { + // ProjectID is the GCP project ID the Cloud SQL instance resides in. + string ProjectID = 1 [(gogoproto.jsontag) = "project_id,omitempty"]; + // InstanceID is the Cloud SQL instance ID. + string InstanceID = 2 [(gogoproto.jsontag) = "instance_id,omitempty"]; +} + +// Azure contains Azure specific database metadata. +message Azure { + // Name is the Azure database server name. + string Name = 1 [(gogoproto.jsontag) = "name,omitempty"]; + // ResourceID is the Azure fully qualified ID for the resource. + string ResourceID = 2 [(gogoproto.jsontag) = "resource_id,omitempty"]; +} + +// AD contains Active Directory specific database configuration. +message AD { + // KeytabFile is the path to the Kerberos keytab file. + string KeytabFile = 1 [(gogoproto.jsontag) = "keytab_file"]; + // Krb5File is the path to the Kerberos configuration file. Defaults to /etc/krb5.conf. + string Krb5File = 2 [(gogoproto.jsontag) = "krb5_file,omitempty"]; + // Domain is the Active Directory domain the database resides in. + string Domain = 3 [(gogoproto.jsontag) = "domain"]; + // SPN is the service principal name for the database. + string SPN = 4 [(gogoproto.jsontag) = "spn"]; +} + +// DatabaseTLSMode represents the level of TLS verification performed by +// DB agent when connecting to a database. +enum DatabaseTLSMode { + // VERIFY_FULL performs full certificate validation. + VERIFY_FULL = 0; + // VERIFY_CA works the same as VERIFY_FULL, but it skips the hostname check. + VERIFY_CA = 1; + // INSECURE accepts any certificate provided by server. This is the least secure option. + INSECURE = 2; +} + +// DatabaseTLS contains TLS configuration options. +message DatabaseTLS { + // Mode is a TLS connection mode. See DatabaseTLSMode for details. + DatabaseTLSMode Mode = 1 [(gogoproto.jsontag) = "mode"]; + // CACert is an optional user provided CA certificate used for verifying + // database TLS connection. + string CACert = 2 [(gogoproto.jsontag) = "ca_cert,omitempty"]; + // ServerName allows to provide custom hostname. This value will override the + // servername/hostname on a certificate during validation. + string ServerName = 3 [(gogoproto.jsontag) = "server_name,omitempty"]; +} + +// MySQLOptions are additional MySQL database options. +message MySQLOptions { + // ServerVersion is the server version reported by DB proxy if the runtime information is + // not available. + string ServerVersion = 1 [(gogoproto.jsontag) = "server_version,omitempty"]; +} + +// ServerV2 represents a Node, App, Database, Proxy or Auth server in a Teleport cluster. +message ServerV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a server spec + ServerSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ServerV2List is a list of servers. +// DELETE IN 8.0.0 only used in deprecated GetNodes rpc +message ServerV2List { + // Servers is a list of servers. + repeated ServerV2 Servers = 1; +} + +// ServerSpecV2 is a specification for V2 Server +message ServerSpecV2 { + reserved 8; + + // Addr is server host:port address + string Addr = 1 [(gogoproto.jsontag) = "addr"]; + // PublicAddr is the public address this cluster can be reached at. + string PublicAddr = 2 [(gogoproto.jsontag) = "public_addr,omitempty"]; + // Hostname is server hostname + string Hostname = 3 [(gogoproto.jsontag) = "hostname"]; + // CmdLabels is server dynamic labels + map CmdLabels = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "cmd_labels,omitempty" + ]; + // Rotation specifies server rotation + Rotation Rotation = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rotation,omitempty" + ]; + // UseTunnel indicates that connections to this server should occur over a + // reverse tunnel. + bool UseTunnel = 6 [(gogoproto.jsontag) = "use_tunnel,omitempty"]; + // TeleportVersion is the teleport version that the server is running on + string Version = 7 [(gogoproto.jsontag) = "version"]; + // Apps is a list of applications this server is proxying. + // + // DELETE IN 9.0. Deprecated, moved to AppServerSpecV3. + repeated App Apps = 9 [ + (gogoproto.jsontag) = "apps,omitempty", + deprecated = true + ]; + // KubernetesClusters is a list of kubernetes clusters provided by this + // Proxy or KubeService server. + // + // Important: jsontag must not be "kubernetes_clusters", because a + // different field with that jsontag existed in 4.4: + // https://github.com/gravitational/teleport/issues/4862 + repeated KubernetesCluster KubernetesClusters = 10 [(gogoproto.jsontag) = "kube_clusters,omitempty"]; + // PeerAddr is the address a proxy server is reachable at by its peer proxies. + string PeerAddr = 11 [(gogoproto.jsontag) = "peer_addr,omitempty"]; + // ProxyIDs is a list of proxy IDs this server is expected to be connected to. + repeated string ProxyIDs = 12 [(gogoproto.jsontag) = "proxy_ids,omitempty"]; +} + +// AppServerV3 represents a single proxied web app. +message AppServerV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is the app server resource kind. Always "app_server". + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the app server metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the app server spec. + AppServerSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// AppServerSpecV3 is the app access server spec. +message AppServerSpecV3 { + // Version is the Teleport version that the server is running. + string Version = 1 [(gogoproto.jsontag) = "version"]; + // Hostname is the app server hostname. + string Hostname = 2 [(gogoproto.jsontag) = "hostname"]; + // HostID is the app server host uuid. + string HostID = 3 [(gogoproto.jsontag) = "host_id"]; + // Rotation contains the app server CA rotation information. + Rotation Rotation = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rotation,omitempty" + ]; + // App is the app proxied by this app server. + AppV3 App = 5 [(gogoproto.jsontag) = "app"]; + // ProxyIDs is a list of proxy IDs this server is expected to be connected to. + repeated string ProxyIDs = 6 [(gogoproto.jsontag) = "proxy_ids,omitempty"]; +} + +// AppV3List represents a list of app resources. +message AppV3List { + // Apps is a list of app resources. + repeated AppV3 Apps = 1; +} + +// AppV3 represents an app resource. +message AppV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is the app resource kind. Always "app". + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the app resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the app resource spec. + AppSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// AppSpecV3 is the AppV3 resource spec. +message AppSpecV3 { + // URI is the web app endpoint. + string URI = 1 [(gogoproto.jsontag) = "uri"]; + // PublicAddr is the public address the application is accessible at. + string PublicAddr = 2 [(gogoproto.jsontag) = "public_addr,omitempty"]; + // DynamicLabels are the app's command labels. + map DynamicLabels = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "dynamic_labels,omitempty" + ]; + // InsecureSkipVerify disables app's TLS certificate verification. + bool InsecureSkipVerify = 4 [(gogoproto.jsontag) = "insecure_skip_verify"]; + // Rewrite is a list of rewriting rules to apply to requests and responses. + Rewrite Rewrite = 5 [(gogoproto.jsontag) = "rewrite,omitempty"]; + // AWS contains additional options for AWS applications. + AppAWS AWS = 6 [(gogoproto.jsontag) = "aws,omitempty"]; +} + +// App is a specific application that a server proxies. +// +// DELETE IN 9.0. Deprecated, use AppV3. +message App { + // Name is the name of the application. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // URI is the internal address the application is available at. + string URI = 2 [(gogoproto.jsontag) = "uri"]; + // PublicAddr is the public address the application is accessible at. + string PublicAddr = 3 [(gogoproto.jsontag) = "public_addr,omitempty"]; + // StaticLabels is map of static labels associated with an application. + // Used for RBAC. + map StaticLabels = 4 [(gogoproto.jsontag) = "labels,omitempty"]; + // DynamicLabels is map of dynamic labels associated with an application. + // Used for RBAC. + map DynamicLabels = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "commands,omitempty" + ]; + // InsecureSkipVerify disables app's TLS certificate verification. + bool InsecureSkipVerify = 6 [(gogoproto.jsontag) = "insecure_skip_verify"]; + // Rewrite is a list of rewriting rules to apply to requests and responses. + Rewrite Rewrite = 7 [(gogoproto.jsontag) = "rewrite,omitempty"]; + // Description is an optional free-form app description. + string Description = 8 [(gogoproto.jsontag) = "description,omitempty"]; +} + +// Rewrite is a list of rewriting rules to apply to requests and responses. +message Rewrite { + // Redirect defines a list of hosts which will be rewritten to the public + // address of the application if they occur in the "Location" header. + repeated string Redirect = 1 [(gogoproto.jsontag) = "redirect,omitempty"]; + // Headers is a list of headers to inject when passing the request over + // to the application. + repeated Header Headers = 2 [(gogoproto.jsontag) = "headers,omitempty"]; +} + +// Header represents a single http header passed over to the proxied application. +message Header { + // Name is the http header name. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // Value is the http header value. + string Value = 2 [(gogoproto.jsontag) = "value"]; +} + +// CommandLabelV2 is a label that has a value as a result of the +// output generated by running command, e.g. hostname +message CommandLabelV2 { + // Period is a time between command runs + int64 Period = 1 [ + (gogoproto.jsontag) = "period", + (gogoproto.casttype) = "Duration" + ]; + // Command is a command to run + repeated string Command = 2 [(gogoproto.jsontag) = "command"]; + // Result captures standard output + string Result = 3 [(gogoproto.jsontag) = "result"]; +} + +// AppAWS contains additional options for AWS applications. +message AppAWS { + // ExternalID is the AWS External ID used when assuming roles in this app. + string ExternalID = 1 [(gogoproto.jsontag) = "external_id,omitempty"]; +} + +// PrivateKeyType is the storage type of a private key. +enum PrivateKeyType { + // RAW is a plaintext private key. + RAW = 0; + // PKCS11 is a private key backed by a PKCS11 device such as HSM. + PKCS11 = 1; +} + +// SSHKeyPair is an SSH CA key pair. +message SSHKeyPair { + // PublicKey is the SSH public key. + bytes PublicKey = 1 [(gogoproto.jsontag) = "public_key,omitempty"]; + // PrivateKey is the SSH private key. + bytes PrivateKey = 2 [(gogoproto.jsontag) = "private_key,omitempty"]; + // PrivateKeyType is the type of the PrivateKey. + PrivateKeyType PrivateKeyType = 3 [(gogoproto.jsontag) = "private_key_type,omitempty"]; +} + +// TLSKeyPair is a TLS key pair +message TLSKeyPair { + // Cert is a PEM encoded TLS cert + bytes Cert = 1 [(gogoproto.jsontag) = "cert,omitempty"]; + // Key is a PEM encoded TLS key + bytes Key = 2 [(gogoproto.jsontag) = "key,omitempty"]; + // KeyType is the type of the Key. + PrivateKeyType KeyType = 3 [(gogoproto.jsontag) = "key_type,omitempty"]; +} + +// JWTKeyPair is a PEM encoded keypair used for signing JWT tokens. +message JWTKeyPair { + // PublicKey is a PEM encoded public key. + bytes PublicKey = 1 [(gogoproto.jsontag) = "public_key,omitempty"]; + // PrivateKey is a PEM encoded private key. + bytes PrivateKey = 2 [(gogoproto.jsontag) = "private_key,omitempty"]; + // PrivateKeyType is the type of the PrivateKey. + PrivateKeyType PrivateKeyType = 3 [(gogoproto.jsontag) = "private_key_type,omitempty"]; +} + +// CertAuthorityV2 is version 2 resource spec for Cert Authority +message CertAuthorityV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is connector metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec contains cert authority specification + CertAuthoritySpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// CertAuthoritySpecV2 is a host or user certificate authority that +// can check and if it has private key stored as well, sign it too +message CertAuthoritySpecV2 { + // Type is either user or host certificate authority + string Type = 1 [ + (gogoproto.jsontag) = "type", + (gogoproto.casttype) = "CertAuthType" + ]; + // DELETE IN(2.7.0) this field is deprecated, + // as resource name matches cluster name after migrations. + // and this property is enforced by the auth server code. + // ClusterName identifies cluster name this authority serves, + // for host authorities that means base hostname of all servers, + // for user authorities that means organization name + string ClusterName = 2 [(gogoproto.jsontag) = "cluster_name"]; + // Checkers is a list of SSH public keys that can be used to check + // certificate signatures + // + // DEPRECATED: use ActiveKeys and AdditionalTrustedKeys instead. + repeated bytes CheckingKeys = 3 [ + (gogoproto.jsontag) = "checking_keys,omitempty", + deprecated = true + ]; + // SigningKeys is a list of private keys used for signing + // + // DEPRECATED: use ActiveKeys instead. + repeated bytes SigningKeys = 4 [ + (gogoproto.jsontag) = "signing_keys,omitempty", + deprecated = true + ]; + // Roles is a list of roles assumed by users signed by this CA + repeated string Roles = 5 [(gogoproto.jsontag) = "roles,omitempty"]; + // RoleMap specifies role mappings to remote roles + repeated RoleMapping RoleMap = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "role_map,omitempty" + ]; + // TLS is a list of TLS key pairs + // + // DEPRECATED: use ActiveKeys and AdditionalTrustedKeys instead. + repeated TLSKeyPair TLSKeyPairs = 7 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "tls_key_pairs,omitempty", + deprecated = true + ]; + // Rotation is a status of the certificate authority rotation + Rotation Rotation = 8 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "rotation,omitempty" + ]; + // SigningAlg is the algorithm used for signing new SSH certificates using + // SigningKeys. + enum SigningAlgType { + UNKNOWN = 0; + RSA_SHA1 = 1; + RSA_SHA2_256 = 2; + RSA_SHA2_512 = 3; + } + SigningAlgType SigningAlg = 9 [(gogoproto.jsontag) = "signing_alg,omitempty"]; + // JWTKeyPair is a list of JWT key pairs. + // + // DEPRECATED: use ActiveKeys and AdditionalTrustedKeys instead. + repeated JWTKeyPair JWTKeyPairs = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "jwt_key_pairs,omitempty", + deprecated = true + ]; + + // ActiveKeys are the CA key sets used to sign any new certificates. + CAKeySet ActiveKeys = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "active_keys,omitempty" + ]; + // AdditionalTrustedKeys are additional CA key sets that can be used to + // verify certificates. Certificates should be verified with + // AdditionalTrustedKeys and ActiveKeys combined. + CAKeySet AdditionalTrustedKeys = 12 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "additional_trusted_keys,omitempty" + ]; +} + +// CAKeySet is the set of CA keys. +message CAKeySet { + // SSH contains SSH CA key pairs. + repeated SSHKeyPair SSH = 1 [(gogoproto.jsontag) = "ssh,omitempty"]; + // TLS contains TLS CA key/cert pairs. + repeated TLSKeyPair TLS = 2 [(gogoproto.jsontag) = "tls,omitempty"]; + // JWT contains JWT signing key pairs. + repeated JWTKeyPair JWT = 3 [(gogoproto.jsontag) = "jwt,omitempty"]; +} + +// RoleMapping provides mapping of remote roles to local roles +// for trusted clusters +message RoleMapping { + // Remote specifies remote role name to map from + string Remote = 1 [(gogoproto.jsontag) = "remote"]; + // Local specifies local roles to map to + repeated string Local = 2 [(gogoproto.jsontag) = "local"]; +} + +// ProvisionTokenV1 is a provisioning token V1 +message ProvisionTokenV1 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Roles is a list of roles associated with the token, + // that will be converted to metadata in the SSH and X509 + // certificates issued to the user of the token + repeated string Roles = 1 [ + (gogoproto.jsontag) = "roles", + (gogoproto.casttype) = "SystemRole" + ]; + // Expires is a global expiry time header can be set on any resource in the + // system. + google.protobuf.Timestamp Expires = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // Token is a token name + string Token = 3 [(gogoproto.jsontag) = "token"]; +} + +// ProvisionTokenV2 specifies provisioning token +message ProvisionTokenV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a provisioning token V2 spec + ProvisionTokenSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ProvisionTokenV2List is a list of provisioning tokens. +message ProvisionTokenV2List { + // ProvisionTokens is a list of provisioning tokens. + repeated ProvisionTokenV2 ProvisionTokens = 1; +} + +// TokenRule is a rule that a joining node must match in order to use the +// associated token. +message TokenRule { + // AWSAccount is the AWS account ID. + string AWSAccount = 1 [(gogoproto.jsontag) = "aws_account,omitempty"]; + // AWSRegions is used for the EC2 join method and is a list of AWS regions a + // node is allowed to join from. + repeated string AWSRegions = 2 [(gogoproto.jsontag) = "aws_regions,omitempty"]; + // AWSRole is used for the EC2 join method and is the the ARN of the AWS + // role that the auth server will assume in order to call the ec2 API. + string AWSRole = 3 [(gogoproto.jsontag) = "aws_role,omitempty"]; + // AWSARN is used for the IAM join method, the AWS identity of joining nodes + // must match this ARN. Supports wildcards "*" and "?". + string AWSARN = 4 [(gogoproto.jsontag) = "aws_arn,omitempty"]; +} + +// ProvisionTokenSpecV2 is a specification for V2 token +message ProvisionTokenSpecV2 { + // Roles is a list of roles associated with the token, + // that will be converted to metadata in the SSH and X509 + // certificates issued to the user of the token + repeated string Roles = 1 [ + (gogoproto.jsontag) = "roles", + (gogoproto.casttype) = "SystemRole" + ]; + // Allow is a list of TokenRules, nodes using this token must match one + // allow rule to use this token. + repeated TokenRule Allow = 2 [(gogoproto.jsontag) = "allow,omitempty"]; + // AWSIIDTTL is the TTL to use for AWS EC2 Instance Identity Documents used + // to join the cluster with this token. + int64 AWSIIDTTL = 3 [ + (gogoproto.jsontag) = "aws_iid_ttl,omitempty", + (gogoproto.casttype) = "Duration" + ]; + // JoinMethod is the joining method required in order to use this token. + // Supported joining methods include "token", "ec2", and "iam". + string JoinMethod = 4 [ + (gogoproto.jsontag) = "join_method", + (gogoproto.casttype) = "JoinMethod" + ]; + // BotName is the name of the bot this token grants access to, if any + string BotName = 5 [(gogoproto.jsontag) = "bot_name,omitempty"]; + // SuggestedLabels is a set of labels that resources should set when using this token to enroll + // themselves in the cluster + wrappers.LabelValues SuggestedLabels = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "suggested_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; +} + +// StaticTokensV2 implements the StaticTokens interface. +message StaticTokensV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a provisioning token V2 spec + StaticTokensSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2. +message StaticTokensSpecV2 { + // StaticTokens is a list of tokens that can be used to add nodes to the + // cluster. + repeated ProvisionTokenV1 StaticTokens = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "static_tokens" + ]; +} + +// ClusterNameV2 implements the ClusterName interface. +message ClusterNameV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a cluster name V2 spec + ClusterNameSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ClusterNameSpecV2 is the actual data we care about for ClusterName. +message ClusterNameSpecV2 { + // ClusterName is the name of the cluster. Changing this value once the + // cluster is setup can and will cause catastrophic problems. + string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; + + // ClusterID is the unique cluster ID that is set once during the first + // auth server startup. + string ClusterID = 2 [(gogoproto.jsontag) = "cluster_id"]; +} + +// ClusterAuditConfigV2 represents audit log settings in the cluster. +message ClusterAuditConfigV2 { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a ClusterAuditConfig specification + ClusterAuditConfigSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ClusterAuditConfigSpecV2 is the actual data we care about +// for ClusterAuditConfig. +message ClusterAuditConfigSpecV2 { + reserved 5; + reserved "audit_table_name"; + + // Type is audit backend type + string Type = 1 [(gogoproto.jsontag) = "type,omitempty"]; + // Region is a region setting for audit sessions used by cloud providers + string Region = 2 [(gogoproto.jsontag) = "region,omitempty"]; + // AuditSessionsURI is a parameter where to upload sessions + string AuditSessionsURI = 3 [(gogoproto.jsontag) = "audit_sessions_uri,omitempty"]; + // AuditEventsURI is a parameter with all supported outputs + // for audit events + wrappers.StringValues AuditEventsURI = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "audit_events_uri,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Strings" + ]; + + // EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery). + bool EnableContinuousBackups = 6 [(gogoproto.jsontag) = "continuous_backups,omitempty"]; + // EnableAutoScaling is used to enable (or disable) auto scaling policy. + bool EnableAutoScaling = 7 [(gogoproto.jsontag) = "auto_scaling,omitempty"]; + // ReadMaxCapacity is the maximum provisioned read capacity. + int64 ReadMaxCapacity = 8 [(gogoproto.jsontag) = "read_max_capacity,omitempty"]; + // ReadMinCapacity is the minimum provisioned read capacity. + int64 ReadMinCapacity = 9 [(gogoproto.jsontag) = "read_min_capacity,omitempty"]; + // ReadTargetValue is the ratio of consumed read to provisioned capacity. + double ReadTargetValue = 10 [(gogoproto.jsontag) = "read_target_value,omitempty"]; + // WriteMaxCapacity is the maximum provisioned write capacity. + int64 WriteMaxCapacity = 11 [(gogoproto.jsontag) = "write_max_capacity,omitempty"]; + // WriteMinCapacity is the minimum provisioned write capacity. + int64 WriteMinCapacity = 12 [(gogoproto.jsontag) = "write_min_capacity,omitempty"]; + // WriteTargetValue is the ratio of consumed write to provisioned capacity. + double WriteTargetValue = 13 [(gogoproto.jsontag) = "write_target_value,omitempty"]; + // RetentionPeriod is the retention period for audit events. + int64 RetentionPeriod = 14 [ + (gogoproto.jsontag) = "retention_period", + (gogoproto.casttype) = "Duration", + (gogoproto.nullable) = true + ]; + + // FIPSEndpointState represents an AWS FIPS endpoint state. + enum FIPSEndpointState { + // FIPS_UNSET allows setting FIPS state for AWS S3/Dynamo using configuration files or + // environment variables + FIPS_UNSET = 0; + // FIPS_ENABLED explicitly enables FIPS support for AWS S3/Dynamo + FIPS_ENABLED = 1; + // FIPS_DISABLED explicitly disables FIPS support for AWS S3/Dynamo + FIPS_DISABLED = 2; + } + // UseFIPSEndpoint configures AWS endpoints to use FIPS. + FIPSEndpointState UseFIPSEndpoint = 15 [(gogoproto.jsontag) = "use_fips_endpoint,omitempty"]; +} + +// ClusterNetworkingConfigV2 contains cluster-wide networking configuration. +message ClusterNetworkingConfigV2 { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a ClusterNetworkingConfig specification + ClusterNetworkingConfigSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ClusterNetworkingConfigSpecV2 is the actual data we care about +// for ClusterNetworkingConfig. +message ClusterNetworkingConfigSpecV2 { + // ClientIdleTimeout sets global cluster default setting for client idle + // timeouts. + int64 ClientIdleTimeout = 1 [ + (gogoproto.jsontag) = "client_idle_timeout", + (gogoproto.casttype) = "Duration" + ]; + + // KeepAliveInterval is the interval at which the server sends keep-alive messages + // to the client. + int64 KeepAliveInterval = 2 [ + (gogoproto.jsontag) = "keep_alive_interval", + (gogoproto.casttype) = "Duration" + ]; + + // KeepAliveCountMax is the number of keep-alive messages that can be + // missed before the server disconnects the connection to the client. + int64 KeepAliveCountMax = 3 [(gogoproto.jsontag) = "keep_alive_count_max"]; + + // SessionControlTimeout is the session control lease expiry and defines + // the upper limit of how long a node may be out of contact with the auth + // server before it begins terminating controlled sessions. + int64 SessionControlTimeout = 4 [ + (gogoproto.jsontag) = "session_control_timeout", + (gogoproto.casttype) = "Duration" + ]; + + // ClientIdleTimeoutMessage is the message sent to the user when a connection times out. + string ClientIdleTimeoutMessage = 5 [(gogoproto.jsontag) = "idle_timeout_message"]; + + // WebIdleTimeout sets global cluster default setting for the web UI idle + // timeouts. + int64 WebIdleTimeout = 6 [ + (gogoproto.jsontag) = "web_idle_timeout", + (gogoproto.casttype) = "Duration" + ]; + + // ProxyListenerMode is proxy listener mode used by Teleport Proxies. + ProxyListenerMode ProxyListenerMode = 7 [(gogoproto.jsontag) = "proxy_listener_mode,omitempty"]; + + // RoutingStrategy determines the strategy used to route to nodes. + RoutingStrategy RoutingStrategy = 8 [(gogoproto.jsontag) = "routing_strategy,omitempty"]; + + // TunnelStrategyV1 determines the tunnel strategy used in the cluster. + TunnelStrategyV1 TunnelStrategy = 9 [(gogoproto.jsontag) = "tunnel_strategy,omitempty"]; + + // ProxyPingInterval defines in which interval the TLS routing ping message + // should be sent. This is applicable only when using ping-wrapped + // connections, regular TLS routing connections are not affected. + int64 ProxyPingInterval = 10 [ + (gogoproto.jsontag) = "proxy_ping_interval,omitempty", + (gogoproto.casttype) = "Duration" + ]; +} + +// TunnelStrategyV1 defines possible tunnel strategy types. +message TunnelStrategyV1 { + oneof Strategy { + AgentMeshTunnelStrategy AgentMesh = 1 [(gogoproto.jsontag) = "agent_mesh,omitempty"]; + ProxyPeeringTunnelStrategy ProxyPeering = 2 [(gogoproto.jsontag) = "proxy_peering,omitempty"]; + } +} + +// AgentMeshTunnelStrategy requires reverse tunnels to dial every proxy. +message AgentMeshTunnelStrategy {} + +// ProxyPeeringTunnelStrategy requires reverse tunnels to dial a fixed number of proxies. +message ProxyPeeringTunnelStrategy { + int64 AgentConnectionCount = 1 [(gogoproto.jsontag) = "agent_connection_count,omitempty"]; +} + +// ProxyListenerMode represents the cluster proxy listener mode. +enum ProxyListenerMode { + // Separate is the proxy listener mode indicating that proxies are running + // in separate listener mode where Teleport Proxy services use different listeners. + Separate = 0; + // Multiplex is the proxy listener mode indicating the proxy should use multiplex mode + // where all proxy services are multiplexed on a single proxy port. + Multiplex = 1; +} + +// RoutingStrategy determines the strategy used to route to nodes. +enum RoutingStrategy { + // UnambiguousMatch only routes to distinct nodes. + UNAMBIGUOUS_MATCH = 0; + + // MostRecent routes to the most recently heartbeated node if duplicates are present. + MOST_RECENT = 1; +} + +// SessionRecordingConfigV2 contains session recording configuration. +message SessionRecordingConfigV2 { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a SessionRecordingConfig specification + SessionRecordingConfigSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// SessionRecordingConfigSpecV2 is the actual data we care about +// for SessionRecordingConfig. +message SessionRecordingConfigSpecV2 { + // Mode controls where (or if) the session is recorded. + string Mode = 1 [(gogoproto.jsontag) = "mode"]; + + // ProxyChecksHostKeys is used to control if the proxy will check host keys + // when in recording mode. + BoolValue ProxyChecksHostKeys = 2 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "proxy_checks_host_keys", + (gogoproto.customtype) = "BoolOption" + ]; +} + +// AuthPreferenceV2 implements the AuthPreference interface. +message AuthPreferenceV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an AuthPreference specification + AuthPreferenceSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// AuthPreferenceSpecV2 is the actual data we care about for AuthPreference. +message AuthPreferenceSpecV2 { + // Type is the type of authentication. + string Type = 1 [(gogoproto.jsontag) = "type"]; + + // SecondFactor is the type of second factor. + string SecondFactor = 2 [ + (gogoproto.jsontag) = "second_factor,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.SecondFactorType" + ]; + + // ConnectorName is the name of the OIDC or SAML connector. If this value is + // not set the first connector in the backend will be used. + string ConnectorName = 3 [(gogoproto.jsontag) = "connector_name,omitempty"]; + + // U2F are the settings for the U2F device. + U2F U2F = 4 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "u2f,omitempty" + ]; + + // RequireSessionMFA causes all sessions in this cluster to require MFA + // checks. + bool RequireSessionMFA = 5 [(gogoproto.jsontag) = "require_session_mfa,omitempty"]; + + // DisconnectExpiredCert provides disconnect expired certificate setting - + // if true, connections with expired client certificates will get disconnected + BoolValue DisconnectExpiredCert = 6 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "disconnect_expired_cert,omitempty", + (gogoproto.customtype) = "BoolOption" + ]; + + // AllowLocalAuth is true if local authentication is enabled. + BoolValue AllowLocalAuth = 7 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "allow_local_auth,omitempty", + (gogoproto.customtype) = "BoolOption" + ]; + + string MessageOfTheDay = 8 [(gogoproto.jsontag) = "message_of_the_day,omitempty"]; + + // LockingMode is the cluster-wide locking mode default. + string LockingMode = 9 [ + (gogoproto.jsontag) = "locking_mode,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.LockingMode" + ]; + + // Webauthn are the settings for server-side Web Authentication support. + Webauthn Webauthn = 10 [(gogoproto.jsontag) = "webauthn,omitempty"]; + + // AllowPasswordless enables/disables passwordless support. + // Passwordless requires Webauthn to work. + // Defaults to true if the Webauthn is configured, defaults to false + // otherwise. + BoolValue AllowPasswordless = 11 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "allow_passwordless,omitempty", + (gogoproto.customtype) = "BoolOption" + ]; +} + +// U2F defines settings for U2F device. +message U2F { + // AppID returns the application ID for universal second factor. + string AppID = 1 [(gogoproto.jsontag) = "app_id,omitempty"]; + + // Facets returns the facets for universal second factor. + // Deprecated: Kept for backwards compatibility reasons, but Facets have no + // effect since Teleport v10, when Webauthn replaced the U2F implementation. + repeated string Facets = 2 [(gogoproto.jsontag) = "facets,omitempty"]; + + // DeviceAttestationCAs contains the trusted attestation CAs for U2F + // devices. + // DELETE IN 11.0, time to sunset U2F (codingllama). + repeated string DeviceAttestationCAs = 3 [(gogoproto.jsontag) = "device_attestation_cas,omitempty"]; +} + +// Webauthn defines user-visible settings for server-side Web Authentication +// support. +message Webauthn { + // RPID is the ID of the Relying Party. + // It should be set to the domain name of the Teleport installation. + // + // IMPORTANT: RPID must never change in the lifetime of the cluster, because + // it's recorded in the registration data on the WebAuthn device. If the + // RPID changes, all existing WebAuthn key registrations will become invalid + // and all users who use WebAuthn as the second factor will need to + // re-register. + string RPID = 1 [(gogoproto.jsontag) = "rp_id,omitempty"]; + // Allow list of device attestation CAs in PEM format. + // If present, only devices whose attestation certificates match the + // certificates specified here may be registered (existing registrations are + // unchanged). + // If supplied in conjunction with AttestationDeniedCAs, then both + // conditions need to be true for registration to be allowed (the device + // MUST match an allowed CA and MUST NOT match a denied CA). + // By default all devices are allowed. + repeated string AttestationAllowedCAs = 2 [(gogoproto.jsontag) = "attestation_allowed_cas,omitempty"]; + // Deny list of device attestation CAs in PEM format. + // If present, only devices whose attestation certificates don't match the + // certificates specified here may be registered (existing registrations are + // unchanged). + // If supplied in conjunction with AttestationAllowedCAs, then both + // conditions need to be true for registration to be allowed (the device + // MUST match an allowed CA and MUST NOT match a denied CA). + // By default no devices are denied. + repeated string AttestationDeniedCAs = 3 [(gogoproto.jsontag) = "attestation_denied_cas,omitempty"]; + reserved 4; // bool Disabled +} + +// Namespace represents namespace resource specification +message Namespace { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a namespace spec + NamespaceSpec Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// NamespaceSpec is a namespace specificateion +message NamespaceSpec {} + +message UserTokenV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is a resource sub kind, used to define the type of user token. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an resource specification + UserTokenSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// UserTokenUsage contains additional information about the intended usage of a user token. +enum UserTokenUsage { + // Default value that implies token usage was not set. + USER_TOKEN_USAGE_UNSPECIFIED = 0; + // USER_TOKEN_RECOVER_PASSWORD is a request to recover password. + USER_TOKEN_RECOVER_PASSWORD = 1; + // USER_TOKEN_RECOVER_MFA is a request to recover a MFA. + USER_TOKEN_RECOVER_MFA = 2; + // USER_TOKEN_RENEWAL_BOT is a request to generate certificates + // for a bot user. + USER_TOKEN_RENEWAL_BOT = 3; +} + +message UserTokenSpecV3 { + // User is user name associated with this token + string User = 1 [(gogoproto.jsontag) = "user"]; + // URL is this token URL + string URL = 2 [(gogoproto.jsontag) = "url"]; + // Usage is an optional field that provides more information about how this token will be used. + UserTokenUsage Usage = 3 [(gogoproto.jsontag) = "usage,omitempty"]; + // Created holds information about when the token was created + google.protobuf.Timestamp Created = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; +} + +message UserTokenSecretsV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an resource specification + UserTokenSecretsSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +message UserTokenSecretsSpecV3 { + // OTPKey is is a secret value of one time password secret generator + string OTPKey = 1 [(gogoproto.jsontag) = "opt_key"]; + // OTPKey is is a secret value of one time password secret generator + string QRCode = 2 [(gogoproto.jsontag) = "qr_code,omitempty"]; + // Created holds information about when the token was created + google.protobuf.Timestamp Created = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; +} + +// AccessRequest represents an access request resource specification +message AccessRequestV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is AccessRequest metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an AccessRequest specification + AccessRequestSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// AccessReviewThreshold describes a filter used to match access reviews, +// as well as approval/denial counts which trigger state-transitions. This type +// can be used to describe policies such as "can be approved by 2 admins" +// or "can be denied by any non-contractor". +message AccessReviewThreshold { + // Name is the optional human-readable name of the threshold. + string Name = 1 [(gogoproto.jsontag) = "name,omitempty"]; + // Filter is an optional predicate used to determine which reviews + // count toward this threshold. + string Filter = 2 [(gogoproto.jsontag) = "filter,omitempty"]; + // Approve is the number of matching approvals needed for state-transition. + uint32 Approve = 3 [(gogoproto.jsontag) = "approve,omitempty"]; + // Deny is the number of denials needed for state-transition. + uint32 Deny = 4 [(gogoproto.jsontag) = "deny,omitempty"]; +} + +// AccessReview is a review to be applied to an access request. +message AccessReview { + // Author is the teleport username of the review author. + string Author = 1 [(gogoproto.jsontag) = "author"]; + // Roles is a list used for role-subselection (not yet fully supported). + repeated string Roles = 2 [(gogoproto.jsontag) = "roles,omitempty"]; + // ProposedState is the proposed state (must be APPROVED or DENIED). + RequestState ProposedState = 3 [(gogoproto.jsontag) = "proposed_state,omitempty"]; + // Reason is an optional human-readable reason for why the above state + // is being proposed. + string Reason = 4 [(gogoproto.jsontag) = "reason,omitempty"]; + // Created is the time at which the review was created. + google.protobuf.Timestamp Created = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; + // Annotations is the proposed value of the request's resolve_annotations field. + wrappers.LabelValues Annotations = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "annotations,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // ThresholdIndexes stores the indexes of thresholds which this review matches + // (internal use only). + repeated uint32 ThresholdIndexes = 7 [(gogoproto.jsontag) = "i,omitempty"]; +} + +// AccessReviewSubmission encodes the necessary parameters for submitting +// a new access review. +message AccessReviewSubmission { + // RequestID is the unique ID of the request to be reviewed. + string RequestID = 1 [(gogoproto.jsontag) = "id,omitempty"]; + + // Review is the review to be applied. + AccessReview Review = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "review,omitempty" + ]; +} + +// RequestState represents the state of a request for escalated privilege. +enum RequestState { + // NONE variant exists to allow RequestState to be explicitly omitted + // in certain circumstances (e.g. in an AccessRequestFilter). + NONE = 0; + // PENDING variant is the default for newly created requests. + PENDING = 1; + // APPROVED variant indicates that a request has been accepted by + // an administrating party. + APPROVED = 2; + // DENIED variant indicates that a request has been rejected by + // an administrating party. + DENIED = 3; +} + +// ThresholdIndexSet encodes a list of threshold indexes. One of the listed thresholds +// must pass for the set to be considered to have passed (i.e. this is an `or` operator). +message ThresholdIndexSet { + // Indexes are the indexes of thresholds which relate to the role. + repeated uint32 Indexes = 1 [(gogoproto.jsontag) = "i,omitempty"]; +} + +// ThresholdIndexSets is a list of threshold index sets. Each of the individual +// sets must pass (i.e. this is an `and` operator). +message ThresholdIndexSets { + // Sets are the sets that make up this group. + repeated ThresholdIndexSet Sets = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "s,omitempty" + ]; +} + +// AccessRequestSpec is the specification for AccessRequest +message AccessRequestSpecV3 { + // User is the name of the user to whom the roles will be applied. + string User = 1 [(gogoproto.jsontag) = "user"]; + // Roles is the name of the roles being requested. + repeated string Roles = 2 [(gogoproto.jsontag) = "roles"]; + // State is the current state of this access request. + RequestState State = 3 [(gogoproto.jsontag) = "state,omitempty"]; + // Created encodes the time at which the request was registered with the auth + // server. + google.protobuf.Timestamp Created = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; + // Expires constrains the maximum lifetime of any login session for which this + // request is active. + google.protobuf.Timestamp Expires = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + + // RequestReason is an optional message explaining the reason for the request. + string RequestReason = 6 [(gogoproto.jsontag) = "request_reason,omitempty"]; + + // ResolveReason is an optional message explaining the reason for the resolution + // of the request (approval, denail, etc...). + string ResolveReason = 7 [(gogoproto.jsontag) = "resolve_reason,omitempty"]; + + // ResolveAnnotations is a set of arbitrary values received from plugins or other + // resolving parties during approval/denial. Importantly, these annotations are + // included in the access_request.update event, allowing plugins to propagate + // arbitrary structured data to the audit log. + wrappers.LabelValues ResolveAnnotations = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "resolve_annotations,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // SystemAnnotations is a set of programmatically generated annotations attached + // to pending access requests by teleport. These annotations are generated by + // applying variable interpolation to the RoleConditions.Request.Annotations block + // of a user's role(s). These annotations serve as a mechanism for administrators + // to pass extra information to plugins when they process pending access requests. + wrappers.LabelValues SystemAnnotations = 9 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "system_annotations,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // Thresholds is a list of review thresholds relevant to this request. Order must be + // preserved, as thresholds are referenced by index (internal use only). + repeated AccessReviewThreshold Thresholds = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "thresholds,omitempty" + ]; + + // RoleThresholdMapping encodes the relationship between the requested roles and + // the review threshold requirements for the given role (internal use only). + // By storing a representation of which thresholds must pass for each requested role, we + // both eliminate the need to cache the requestor's roles directly, and allow future + // versions of teleport to become smarter about calculating more granular requirements + // in a backwards-compatible manner (i.e. calculation can become smarter in minor releases). + // Storing this relationship on the request is necessary in order to avoid unexpected or + // inconsistent behavior due to review submission timing. + map RoleThresholdMapping = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rtm,omitempty" + ]; + + // Reviews is a list of reviews applied to this request (internal use only). + repeated AccessReview Reviews = 12 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "reviews,omitempty" + ]; + + // SuggestedReviewers is a list of reviewer suggestions. These can be teleport usernames, but + // that is not a requirement. + repeated string SuggestedReviewers = 13 [(gogoproto.jsontag) = "suggested_reviewers,omitempty"]; + + // RequestedResourceIDs is a set of resources to which access is being requested. + repeated ResourceID RequestedResourceIDs = 14 [ + (gogoproto.jsontag) = "resource_ids,omitempty", + (gogoproto.nullable) = false + ]; + + // LoginHint is used as a hint for search-based access requests to select + // roles based on the login the user is attempting. + string LoginHint = 15 [(gogoproto.jsontag) = "login_hint,omitempty"]; + + // DryRun indicates that the request should not actually be created, the + // auth server should only validate the access request. + bool DryRun = 16 [(gogoproto.jsontag) = "dry_run,omitempty"]; +} + +// AccessRequestFilter encodes filter params for access requests. +message AccessRequestFilter { + // ID specifies a request ID if set. + string ID = 1 [(gogoproto.jsontag) = "id,omitempty"]; + // User specifies a username if set. + string User = 2 [(gogoproto.jsontag) = "user,omitempty"]; + // RequestState filters for requests in a specific state. + RequestState State = 3 [(gogoproto.jsontag) = "state,omitempty"]; +} + +// AccessCapabilities is a summary of capabilities that a user +// is granted via their dynamic access privileges which may not be +// calculable by directly examining the user's own static roles. +message AccessCapabilities { + // RequestableRoles is a list of existent roles which the user is allowed to request. + repeated string RequestableRoles = 1 [(gogoproto.jsontag) = "requestable_roles,omitempty"]; + // SuggestedReviewers is a list of all reviewers which are suggested by the user's roles. + repeated string SuggestedReviewers = 2 [(gogoproto.jsontag) = "suggested_reviewers,omitempty"]; +} + +// AccessCapabilitiesRequest encodes parameters for the GetAccessCapabilities method. +message AccessCapabilitiesRequest { + // User is the name of the user whose capabilities we are interested in (defaults to + // the caller's own username). + string User = 1 [(gogoproto.jsontag) = "user,omitempty"]; + // RequestableRoles is a flag indicating that we would like to view the list of roles + // that the user is able to request. + bool RequestableRoles = 2 [(gogoproto.jsontag) = "requestable_roles,omitempty"]; + // SuggestedReviewers is a flag indicating that we would like to view the list of all + // reviewers which are suggested by the user's roles. + bool SuggestedReviewers = 3 [(gogoproto.jsontag) = "suggested_reviewers,omitempty"]; +} + +// ResourceID is a unique identifier for a teleport resource. +message ResourceID { + // ClusterName is the name of the cluster the resource is in. + string ClusterName = 1 [(gogoproto.jsontag) = "cluster"]; + // Kind is the resource kind. + string Kind = 2 [(gogoproto.jsontag) = "kind"]; + // Name is the name of the specific resource. + string Name = 3 [(gogoproto.jsontag) = "name"]; +} + +// PluginData stores a collection of values associated with a specific resource. +message PluginDataV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is PluginData metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a PluginData specification + PluginDataSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// PluginDataEntry wraps a mapping of arbitrary string values used by +// plugins to store per-resource information. +message PluginDataEntry { + // Data is a mapping of arbitrary string values. + map Data = 1 [(gogoproto.jsontag) = "data,omitempty"]; +} + +// PluginData stores a collection of values associated with a specific resource. +message PluginDataSpecV3 { + // Entries is a collection of PluginData values organized by plugin name. + map Entries = 1 [(gogoproto.jsontag) = "entries"]; +} + +// NOTE: PluginDataFilter and PluginDataUpdateParams currently only target AccessRequest resources +// since those are the only resources currently managed via plugin. Support for additional resource +// kinds may be added in a backwards-compatible manner by adding a `Kind` field which defaults +// to `access_request` if unspecified. + +// PluginDataFilter encodes filter params for plugin data. +message PluginDataFilter { + // Kind is the kind of resource that the target plugin data + // is associated with. + string Kind = 1 [(gogoproto.jsontag) = "kind,omitempty"]; + // Resource matches a specific resource name if set. + string Resource = 2 [(gogoproto.jsontag) = "resource,omitempty"]; + // Plugin matches a specific plugin name if set. + string Plugin = 3 [(gogoproto.jsontag) = "plugin,omitempty"]; +} + +// PluginDataUpdateParams encodes paramers for updating a PluginData field. +message PluginDataUpdateParams { + // Kind is the kind of resource that the target plugin data + // is associated with. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // Resource indicates the name of the target resource. + string Resource = 2 [(gogoproto.jsontag) = "resource"]; + // Plugin is the name of the plugin that owns the data. + string Plugin = 3 [(gogoproto.jsontag) = "plugin"]; + // Set indicates the fields which should be set by this operation. + map Set = 4 [(gogoproto.jsontag) = "set,omitempty"]; + // Expect optionally indicates the expected state of fields prior to this update. + map Expect = 5 [(gogoproto.jsontag) = "expect,omitempty"]; +} + +// RoleV5 represents role resource specification +message RoleV5 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a role specification + RoleSpecV5 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// RoleSpecV5 is role specification for RoleV5. +message RoleSpecV5 { + // Options is for OpenSSH options like agent forwarding. + RoleOptions Options = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "options,omitempty" + ]; + // Allow is the set of conditions evaluated to grant access. + RoleConditions Allow = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "allow,omitempty" + ]; + // Deny is the set of conditions evaluated to deny access. Deny takes priority + // over allow. + RoleConditions Deny = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "deny,omitempty" + ]; +} + +// RoleOptions is a set of role options +message RoleOptions { + // ForwardAgent is SSH agent forwarding. + bool ForwardAgent = 1 [ + (gogoproto.jsontag) = "forward_agent", + (gogoproto.casttype) = "Bool" + ]; + + // MaxSessionTTL defines how long a SSH session can last for. + int64 MaxSessionTTL = 2 [ + (gogoproto.jsontag) = "max_session_ttl,omitempty", + (gogoproto.casttype) = "Duration" + ]; + + // PortForwarding defines if the certificate will have + // "permit-port-forwarding" + // in the certificate. PortForwarding is "yes" if not set, + // that's why this is a pointer + BoolValue PortForwarding = 3 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "port_forwarding,omitempty", + (gogoproto.customtype) = "BoolOption" + ]; + + // CertificateFormat defines the format of the user certificate to allow + // compatibility with older versions of OpenSSH. + string CertificateFormat = 4 [(gogoproto.jsontag) = "cert_format"]; + + // ClientIdleTimeout sets disconnect clients on idle timeout behavior, + // if set to 0 means do not disconnect, otherwise is set to the idle + // duration. + int64 ClientIdleTimeout = 5 [ + (gogoproto.jsontag) = "client_idle_timeout,omitempty", + (gogoproto.casttype) = "Duration" + ]; + + // DisconnectExpiredCert sets disconnect clients on expired certificates. + bool DisconnectExpiredCert = 6 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "disconnect_expired_cert,omitempty", + (gogoproto.casttype) = "Bool" + ]; + + // BPF defines what events to record for the BPF-based session recorder. + repeated string BPF = 7 [(gogoproto.jsontag) = "enhanced_recording,omitempty"]; + + // PermitX11Forwarding authorizes use of X11 forwarding. + bool PermitX11Forwarding = 8 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "permit_x11_forwarding,omitempty", + (gogoproto.casttype) = "Bool" + ]; + + // MaxConnections defines the maximum number of + // concurrent connections a user may hold. + int64 MaxConnections = 9 [(gogoproto.jsontag) = "max_connections,omitempty"]; + + // MaxSessions defines the maximum number of + // concurrent sessions per connection. + int64 MaxSessions = 10 [(gogoproto.jsontag) = "max_sessions,omitempty"]; + + // RequestAccess defines the access request stategy (optional|note|always) + // where optional is the default. + string RequestAccess = 11 [ + (gogoproto.jsontag) = "request_access,omitempty", + (gogoproto.casttype) = "RequestStrategy" + ]; + + // RequestPrompt is an optional message which tells users what they aught to + string RequestPrompt = 12 [(gogoproto.jsontag) = "request_prompt,omitempty"]; + + // RequireSessionMFA specifies whether a user is required to do an MFA + // check for every session. + bool RequireSessionMFA = 13 [(gogoproto.jsontag) = "require_session_mfa,omitempty"]; + + // Lock specifies the locking mode (strict|best_effort) to be applied with + // the role. + string Lock = 14 [ + (gogoproto.jsontag) = "lock,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.LockingMode" + ]; + + // RecordDesktopSession indicates whether desktop access sessions should be recorded. + // It defaults to true unless explicitly set to false. + RecordSession RecordSession = 15 [(gogoproto.jsontag) = "record_session"]; + + // DesktopClipboard indicates whether clipboard sharing is allowed between the user's + // workstation and the remote desktop. It defaults to true unless explicitly set to + // false. + BoolValue DesktopClipboard = 16 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "desktop_clipboard", + (gogoproto.customtype) = "BoolOption" + ]; + + // CertExtensions specifies the key/values + repeated CertExtension CertExtensions = 17 [(gogoproto.jsontag) = "cert_extensions,omitempty"]; + + // MaxKubernetesConnections defines the maximum number of concurrent + // Kubernetes sessions a user may hold. + int64 MaxKubernetesConnections = 18 [(gogoproto.jsontag) = "max_kubernetes_connections,omitempty"]; + + // DesktopDirectorySharing indicates whether directory sharing is allowed between the user's + // workstation and the remote desktop. It defaults to false unless explicitly set to + // true. + BoolValue DesktopDirectorySharing = 19 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "desktop_directory_sharing", + (gogoproto.customtype) = "BoolOption" + ]; + + // CreateHostUser allows users to be automatically created on a host + BoolValue CreateHostUser = 20 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "create_host_user", + (gogoproto.customtype) = "BoolOption" + ]; + + // PinSourceIP forces the same client IP for certificate generation and usage + bool PinSourceIP = 21 [ + (gogoproto.jsontag) = "pin_source_ip", + (gogoproto.casttype) = "Bool" + ]; + + // SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed + // over an SSH session. It defaults to true unless explicitly set to false. + BoolValue SSHFileCopy = 22 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "ssh_file_copy", + (gogoproto.customtype) = "BoolOption" + ]; +} + +message RecordSession { + // Desktop indicates whether desktop sessions should be recorded. + // It defaults to true unless explicitly set to false. + BoolValue Desktop = 1 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "desktop", + (gogoproto.customtype) = "BoolOption" + ]; + + // Default indicates the default value for the services. + string Default = 2 [ + (gogoproto.jsontag) = "default,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.SessionRecordingMode" + ]; + + // SSH indicates the session mode used on SSH sessions. + string SSH = 3 [ + (gogoproto.jsontag) = "ssh,omitempty", + (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.SessionRecordingMode" + ]; +} + +// CertExtensionMode specifies the type of extension to use in the cert. +enum CertExtensionMode { + // EXTENSION represents a cert extension that may or may not be + // honored by the server. + EXTENSION = 0; +} + +// CertExtensionType represents the certificate type the extension is for. +// Currently only ssh is supported. +enum CertExtensionType { + // SSH is used when extending an ssh certificate + SSH = 0; +} + +// CertExtension represents a key/value for a certificate extension +message CertExtension { + // Type represents the certificate type being extended, only ssh + // is supported at this time. + CertExtensionType Type = 1 [(gogoproto.jsontag) = "type"]; + // Mode is the type of extension to be used -- currently + // critical-option is not supported + CertExtensionMode Mode = 2 [(gogoproto.jsontag) = "mode"]; + // Name specifies the key to be used in the cert extension. + string Name = 3 [(gogoproto.jsontag) = "name"]; + // Value specifies the valueg to be used in the cert extension. + string Value = 4 [(gogoproto.jsontag) = "value"]; +} + +// RoleConditions is a set of conditions that must all match to be allowed or +// denied access. +message RoleConditions { + // Logins is a list of *nix system logins. + repeated string Logins = 1 [(gogoproto.jsontag) = "logins,omitempty"]; + + // Namespaces is a list of namespaces (used to partition a cluster). The + // field should be called "namespaces" when it returns in Teleport 2.4. + repeated string Namespaces = 2 [(gogoproto.jsontag) = "-"]; + + // NodeLabels is a map of node labels (used to dynamically grant access to + // nodes). + wrappers.LabelValues NodeLabels = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "node_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // Rules is a list of rules and their access levels. Rules are a high level + // construct used for access control. + repeated Rule Rules = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "rules,omitempty" + ]; + + // KubeGroups is a list of kubernetes groups + repeated string KubeGroups = 5 [(gogoproto.jsontag) = "kubernetes_groups,omitempty"]; + + AccessRequestConditions Request = 6 [(gogoproto.jsontag) = "request,omitempty"]; + + // KubeUsers is an optional kubernetes users to impersonate + repeated string KubeUsers = 7 [(gogoproto.jsontag) = "kubernetes_users,omitempty"]; + + // AppLabels is a map of labels used as part of the RBAC system. + wrappers.LabelValues AppLabels = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "app_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // ClusterLabels is a map of node labels (used to dynamically grant access to + // clusters). + wrappers.LabelValues ClusterLabels = 9 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "cluster_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // KubernetesLabels is a map of kubernetes cluster labels used for RBAC. + wrappers.LabelValues KubernetesLabels = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "kubernetes_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // DatabaseLabels are used in RBAC system to allow/deny access to databases. + wrappers.LabelValues DatabaseLabels = 11 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "db_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // DatabaseNames is a list of database names this role is allowed to connect to. + repeated string DatabaseNames = 12 [(gogoproto.jsontag) = "db_names,omitempty"]; + // DatabaseUsers is a list of databaes users this role is allowed to connect as. + repeated string DatabaseUsers = 13 [(gogoproto.jsontag) = "db_users,omitempty"]; + + // Impersonate specifies what users and roles this role is allowed to impersonate + // by issuing certificates or other possible means. + ImpersonateConditions Impersonate = 14 [(gogoproto.jsontag) = "impersonate,omitempty"]; + + // ReviewRequests defines conditions for submitting access reviews. + AccessReviewConditions ReviewRequests = 15 [(gogoproto.jsontag) = "review_requests,omitempty"]; + + // AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume. + repeated string AWSRoleARNs = 16 [(gogoproto.jsontag) = "aws_role_arns,omitempty"]; + + // WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops. + repeated string WindowsDesktopLogins = 17 [(gogoproto.jsontag) = "windows_desktop_logins,omitempty"]; + + // WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops. + wrappers.LabelValues WindowsDesktopLabels = 18 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "windows_desktop_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; + + // RequireSessionJoin specifies policies for required users to start a session. + repeated SessionRequirePolicy RequireSessionJoin = 19 [(gogoproto.jsontag) = "require_session_join,omitempty"]; + + // JoinSessions specifies policies to allow users to join other sessions. + repeated SessionJoinPolicy JoinSessions = 20 [(gogoproto.jsontag) = "join_sessions,omitempty"]; + + // HostGroups is a list of groups for created users to be added to + repeated string HostGroups = 21 [(gogoproto.jsontag) = "host_groups,omitempty"]; + // HostSudoers is a list of entries to include in a users sudoer file + repeated string HostSudoers = 22 [(gogoproto.jsontag) = "host_sudoers,omitempty"]; +} + +// SessionRequirePolicy a requirement policy that needs to be fulfilled to grant access. +message SessionRequirePolicy { + // Name is the name of the policy. + string Name = 1 [(gogoproto.jsontag) = "name"]; + + // Filter is a predicate that determines what users count towards this policy. + string Filter = 2 [(gogoproto.jsontag) = "filter"]; + + // Kinds are the session kinds this policy applies to. + repeated string Kinds = 3 [(gogoproto.jsontag) = "kinds"]; + + // Count is the amount of people that need to be matched for this policy to be fulfilled. + int32 Count = 4 [(gogoproto.jsontag) = "count"]; + + // Modes is the list of modes that may be used to fulfill this policy. + repeated string Modes = 5 [(gogoproto.jsontag) = "modes"]; + + // OnLeave is the behaviour that's used when the policy is no longer fulfilled + // for a live session. + string OnLeave = 6 [(gogoproto.jsontag) = "on_leave"]; +} + +// SessionJoinPolicy defines a policy that allows a user to join sessions. +message SessionJoinPolicy { + // Name is the name of the policy. + string Name = 1 [(gogoproto.jsontag) = "name"]; + + // Roles is a list of roles that you can join the session of. + repeated string Roles = 2 [(gogoproto.jsontag) = "roles"]; + + // Kinds are the session kinds this policy applies to. + repeated string Kinds = 3 [(gogoproto.jsontag) = "kinds"]; + + // Modes is a list of permitted participant modes for this policy. + repeated string Modes = 4 [(gogoproto.jsontag) = "modes"]; +} + +// AccessRequestConditions is a matcher for allow/deny restrictions on +// access-requests. +message AccessRequestConditions { + // Roles is the name of roles which will match the request rule. + repeated string Roles = 1 [(gogoproto.jsontag) = "roles,omitempty"]; + + // ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. + repeated ClaimMapping ClaimsToRoles = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "claims_to_roles,omitempty" + ]; + + // Annotations is a collection of annotations to be programmatically + // appended to pending access requests at the time of their creation. + // These annotations serve as a mechanism to propagate extra information + // to plugins. Since these annotations support variable interpolation + // syntax, they also offer a mechanism for forwarding claims from an + // external identity provider, to a plugin via `{{external.trait_name}}` + // style substitutions. + wrappers.LabelValues Annotations = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "annotations,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // Thresholds is a list of thresholds, one of which must be met in order for reviews + // to trigger a state-transition. If no thresholds are provided, a default threshold + // of 1 for approval and denial is used. + repeated AccessReviewThreshold Thresholds = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "thresholds,omitempty" + ]; + + // SuggestedReviewers is a list of reviewer suggestions. These can be teleport usernames, but + // that is not a requirement. + repeated string SuggestedReviewers = 5 [(gogoproto.jsontag) = "suggested_reviewers,omitempty"]; + + // SearchAsRoles is a list of roles which the user should be able to "assume" + // while searching for resources, and should be able to request with a + // search-based access request. + repeated string SearchAsRoles = 6 [(gogoproto.jsontag) = "search_as_roles,omitempty"]; +} + +// AccessReviewConditions is a matcher for allow/deny restrictions on +// access reviews. +message AccessReviewConditions { + // Roles is the name of roles which may be reviewed. + repeated string Roles = 1 [(gogoproto.jsontag) = "roles,omitempty"]; + + // ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. + repeated ClaimMapping ClaimsToRoles = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "claims_to_roles,omitempty" + ]; + + // Where is an optional predicate which further limits which requests are + // reviewable. + string Where = 3 [(gogoproto.jsontag) = "where,omitempty"]; +} + +// ClaimMapping maps a claim to teleport roles. +message ClaimMapping { + // Claim is a claim name. + string Claim = 1 [(gogoproto.jsontag) = "claim"]; + // Value is a claim value to match. + string Value = 2 [(gogoproto.jsontag) = "value"]; + // Roles is a list of static teleport roles to match. + repeated string Roles = 3 [(gogoproto.jsontag) = "roles,omitempty"]; +} + +// TraitMapping maps a trait to teleport roles. +message TraitMapping { + // Trait is a trait name. + string Trait = 1 [(gogoproto.jsontag) = "trait"]; + // Value is a trait value to match. + string Value = 2 [(gogoproto.jsontag) = "value"]; + // Roles is a list of static teleport roles to match. + repeated string Roles = 3 [(gogoproto.jsontag) = "roles,omitempty"]; +} + +// Rule represents allow or deny rule that is executed to check +// if user or service have access to resource +message Rule { + // Resources is a list of resources + repeated string Resources = 1 [(gogoproto.jsontag) = "resources,omitempty"]; + // Verbs is a list of verbs + repeated string Verbs = 2 [(gogoproto.jsontag) = "verbs,omitempty"]; + // Where specifies optional advanced matcher + string Where = 3 [(gogoproto.jsontag) = "where,omitempty"]; + // Actions specifies optional actions taken when this rule matches + repeated string Actions = 4 [(gogoproto.jsontag) = "actions,omitempty"]; +} + +// ImpersonateConditions specifies whether users are allowed +// to issue certificates for other users or groups. +message ImpersonateConditions { + // Users is a list of resources this role is allowed to impersonate, + // could be an empty list or a Wildcard pattern + repeated string Users = 1 [(gogoproto.jsontag) = "users,omitempty"]; + // Roles is a list of resources this role is allowed to impersonate + repeated string Roles = 2 [(gogoproto.jsontag) = "roles,omitempty"]; + // Where specifies optional advanced matcher + string Where = 3 [(gogoproto.jsontag) = "where,omitempty"]; +} + +// BoolValue is a wrapper around bool, used in cases +// whenever bool value can have different default value when missing +message BoolValue { + bool Value = 1; +} + +// UserV2 is version 2 resource spec of the user +message UserV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a user specification + UserSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// UserSpecV2 is a specification for V2 user +message UserSpecV2 { + // OIDCIdentities lists associated OpenID Connect identities + // that let user log in using externally verified identity + repeated ExternalIdentity OIDCIdentities = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "oidc_identities,omitempty" + ]; + + // SAMLIdentities lists associated SAML identities + // that let user log in using externally verified identity + repeated ExternalIdentity SAMLIdentities = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "saml_identities,omitempty" + ]; + + // GithubIdentities list associated Github OAuth2 identities + // that let user log in using externally verified identity + repeated ExternalIdentity GithubIdentities = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "github_identities,omitempty" + ]; + + // Roles is a list of roles assigned to user + repeated string Roles = 4 [(gogoproto.jsontag) = "roles,omitempty"]; + + // Traits are key/value pairs received from an identity provider (through + // OIDC claims or SAML assertions) or from a system administrator for local + // accounts. Traits are used to populate role variables. + wrappers.LabelValues Traits = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "traits,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // Status is a login status of the user + LoginStatus Status = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "status,omitempty" + ]; + + // Expires if set sets TTL on the user + google.protobuf.Timestamp Expires = 7 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + + // CreatedBy holds information about agent or person created this user + CreatedBy CreatedBy = 8 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created_by,omitempty" + ]; + + // LocalAuths hold sensitive data necessary for performing local + // authentication + LocalAuthSecrets LocalAuth = 9 [(gogoproto.jsontag) = "local_auth,omitempty"]; +} + +// ExternalIdentity is OpenID Connect/SAML or Github identity that is linked +// to particular user and connector and lets user to log in using external +// credentials, e.g. google +message ExternalIdentity { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' + string ConnectorID = 1 [(gogoproto.jsontag) = "connector_id,omitempty"]; + + // Username is username supplied by external identity provider + string Username = 2 [(gogoproto.jsontag) = "username,omitempty"]; +} + +// LoginStatus is a login status of the user +message LoginStatus { + // IsLocked tells us if user is locked + bool IsLocked = 1 [(gogoproto.jsontag) = "is_locked"]; + // LockedMessage contains the message in case if user is locked + string LockedMessage = 2 [(gogoproto.jsontag) = "locked_message,omitempty"]; + // LockedTime contains time when user was locked + google.protobuf.Timestamp LockedTime = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "locked_time,omitempty" + ]; + // LockExpires contains time when this lock will expire + google.protobuf.Timestamp LockExpires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "lock_expires,omitempty" + ]; + // RecoveryAttemptLockExpires contains the time when this lock will expire + // from reaching MaxAccountRecoveryAttempts. This field is used to determine + // if a user got locked from recovery attempts. + google.protobuf.Timestamp RecoveryAttemptLockExpires = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "recovery_attempt_lock_expires,omitempty" + ]; +} + +// CreatedBy holds information about the person or agent who created the user +message CreatedBy { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Identity if present means that user was automatically created by identity + ConnectorRef Connector = 1 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "connector,omitempty" + ]; + // Time specifies when user was created + google.protobuf.Timestamp Time = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "time" + ]; + // User holds information about user + UserRef User = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "user" + ]; +} + +// LocalAuthSecrets holds sensitive data used to authenticate a local user. +message LocalAuthSecrets { + // PasswordHash encodes a combined salt & hash for password verification. + bytes PasswordHash = 1 [(gogoproto.jsontag) = "password_hash,omitempty"]; + + // Deprecated 2nd factor fields, use MFA below instead. + string TOTPKey = 2 [(gogoproto.jsontag) = "totp_key,omitempty"]; + reserved 3; // U2FRegistrationData U2FRegistration + reserved 4; // uint32 U2FCounter + + repeated MFADevice MFA = 5 [(gogoproto.jsontag) = "mfa,omitempty"]; + // Webauthn holds settings necessary for webauthn local auth. + // May be null for legacy users or users that haven't yet used webauthn as + // their second factor. + WebauthnLocalAuth Webauthn = 6 [(gogoproto.jsontag) = "webauthn,omitempty"]; +} + +// MFADevice is a multi-factor authentication device, such as a security key or +// an OTP app. +message MFADevice { + // Boilerplate for implementing the Resource interface. + string kind = 1; + string sub_kind = 2; + string version = 3; + Metadata metadata = 4 [(gogoproto.nullable) = false]; + + // ID is a UUID of this device. + string id = 5; + + google.protobuf.Timestamp added_at = 6 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + google.protobuf.Timestamp last_used = 7 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; + + oneof device { + TOTPDevice totp = 8; + U2FDevice u2f = 9; + WebauthnDevice webauthn = 10; + } +} + +// TOTPDevice holds the TOTP-specific fields of MFADevice. +message TOTPDevice { + string key = 1; +} + +// U2FDevice holds the U2F-specific fields of MFADevice. +message U2FDevice { + // KeyHandle uniquely identifies a key on a device + bytes key_handle = 1; + // PubKey is an DER encoded ecdsa public key + bytes pub_key = 2; + // Counter is the latest seen value of the U2F usage counter. + uint32 counter = 3; +} + +// WebauthnDevice holds Webauthn-specific fields of MFADevice. +message WebauthnDevice { + // Credential ID for the authenticator. + bytes credential_id = 1; + // Public key encoded in CBOR format. + // Webauthn support various key algorithms; CBOR encoding is used to reflect + // those choices. + // See https://w3c.github.io/webauthn/#sctn-alg-identifier for a starter + // reference. + bytes public_key_cbor = 2; + // Attestation format used by the authenticator, if any. + string attestation_type = 3; + // AAGUID is the globally unique identifier of the authenticator model. + // Zeroed for U2F devices. + bytes aaguid = 4; + // Signature counter for login operations. + // Actual counter values received from the authenticator are expected to be + // higher than the previously-stored value. + uint32 signature_counter = 5; + // Raw attestation object, as returned by the authentication during + // registration. + // Absent for legacy entries (Teleport 8.x). + bytes attestation_object = 6; + // True if a resident key was requested during registration. + // Marks passwordless-capable devices. + // (Note that resident_key=true represents the server-side / Relying Party + // view of the registration process; the authenticator alone can determine + // if a key is truly resident.) + bool resident_key = 7; +} + +// WebauthnLocalAuth holds settings necessary for local webauthn use. +message WebauthnLocalAuth { + // UserID is the random user handle generated for the user. + // See https://www.w3.org/TR/webauthn-2/#sctn-user-handle-privacy. + bytes UserID = 1 [(gogoproto.jsontag) = "user_id,omitempty"]; +} + +// ConnectorRef holds information about OIDC connector +message ConnectorRef { + // Type is connector type + string Type = 1 [(gogoproto.jsontag) = "type"]; + // ID is connector ID + string ID = 2 [(gogoproto.jsontag) = "id"]; + // Identity is external identity of the user + string Identity = 3 [(gogoproto.jsontag) = "identity"]; +} + +// UserRef holds references to user +message UserRef { + // Name is name of the user + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// ReverseTunnelV2 is version 2 of the resource spec of the reverse tunnel +message ReverseTunnelV2 { + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is a resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a reverse tunnel specification + ReverseTunnelSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ReverseTunnelSpecV2 is a specification for V2 reverse tunnel +message ReverseTunnelSpecV2 { + // ClusterName is a domain name of remote cluster we are connecting to + string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; + // DialAddrs is a list of remote address to establish a connection to + // it's always SSH over TCP + repeated string DialAddrs = 2 [(gogoproto.jsontag) = "dial_addrs,omitempty"]; + // Type is the type of reverse tunnel, either proxy or node. + string Type = 3 [ + (gogoproto.jsontag) = "type", + (gogoproto.casttype) = "TunnelType" + ]; +} + +// TunnelConnectionV2 is version 2 of the resource spec of the tunnel connection +message TunnelConnectionV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is a resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a tunnel specification + TunnelConnectionSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// TunnelConnectionSpecV2 is a specification for V2 tunnel connection +message TunnelConnectionSpecV2 { + // ClusterName is a name of the cluster + string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; + // ProxyName is the name of the proxy server + string ProxyName = 2 [(gogoproto.jsontag) = "proxy_name"]; + // LastHeartbeat is a time of the last heartbeat + google.protobuf.Timestamp LastHeartbeat = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "last_heartbeat,omitempty" + ]; + // Type is the type of reverse tunnel, either proxy or node. + string Type = 4 [ + (gogoproto.jsontag) = "type", + (gogoproto.casttype) = "TunnelType" + ]; +} + +// SemaphoreFilter encodes semaphore filtering params. +// A semaphore filter matches a semaphore if all nonzero fields +// match the corresponding semaphore fileds (e.g. a filter which +// specifies only `kind=foo` would match all semaphores of +// kind `foo`). +message SemaphoreFilter { + // SemaphoreKind is the kind of the semaphore. + string SemaphoreKind = 1 [(gogoproto.jsontag) = "kind"]; + // SemaphoreName is the name of the semaphore. + string SemaphoreName = 2 [(gogoproto.jsontag) = "name"]; +} + +// AcquireSemaphoreRequest holds semaphore lease acquisition parameters. +message AcquireSemaphoreRequest { + // SemaphoreKind is the kind of the semaphore. + string SemaphoreKind = 1 [(gogoproto.jsontag) = "kind"]; + // SemaphoreName is the name of the semaphore. + string SemaphoreName = 2 [(gogoproto.jsontag) = "name"]; + // MaxLeases is the maximum number of concurrent leases. If acquisition + // would cause more than MaxLeases to exist, acquisition must fail. + int64 MaxLeases = 3 [(gogoproto.jsontag) = "max_resources"]; + // Expires is the time at which this lease expires. + google.protobuf.Timestamp Expires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + // Holder identifies the entitiy holding the lease. + string Holder = 5 [(gogoproto.jsontag) = "holder"]; +} + +// SemaphoreLease represents lease acquired for semaphore +message SemaphoreLease { + // SemaphoreKind is the kind of the semaphore. + string SemaphoreKind = 1 [(gogoproto.jsontag) = "kind"]; + // SemaphoreName is the name of the semaphore. + string SemaphoreName = 2 [(gogoproto.jsontag) = "name"]; + // LeaseID uniquely identifies this lease. + string LeaseID = 3 [(gogoproto.jsontag) = "lease_id"]; + // Expires is the time at which this lease expires. + google.protobuf.Timestamp Expires = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; +} + +// SemaphoreLeaseRef identifies an existent lease. +message SemaphoreLeaseRef { + // LeaseID is the unique ID of the lease. + string LeaseID = 1 [(gogoproto.jsontag) = "lease_id"]; + // Expires is the time at which the lease expires. + google.protobuf.Timestamp Expires = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + // Holder identifies the lease holder. + string Holder = 3 [(gogoproto.jsontag) = "holder"]; +} + +// SemaphoreV3 implements Semaphore interface +message SemaphoreV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is Semaphore metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a lease V3 spec + SemaphoreSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// SemaphoreSpecV3 contains the data about lease +message SemaphoreSpecV3 { + // Leases is a list of all currently acquired leases. + repeated SemaphoreLeaseRef Leases = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "leases" + ]; +} + +// WebSessionV2 represents an application or UI web session. +message WebSessionV2 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is a resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a tunnel specification. + WebSessionSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// WebSessionSpecV2 is a specification for web session. +message WebSessionSpecV2 { + // User is the identity of the user to which the web session belongs. + string User = 1 [(gogoproto.jsontag) = "user"]; + // Pub is the SSH certificate for the user. + bytes Pub = 2 [(gogoproto.jsontag) = "pub"]; + // Priv is the SSH private key for the user. + bytes Priv = 3 [(gogoproto.jsontag) = "priv,omitempty"]; + // TLSCert is the TLS certificate for the user. + bytes TLSCert = 4 [(gogoproto.jsontag) = "tls_cert,omitempty"]; + // BearerToken is a token that is paired with the session cookie for + // authentication. It is periodically rotated so a stolen cookie itself + // is not enough to steal a session. In addition it is used for CSRF + // mitigation. + string BearerToken = 5 [(gogoproto.jsontag) = "bearer_token"]; + // BearerTokenExpires is the absolute time when the token expires. + google.protobuf.Timestamp BearerTokenExpires = 6 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "bearer_token_expires" + ]; + // Expires is the absolute time when the session expires. + google.protobuf.Timestamp Expires = 7 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + // LoginTime is the time this user recently logged in. + google.protobuf.Timestamp LoginTime = 8 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "login_time" + ]; + // IdleTimeout is the max time a user can be inactive in a session. + int64 IdleTimeout = 9 [ + (gogoproto.jsontag) = "idle_timeout", + (gogoproto.casttype) = "Duration" + ]; + // ConsumedAccessRequestID is the ID of the access request from which additional roles to assume + // were obtained. + string ConsumedAccessRequestID = 10 [(gogoproto.jsontag) = "consumed_access_request_id,omitempty"]; +} + +// WebSessionFilter encodes cache watch parameters for filtering web sessions. +message WebSessionFilter { + // User is the username to filter web sessions for. + string User = 1 [(gogoproto.jsontag) = "user"]; +} + +// RemoteClusterV3 represents remote cluster resource specification +message RemoteClusterV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is resource API version + string Version = 3 [(gogoproto.jsontag) = "version"]; + + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Status is a remote cluster status + RemoteClusterStatusV3 Status = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "status" + ]; +} + +// RemoteClusterStatusV3 represents status of the remote cluster +message RemoteClusterStatusV3 { + // Connection represents connection status, online or offline + string Connection = 1 [(gogoproto.jsontag) = "connection"]; + + // LastHeartbeat records last heartbeat of the cluster + google.protobuf.Timestamp LastHeartbeat = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "last_heartbeat" + ]; +} + +// KubernetesCluster is a named kubernetes API endpoint handled by a Server. +// +// TODO: deprecate and convert all usage to KubernetesClusterV3 +message KubernetesCluster { + // Name is the name of this kubernetes cluster. + string Name = 1 [(gogoproto.jsontag) = "name"]; + + // StaticLabels is map of static labels associated with this cluster. + // Used for RBAC. + map StaticLabels = 2 [(gogoproto.jsontag) = "static_labels,omitempty"]; + // DynamicLabels is map of dynamic labels associated with this cluster. + // Used for RBAC. + map DynamicLabels = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "dynamic_labels,omitempty" + ]; +} + +// KubernetesClusterV3 represents a named kubernetes API endpoint. +message KubernetesClusterV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is the cluster resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the resource spec. + KubernetesClusterSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// KubernetesClusterSpecV3 is a specification for a Kubernetes cluster. +message KubernetesClusterSpecV3 { + // DynamicLabels are the cluster's dynamic labels. + map DynamicLabels = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "dynamic_labels,omitempty" + ]; +} + +// WebTokenV3 describes a web token. Web tokens are used as a transport to relay bearer tokens +// to the client. +// Initially bound to a web session, these have been factored out into a separate resource to +// enable separate lifecycle management. +message WebTokenV3 { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // Kind is a resource kind + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is resource metadata + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec defines the web token + WebTokenSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// WebTokenSpecV3 is a unique time-limited token bound to a user's web session +message WebTokenSpecV3 { + // User specifies the user the token is bound to. + string User = 1 [(gogoproto.jsontag) = "user"]; + // Token specifies the token's value. + string Token = 2 [(gogoproto.jsontag) = "token"]; +} + +// GetWebSessionRequest describes a request to query a web session +message GetWebSessionRequest { + // User specifies the user the web session is for. + string User = 1 [(gogoproto.jsontag) = "user"]; + // SessionID specifies the web session ID. + string SessionID = 2 [(gogoproto.jsontag) = "session_id"]; +} + +// DeleteWebSessionRequest describes a request to delete a web session +message DeleteWebSessionRequest { + // User specifies the user the session is bound to + string User = 1 [(gogoproto.jsontag) = "user"]; + // SessionID specifies the web session ID to delete. + string SessionID = 2 [(gogoproto.jsontag) = "session_id"]; +} + +// GetWebTokenRequest describes a request to query a web token +message GetWebTokenRequest { + // User specifies the user the token is for. + string User = 1 [(gogoproto.jsontag) = "user"]; + // Token specifies the token to get. + string Token = 2 [(gogoproto.jsontag) = "token"]; +} + +// DeleteWebTokenRequest describes a request to delete a web token +message DeleteWebTokenRequest { + // User specifies the user the token is for. + string User = 1 [(gogoproto.jsontag) = "user"]; + // Token specifies the token to delete. + string Token = 2 [(gogoproto.jsontag) = "token"]; +} + +// ResourceRequest is a request relating to a named resource. +message ResourceRequest { + // Name is the name of the resource. + string Name = 1 [(gogoproto.jsontag) = "name"]; +} + +// ResourceWithSecretsRequest is a request relating to a named resource with secrets. +message ResourceWithSecretsRequest { + // Name is the name of the resource. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // WithSecrets specifies whether to load associated secrets. + bool WithSecrets = 2 [(gogoproto.jsontag) = "with_secrets,omitempty"]; +} + +// ResourcesWithSecretsRequest is a request relating to resources with secrets. +message ResourcesWithSecretsRequest { + // WithSecrets specifies whether to load associated secrets. + bool WithSecrets = 1 [(gogoproto.jsontag) = "with_secrets,omitempty"]; +} + +// ResourcesInNamespaceRequest is a request relating to a named resource in the given namespace. +message ResourceInNamespaceRequest { + // Name is the name of the resource. + string Name = 1; + // Namespace is the namespace of resources. + string Namespace = 2; +} + +// ResourcesInNamespaceRequest is a request relating to resources in the given namespace. +message ResourcesInNamespaceRequest { + // Namespace is the namespace of resources. + string Namespace = 1; +} + +// OIDCConnectorV3 represents an OIDC connector. +message OIDCConnectorV3 { + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata holds resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an OIDC connector specification. + OIDCConnectorSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// OIDCConnectorV3List is a list of OIDC connectors. +message OIDCConnectorV3List { + // OIDCConnectors is a list of OIDC connectors. + repeated OIDCConnectorV3 OIDCConnectors = 1; +} + +// OIDCConnectorSpecV3 is an OIDC connector specification. +// +// It specifies configuration for Open ID Connect compatible external +// identity provider: https://openid.net/specs/openid-connect-core-1_0.html +message OIDCConnectorSpecV3 { + // IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com. + string IssuerURL = 1 [(gogoproto.jsontag) = "issuer_url"]; + // ClientID is the id of the authentication client (Teleport Auth server). + string ClientID = 2 [(gogoproto.jsontag) = "client_id"]; + // ClientSecret is used to authenticate the client. + string ClientSecret = 3 [(gogoproto.jsontag) = "client_secret"]; + // RedirectURL is a URL that will redirect the client's browser + // back to the identity provider after successful authentication. + // This should match the URL on the Provider's side. + // + // DELETE IN 11.0.0 in favor of RedirectURLs + string RedirectURL = 4 [(gogoproto.jsontag) = "-"]; + // ACR is an Authentication Context Class Reference value. The meaning of the ACR + // value is context-specific and varies for identity providers. + string ACR = 5 [(gogoproto.jsontag) = "acr_values,omitempty"]; + // Provider is the external identity provider. + string Provider = 6 [(gogoproto.jsontag) = "provider,omitempty"]; + // Display is the friendly name for this provider. + string Display = 7 [(gogoproto.jsontag) = "display,omitempty"]; + // Scope specifies additional scopes set by provider. + repeated string Scope = 8 [(gogoproto.jsontag) = "scope,omitempty"]; + // Prompt is an optional OIDC prompt. An empty string omits prompt. + // If not specified, it defaults to select_account for backwards compatibility. + string Prompt = 9 [(gogoproto.jsontag) = "prompt,omitempty"]; + // ClaimsToRoles specifies a dynamic mapping from claims to roles. + repeated ClaimMapping ClaimsToRoles = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "claims_to_roles,omitempty" + ]; + // GoogleServiceAccountURI is a path to a google service account uri. + string GoogleServiceAccountURI = 11 [(gogoproto.jsontag) = "google_service_account_uri,omitempty"]; + // GoogleServiceAccount is a string containing google service account credentials. + string GoogleServiceAccount = 12 [(gogoproto.jsontag) = "google_service_account,omitempty"]; + // GoogleAdminEmail is the email of a google admin to impersonate. + string GoogleAdminEmail = 13 [(gogoproto.jsontag) = "google_admin_email,omitempty"]; + // RedirectURLs is a list of callback URLs which the identity provider can use + // to redirect the client back to the Teleport Proxy to complete authentication. + // This list should match the URLs on the provider's side. The URL used for a + // given auth request will be chosen to match the requesting Proxy's public + // address. If there is no match, the first url in the list will be used. + wrappers.StringValues RedirectURLs = 14 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "redirect_url", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Strings" + ]; + // AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails. + bool AllowUnverifiedEmail = 15 [(gogoproto.jsontag) = "allow_unverified_email,omitempty"]; + // UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username. + string UsernameClaim = 16 [(gogoproto.jsontag) = "username_claim,omitempty"]; +} + +// OIDCAuthRequest is a request to authenticate with OIDC +// provider, the state about request is managed by auth server +message OIDCAuthRequest { + // ConnectorID is ID of OIDC connector this request uses + string ConnectorID = 1 [(gogoproto.jsontag) = "connector_id"]; + + // Type is opaque string that helps callbacks identify the request type + string Type = 2 [(gogoproto.jsontag) = "type"]; + + // CheckUser tells validator if it should expect and check user + bool CheckUser = 3 [(gogoproto.jsontag) = "check_user"]; + + // StateToken is generated by service and is used to validate + // reuqest coming from + string StateToken = 4 [(gogoproto.jsontag) = "state_token"]; + + // CSRFToken is associated with user web session token + string CSRFToken = 5 [(gogoproto.jsontag) = "csrf_token"]; + + // RedirectURL will be used to route the user back to a + // Teleport Proxy after the oidc login attempt in the brower. + string RedirectURL = 6 [(gogoproto.jsontag) = "redirect_url"]; + + // PublicKey is an optional public key, users want these + // keys to be signed by auth servers user CA in case + // of successful auth + bytes PublicKey = 7 [(gogoproto.jsontag) = "public_key"]; + + // CertTTL is the TTL of the certificate user wants to get + int64 CertTTL = 8 [ + (gogoproto.jsontag) = "cert_ttl", + (gogoproto.casttype) = "time.Duration" + ]; + + // CreateWebSession indicates if user wants to generate a web + // session after successful authentication + bool CreateWebSession = 9 [(gogoproto.jsontag) = "create_web_session"]; + + // ClientRedirectURL is a URL client wants to be redirected + // after successful authentication + string ClientRedirectURL = 10 [(gogoproto.jsontag) = "client_redirect_url"]; + + // Compatibility specifies OpenSSH compatibility flags. + string Compatibility = 11 [(gogoproto.jsontag) = "compatibility,omitempty"]; + + // RouteToCluster is the name of Teleport cluster to issue credentials for. + string RouteToCluster = 12 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + + // KubernetesCluster is the name of Kubernetes cluster to issue credentials for. + string KubernetesCluster = 13 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + + // SSOTestFlow indicates if the request is part of the test flow. + bool SSOTestFlow = 14 [(gogoproto.jsontag) = "sso_test_flow"]; + + // ConnectorSpec is embedded connector spec for use in test flow. + OIDCConnectorSpecV3 ConnectorSpec = 15 [(gogoproto.jsontag) = "connector_spec,omitempty"]; + + // ProxyAddress is an optional address which can be used to + // find a redirect url from the OIDC connector which matches + // the address. If there is no match, the default redirect + // url will be used. + string ProxyAddress = 16 [(gogoproto.jsontag) = "proxy_address,omitempt"]; +} + +// SAMLConnectorV2 represents a SAML connector. +message SAMLConnectorV2 { + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata holds resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an SAML connector specification. + SAMLConnectorSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// SAMLConnectorV2List is a list of SAML connectors. +message SAMLConnectorV2List { + // SAMLConnectors is a list of SAML connectors. + repeated SAMLConnectorV2 SAMLConnectors = 1; +} + +// SAMLConnectorSpecV2 is a SAML connector specification. +message SAMLConnectorSpecV2 { + // Issuer is the identity provider issuer. + string Issuer = 1 [(gogoproto.jsontag) = "issuer"]; + // SSO is the URL of the identity provider's SSO service. + string SSO = 2 [(gogoproto.jsontag) = "sso"]; + // Cert is the identity provider certificate PEM. + // IDP signs responses using this certificate. + string Cert = 3 [(gogoproto.jsontag) = "cert"]; + // Display controls how this connector is displayed. + string Display = 4 [(gogoproto.jsontag) = "display"]; + // AssertionConsumerService is a URL for assertion consumer service + // on the service provider (Teleport's side). + string AssertionConsumerService = 5 [(gogoproto.jsontag) = "acs"]; + // Audience uniquely identifies our service provider. + string Audience = 6 [(gogoproto.jsontag) = "audience"]; + // ServiceProviderIssuer is the issuer of the service provider (Teleport). + string ServiceProviderIssuer = 7 [(gogoproto.jsontag) = "service_provider_issuer"]; + // EntityDescriptor is XML with descriptor. It can be used to supply configuration + // parameters in one XML file rather than supplying them in the individual elements. + string EntityDescriptor = 8 [(gogoproto.jsontag) = "entity_descriptor"]; + // EntityDescriptorURL is a URL that supplies a configuration XML. + string EntityDescriptorURL = 9 [(gogoproto.jsontag) = "entity_descriptor_url"]; + // AttributesToRoles is a list of mappings of attribute statements to roles. + repeated AttributeMapping AttributesToRoles = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "attributes_to_roles" + ]; + // SigningKeyPair is an x509 key pair used to sign AuthnRequest. + AsymmetricKeyPair SigningKeyPair = 11 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "signing_key_pair,omitempty" + ]; + // Provider is the external identity provider. + string Provider = 12 [(gogoproto.jsontag) = "provider,omitempty"]; + // EncryptionKeyPair is a key pair used for decrypting SAML assertions. + AsymmetricKeyPair EncryptionKeyPair = 13 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "assertion_key_pair,omitempty" + ]; + // AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated + // logins. + bool AllowIDPInitiated = 14 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "allow_idp_initiated,omitempty" + ]; +} + +// SAMLAuthRequest is a request to authenticate with SAML +// provider, the state about request is managed by auth server. +message SAMLAuthRequest { + // ID is a unique request ID. + string ID = 1 [(gogoproto.jsontag) = "id"]; + + // ConnectorID is ID of OIDC connector this request uses. + string ConnectorID = 2 [(gogoproto.jsontag) = "connector_id"]; + + // Type is opaque string that helps callbacks identify the request type. + string Type = 3 [(gogoproto.jsontag) = "type"]; + + // CheckUser tells validator if it should expect and check user. + bool CheckUser = 4 [(gogoproto.jsontag) = "check_user"]; + + // RedirectURL will be used by browser. + string RedirectURL = 5 [(gogoproto.jsontag) = "redirect_url"]; + + // PublicKey is an optional public key, users want these + // keys to be signed by auth servers user CA in case + // of successful auth. + bytes PublicKey = 6 [(gogoproto.jsontag) = "public_key"]; + + // CertTTL is the TTL of the certificate user wants to get. + int64 CertTTL = 7 [ + (gogoproto.jsontag) = "cert_ttl", + (gogoproto.casttype) = "time.Duration" + ]; + + // CSRFToken is associated with user web session token. + string CSRFToken = 8 [(gogoproto.jsontag) = "csrf_token"]; + + // CreateWebSession indicates if user wants to generate a web + // session after successful authentication. + bool CreateWebSession = 9 [(gogoproto.jsontag) = "create_web_session"]; + + // ClientRedirectURL is a URL client wants to be redirected + // after successful authentication. + string ClientRedirectURL = 10 [(gogoproto.jsontag) = "client_redirect_url"]; + + // Compatibility specifies OpenSSH compatibility flags. + string Compatibility = 11 [(gogoproto.jsontag) = "compatibility,omitempty"]; + + // RouteToCluster is the name of Teleport cluster to issue credentials for. + string RouteToCluster = 12 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + + // KubernetesCluster is the name of Kubernetes cluster to issue credentials for. + string KubernetesCluster = 13 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + + // SSOTestFlow indicates if the request is part of the test flow. + bool SSOTestFlow = 14 [(gogoproto.jsontag) = "sso_test_flow"]; + + // ConnectorSpec is embedded connector spec for use in test flow. + SAMLConnectorSpecV2 ConnectorSpec = 15 [(gogoproto.jsontag) = "connector_spec,omitempty"]; +} + +// AttributeMapping maps a SAML attribute statement to teleport roles. +message AttributeMapping { + // Name is an attribute statement name. + string Name = 1 [(gogoproto.jsontag) = "name"]; + // Value is an attribute statement value to match. + string Value = 2 [(gogoproto.jsontag) = "value"]; + // Roles is a list of static teleport roles to map to. + repeated string Roles = 3 [(gogoproto.jsontag) = "roles,omitempty"]; +} + +// AsymmetricKeyPair is a combination of a public certificate and +// private key that can be used for encryption and signing. +message AsymmetricKeyPair { + // PrivateKey is a PEM encoded x509 private key. + string PrivateKey = 1 [(gogoproto.jsontag) = "private_key"]; + // Cert is a PEM-encoded x509 certificate. + string Cert = 2 [(gogoproto.jsontag) = "cert"]; +} + +// GithubConnectorV3 represents a Github connector. +message GithubConnectorV3 { + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata holds resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is an Github connector specification. + GithubConnectorSpecV3 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// GithubConnectorV3List is a list of Github connectors. +message GithubConnectorV3List { + // GithubConnectors is a list of Github connectors. + repeated GithubConnectorV3 GithubConnectors = 1; +} + +// GithubConnectorSpecV3 is a Github connector specification. +message GithubConnectorSpecV3 { + // ClientID is the Github OAuth app client ID. + string ClientID = 1 [(gogoproto.jsontag) = "client_id"]; + // ClientSecret is the Github OAuth app client secret. + string ClientSecret = 2 [(gogoproto.jsontag) = "client_secret"]; + // RedirectURL is the authorization callback URL. + string RedirectURL = 3 [(gogoproto.jsontag) = "redirect_url"]; + // TeamsToLogins maps Github team memberships onto allowed logins/roles. + // + // DELETE IN 11.0.0 + // Deprecated: use GithubTeamsToRoles instead. + repeated TeamMapping TeamsToLogins = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "teams_to_logins,omitempty" + ]; + // Display is the connector display name. + string Display = 5 [(gogoproto.jsontag) = "display"]; + // TeamsToRoles maps Github team memberships onto allowed roles. + repeated TeamRolesMapping TeamsToRoles = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "teams_to_roles,omitempty" + ]; +} + +// GithubAuthRequest is the request to start Github OAuth2 flow. +message GithubAuthRequest { + // ConnectorID is the name of the connector to use. + string ConnectorID = 1 [(gogoproto.jsontag) = "connector_id"]; + // Type is opaque string that helps callbacks identify the request type. + string Type = 2 [(gogoproto.jsontag) = "type"]; + // StateToken is used to validate the request. + string StateToken = 3 [(gogoproto.jsontag) = "state_token"]; + // CSRFToken is used to protect against CSRF attacks. + string CSRFToken = 4 [(gogoproto.jsontag) = "csrf_token"]; + // PublicKey is an optional public key to sign in case of successful auth. + bytes PublicKey = 5 [(gogoproto.jsontag) = "public_key"]; + // CertTTL is TTL of the cert that's generated in case of successful auth. + int64 CertTTL = 6 [ + (gogoproto.jsontag) = "cert_ttl", + (gogoproto.casttype) = "time.Duration" + ]; + // CreateWebSession indicates that a user wants to generate a web session + // after successful authentication. + bool CreateWebSession = 7 [(gogoproto.jsontag) = "create_web_session"]; + // RedirectURL will be used by browser. + string RedirectURL = 8 [(gogoproto.jsontag) = "redirect_url"]; + // ClientRedirectURL is the URL where client will be redirected after + // successful auth. + string ClientRedirectURL = 9 [(gogoproto.jsontag) = "client_redirect_url"]; + // Compatibility specifies OpenSSH compatibility flags. + string Compatibility = 10 [(gogoproto.jsontag) = "compatibility,omitempty"]; + // Expires is a global expiry time header can be set on any resource in the system. + google.protobuf.Timestamp Expires = 11 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // RouteToCluster is the name of Teleport cluster to issue credentials for. + string RouteToCluster = 12 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + // KubernetesCluster is the name of Kubernetes cluster to issue credentials for. + string KubernetesCluster = 13 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + // SSOTestFlow indicates if the request is part of the test flow. + bool SSOTestFlow = 14 [(gogoproto.jsontag) = "sso_test_flow"]; + // ConnectorSpec is embedded connector spec for use in test flow. + GithubConnectorSpecV3 ConnectorSpec = 15 [(gogoproto.jsontag) = "connector_spec,omitempty"]; +} + +// SSOWarnings conveys a user-facing main message along with auxiliary warnings. +message SSOWarnings { + // Message is main user-facing message to be shown. + string Message = 1 [(gogoproto.jsontag) = "message,omitempty"]; + // Warnings is a set of distinct warnings to be reported. + repeated string Warnings = 2 [(gogoproto.jsontag) = "warnings,omitempty"]; +} + +// CreateUserParams represents the user creation parameters as called during SSO login flow. +message CreateUserParams { + // ConnectorName is the name of the connector used for SSO login flow. + string ConnectorName = 1 [(gogoproto.jsontag) = "connector_name,omitempty"]; + // Username is the name of the user to be created. + string Username = 2 [(gogoproto.jsontag) = "username,omitempty"]; + // Logins is a list of available unix logins. + repeated string Logins = 3 [(gogoproto.jsontag) = "logins,omitempty"]; + // KubeGroups is a list of assigned kube groups. + repeated string KubeGroups = 4 [(gogoproto.jsontag) = "kube_groups,omitempty"]; + // KubeUsers is a list of available kube users. + repeated string KubeUsers = 5 [(gogoproto.jsontag) = "kube_users,omitempty"]; + // Roles is a list of assigned roles. + repeated string Roles = 6 [(gogoproto.jsontag) = "roles,omitempty"]; + + // Traits is the set of traits the user is assigned. + wrappers.LabelValues Traits = 7 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "traits,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // SessionTTL determines the TTL. + int64 SessionTTL = 8 [ + (gogoproto.jsontag) = "session_ttl,omitempty", + (gogoproto.casttype) = "Duration" + ]; +} + +// SSODiagnosticInfo is a single SSO diagnostic info entry. +message SSODiagnosticInfo { + // TestFlow indicates the SSO flow was a test one. + bool TestFlow = 1 [(gogoproto.jsontag) = "test_flow"]; + + // Error stores user-friendly error message. + string Error = 2 [(gogoproto.jsontag) = "error"]; + + // Success if present, marks the flow as finished with success. + bool Success = 3 [(gogoproto.jsontag) = "success"]; + + // CreateUserParams represents the user creation parameters as called during SSO login flow. + CreateUserParams CreateUserParams = 4 [(gogoproto.jsontag) = "create_user_params,omitempty"]; + + // SAMLAttributesToRoles represents mapping from attributes to roles, as used during SAML SSO + // login flow. + repeated AttributeMapping SAMLAttributesToRoles = 10 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "saml_attributes_to_roles,omitempty" + ]; + + // SAMLAttributesToRolesWarnings contains warnings produced during the process of mapping the + // SAML attributes to roles. + SSOWarnings SAMLAttributesToRolesWarnings = 11 [(gogoproto.jsontag) = "saml_attributes_to_roles_warnings,omitempty"]; + + // SAMLAttributeStatements represents SAML attribute statements. + wrappers.LabelValues SAMLAttributeStatements = 12 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "saml_attribute_statements,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // SAMLAssertionInfo represents raw SAML assertion info as returned by IdP during SAML flow. + wrappers.CustomType SAMLAssertionInfo = 13 [ + (gogoproto.jsontag) = "saml_assertion_info,omitempty", + (gogoproto.customtype) = "AssertionInfo" + ]; + + // SAMLTraitsFromAssertions represents traits translated from SAML assertions. + wrappers.LabelValues SAMLTraitsFromAssertions = 14 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "saml_traits_from_assertions,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // SAMLConnectorTraitMapping represents connector-specific trait mapping. + repeated TraitMapping SAMLConnectorTraitMapping = 15 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "saml_connector_trait_mapping,omitempty" + ]; + + // OIDCClaimsToRoles specifies a mapping from claims (traits) to teleport roles. + repeated ClaimMapping OIDCClaimsToRoles = 20 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "oidc_claims_to_roles,omitempty" + ]; + + // OIDCClaimsToRolesWarnings contains warnings produced during the process of mapping the + // OIDC claims to roles. + SSOWarnings OIDCClaimsToRolesWarnings = 21 [(gogoproto.jsontag) = "oidc_claims_to_roles_warnings,omitempty"]; + + // OIDCClaims represents OIDC claims. + wrappers.CustomType OIDCClaims = 22 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "oidc_claims,omitempty", + (gogoproto.customtype) = "OIDCClaims" + ]; + + // OIDCIdentity represents mapped OIDC Identity. + wrappers.CustomType OIDCIdentity = 23 [ + (gogoproto.jsontag) = "oidc_identity,omitempty", + (gogoproto.customtype) = "OIDCIdentity" + ]; + + // OIDCTraitsFromClaims represents traits translated from OIDC claims. + wrappers.LabelValues OIDCTraitsFromClaims = 24 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "oidc_traits_from_claims,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // OIDCConnectorTraitMapping represents connector-specific trait mapping. + repeated TraitMapping OIDCConnectorTraitMapping = 25 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "oidc_connector_trait_mapping,omitempty" + ]; + + // GithubClaims represents Github user information obtained during OAuth2 flow. + GithubClaims GithubClaims = 30 [(gogoproto.jsontag) = "github_claims,omitempty"]; + + // GithubTeamsToLogins is TeamsToLogins mapping from Github connector used in the SSO flow. + repeated TeamMapping GithubTeamsToLogins = 31 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "github_teams_to_logins,omitempty" + ]; + + // GithubTeamsToRoles is TeamRolesMapping mapping from Github connector used in the SSO flow. + repeated TeamRolesMapping GithubTeamsToRoles = 32 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "github_teams_to_roles,omitempty" + ]; + + // GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow. + GithubTokenInfo GithubTokenInfo = 33 [(gogoproto.jsontag) = "github_token_info,omitempty"]; +} + +// GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow. +// The token itself is secret and therefore not included. +message GithubTokenInfo { + string TokenType = 1 [(gogoproto.jsontag) = "token_type"]; + int64 Expires = 2 [(gogoproto.jsontag) = "expires"]; + string Scope = 3 [(gogoproto.jsontag) = "scope"]; +} + +// GithubClaims represents Github user information obtained during OAuth2 flow +message GithubClaims { + // Username is the user's username + string Username = 1 [(gogoproto.jsontag) = "username"]; + + // OrganizationToTeams is the user's organization and team membership + wrappers.LabelValues OrganizationToTeams = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "organization_to_teams", + (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" + ]; + + // Teams is the users team membership + repeated string Teams = 3 [(gogoproto.jsontag) = "teams"]; +} + +// TeamMapping represents a single team membership mapping. +// +// DELETE IN 11.0.0 +message TeamMapping { + // Organization is a Github organization a user belongs to. + string Organization = 1 [(gogoproto.jsontag) = "organization"]; + // Team is a team within the organization a user belongs to. + string Team = 2 [(gogoproto.jsontag) = "team"]; + // Logins is a list of allowed logins for this org/team. + repeated string Logins = 3 [(gogoproto.jsontag) = "logins,omitempty"]; + // KubeGroups is a list of allowed kubernetes groups for this org/team. + repeated string KubeGroups = 4 [(gogoproto.jsontag) = "kubernetes_groups,omitempty"]; + // KubeUsers is a list of allowed kubernetes users to impersonate for this org/team. + repeated string KubeUsers = 5 [(gogoproto.jsontag) = "kubernetes_users,omitempty"]; +} + +// TeamRolesMapping represents a single team membership mapping. +message TeamRolesMapping { + // Organization is a Github organization a user belongs to. + string Organization = 1 [(gogoproto.jsontag) = "organization"]; + // Team is a team within the organization a user belongs to. + string Team = 2 [(gogoproto.jsontag) = "team"]; + // Roles is a list of allowed logins for this org/team. + repeated string Roles = 3 [(gogoproto.jsontag) = "roles,omitempty"]; +} + +// TrustedClusterV2 represents a Trusted Cluster. +message TrustedClusterV2 { + option (gogoproto.goproto_stringer) = false; + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata holds resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a Trusted Cluster specification. + TrustedClusterSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// TrustedClusterV2List is a list of trusted cluster. +message TrustedClusterV2List { + // TrustedClusters is a list of trusted cluster. + repeated TrustedClusterV2 TrustedClusters = 1; +} + +// TrustedClusterSpecV2 is a Trusted Cluster specification. +message TrustedClusterSpecV2 { + // Enabled is a bool that indicates if the TrustedCluster is enabled or disabled. + // Setting Enabled to false has a side effect of deleting the user and host certificate + // authority (CA). + bool Enabled = 1 [(gogoproto.jsontag) = "enabled"]; + // Roles is a list of roles that users will be assuming when connecting to this cluster. + repeated string Roles = 2 [(gogoproto.jsontag) = "roles,omitempty"]; + // Token is the authorization token provided by another cluster needed by this cluster to join. + string Token = 3 [(gogoproto.jsontag) = "token"]; + // ProxyAddress is the address of the web proxy server of the cluster to join. If not set, + // it is derived from :. + string ProxyAddress = 4 [(gogoproto.jsontag) = "web_proxy_addr"]; + // ReverseTunnelAddress is the address of the SSH proxy server of the cluster to join. If + // not set, it is derived from :. + string ReverseTunnelAddress = 5 [(gogoproto.jsontag) = "tunnel_addr"]; + // RoleMap specifies role mappings to remote roles. + repeated RoleMapping RoleMap = 6 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "role_map,omitempty" + ]; +} + +// LockV2 represents a lock. +// Locks are used to restrict access to a Teleport environment by disabling +// interactions involving a user, an RBAC role, a node, etc. +// See rfd/0009-locking.md for more details. +message LockV2 { + // Kind is a resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource sub kind, used in some resources. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is a resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata holds resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is a Lock specification. + LockSpecV2 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// LockSpecV2 is a Lock specification. +message LockSpecV2 { + // Target describes the set of interactions that the lock applies to. + LockTarget Target = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "target" + ]; + // Message is the message displayed to locked-out users. + string Message = 2 [(gogoproto.jsontag) = "message,omitempty"]; + // Expires if set specifies when the lock ceases to be in force. + google.protobuf.Timestamp Expires = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "expires,omitempty" + ]; +} + +// LockTarget lists the attributes of interactions to be disabled. +message LockTarget { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; + + // User specifies the name of a Teleport user. + string User = 1 [(gogoproto.jsontag) = "user,omitempty"]; + + // Role specifies the name of an RBAC role known to the root cluster. + // In remote clusters, this constraint is evaluated before translating to local roles. + string Role = 2 [(gogoproto.jsontag) = "role,omitempty"]; + + // Login specifies the name of a local UNIX user. + string Login = 3 [(gogoproto.jsontag) = "login,omitempty"]; + + // Node specifies the UUID of a Teleport node. + // A matching node is also prevented from heartbeating to the auth server. + string Node = 4 [(gogoproto.jsontag) = "node,omitempty"]; + + // MFADevice specifies the UUID of a user MFA device. + string MFADevice = 5 [(gogoproto.jsontag) = "mfa_device,omitempty"]; + + // WindowsDesktop specifies the name of a Windows desktop. + string WindowsDesktop = 6 [(gogoproto.jsontag) = "windows_desktop,omitempty"]; + + // AccessRequest specifies the UUID of an access request. + string AccessRequest = 7 [(gogoproto.jsontag) = "access_request,omitempty"]; +} + +// AddressCondition represents a set of addresses. Presently the addresses are specfied +// exclusively in terms of IPv4/IPv6 ranges. +message AddressCondition { + // CIDR is IPv4 or IPv6 address. Valid value are either CIDR ranges (e.g. "10.0.1.0/24", + // "fe::/8") or a single IP address (e.g "10.1.2.3") + string CIDR = 1 [(gogoproto.jsontag) = "cidr"]; +} + +message NetworkRestrictionsSpecV4 { + // Allow lists the addresses that should be allowed. + repeated AddressCondition Allow = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "allow" + ]; + // Deny lists the addresses that should be denied even if they're allowed by Allow condition. + repeated AddressCondition Deny = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "deny" + ]; +} + +// NetworkRestrictions specifies a list of addresses to restrict (block). The deny +// list is checked first and the allow lists overrides it. Thus an empty allow +// list does not mean that no addresses will be allowed, that will only be the +// case if the deny list covers the whole address range. +message NetworkRestrictionsV4 { + // Kind is the network restrictions resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the network restrictions metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec contains the network restrictions data + NetworkRestrictionsSpecV4 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// WindowsDesktopServiceV3 represents a windows desktop access service. +message WindowsDesktopServiceV3 { + // Header is the common resource header. + ResourceHeader Header = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "", + (gogoproto.embed) = true + ]; + // Spec is the windows desktop service spec. + WindowsDesktopServiceSpecV3 Spec = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// WindowsDesktopServiceSpecV3 is the windows desktop service spec. +message WindowsDesktopServiceSpecV3 { + // Addr is the address that this service can be reached at. + string Addr = 1 [(gogoproto.jsontag) = "addr"]; + // TeleportVersion is teleport binary version running this service. + string TeleportVersion = 2 [(gogoproto.jsontag) = "teleport_version"]; + // Hostname is the desktop service hostname. + string Hostname = 3 [(gogoproto.jsontag) = "hostname"]; + // ProxyIDs is a list of proxy IDs this server is expected to be connected to. + repeated string ProxyIDs = 4 [(gogoproto.jsontag) = "proxy_ids,omitempty"]; +} + +// WindowsDesktopFilter are filters to apply when searching for windows desktops. +message WindowsDesktopFilter { + // HostID is the ID of the host the Windows Desktop Service proxying the desktop. + string HostID = 1 [(gogoproto.jsontag) = "host_id"]; + // Name is the name of the desktop. + string Name = 2 [(gogoproto.jsontag) = "name"]; +} + +// WindowsDesktopV3 represents a Windows host for desktop access. +message WindowsDesktopV3 { + // Header is the common resource header. + ResourceHeader Header = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "", + (gogoproto.embed) = true + ]; + // Spec is the Windows host spec. + WindowsDesktopSpecV3 Spec = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// WindowsDesktopSpecV3 is the Windows host spec. +message WindowsDesktopSpecV3 { + // Addr is the address that this host can be reached at. + string Addr = 1 [(gogoproto.jsontag) = "addr"]; + // Domain is the ActiveDirectory domain that this host belongs to. + string Domain = 2 [(gogoproto.jsontag) = "domain"]; + // HostID is the ID of the host the Windows Desktop Service proxying the desktop. + string HostID = 3 [(gogoproto.jsontag) = "host_id"]; +} + +// RegisterUsingTokenRequest is a request to register with the auth server using +// an authentication token +message RegisterUsingTokenRequest { + // HostID is a unique host ID, usually a UUID + string HostID = 1 [(gogoproto.jsontag) = "hostID"]; + // NodeName is a node name + string NodeName = 2 [(gogoproto.jsontag) = "node_name"]; + // Role is a system role, e.g. Proxy + string Role = 3 [ + (gogoproto.jsontag) = "role", + (gogoproto.casttype) = "SystemRole" + ]; + // Token is the name of an authentication token + string Token = 4 [(gogoproto.jsontag) = "token"]; + // AdditionalPrincipals is a list of additional principals + repeated string AdditionalPrincipals = 5 [(gogoproto.jsontag) = "additional_principals"]; + // DNSNames is a list of DNS names to include in the x509 client certificate + repeated string DNSNames = 6 [(gogoproto.jsontag) = "dns_names"]; + // PublicTLSKey is a PEM encoded public key + // used for TLS setup + bytes PublicTLSKey = 7 [(gogoproto.jsontag) = "public_tls_key"]; + // PublicSSHKey is a SSH encoded public key, + // if present will be signed as a return value + // otherwise, new public/private key pair will be generated + bytes PublicSSHKey = 8 [(gogoproto.jsontag) = "public_ssh_key"]; + // RemoteAddr is the remote address of the host requesting a host certificate. + // It is used to replace 0.0.0.0 in the list of additional principals. + string RemoteAddr = 9 [(gogoproto.jsontag) = "remote_addr"]; + // EC2IdentityDocument is used for the EC2 join method to prove the identity + // of a joining EC2 instance. + bytes EC2IdentityDocument = 10 [(gogoproto.jsontag) = "ec2_id"]; +} + +// RecoveryCodes holds a user's recovery code information. Recovery codes allows users to regain +// access to their account by restoring their lost password or second factor. Once a recovery code +// is successfully verified, the code is mark used (which invalidates it), and lets the user begin +// the recovery flow. When a user successfully finishes the recovery flow, users will get a new set +// of codes that will replace all the previous ones. +message RecoveryCodesV1 { + // Kind is the resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. Currently unused for this resource. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the resource spec. + RecoveryCodesSpecV1 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// RecoveryCodesSpecV1 is the recovery codes spec. +message RecoveryCodesSpecV1 { + // Codes hold a list of numOfRecoveryCodes. + repeated RecoveryCode Codes = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "codes" + ]; + // Created is when the set of recovery codes were generated. Updated when a new set of recovery + // codes are inserted. + google.protobuf.Timestamp Created = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created" + ]; +} + +// RecoveryCode describes a recovery code. +message RecoveryCode { + // HashedCode is a bcrypt hash of this recovery code. + bytes HashedCode = 1 [(gogoproto.jsontag) = "hashed_code"]; + // IsUsed determines if this recovery code was used. + bool IsUsed = 2 [(gogoproto.jsontag) = "is_used"]; +} + +// SessionTrackerV1 represents a live session resource. +message SessionTrackerV1 { + // Header is the common resource header. + ResourceHeader Header = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "", + (gogoproto.embed) = true + ]; + + // Spec is a session specification. + SessionTrackerSpecV1 Spec = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// SessionTrackerSpecV1 is the specification for a live session. +message SessionTrackerSpecV1 { + // SessionID is unique identifier of this session. + string SessionID = 1 [(gogoproto.jsontag) = "session_id,omitempty"]; + + // Kind describes what kind of session this is. + string Kind = 2 [(gogoproto.jsontag) = "kind,omitempty"]; + + // State is the current state of this session. + SessionState State = 3 [(gogoproto.jsontag) = "state,omitempty"]; + + // Created encodes the time at which the session was registered with the auth + // server. + // + // This should match the timestamp in the corresponding `session.create` event. + // It's thus up to the tracker creator to set the correct timestamp. + google.protobuf.Timestamp Created = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; + + // Expires encodes the time at which this session expires and becomes invalid. + google.protobuf.Timestamp Expires = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + + // AttachedData is arbitrary attached JSON serialized metadata. + string AttachedData = 6 [(gogoproto.jsontag) = "attached,omitempty"]; + + // Reason is an arbitrary string that may be used to describe the session and/or it's + // purpose. + string Reason = 7 [(gogoproto.jsontag) = "reason,omitempty"]; + + // Invited is a list of invited users, this field is interpreted by different + // clients on a best-effort basis and used for delivering notifications to invited users. + repeated string Invited = 8 [(gogoproto.jsontag) = "invited,omitempty"]; + + // Hostname identifies the target this session is connected to. + string Hostname = 9 [(gogoproto.jsontag) = "target_hostname,omitempty"]; + + // Address is the address of the target this session is connected to. + string Address = 10 [(gogoproto.jsontag) = "target_address,omitempty"]; + + // ClusterName is the name of the Teleport cluster that this session belongs to. + string ClusterName = 11 [(gogoproto.jsontag) = "cluster_name,omitempty"]; + + // Login is the local login/user on the target used by the session. + string Login = 12 [(gogoproto.jsontag) = "login,omitempty"]; + + // Participants is a list of session participants. + repeated Participant Participants = 13 [ + (gogoproto.jsontag) = "participants,omitempty", + (gogoproto.nullable) = false + ]; + + // The Kubernetes cluster this session belongs to. + string KubernetesCluster = 14 [(gogoproto.jsontag) = "kubernetes_cluster,omitempty"]; + + // HostUser is the user regarded as the owner of this session, RBAC checks are performed + // against the require policies of this user. + // + // This refers to the Teleport user but may not be the same as the sessions initiator. + string HostUser = 15 [(gogoproto.jsontag) = "host_user,omitempty"]; + + // HostPolicies is a list of RBAC policy sets held by the host user at the time of session + // creation. + repeated SessionTrackerPolicySet HostPolicies = 16 [(gogoproto.jsontag) = "host_roles,omitempty"]; + + // DatabaseName is the database server this session belongs to. + string DatabaseName = 17 [(gogoproto.jsontag) = "database_name,omitempty"]; + + // AppName is the app server this session belongs to. + string AppName = 18 [(gogoproto.jsontag) = "app_name,omitempty"]; + + // AppSessionID is the unique ID of the app access certificate used to start this app session. + string AppSessionID = 19 [(gogoproto.jsontag) = "app_session_id,omitempty"]; + + // DesktopName is the windows desktop server this session belongs to. + string DesktopName = 20 [(gogoproto.jsontag) = "desktop_name,omitempty"]; +} + +// SessionTrackerPolicySet is a set of RBAC policies held by the session tracker +// that contain additional metadata from the originating role. +message SessionTrackerPolicySet { + // Name is name of the role this policy set originates from. + string Name = 1 [(gogoproto.jsontag) = "name,omitempty"]; + + // Version is version of the role this policy set originates from. + string Version = 2 [(gogoproto.jsontag) = "version,omitempty"]; + + // RequireSessionJoin specifies policies for required users to start a session. + repeated SessionRequirePolicy RequireSessionJoin = 3 [(gogoproto.jsontag) = "require_session_join,omitempty"]; +} + +// Participant stores information about a participant in the session. +message Participant { + // ID is a unique UUID of this participant for a given session. + string ID = 1 [(gogoproto.jsontag) = "id,omitempty"]; + + // User is the canonical name of the Teleport user controlling this participant. + string User = 2 [(gogoproto.jsontag) = "user,omitempty"]; + + // Mode is the participant mode. + string Mode = 3 [(gogoproto.jsontag) = "mode,omitempty"]; + + // LastActive is the last time this party was active in the session. + google.protobuf.Timestamp LastActive = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "last_active,omitempty" + ]; +} + +// InstallerV1 represents an installer script resource. Used to +// provide a script to install teleport on discovered nodes. +message InstallerV1 { + // Kind is the resource kind. + string Kind = 1 [(gogoproto.jsontag) = "kind"]; + // SubKind is an optional resource subkind. Currently unused for this resource. + string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + // Version is the resource version. + string Version = 3 [(gogoproto.jsontag) = "version"]; + // Metadata is the resource metadata. + Metadata Metadata = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "metadata" + ]; + // Spec is the resource spec. + InstallerSpecV1 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// InstallerSpecV1 is the specification for an Installer +message InstallerSpecV1 { + // Script represents the contents of a installer shell script + string Script = 1 [(gogoproto.jsontag) = "script"]; +} + +// InstallerV1List represents a list of installer resources. +message InstallerV1List { + // Installers is a list of installer resources. + repeated InstallerV1 installers = 1; +} + +// SessionState represents the state of a session. +enum SessionState { + // Pending variant represents a session that is waiting on participants to fulfill the criteria + // to start the session. + SessionStatePending = 0; + + // Running variant represents a session that has had it's criteria for starting + // fulfilled at least once and has transitioned to a RUNNING state. + SessionStateRunning = 1; + + // Terminated variant represents a session that is no longer running and due for removal. + SessionStateTerminated = 2; +} + +// SortBy defines a sort criteria. +message SortBy { + // IsDesc is a sort direction flag where if true the direction is descending, else ascending. + bool IsDesc = 1 [(gogoproto.jsontag) = "is_desc"]; + // Field is the name of an objects field to sort by. + string Field = 2 [(gogoproto.jsontag) = "field"]; +} + +// ConnectionDiagnosticV1 is the result of testing a connection. +// When setting up a new resource in Teleport, it's useful to know if we can connect to it. +// This can be done using the test connection feature. +// The user can then receive the result as feedback using the UI +message ConnectionDiagnosticV1 { + ResourceHeader Header = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "", + (gogoproto.embed) = true + ]; + // Spec is the resource spec. + ConnectionDiagnosticSpecV1 Spec = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ConnectionDiagnosticSpecV1 is the ConnectionDiagnostic Spec. +// It contains the result of testing a connection. +// It has the overall result of the connection and then a list of traces. +// Each trace contains checkpoints of the connection attempt and its result. +message ConnectionDiagnosticSpecV1 { + // Success describes whether the connection was a success or a failure. + bool Success = 1 [(gogoproto.jsontag) = "success"]; + // Message may contain some user friendly message to let the user know whether it was + // successfull or a failure. + string Message = 2 [(gogoproto.jsontag) = "message"]; + // Traces contain a list of checkpoints defined by + repeated ConnectionDiagnosticTrace Traces = 3 [(gogoproto.jsontag) = "traces"]; +} + +// ConnectionDiagnosticTrace describes a trace of a connection diagnostic +message ConnectionDiagnosticTrace { + // TraceType is an identification of the checkpoint. + enum TraceType { + TRACE_TYPE_UNSPECIFIED = 0; + // UNKNOWN_ERROR is used when we don't know the error. + // It's not always possible to offer guidance based on the received error. + // This trace type should be used when the error is too generic given the context we + // have. + UNKNOWN_ERROR = 1; + // RBAC_NODE is for RBAC checks for the node. + RBAC_NODE = 2; + // CONNECTIVITY is for network connectivity checks. + CONNECTIVITY = 3; + // RBAC_PRINCIPAL is used when checking if the principal is allowed per RBAC rules. + RBAC_PRINCIPAL = 4; + // NODE_PRINCIPAL is used when checking if the Node has the requested principal. + NODE_PRINCIPAL = 5; + } + TraceType Type = 1 [(gogoproto.jsontag) = "type"]; + // StatusType describes whether this was a success or a failure. + enum StatusType { + STATUS_UNSPECIFIED = 0; + SUCCESS = 1; + FAILED = 2; + } + StatusType Status = 2 [(gogoproto.jsontag) = "status"]; + // Details contains a User friendly message of the check's result. + string Details = 3 [(gogoproto.jsontag) = "details"]; + // Error contains the low level error message in case of a failure. + string Error = 4 [(gogoproto.jsontag) = "error"]; +} + +// AlertSeverity represents how problematic/urgent an alert is, and is used to assist +// in sorting alerts for display. +enum AlertSeverity { + LOW = 0; + MEDIUM = 5; + HIGH = 10; +} + +// ClusterAlert is a cluster-level alert message. +message ClusterAlert { + ResourceHeader Header = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "", + (gogoproto.embed) = true + ]; + ClusterAlertSpec Spec = 2 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "spec" + ]; +} + +// ClusterAlertSpec is a cluster alert specification. +message ClusterAlertSpec { + // Severity represents how problematic/urgent the alert is. + AlertSeverity Severity = 1 [(gogoproto.jsontag) = "severity"]; + // Message is the user-facing message associated with the alert. + string Message = 2 [(gogoproto.jsontag) = "message"]; + // Created is the time at which the alert was generated. + google.protobuf.Timestamp Created = 3 [ + (gogoproto.jsontag) = "created,omitempty", + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false + ]; +} + +// GetClusterAlertsRequest matches cluster alerts. +message GetClusterAlertsRequest { + // Severity is an optional minimum severity. + AlertSeverity Severity = 1; + // AlertID optionally specifies the ID of the alert being requested. + string AlertID = 2; + // Labels is an optional label selector. + map Labels = 3; +} diff --git a/api/proto/teleport/legacy/types/webauthn/webauthn.proto b/api/proto/teleport/legacy/types/webauthn/webauthn.proto new file mode 100644 index 0000000000000..549f2b6c9437c --- /dev/null +++ b/api/proto/teleport/legacy/types/webauthn/webauthn.proto @@ -0,0 +1,278 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +// Package WebAuthn maps WebAuthn messages to protocol buffers. +// +// The mapping is designed to match both the WebAuthn specification and the +// capabilities of current browser implementations. +// +// REST-based Teleport APIs will make an effort to transmit or embed JSON +// messages matching the github.com/duo-labs/webauthn reference implementation, +// to allow for easy browser integration. gRPC APIs are not meant for REST use +// and thus make no such promises, although the correspondence should be +// obvious. +// +// Note that, ordinarily, various fields in WebAuthn messages are encoded using +// "RawURLEncoding" (aka, base64 URL encoding without padding). This is not the +// case for _any_ of the fields mapped here, all bytes fields are transmitted +// raw/unencoded. +package webauthn; + +import "gogoproto/gogo.proto"; + +option go_package = "github.com/gravitational/teleport/api/types/webauthn"; +option (gogoproto.marshaler_all) = true; +option (gogoproto.unmarshaler_all) = true; + +// ----------------------------------------------------------------------------- +// WebAuthn messages used by server storage. +// ----------------------------------------------------------------------------- + +// SessionData stored by the Relying Party during authentication ceremonies. +// Mirrors https://pkg.go.dev/github.com/duo-labs/webauthn/webauthn#SessionData. +message SessionData { + // Raw challenge used for the ceremony. + bytes challenge = 1 [(gogoproto.jsontag) = "challenge,omitempty"]; + // Raw User ID. + bytes user_id = 2 [(gogoproto.jsontag) = "userId,omitempty"]; + // Raw Credential IDs of the credentials allowed for the ceremony. + repeated bytes allow_credentials = 3 [(gogoproto.jsontag) = "allowCredentials,omitempty"]; + // True if resident keys were required by the server / Relying Party. + bool resident_key = 4 [(gogoproto.jsontag) = "residentKey,omitempty"]; + // Requested user verification requirement, either "discouraged" or + // "required". + // An empty value is treated equivalently to "discouraged". + string user_verification = 5 [(gogoproto.jsontag) = "userVerification,omitempty"]; +} + +// User represents a WebAuthn user. +// Used mainly to correlated a WebAuthn user handle with a Teleport user. +message User { + // Teleport user ID. + string teleport_user = 1; +} + +// ----------------------------------------------------------------------------- +// Assertion (aka login). +// ----------------------------------------------------------------------------- + +// Credential assertion used for login ceremonies. +message CredentialAssertion { + PublicKeyCredentialRequestOptions public_key = 1; +} + +// Request options necessary for credential assertions, aka login ceremonies. +// See https://www.w3.org/TR/webauthn-2/#dictionary-assertion-options or +// refer to navigator.credentials.get in your browser. +message PublicKeyCredentialRequestOptions { + // Raw challenge used for assertion. + bytes challenge = 1; + // Timeout in milliseconds. + int64 timeout_ms = 2; + // Relying Party ID. + string rp_id = 3; + // Allowed credentials for assertion. + repeated CredentialDescriptor allow_credentials = 4; + // Extensions supplied by the Relying Party. + AuthenticationExtensionsClientInputs extensions = 5; + // User verification requirement. + string user_verification = 6; +} + +// Assertion response returned by the authenticator. +// Refer to navigator.credentials.get in your browser. +message CredentialAssertionResponse { + // Note: assertion responses return both "rawId" and "id" (RawURLEncoding of + // "id"), but it seemed pointless to have both here. + + // Type of the credential, usually "public-key". + string type = 1; + // Raw Credential ID. + bytes raw_id = 2; + // Assertion response from the authenticator. + AuthenticatorAssertionResponse response = 3; + // Extensions supplied by the authenticator. + AuthenticationExtensionsClientOutputs extensions = 4; +} + +// Authenticator assertion response. +// https://www.w3.org/TR/webauthn-2/#authenticatorassertionresponse +message AuthenticatorAssertionResponse { + // Raw client data JSON, exactly as signed by the authenticator. + // https://www.w3.org/TR/webauthn-2/#dictdef-collectedclientdata. + bytes client_data_json = 1; + // Raw authenticator data, exactly as signed by the authenticator. + // https://www.w3.org/TR/webauthn-2/#sctn-authenticator-data. + bytes authenticator_data = 2; + // Raw assertion signature performed authenticatorData|clientDataJSON. + // https://www.w3.org/TR/webauthn-2/#assertion-signature. + bytes signature = 3; + // Raw user handle returned by the authenticator, if any. + bytes user_handle = 4; +} + +// ----------------------------------------------------------------------------- +// Creation (aka registration). +// ----------------------------------------------------------------------------- + +// Credential creation used for registration ceremonies. +message CredentialCreation { + PublicKeyCredentialCreationOptions public_key = 1; +} + +// Request options necessary for credential creation, aka registration +// ceremonies. +// See +// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions +// or refer to navigator.credentials.create in your browser. +message PublicKeyCredentialCreationOptions { + // Raw challenge used for creation. + bytes challenge = 1; + // Relying party information. + RelyingPartyEntity rp = 2; + // User information. + UserEntity user = 3; + // Desired properties for the credential to be created, from most to least + // preferred. + repeated CredentialParameter credential_parameters = 4; + // Timeout in milliseconds. + int64 timeout_ms = 5; + // Credentials excluded from the ceremony. + repeated CredentialDescriptor exclude_credentials = 6; + // Attestation requested, defaulting to "none". + // https://www.w3.org/TR/webauthn-2/#enumdef-attestationconveyancepreference. + string attestation = 7; + // Extensions supplied by the Relying Party. + AuthenticationExtensionsClientInputs extensions = 8; + // Authenticator selection criteria for the new credential. + AuthenticatorSelection authenticator_selection = 9; +} + +// Credential creation response returned by the authenticator. +// Refer to navigator.credentials.create in your browser. +message CredentialCreationResponse { + // Note: creation responses return both "rawId" and "id" (RawURLEncoding of + // "id"), but it seemed pointless to have both here. + + // Type of the credential, usually "public-key". + string type = 1; + // Raw Credential ID. + bytes raw_id = 2; + // Attestation response from the authenticator. + AuthenticatorAttestationResponse response = 3; + // Extensions supplied by the authenticator. + AuthenticationExtensionsClientOutputs extensions = 4; +} + +// Attestation response from the authentication, ie, the response to a +// credential creation request. +// https://www.w3.org/TR/webauthn-2/#authenticatorattestationresponse. +message AuthenticatorAttestationResponse { + // Raw client data JSON, exactly as signed by the authenticator. + // https://www.w3.org/TR/webauthn-2/#dictdef-collectedclientdata. + bytes client_data_json = 1; + // Raw attestation object. + // https://www.w3.org/TR/webauthn-2/#attestation-object + bytes attestation_object = 2; +} + +// ----------------------------------------------------------------------------- +// Common WebAuthn objects. +// ----------------------------------------------------------------------------- + +// Extensions supplied by the Relying Party during credential assertion or +// creation. +// https://www.w3.org/TR/webauthn-2/#client-extension-input +message AuthenticationExtensionsClientInputs { + // U2F application ID to be used by the authenticator, if any. + // Only available if using U2F compatibility mode. + // https://www.w3.org/TR/webauthn-2/#sctn-appid-extension. + string app_id = 1; +} + +// Extensions supplied by the authenticator to the Relying Party, during +// credential assertion or creation. +// https://www.w3.org/TR/webauthn-2/#client-extension-output. +message AuthenticationExtensionsClientOutputs { + // If true, the AppID extension was used by the authenticator, which changes + // the rpIdHash accordingly. + // https://www.w3.org/TR/webauthn-2/#sctn-appid-extension. + bool app_id = 1; +} + +// Authenticator selection criteria. +// Restricts the choice of authenticator for credential creation. +message AuthenticatorSelection { + // Authenticator attachment, empty means no particular attachment is + // required. + string authenticator_attachment = 1; + // Resident key requirement, if true the authenticator must create a resident + // key. + bool require_resident_key = 2; + // User verification requirement for authenticators. + string user_verification = 3; +} + +// Public key credential descriptor. +// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialdescriptor. +message CredentialDescriptor { + // Type of the credential, usually "public-key". + string type = 1; + // Raw Credential ID. + bytes id = 2; + +// Notes: +// * Transport hints omitted (assume no restrictions). +} + +// Parameters for credential creation. +// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialparameters. +message CredentialParameter { + // Credential type, usually "public-key". + // https://www.w3.org/TR/webauthn-2/#enumdef-publickeycredentialtype. + string type = 1; + // COSE algorithm specifier. + // Most authenticators support exclusively ES256(-7). + // https://www.w3.org/TR/webauthn-2/#typedefdef-cosealgorithmidentifier. + int32 alg = 2; +} + +// Relying Party information. +// See https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrpentity and +// https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions/rp. +message RelyingPartyEntity { + string id = 1; + string name = 2; + // URL to the icon of the Relying Party. + string icon = 3; +} + +// User information. +// See https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialuserentity +// and +// https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions/user. +message UserEntity { + // Raw ID of the user. + bytes id = 1; + // Human-palatable name for a user account. + // The Relying Party _may_ let the user choose this value. + string name = 2; + // Human-palatable name for the user account, intended only for display. + // The Relying Party _should_ let the user choose this value. + string display_name = 3; + // URL to a resource which can be the avatar image for the user. + string icon = 4; +} diff --git a/api/proto/teleport/legacy/types/wrappers/wrappers.proto b/api/proto/teleport/legacy/types/wrappers/wrappers.proto new file mode 100644 index 0000000000000..486bbf452f69d --- /dev/null +++ b/api/proto/teleport/legacy/types/wrappers/wrappers.proto @@ -0,0 +1,46 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package wrappers; + +import "gogoproto/gogo.proto"; + +option go_package = "github.com/gravitational/teleport/api/types/wrappers"; +option (gogoproto.goproto_getters_all) = false; +option (gogoproto.marshaler_all) = true; +option (gogoproto.unmarshaler_all) = true; + +// StringValues is a list of strings. +message StringValues { + repeated string Values = 1; +} + +// LabelValues is a list of key value pairs, where key is a string +// and value is a list of string values. +message LabelValues { + // Values contains key value pairs. + map Values = 1 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "labels" + ]; +} + +// CustomType is a json protobuf representation of a Go struct. This is +// useful when defining customtypes for use with the (gogoproto.customtype) extension. +message CustomType { + // Bytes is the marshalled json data of a struct. + bytes Bytes = 1 [(gogoproto.jsontag) = "json"]; +} diff --git a/api/types/access_request.go b/api/types/access_request.go index 2bcedc52f1210..dfabdb57c866a 100644 --- a/api/types/access_request.go +++ b/api/types/access_request.go @@ -98,6 +98,11 @@ type AccessRequest interface { GetLoginHint() string // SetLoginHint sets the requested login hint. SetLoginHint(string) + // GetDryRun returns true if this request should not be created and is only + // a dry run to validate request capabilities. + GetDryRun() bool + // SetDryRun sets the dry run flag on the request. + SetDryRun(bool) } // NewAccessRequest assembles an AccessRequest resource. @@ -396,6 +401,17 @@ func (r *AccessRequestV3) SetLoginHint(login string) { r.Spec.LoginHint = login } +// GetDryRun returns true if this request should not be created and is only +// a dry run to validate request capabilities. +func (r *AccessRequestV3) GetDryRun() bool { + return r.Spec.DryRun +} + +// SetDryRun sets the dry run flag on the request. +func (r *AccessRequestV3) SetDryRun(dryRun bool) { + r.Spec.DryRun = dryRun +} + // String returns a text representation of this AccessRequest func (r *AccessRequestV3) String() string { return fmt.Sprintf("AccessRequest(user=%v,roles=%+v)", r.Spec.User, r.Spec.Roles) diff --git a/api/types/app.go b/api/types/app.go index 79d3c9c27a194..389feb935c30b 100644 --- a/api/types/app.go +++ b/api/types/app.go @@ -61,8 +61,14 @@ type Application interface { GetRewrite() *Rewrite // IsAWSConsole returns true if this app is AWS management console. IsAWSConsole() bool + // IsTCP returns true if this app represents a TCP endpoint. + IsTCP() bool + // GetProtocol returns the application protocol. + GetProtocol() string // GetAWSAccountID returns value of label containing AWS account ID on this app. GetAWSAccountID() string + // GetAWSExternalID returns the AWS External ID configured for this app. + GetAWSExternalID() string // Copy returns a copy of this app resource. Copy() *AppV3 } @@ -231,7 +237,31 @@ func (a *AppV3) GetRewrite() *Rewrite { // IsAWSConsole returns true if this app is AWS management console. func (a *AppV3) IsAWSConsole() bool { - return strings.HasPrefix(a.Spec.URI, constants.AWSConsoleURL) + // TODO(greedy52) support region based console URL like: + // https://us-east-1.console.aws.amazon.com/ + for _, consoleURL := range []string{ + constants.AWSConsoleURL, + constants.AWSUSGovConsoleURL, + constants.AWSCNConsoleURL, + } { + if strings.HasPrefix(a.Spec.URI, consoleURL) { + return true + } + } + return false +} + +// IsTCP returns true if this app represents a TCP endpoint. +func (a *AppV3) IsTCP() bool { + return strings.HasPrefix(a.Spec.URI, "tcp://") +} + +// GetProtocol returns the application protocol. +func (a *AppV3) GetProtocol() string { + if a.IsTCP() { + return "TCP" + } + return "HTTP" } // GetAWSAccountID returns value of label containing AWS account ID on this app. @@ -239,6 +269,14 @@ func (a *AppV3) GetAWSAccountID() string { return a.Metadata.Labels[constants.AWSAccountIDLabel] } +// GetAWSExternalID returns the AWS External ID configured for this app. +func (a *AppV3) GetAWSExternalID() string { + if a.Spec.AWS == nil { + return "" + } + return a.Spec.AWS.ExternalID +} + // String returns the app string representation. func (a *AppV3) String() string { return fmt.Sprintf("App(Name=%v, PublicAddr=%v, Labels=%v)", diff --git a/api/types/app_test.go b/api/types/app_test.go index 9b5b12d23c806..dd14fe29cf5ad 100644 --- a/api/types/app_test.go +++ b/api/types/app_test.go @@ -22,6 +22,8 @@ import ( "github.com/gravitational/trace" "github.com/stretchr/testify/require" + + "github.com/gravitational/teleport/api/constants" ) // TestAppPublicAddrValidation tests PublicAddr field validation to make sure that @@ -164,3 +166,85 @@ func TestAppServerSorter(t *testing.T) { servers := makeServers(testValsUnordered, "does-not-matter") require.True(t, trace.IsNotImplemented(AppServers(servers).SortByCustom(sortBy))) } + +func TestAppIsAWSConsole(t *testing.T) { + tests := []struct { + name string + uri string + assertIsAWSConsole require.BoolAssertionFunc + }{ + { + name: "AWS Standard", + uri: "https://console.aws.amazon.com/ec2/v2/home", + assertIsAWSConsole: require.True, + }, + { + name: "AWS China", + uri: "https://console.amazonaws.cn/console/home", + assertIsAWSConsole: require.True, + }, + { + name: "AWS GovCloud (US)", + uri: "https://console.amazonaws-us-gov.com/console/home", + assertIsAWSConsole: require.True, + }, + { + name: "Region based not supported yet", + uri: "https://us-west-1.console.aws.amazon.com", + assertIsAWSConsole: require.False, + }, + { + name: "Not an AWS Console URL", + uri: "https://hello.world", + assertIsAWSConsole: require.False, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + app, err := NewAppV3(Metadata{ + Name: "aws", + }, AppSpecV3{ + URI: test.uri, + }) + require.NoError(t, err) + + test.assertIsAWSConsole(t, app.IsAWSConsole()) + }) + } +} + +func TestApplicationGetAWSExternalID(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + appAWS *AppAWS + expectedExternalID string + }{ + { + name: "not configured", + }, + { + name: "configured", + appAWS: &AppAWS{ + ExternalID: "default-external-id", + }, + expectedExternalID: "default-external-id", + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + app, err := NewAppV3(Metadata{ + Name: "aws", + }, AppSpecV3{ + URI: constants.AWSConsoleURL, + AWS: test.appAWS, + }) + require.NoError(t, err) + + require.Equal(t, test.expectedExternalID, app.GetAWSExternalID()) + }) + } +} diff --git a/api/types/audit.go b/api/types/audit.go index 3c524edc0d43f..2a6e37a207443 100644 --- a/api/types/audit.go +++ b/api/types/audit.go @@ -52,6 +52,11 @@ type ClusterAuditConfig interface { // SetAuditEventsURIs sets the audit events URIs. SetAuditEventsURIs([]string) + // SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends. + SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState) + // GetUseFIPSEndpoint gets the current FIPS endpoint setting + GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState + // EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery). EnableContinuousBackups() bool // EnableAutoScaling is used to enable (or disable) auto scaling policy. @@ -190,6 +195,16 @@ func (c *ClusterAuditConfigV2) SetAuditEventsURIs(uris []string) { c.Spec.AuditEventsURI = uris } +// SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends. +func (c *ClusterAuditConfigV2) SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState) { + c.Spec.UseFIPSEndpoint = state +} + +// GetUseFIPSEndpoint gets the current FIPS endpoint setting +func (c *ClusterAuditConfigV2) GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState { + return c.Spec.UseFIPSEndpoint +} + // EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery). func (c *ClusterAuditConfigV2) EnableContinuousBackups() bool { return c.Spec.EnableContinuousBackups diff --git a/api/types/cluster_alert.go b/api/types/cluster_alert.go new file mode 100644 index 0000000000000..900dbadb77f7e --- /dev/null +++ b/api/types/cluster_alert.go @@ -0,0 +1,202 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +import ( + "net/url" + "regexp" + "sort" + "time" + "unicode" + + "github.com/gravitational/trace" +) + +// matchAlertLabelKey is a fairly conservative allowed charset for label keys. +var matchAlertLabelKey = regexp.MustCompile(`^[a-z0-9\.\-\/]+$`).MatchString + +// matchAlertLabelVal is a slightly more permissive matcher for label values. +var matchAlertLabelVal = regexp.MustCompile(`^[a-z0-9\.\-_\/:|]+$`).MatchString + +const validLinkDestination = "goteleport.com" + +type alertOptions struct { + labels map[string]string + severity AlertSeverity + created time.Time + expires time.Time +} + +// AlertOption is a functional option for alert construction. +type AlertOption func(options *alertOptions) + +// WithAlertLabel constructs an alert with the specified label. +func WithAlertLabel(key, val string) AlertOption { + return func(options *alertOptions) { + if options.labels == nil { + options.labels = make(map[string]string) + } + options.labels[key] = val + } +} + +// WithAlertSeverity sets the severity of an alert (defaults to MEDIUM). +func WithAlertSeverity(severity AlertSeverity) AlertOption { + return func(options *alertOptions) { + options.severity = severity + } +} + +// WithAlertCreated sets the alert's creation time. Auth server automatically fills +// this before inserting the alert in the backend if none is set. +func WithAlertCreated(created time.Time) AlertOption { + return func(options *alertOptions) { + options.created = created.UTC() + } +} + +// WithAlertExpires sets the alerts expiry time. Auth server automatically applies a +// 24h expiry before inserting the alert in the backend if none is set. +func WithAlertExpires(expires time.Time) AlertOption { + return func(options *alertOptions) { + options.expires = expires.UTC() + } +} + +// NewClusterAlert creates a new cluster alert. +func NewClusterAlert(name string, message string, opts ...AlertOption) (ClusterAlert, error) { + options := alertOptions{ + severity: AlertSeverity_MEDIUM, + } + for _, opt := range opts { + opt(&options) + } + alert := ClusterAlert{ + ResourceHeader: ResourceHeader{ + Metadata: Metadata{ + Name: name, + Labels: options.labels, + Expires: &options.expires, + }, + }, + Spec: ClusterAlertSpec{ + Severity: options.severity, + Message: message, + Created: options.created, + }, + } + if err := alert.CheckAndSetDefaults(); err != nil { + return ClusterAlert{}, trace.Wrap(err) + } + return alert, nil +} + +// SortClusterAlerts applies the default cluster alert sorting, prioritizing +// elements by a combination of severity and creation time. Alerts are sorted +// with higher severity alerts first, and alerts of the same priority are sorted +// with newer alerts first. +func SortClusterAlerts(alerts []ClusterAlert) { + sort.Slice(alerts, func(i, j int) bool { + if alerts[i].Spec.Severity == alerts[j].Spec.Severity { + return alerts[i].Spec.Created.After(alerts[j].Spec.Created) + } + return alerts[i].Spec.Severity > alerts[j].Spec.Severity + }) +} + +func (c *ClusterAlert) setDefaults() { + if c.Kind == "" { + c.Kind = KindClusterAlert + } + + if c.Version == "" { + c.Version = V1 + } +} + +// CheckAndSetDefaults verifies required fields. +func (c *ClusterAlert) CheckAndSetDefaults() error { + c.setDefaults() + if c.Version != V1 { + return trace.BadParameter("unsupported cluster alert version: %s", c.Version) + } + + if c.Kind != KindClusterAlert { + return trace.BadParameter("expected kind %s, got %q", KindClusterAlert, c.Kind) + } + + if c.Metadata.Name == "" { + return trace.BadParameter("alert name must be specified") + } + + if err := c.CheckMessage(); err != nil { + return trace.Wrap(err) + } + + for key, val := range c.Metadata.Labels { + if !matchAlertLabelKey(key) { + return trace.BadParameter("invalid alert label key: %q", key) + } + // for links, we relax the conditions on label values + if key != AlertLink && !matchAlertLabelVal(val) { + return trace.BadParameter("invalid alert label value: %q", val) + } + + if key == AlertLink { + u, err := url.Parse(val) + if err != nil { + return trace.BadParameter("invalid alert: label link %q is not a valid URL", val) + } + if u.Hostname() != validLinkDestination { + return trace.BadParameter("invalid alert: label link not allowed %q", val) + } + } + } + return nil +} + +func (c *ClusterAlert) CheckMessage() error { + if c.Spec.Message == "" { + return trace.BadParameter("alert message must be specified") + } + + for _, c := range c.Spec.Message { + if unicode.IsControl(c) { + return trace.BadParameter("control characters not supported in alerts") + } + } + return nil +} + +// Match checks if the given cluster alert matches this query. +func (r *GetClusterAlertsRequest) Match(alert ClusterAlert) bool { + if alert.Spec.Severity < r.Severity { + return false + } + + if r.AlertID != "" && r.AlertID != alert.Metadata.Name { + return false + } + + for key, val := range r.Labels { + if alert.Metadata.Labels[key] != val { + return false + } + } + + return true +} diff --git a/api/types/cluster_alert_test.go b/api/types/cluster_alert_test.go new file mode 100644 index 0000000000000..8c467ded203ef --- /dev/null +++ b/api/types/cluster_alert_test.go @@ -0,0 +1,116 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +import ( + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/require" +) + +// TestAlertSorting verifies the default cluster alert sorting. +func TestAlertSorting(t *testing.T) { + start := time.Now() + + aa := []struct { + t time.Time // creation time + s AlertSeverity // severity + p int // post-sort index + }{ + { + t: start.Add(time.Second * 2), + s: AlertSeverity_HIGH, + p: 1, + }, + { + t: start.Add(time.Second * 1), + s: AlertSeverity_HIGH, + p: 2, + }, + { + t: start.Add(time.Second * 2), + s: AlertSeverity_LOW, + p: 4, + }, + { + t: start.Add(time.Second * 3), + s: AlertSeverity_HIGH, + p: 0, + }, + { + t: start.Add(time.Hour), + s: AlertSeverity_MEDIUM, + p: 3, + }, + } + + // build the alerts + alerts := make([]ClusterAlert, 0, len(aa)) + for i, a := range aa { + alert, err := NewClusterAlert( + fmt.Sprintf("alert-%d", i), + "uh-oh!", + WithAlertCreated(a.t), + WithAlertSeverity(a.s), + WithAlertLabel("p", fmt.Sprintf("%d", a.p)), + ) + require.NoError(t, err) + alerts = append(alerts, alert) + } + + // apply the default sorting + SortClusterAlerts(alerts) + + // verify that post-sort labels now match order + for i, a := range alerts { + require.Equal(t, fmt.Sprintf("%d", i), a.Metadata.Labels["p"]) + } +} + +// TestCheckAndSetDefaults verifies that only valid URLs are set on the link label. +func TestCheckAndSetDefaultsWithLink(t *testing.T) { + tests := []struct { + link string + assert require.ErrorAssertionFunc + }{ + { + link: "https://goteleport.com/docs", + assert: require.NoError, + }, + { + link: "h{t}tps://goteleport.com/docs", + assert: require.Error, + }, + { + link: "https://google.com", + assert: require.Error, + }, + } + + for i, tt := range tests { + t.Run(tt.link, func(t *testing.T) { + _, err := NewClusterAlert( + fmt.Sprintf("name-%d", i), + fmt.Sprintf("message-%d", i), + WithAlertLabel(AlertLink, tt.link), + ) + tt.assert(t, err) + }) + } +} diff --git a/api/types/connection_diagnostic.go b/api/types/connection_diagnostic.go new file mode 100644 index 0000000000000..b51dcce334f65 --- /dev/null +++ b/api/types/connection_diagnostic.go @@ -0,0 +1,165 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +import ( + "github.com/gravitational/teleport/api/utils" + "github.com/gravitational/trace" +) + +const ( + // DiagnosticMessageSuccess is the message used when we the Connection was successful + DiagnosticMessageSuccess = "success" + + // DiagnosticMessageFailed is the message used when we the Connection failed + DiagnosticMessageFailed = "failed" +) + +// ConnectionDiagnostic represents a Connection Diagnostic. +type ConnectionDiagnostic interface { + // ResourceWithLabels provides common resource methods. + ResourceWithLabels + + // Whether the connection was successful + IsSuccess() bool + // Sets the success flag + SetSuccess(bool) + + // The underlying message + GetMessage() string + // Sets the undderlying message + SetMessage(string) + + // The connection test traces + GetTraces() []*ConnectionDiagnosticTrace + + // AppendTrace adds a trace to the ConnectionDiagnostic Traces + AppendTrace(*ConnectionDiagnosticTrace) +} + +type ConnectionsDiagnostic []ConnectionDiagnostic + +var _ ConnectionDiagnostic = &ConnectionDiagnosticV1{} + +// NewConnectionDiagnosticV1 creates a new ConnectionDiagnosticV1 resource. +func NewConnectionDiagnosticV1(name string, labels map[string]string, spec ConnectionDiagnosticSpecV1) (*ConnectionDiagnosticV1, error) { + c := &ConnectionDiagnosticV1{ + ResourceHeader: ResourceHeader{ + Version: V1, + Kind: KindConnectionDiagnostic, + Metadata: Metadata{ + Name: name, + Labels: labels, + }, + }, + Spec: spec, + } + + if err := c.CheckAndSetDefaults(); err != nil { + return nil, trace.Wrap(err) + } + + return c, nil +} + +// CheckAndSetDefaults checks and sets default values for any missing fields. +func (c *ConnectionDiagnosticV1) CheckAndSetDefaults() error { + if c.Spec.Message == "" { + return trace.BadParameter("ConnectionDiagnosticV1.Spec missing Message field") + } + + return nil +} + +// GetAllLabels returns combined static and dynamic labels. +func (c *ConnectionDiagnosticV1) GetAllLabels() map[string]string { + return CombineLabels(c.Metadata.Labels, nil) +} + +// GetStaticLabels returns the connection diagnostic static labels. +func (c *ConnectionDiagnosticV1) GetStaticLabels() map[string]string { + return c.Metadata.Labels +} + +// IsSuccess returns whether the connection was successful +func (c *ConnectionDiagnosticV1) IsSuccess() bool { + return c.Spec.Success +} + +// SetSuccess sets whether the Connection was a success or not +func (c *ConnectionDiagnosticV1) SetSuccess(b bool) { + c.Spec.Success = b +} + +// GetMessage returns the connection diagnostic message. +func (c *ConnectionDiagnosticV1) GetMessage() string { + return c.Spec.Message +} + +// SetMessage sets the summary message of the Connection Diagnostic +func (c *ConnectionDiagnosticV1) SetMessage(s string) { + c.Spec.Message = s +} + +// GetTraces returns the connection test traces +func (c *ConnectionDiagnosticV1) GetTraces() []*ConnectionDiagnosticTrace { + return c.Spec.Traces +} + +// AppendTrace adds a trace into the Traces list +func (c *ConnectionDiagnosticV1) AppendTrace(trace *ConnectionDiagnosticTrace) { + c.Spec.Traces = append(c.Spec.Traces, trace) +} + +// MatchSearch goes through select field values and tries to +// match against the list of search values. +func (c *ConnectionDiagnosticV1) MatchSearch(values []string) bool { + fieldVals := append(utils.MapToStrings(c.GetAllLabels()), c.GetName()) + return MatchSearch(fieldVals, values, nil) +} + +// Origin returns the origin value of the resource. +func (c *ConnectionDiagnosticV1) Origin() string { + return c.Metadata.Labels[OriginLabel] +} + +// SetOrigin sets the origin value of the resource. +func (c *ConnectionDiagnosticV1) SetOrigin(o string) { + c.Metadata.Labels[OriginLabel] = o +} + +// SetStaticLabels sets the connection diagnostic static labels. +func (c *ConnectionDiagnosticV1) SetStaticLabels(sl map[string]string) { + c.Metadata.Labels = sl +} + +// NewTraceDiagnosticConnection creates a new Connection Diagnostic Trace. +// If traceErr is not nil, it will set the Status to FAILED, SUCCESS otherwise. +func NewTraceDiagnosticConnection(traceType ConnectionDiagnosticTrace_TraceType, details string, traceErr error) *ConnectionDiagnosticTrace { + ret := &ConnectionDiagnosticTrace{ + Status: ConnectionDiagnosticTrace_SUCCESS, + Type: traceType, + Details: details, + } + + if traceErr != nil { + ret.Status = ConnectionDiagnosticTrace_FAILED + ret.Error = traceErr.Error() + } + + return ret +} diff --git a/api/types/constants.go b/api/types/constants.go index 871e35d3affc1..cf574a6cce387 100644 --- a/api/types/constants.go +++ b/api/types/constants.go @@ -256,6 +256,19 @@ const ( // KindSessionTracker is a resource that tracks a live session. KindSessionTracker = "session_tracker" + // KindDatabaseCertificate is a resource to control Database Certificates generation + KindDatabaseCertificate = "database_certificate" + + // KindConnectionDiagnostic is a resource that tracks the result of testing a connection + KindConnectionDiagnostic = "connection_diagnostic" + + // KindClusterAlert is a resource that conveys a cluster-level alert message. + KindClusterAlert = "cluster_alert" + + // KindInstaller is a resource that holds a node installer script + // used to install teleport on discovered nodes + KindInstaller = "installer" + // V5 is the fifth version of resources. V5 = "v5" @@ -328,6 +341,15 @@ const ( // OriginKubernetes is an origin value indicating that the resource was // created from the Kubernetes Operator. OriginKubernetes = "kubernetes" + + // AWSAccountIDLabel is used to identify nodes by AWS account ID + // found via automatic discovery, to avoid re-running installation + // commands on the node. + AWSAccountIDLabel = TeleportNamespace + "/account-id" + // AWSInstanceIDLabel is used to identify nodes by EC2 instance ID + // found via automatic discovery, to avoid re-running installation + // commands on the node. + AWSInstanceIDLabel = TeleportNamespace + "/instance-id" ) // EC2HostnameTag is the name of the EC2 tag used to override a node's hostname. @@ -419,6 +441,37 @@ const ( // BotGenerationLabel is a label used to record the certificate generation counter. BotGenerationLabel = "teleport.internal/bot-generation" + + // InternalResourceIDLabel is a label used to store an ID to correlate between two resources + // A pratical example of this is to create a correlation between a Node Provision Token and + // the Node that used that token to join the cluster + InternalResourceIDLabel = "teleport.internal/resource-id" + + // AlertOnLogin is an internal label that indicates an alert should be displayed to users on login + AlertOnLogin = "teleport.internal/alert-on-login" + + // AlertPermitAll is an internal label that indicates that an alert is suitable for display + // to all users. + AlertPermitAll = "teleport.internal/alert-permit-all" + + // AlertLink is an internal label that indicates that an alert is a link. + AlertLink = "teleport.internal/link" + + // AlertVerbPermit is an internal label that permits a user to view the alert if they + // hold a specific resource permission verb (e.g. 'node:list'). Note that this label is + // a coarser control than it might initially appear and has the potential for accidental + // misuse. Because this permitting strategy doesn't take into account constraints such as + // label selectors or where clauses, it can't reliably protect information related to a + // specific resource. This label should be used only for permitting of alerts that are + // of concern to holders of a given : capability in the most general case. + AlertVerbPermit = "teleport.internal/alert-verb-permit" + + // AlertSupersedes is an internal label used to indicate when one alert supersedes + // another. Teleport may choose to hide the superseded alert if the superseding alert + // is also visible to the user and of higher or equivalent severity. This intended as + // a mechanism for reducing noise/redundancy, and is not a form of access control. Use + // one of the "permit" labels if you need to restrict viewership of an alert. + AlertSupersedes = "teleport.internal/alert-supersedes" ) // RequestableResourceKinds lists all Teleport resource kinds users can request access to. diff --git a/api/types/database.go b/api/types/database.go index ab9431ae0b460..f421a473018c6 100644 --- a/api/types/database.go +++ b/api/types/database.go @@ -20,6 +20,7 @@ import ( "fmt" "net" "strings" + "text/template" "time" "github.com/gravitational/teleport/api/utils" @@ -78,12 +79,14 @@ type Database interface { GetGCP() GCPCloudSQL // GetAzure returns Azure database server metadata. GetAzure() Azure + // SetStatusAzure sets the database Azure metadata in the status field. + SetStatusAzure(Azure) // GetAD returns Active Directory database configuration. GetAD() AD // GetType returns the database authentication type: self-hosted, RDS, Redshift or Cloud SQL. GetType() string // GetIAMPolicy returns AWS IAM policy for the database. - GetIAMPolicy() string + GetIAMPolicy() (string, error) // GetIAMAction returns AWS IAM action needed to connect to the database. GetIAMAction() string // GetIAMResources returns AWS IAM resources that provide access to the database. @@ -315,11 +318,24 @@ func (d *DatabaseV3) GetGCP() GCPCloudSQL { return d.Spec.GCP } +// IsEmpty returns true if Azure metadata is empty. +func (a Azure) IsEmpty() bool { + return cmp.Equal(a, Azure{}) +} + // GetAzure returns Azure database server metadata. func (d *DatabaseV3) GetAzure() Azure { + if !d.Status.Azure.IsEmpty() { + return d.Status.Azure + } return d.Spec.Azure } +// SetStatusAzure sets the database Azure metadata in the status field. +func (d *DatabaseV3) SetStatusAzure(azure Azure) { + d.Status.Azure = azure +} + // GetAD returns Active Directory database configuration. func (d *DatabaseV3) GetAD() AD { return d.Spec.AD @@ -523,13 +539,15 @@ func parseAzureEndpoint(endpoint string) (name string, err error) { } // GetIAMPolicy returns AWS IAM policy for this database. -func (d *DatabaseV3) GetIAMPolicy() string { +func (d *DatabaseV3) GetIAMPolicy() (string, error) { if d.IsRDS() { - return d.getRDSPolicy() + policy, err := d.getRDSPolicy() + return policy, trace.Wrap(err) } else if d.IsRedshift() { - return d.getRedshiftPolicy() + policy, err := d.getRedshiftPolicy() + return policy, trace.Wrap(err) } - return "" + return "", trace.BadParameter("GetIAMPolicy is not supported policy for database type %s", d.GetType()) } // GetIAMAction returns AWS IAM action needed to connect to the database. @@ -545,22 +563,23 @@ func (d *DatabaseV3) GetIAMAction() string { // GetIAMResources returns AWS IAM resources that provide access to the database. func (d *DatabaseV3) GetIAMResources() []string { aws := d.GetAWS() + partition := awsutils.GetPartitionFromRegion(aws.Region) if d.IsRDS() { if aws.Region != "" && aws.AccountID != "" && aws.RDS.ResourceID != "" { return []string{ - fmt.Sprintf("arn:aws:rds-db:%v:%v:dbuser:%v/*", - aws.Region, aws.AccountID, aws.RDS.ResourceID), + fmt.Sprintf("arn:%v:rds-db:%v:%v:dbuser:%v/*", + partition, aws.Region, aws.AccountID, aws.RDS.ResourceID), } } } else if d.IsRedshift() { if aws.Region != "" && aws.AccountID != "" && aws.Redshift.ClusterID != "" { return []string{ - fmt.Sprintf("arn:aws:redshift:%v:%v:dbuser:%v/*", - aws.Region, aws.AccountID, aws.Redshift.ClusterID), - fmt.Sprintf("arn:aws:redshift:%v:%v:dbname:%v/*", - aws.Region, aws.AccountID, aws.Redshift.ClusterID), - fmt.Sprintf("arn:aws:redshift:%v:%v:dbgroup:%v/*", - aws.Region, aws.AccountID, aws.Redshift.ClusterID), + fmt.Sprintf("arn:%v:redshift:%v:%v:dbuser:%v/*", + partition, aws.Region, aws.AccountID, aws.Redshift.ClusterID), + fmt.Sprintf("arn:%v:redshift:%v:%v:dbname:%v/*", + partition, aws.Region, aws.AccountID, aws.Redshift.ClusterID), + fmt.Sprintf("arn:%v:redshift:%v:%v:dbgroup:%v/*", + partition, aws.Region, aws.AccountID, aws.Redshift.ClusterID), } } } @@ -583,7 +602,7 @@ func (d *DatabaseV3) SetManagedUsers(users []string) { } // getRDSPolicy returns IAM policy document for this RDS database. -func (d *DatabaseV3) getRDSPolicy() string { +func (d *DatabaseV3) getRDSPolicy() (string, error) { region := d.GetAWS().Region if region == "" { region = "" @@ -596,12 +615,22 @@ func (d *DatabaseV3) getRDSPolicy() string { if resourceID == "" { resourceID = "" } - return fmt.Sprintf(rdsPolicyTemplate, - region, accountID, resourceID) + + var sb strings.Builder + err := rdsPolicyTemplate.Execute(&sb, arnTemplateInput{ + Partition: awsutils.GetPartitionFromRegion(region), + Region: region, + AccountID: accountID, + ResourceID: resourceID, + }) + if err != nil { + return "", trace.Wrap(err) + } + return sb.String(), nil } // getRedshiftPolicy returns IAM policy document for this Redshift database. -func (d *DatabaseV3) getRedshiftPolicy() string { +func (d *DatabaseV3) getRedshiftPolicy() (string, error) { region := d.GetAWS().Region if region == "" { region = "" @@ -614,8 +643,18 @@ func (d *DatabaseV3) getRedshiftPolicy() string { if clusterID == "" { clusterID = "" } - return fmt.Sprintf(redshiftPolicyTemplate, - region, accountID, clusterID) + + var sb strings.Builder + err := redshiftPolicyTemplate.Execute(&sb, arnTemplateInput{ + Partition: awsutils.GetPartitionFromRegion(region), + Region: region, + AccountID: accountID, + ResourceID: clusterID, + }) + if err != nil { + return "", trace.Wrap(err) + } + return sb.String(), nil } const ( @@ -635,6 +674,11 @@ const ( DatabaseTypeMemoryDB = "memorydb" ) +// GetServerName returns the GCP database project and instance as ":". +func (gcp GCPCloudSQL) GetServerName() string { + return fmt.Sprintf("%s:%s", gcp.ProjectID, gcp.InstanceID) +} + // DeduplicateDatabases deduplicates databases by name. func DeduplicateDatabases(databases []Database) (result []Database) { seen := make(map[string]struct{}) @@ -682,31 +726,35 @@ const ( AzureEndpointSuffix = ".database.azure.com" ) +type arnTemplateInput struct { + Partition, Region, AccountID, ResourceID string +} + var ( // rdsPolicyTemplate is the IAM policy template for RDS databases access. - rdsPolicyTemplate = `{ + rdsPolicyTemplate = template.Must(template.New("").Parse(`{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "rds-db:connect", - "Resource": "arn:aws:rds-db:%v:%v:dbuser:%v/*" + "Resource": "arn:{{.Partition}}:rds-db:{{.Region}}:{{.AccountID}}:dbuser:{{.ResourceID}}/*" } ] -}` +}`)) // redshiftPolicyTemplate is the IAM policy template for Redshift databases access. - redshiftPolicyTemplate = `{ + redshiftPolicyTemplate = template.Must(template.New("").Parse(`{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "redshift:GetClusterCredentials", "Resource": [ - "arn:aws:redshift:%[1]v:%[2]v:dbuser:%[3]v/*", - "arn:aws:redshift:%[1]v:%[2]v:dbname:%[3]v/*", - "arn:aws:redshift:%[1]v:%[2]v:dbgroup:%[3]v/*" + "arn:{{.Partition}}:redshift:{{.Region}}:{{.AccountID}}:dbuser:{{.ResourceID}}/*", + "arn:{{.Partition}}:redshift:{{.Region}}:{{.AccountID}}:dbname:{{.ResourceID}}/*", + "arn:{{.Partition}}:redshift:{{.Region}}:{{.AccountID}}:dbgroup:{{.ResourceID}}/*" ] } ] -}` +}`)) ) diff --git a/api/types/databaseserver.go b/api/types/databaseserver.go index 67db0dda917f0..d78f78e92f8bc 100644 --- a/api/types/databaseserver.go +++ b/api/types/databaseserver.go @@ -386,3 +386,12 @@ func (s DatabaseServers) GetFieldVals(field string) ([]string, error) { return vals, nil } + +// ToDatabases converts database servers to a list of databases. +func (s DatabaseServers) ToDatabases() []Database { + databases := make([]Database, 0, len(s)) + for _, server := range s { + databases = append(databases, server.GetDatabase()) + } + return databases +} diff --git a/api/types/desktop.go b/api/types/desktop.go index 3770cc50d885d..7ad10b37a5ced 100644 --- a/api/types/desktop.go +++ b/api/types/desktop.go @@ -37,15 +37,24 @@ type WindowsDesktopService interface { ProxiedService } +type WindowsDesktopServices []WindowsDesktopService + +// AsResources returns windows desktops as type resources with labels. +func (s WindowsDesktopServices) AsResources() []ResourceWithLabels { + resources := make([]ResourceWithLabels, 0, len(s)) + for _, server := range s { + resources = append(resources, ResourceWithLabels(server)) + } + return resources +} + var _ WindowsDesktopService = &WindowsDesktopServiceV3{} // NewWindowsDesktopServiceV3 creates a new WindowsDesktopServiceV3 resource. -func NewWindowsDesktopServiceV3(name string, spec WindowsDesktopServiceSpecV3) (*WindowsDesktopServiceV3, error) { +func NewWindowsDesktopServiceV3(meta Metadata, spec WindowsDesktopServiceSpecV3) (*WindowsDesktopServiceV3, error) { s := &WindowsDesktopServiceV3{ ResourceHeader: ResourceHeader{ - Metadata: Metadata{ - Name: name, - }, + Metadata: meta, }, Spec: spec, } @@ -129,7 +138,8 @@ func (s *WindowsDesktopServiceV3) GetHostname() string { // MatchSearch goes through select field values and tries to // match against the list of search values. func (s *WindowsDesktopServiceV3) MatchSearch(values []string) bool { - return MatchSearch(nil, values, nil) + fieldVals := append(utils.MapToStrings(s.GetAllLabels()), s.GetName(), s.GetHostname()) + return MatchSearch(fieldVals, values, nil) } // WindowsDesktop represents a Windows desktop host. @@ -346,3 +356,17 @@ type ListWindowsDesktopsRequest struct { Labels map[string]string SearchKeywords []string } + +// ListWindowsDesktopServicesResponse is a response type to ListWindowsDesktopServices. +type ListWindowsDesktopServicesResponse struct { + DesktopServices []WindowsDesktopService + NextKey string +} + +// ListWindowsDesktopServicesRequest is a request type to ListWindowsDesktopServices. +type ListWindowsDesktopServicesRequest struct { + Limit int + StartKey, PredicateExpression string + Labels map[string]string + SearchKeywords []string +} diff --git a/api/types/events/events.go b/api/types/events/events.go index 02926932cb515..a10f3e3209c6a 100644 --- a/api/types/events/events.go +++ b/api/types/events/events.go @@ -72,3 +72,50 @@ func (m *DatabaseSessionQuery) TrimToMaxSize(maxSize int) AuditEvent { } return out } + +// TrimToMaxSize trims the SessionStart event to the given maximum size. +// Currently assumes that the largest field will be InitialCommand and tries to +// trim that. +func (e *SessionStart) TrimToMaxSize(maxSize int) AuditEvent { + size := e.Size() + if size <= maxSize { + return e + } + + out := proto.Clone(e).(*SessionStart) + out.InitialCommand = nil + + // Use 10% max size ballast + message size without InitialCommand + sizeBallast := maxSize/10 + out.Size() + maxSize -= sizeBallast + + maxFieldSize := maxSizePerField(maxSize, len(e.InitialCommand)) + + out.InitialCommand = make([]string, len(e.InitialCommand)) + for i, c := range e.InitialCommand { + out.InitialCommand[i] = trimN(c, maxFieldSize) + } + + return out +} + +// TrimToMaxSize trims the Exec event to the given maximum size. +// Currently assumes that the largest field will be Command and tries to trim +// that. +func (e *Exec) TrimToMaxSize(maxSize int) AuditEvent { + size := e.Size() + if size <= maxSize { + return e + } + + out := proto.Clone(e).(*Exec) + out.Command = "" + + // Use 10% max size ballast + message size without Command + sizeBallast := maxSize/10 + out.Size() + maxSize -= sizeBallast + + out.Command = trimN(e.Command, maxSize) + + return out +} diff --git a/api/types/events/events.pb.go b/api/types/events/events.pb.go index d13084d991625..28debac0f22dc 100644 --- a/api/types/events/events.pb.go +++ b/api/types/events/events.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: events.proto +// source: teleport/legacy/types/events/events.proto package events @@ -8,10 +8,12 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/struct" - _ "github.com/golang/protobuf/ptypes/timestamp" + types "github.com/gravitational/teleport/api/types" _ "github.com/gravitational/teleport/api/types/wrappers" github_com_gravitational_teleport_api_types_wrappers "github.com/gravitational/teleport/api/types/wrappers" + _ "google.golang.org/protobuf/types/known/structpb" + _ "google.golang.org/protobuf/types/known/timestamppb" + _ "google.golang.org/protobuf/types/known/wrapperspb" io "io" math "math" math_bits "math/bits" @@ -53,7 +55,121 @@ func (x EventAction) String() string { } func (EventAction) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{0} + return fileDescriptor_007ba1c3d6266d56, []int{0} +} + +// SFTPAction denotes what type of SFTP request was made. +// These actions were taken from https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02. +type SFTPAction int32 + +const ( + SFTPAction_INVALID SFTPAction = 0 + SFTPAction_OPEN SFTPAction = 1 + SFTPAction_CLOSE SFTPAction = 2 + SFTPAction_READ SFTPAction = 3 + SFTPAction_WRITE SFTPAction = 4 + SFTPAction_LSTAT SFTPAction = 5 + SFTPAction_FSTAT SFTPAction = 6 + SFTPAction_SETSTAT SFTPAction = 7 + SFTPAction_FSETSTAT SFTPAction = 8 + SFTPAction_OPENDIR SFTPAction = 9 + SFTPAction_READDIR SFTPAction = 10 + SFTPAction_REMOVE SFTPAction = 11 + SFTPAction_MKDIR SFTPAction = 12 + SFTPAction_RMDIR SFTPAction = 13 + SFTPAction_REALPATH SFTPAction = 14 + SFTPAction_STAT SFTPAction = 15 + SFTPAction_RENAME SFTPAction = 16 + SFTPAction_READLINK SFTPAction = 17 + SFTPAction_SYMLINK SFTPAction = 18 +) + +var SFTPAction_name = map[int32]string{ + 0: "INVALID", + 1: "OPEN", + 2: "CLOSE", + 3: "READ", + 4: "WRITE", + 5: "LSTAT", + 6: "FSTAT", + 7: "SETSTAT", + 8: "FSETSTAT", + 9: "OPENDIR", + 10: "READDIR", + 11: "REMOVE", + 12: "MKDIR", + 13: "RMDIR", + 14: "REALPATH", + 15: "STAT", + 16: "RENAME", + 17: "READLINK", + 18: "SYMLINK", +} + +var SFTPAction_value = map[string]int32{ + "INVALID": 0, + "OPEN": 1, + "CLOSE": 2, + "READ": 3, + "WRITE": 4, + "LSTAT": 5, + "FSTAT": 6, + "SETSTAT": 7, + "FSETSTAT": 8, + "OPENDIR": 9, + "READDIR": 10, + "REMOVE": 11, + "MKDIR": 12, + "RMDIR": 13, + "REALPATH": 14, + "STAT": 15, + "RENAME": 16, + "READLINK": 17, + "SYMLINK": 18, +} + +func (x SFTPAction) String() string { + return proto.EnumName(SFTPAction_name, int32(x)) +} + +func (SFTPAction) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{1} +} + +// ElasticsearchCategory specifies Elasticsearch request category. +type ElasticsearchCategory int32 + +const ( + // GENERAL is for otherwise uncategorized calls. + ElasticsearchCategory_GENERAL ElasticsearchCategory = 0 + // SECURITY is for _security and _ssl APIs. + ElasticsearchCategory_SECURITY ElasticsearchCategory = 1 + // SEARCH is for search-related APIs. + ElasticsearchCategory_SEARCH ElasticsearchCategory = 2 + // SQL covers _sql API. + ElasticsearchCategory_SQL ElasticsearchCategory = 3 +) + +var ElasticsearchCategory_name = map[int32]string{ + 0: "GENERAL", + 1: "SECURITY", + 2: "SEARCH", + 3: "SQL", +} + +var ElasticsearchCategory_value = map[string]int32{ + "GENERAL": 0, + "SECURITY": 1, + "SEARCH": 2, + "SQL": 3, +} + +func (x ElasticsearchCategory) String() string { + return proto.EnumName(ElasticsearchCategory_name, int32(x)) +} + +func (ElasticsearchCategory) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{2} } // Operation is the network operation that was performed or attempted @@ -81,7 +197,7 @@ func (x SessionNetwork_NetworkOperation) String() string { } func (SessionNetwork_NetworkOperation) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{22, 0} + return fileDescriptor_007ba1c3d6266d56, []int{22, 0} } // Metadata is a common event metadata @@ -107,7 +223,7 @@ func (m *Metadata) Reset() { *m = Metadata{} } func (m *Metadata) String() string { return proto.CompactTextString(m) } func (*Metadata) ProtoMessage() {} func (*Metadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{0} + return fileDescriptor_007ba1c3d6266d56, []int{0} } func (m *Metadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -151,7 +267,7 @@ func (m *SessionMetadata) Reset() { *m = SessionMetadata{} } func (m *SessionMetadata) String() string { return proto.CompactTextString(m) } func (*SessionMetadata) ProtoMessage() {} func (*SessionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{1} + return fileDescriptor_007ba1c3d6266d56, []int{1} } func (m *SessionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -201,7 +317,7 @@ func (m *UserMetadata) Reset() { *m = UserMetadata{} } func (m *UserMetadata) String() string { return proto.CompactTextString(m) } func (*UserMetadata) ProtoMessage() {} func (*UserMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{2} + return fileDescriptor_007ba1c3d6266d56, []int{2} } func (m *UserMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -242,17 +358,21 @@ type ServerMetadata struct { ServerAddr string `protobuf:"bytes,4,opt,name=ServerAddr,proto3" json:"server_addr,omitempty"` // ServerLabels are the labels (static and dynamic) of the server the // session occurred on. - ServerLabels map[string]string `protobuf:"bytes,5,rep,name=ServerLabels,proto3" json:"server_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ServerLabels map[string]string `protobuf:"bytes,5,rep,name=ServerLabels,proto3" json:"server_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // ForwardedBy tells us if the metadata was sent by the node itself or by another node in it's + // place. We can't verify emit permissions fully for these events so care should be taken with + // them. + ForwardedBy string `protobuf:"bytes,6,opt,name=ForwardedBy,proto3" json:"forwarded_by,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ServerMetadata) Reset() { *m = ServerMetadata{} } func (m *ServerMetadata) String() string { return proto.CompactTextString(m) } func (*ServerMetadata) ProtoMessage() {} func (*ServerMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{3} + return fileDescriptor_007ba1c3d6266d56, []int{3} } func (m *ServerMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -298,7 +418,7 @@ func (m *ConnectionMetadata) Reset() { *m = ConnectionMetadata{} } func (m *ConnectionMetadata) String() string { return proto.CompactTextString(m) } func (*ConnectionMetadata) ProtoMessage() {} func (*ConnectionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{4} + return fileDescriptor_007ba1c3d6266d56, []int{4} } func (m *ConnectionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -340,7 +460,7 @@ func (m *ClientMetadata) Reset() { *m = ClientMetadata{} } func (m *ClientMetadata) String() string { return proto.CompactTextString(m) } func (*ClientMetadata) ProtoMessage() {} func (*ClientMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{5} + return fileDescriptor_007ba1c3d6266d56, []int{5} } func (m *ClientMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -390,7 +510,7 @@ func (m *KubernetesClusterMetadata) Reset() { *m = KubernetesClusterMeta func (m *KubernetesClusterMetadata) String() string { return proto.CompactTextString(m) } func (*KubernetesClusterMetadata) ProtoMessage() {} func (*KubernetesClusterMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{6} + return fileDescriptor_007ba1c3d6266d56, []int{6} } func (m *KubernetesClusterMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -441,7 +561,7 @@ func (m *KubernetesPodMetadata) Reset() { *m = KubernetesPodMetadata{} } func (m *KubernetesPodMetadata) String() string { return proto.CompactTextString(m) } func (*KubernetesPodMetadata) ProtoMessage() {} func (*KubernetesPodMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{7} + return fileDescriptor_007ba1c3d6266d56, []int{7} } func (m *KubernetesPodMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -502,7 +622,7 @@ func (m *SessionStart) Reset() { *m = SessionStart{} } func (m *SessionStart) String() string { return proto.CompactTextString(m) } func (*SessionStart) ProtoMessage() {} func (*SessionStart) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{8} + return fileDescriptor_007ba1c3d6266d56, []int{8} } func (m *SessionStart) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -555,7 +675,7 @@ func (m *SessionJoin) Reset() { *m = SessionJoin{} } func (m *SessionJoin) String() string { return proto.CompactTextString(m) } func (*SessionJoin) ProtoMessage() {} func (*SessionJoin) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{9} + return fileDescriptor_007ba1c3d6266d56, []int{9} } func (m *SessionJoin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -609,7 +729,7 @@ func (m *SessionPrint) Reset() { *m = SessionPrint{} } func (m *SessionPrint) String() string { return proto.CompactTextString(m) } func (*SessionPrint) ProtoMessage() {} func (*SessionPrint) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{10} + return fileDescriptor_007ba1c3d6266d56, []int{10} } func (m *SessionPrint) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -656,7 +776,7 @@ func (m *DesktopRecording) Reset() { *m = DesktopRecording{} } func (m *DesktopRecording) String() string { return proto.CompactTextString(m) } func (*DesktopRecording) ProtoMessage() {} func (*DesktopRecording) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{11} + return fileDescriptor_007ba1c3d6266d56, []int{11} } func (m *DesktopRecording) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -709,7 +829,7 @@ func (m *DesktopClipboardReceive) Reset() { *m = DesktopClipboardReceive func (m *DesktopClipboardReceive) String() string { return proto.CompactTextString(m) } func (*DesktopClipboardReceive) ProtoMessage() {} func (*DesktopClipboardReceive) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{12} + return fileDescriptor_007ba1c3d6266d56, []int{12} } func (m *DesktopClipboardReceive) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -762,7 +882,7 @@ func (m *DesktopClipboardSend) Reset() { *m = DesktopClipboardSend{} } func (m *DesktopClipboardSend) String() string { return proto.CompactTextString(m) } func (*DesktopClipboardSend) ProtoMessage() {} func (*DesktopClipboardSend) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{13} + return fileDescriptor_007ba1c3d6266d56, []int{13} } func (m *DesktopClipboardSend) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -816,7 +936,7 @@ func (m *SessionReject) Reset() { *m = SessionReject{} } func (m *SessionReject) String() string { return proto.CompactTextString(m) } func (*SessionReject) ProtoMessage() {} func (*SessionReject) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{14} + return fileDescriptor_007ba1c3d6266d56, []int{14} } func (m *SessionReject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -859,7 +979,7 @@ func (m *SessionConnect) Reset() { *m = SessionConnect{} } func (m *SessionConnect) String() string { return proto.CompactTextString(m) } func (*SessionConnect) ProtoMessage() {} func (*SessionConnect) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{15} + return fileDescriptor_007ba1c3d6266d56, []int{15} } func (m *SessionConnect) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -916,7 +1036,7 @@ func (m *Resize) Reset() { *m = Resize{} } func (m *Resize) String() string { return proto.CompactTextString(m) } func (*Resize) ProtoMessage() {} func (*Resize) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{16} + return fileDescriptor_007ba1c3d6266d56, []int{16} } func (m *Resize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -987,7 +1107,7 @@ func (m *SessionEnd) Reset() { *m = SessionEnd{} } func (m *SessionEnd) String() string { return proto.CompactTextString(m) } func (*SessionEnd) ProtoMessage() {} func (*SessionEnd) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{17} + return fileDescriptor_007ba1c3d6266d56, []int{17} } func (m *SessionEnd) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1033,7 +1153,7 @@ func (m *BPFMetadata) Reset() { *m = BPFMetadata{} } func (m *BPFMetadata) String() string { return proto.CompactTextString(m) } func (*BPFMetadata) ProtoMessage() {} func (*BPFMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{18} + return fileDescriptor_007ba1c3d6266d56, []int{18} } func (m *BPFMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1079,7 +1199,7 @@ func (m *Status) Reset() { *m = Status{} } func (m *Status) String() string { return proto.CompactTextString(m) } func (*Status) ProtoMessage() {} func (*Status) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{19} + return fileDescriptor_007ba1c3d6266d56, []int{19} } func (m *Status) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1138,7 +1258,7 @@ func (m *SessionCommand) Reset() { *m = SessionCommand{} } func (m *SessionCommand) String() string { return proto.CompactTextString(m) } func (*SessionCommand) ProtoMessage() {} func (*SessionCommand) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{20} + return fileDescriptor_007ba1c3d6266d56, []int{20} } func (m *SessionCommand) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1194,7 +1314,7 @@ func (m *SessionDisk) Reset() { *m = SessionDisk{} } func (m *SessionDisk) String() string { return proto.CompactTextString(m) } func (*SessionDisk) ProtoMessage() {} func (*SessionDisk) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{21} + return fileDescriptor_007ba1c3d6266d56, []int{21} } func (m *SessionDisk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1256,7 +1376,7 @@ func (m *SessionNetwork) Reset() { *m = SessionNetwork{} } func (m *SessionNetwork) String() string { return proto.CompactTextString(m) } func (*SessionNetwork) ProtoMessage() {} func (*SessionNetwork) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{22} + return fileDescriptor_007ba1c3d6266d56, []int{22} } func (m *SessionNetwork) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1310,7 +1430,7 @@ func (m *SessionData) Reset() { *m = SessionData{} } func (m *SessionData) String() string { return proto.CompactTextString(m) } func (*SessionData) ProtoMessage() {} func (*SessionData) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{23} + return fileDescriptor_007ba1c3d6266d56, []int{23} } func (m *SessionData) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1480,7 @@ func (m *SessionLeave) Reset() { *m = SessionLeave{} } func (m *SessionLeave) String() string { return proto.CompactTextString(m) } func (*SessionLeave) ProtoMessage() {} func (*SessionLeave) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{24} + return fileDescriptor_007ba1c3d6266d56, []int{24} } func (m *SessionLeave) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1536,7 @@ func (m *UserLogin) Reset() { *m = UserLogin{} } func (m *UserLogin) String() string { return proto.CompactTextString(m) } func (*UserLogin) ProtoMessage() {} func (*UserLogin) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{25} + return fileDescriptor_007ba1c3d6266d56, []int{25} } func (m *UserLogin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1466,7 +1586,7 @@ func (m *ResourceMetadata) Reset() { *m = ResourceMetadata{} } func (m *ResourceMetadata) String() string { return proto.CompactTextString(m) } func (*ResourceMetadata) ProtoMessage() {} func (*ResourceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{26} + return fileDescriptor_007ba1c3d6266d56, []int{26} } func (m *ResourceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1516,7 +1636,7 @@ func (m *UserCreate) Reset() { *m = UserCreate{} } func (m *UserCreate) String() string { return proto.CompactTextString(m) } func (*UserCreate) ProtoMessage() {} func (*UserCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{27} + return fileDescriptor_007ba1c3d6266d56, []int{27} } func (m *UserCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1562,7 +1682,7 @@ func (m *UserDelete) Reset() { *m = UserDelete{} } func (m *UserDelete) String() string { return proto.CompactTextString(m) } func (*UserDelete) ProtoMessage() {} func (*UserDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{28} + return fileDescriptor_007ba1c3d6266d56, []int{28} } func (m *UserDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1606,7 +1726,7 @@ func (m *UserPasswordChange) Reset() { *m = UserPasswordChange{} } func (m *UserPasswordChange) String() string { return proto.CompactTextString(m) } func (*UserPasswordChange) ProtoMessage() {} func (*UserPasswordChange) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{29} + return fileDescriptor_007ba1c3d6266d56, []int{29} } func (m *UserPasswordChange) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1675,7 +1795,7 @@ func (m *AccessRequestCreate) Reset() { *m = AccessRequestCreate{} } func (m *AccessRequestCreate) String() string { return proto.CompactTextString(m) } func (*AccessRequestCreate) ProtoMessage() {} func (*AccessRequestCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{30} + return fileDescriptor_007ba1c3d6266d56, []int{30} } func (m *AccessRequestCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1723,7 +1843,7 @@ func (m *ResourceID) Reset() { *m = ResourceID{} } func (m *ResourceID) String() string { return proto.CompactTextString(m) } func (*ResourceID) ProtoMessage() {} func (*ResourceID) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{31} + return fileDescriptor_007ba1c3d6266d56, []int{31} } func (m *ResourceID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1769,7 +1889,7 @@ func (m *AccessRequestDelete) Reset() { *m = AccessRequestDelete{} } func (m *AccessRequestDelete) String() string { return proto.CompactTextString(m) } func (*AccessRequestDelete) ProtoMessage() {} func (*AccessRequestDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{32} + return fileDescriptor_007ba1c3d6266d56, []int{32} } func (m *AccessRequestDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1819,7 +1939,7 @@ func (m *PortForward) Reset() { *m = PortForward{} } func (m *PortForward) String() string { return proto.CompactTextString(m) } func (*PortForward) ProtoMessage() {} func (*PortForward) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{33} + return fileDescriptor_007ba1c3d6266d56, []int{33} } func (m *PortForward) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1867,7 +1987,7 @@ func (m *X11Forward) Reset() { *m = X11Forward{} } func (m *X11Forward) String() string { return proto.CompactTextString(m) } func (*X11Forward) ProtoMessage() {} func (*X11Forward) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{34} + return fileDescriptor_007ba1c3d6266d56, []int{34} } func (m *X11Forward) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1913,7 +2033,7 @@ func (m *CommandMetadata) Reset() { *m = CommandMetadata{} } func (m *CommandMetadata) String() string { return proto.CompactTextString(m) } func (*CommandMetadata) ProtoMessage() {} func (*CommandMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{35} + return fileDescriptor_007ba1c3d6266d56, []int{35} } func (m *CommandMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1970,7 +2090,7 @@ func (m *Exec) Reset() { *m = Exec{} } func (m *Exec) String() string { return proto.CompactTextString(m) } func (*Exec) ProtoMessage() {} func (*Exec) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{36} + return fileDescriptor_007ba1c3d6266d56, []int{36} } func (m *Exec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2026,7 +2146,7 @@ func (m *SCP) Reset() { *m = SCP{} } func (m *SCP) String() string { return proto.CompactTextString(m) } func (*SCP) ProtoMessage() {} func (*SCP) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{37} + return fileDescriptor_007ba1c3d6266d56, []int{37} } func (m *SCP) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2055,6 +2175,125 @@ func (m *SCP) XXX_DiscardUnknown() { var xxx_messageInfo_SCP proto.InternalMessageInfo +// SFTPAttributes are file metadata sent over SFTP +type SFTPAttributes struct { + // FileSize is file size + FileSize *uint64 `protobuf:"bytes,1,opt,name=FileSize,proto3,wktptr" json:"file_size"` + // UID is the user owner of a file + UID *uint32 `protobuf:"bytes,2,opt,name=UID,proto3,wktptr" json:"uid"` + // GID is the group owner of the file + GID *uint32 `protobuf:"bytes,3,opt,name=GID,proto3,wktptr" json:"gid"` + // Permissions is the file permissions + Permissions *uint32 `protobuf:"bytes,4,opt,name=Permissions,proto3,wktptr" json:"permissions"` + // AccessTime is when the file was last read + AccessTime *time.Time `protobuf:"bytes,5,opt,name=AccessTime,proto3,stdtime" json:"access_time,omitempty"` + // ModificationTime was when the file was last changed + ModificationTime *time.Time `protobuf:"bytes,6,opt,name=ModificationTime,proto3,stdtime" json:"modification_time,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SFTPAttributes) Reset() { *m = SFTPAttributes{} } +func (m *SFTPAttributes) String() string { return proto.CompactTextString(m) } +func (*SFTPAttributes) ProtoMessage() {} +func (*SFTPAttributes) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{38} +} +func (m *SFTPAttributes) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SFTPAttributes) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SFTPAttributes.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SFTPAttributes) XXX_Merge(src proto.Message) { + xxx_messageInfo_SFTPAttributes.Merge(m, src) +} +func (m *SFTPAttributes) XXX_Size() int { + return m.Size() +} +func (m *SFTPAttributes) XXX_DiscardUnknown() { + xxx_messageInfo_SFTPAttributes.DiscardUnknown(m) +} + +var xxx_messageInfo_SFTPAttributes proto.InternalMessageInfo + +// SFTP is emitted when file operations have occurred between server and client +type SFTP struct { + // Metadata is a common event metadata + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // ConnectionMetadata holds information about the connection + ConnectionMetadata `protobuf:"bytes,3,opt,name=Connection,proto3,embedded=Connection" json:""` + // SessionMetadata is a common event session metadata + SessionMetadata `protobuf:"bytes,4,opt,name=Session,proto3,embedded=Session" json:""` + // ServerMetadata is a common server metadata + ServerMetadata `protobuf:"bytes,5,opt,name=Server,proto3,embedded=Server" json:""` + // WorkingDirectory is the current directory the SFTP server is in + WorkingDirectory string `protobuf:"bytes,6,opt,name=WorkingDirectory,proto3" json:"working_directory"` + // Path is the filepath that was operated on. It is the exact path that + // was sent by the client, so it may be relative or absolute. + Path string `protobuf:"bytes,7,opt,name=Path,proto3" json:"path"` + // TargetPath is the new path in file renames, or the path of the symlink + // when creating symlinks. It is the exact path that wassent by the client, + // so it may be relative or absolute. + TargetPath string `protobuf:"bytes,8,opt,name=TargetPath,proto3" json:"target_path,omitempty"` + // Flags is options that were passed that affect file creation events + Flags uint32 `protobuf:"varint,9,opt,name=Flags,proto3" json:"flags,omitempty"` + // Attributes is file metadata that the user requested to be changed + Attributes *SFTPAttributes `protobuf:"bytes,10,opt,name=Attributes,proto3" json:"attributes,omitempty"` + // Action is what kind of file operation + Action SFTPAction `protobuf:"varint,11,opt,name=Action,proto3,enum=events.SFTPAction" json:"action"` + // Error is the optional error that may have occurred + Error string `protobuf:"bytes,12,opt,name=Error,proto3" json:"error,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SFTP) Reset() { *m = SFTP{} } +func (m *SFTP) String() string { return proto.CompactTextString(m) } +func (*SFTP) ProtoMessage() {} +func (*SFTP) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{39} +} +func (m *SFTP) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SFTP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SFTP.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SFTP) XXX_Merge(src proto.Message) { + xxx_messageInfo_SFTP.Merge(m, src) +} +func (m *SFTP) XXX_Size() int { + return m.Size() +} +func (m *SFTP) XXX_DiscardUnknown() { + xxx_messageInfo_SFTP.DiscardUnknown(m) +} + +var xxx_messageInfo_SFTP proto.InternalMessageInfo + // Subsystem is emitted when a user requests a new subsystem. type Subsystem struct { // Metadata is a common event metadata @@ -2076,7 +2315,7 @@ func (m *Subsystem) Reset() { *m = Subsystem{} } func (m *Subsystem) String() string { return proto.CompactTextString(m) } func (*Subsystem) ProtoMessage() {} func (*Subsystem) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{38} + return fileDescriptor_007ba1c3d6266d56, []int{40} } func (m *Subsystem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2128,7 +2367,7 @@ func (m *ClientDisconnect) Reset() { *m = ClientDisconnect{} } func (m *ClientDisconnect) String() string { return proto.CompactTextString(m) } func (*ClientDisconnect) ProtoMessage() {} func (*ClientDisconnect) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{39} + return fileDescriptor_007ba1c3d6266d56, []int{41} } func (m *ClientDisconnect) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2176,7 +2415,7 @@ func (m *AuthAttempt) Reset() { *m = AuthAttempt{} } func (m *AuthAttempt) String() string { return proto.CompactTextString(m) } func (*AuthAttempt) ProtoMessage() {} func (*AuthAttempt) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{40} + return fileDescriptor_007ba1c3d6266d56, []int{42} } func (m *AuthAttempt) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2222,7 +2461,7 @@ func (m *UserTokenCreate) Reset() { *m = UserTokenCreate{} } func (m *UserTokenCreate) String() string { return proto.CompactTextString(m) } func (*UserTokenCreate) ProtoMessage() {} func (*UserTokenCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{41} + return fileDescriptor_007ba1c3d6266d56, []int{43} } func (m *UserTokenCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2268,7 +2507,7 @@ func (m *RoleCreate) Reset() { *m = RoleCreate{} } func (m *RoleCreate) String() string { return proto.CompactTextString(m) } func (*RoleCreate) ProtoMessage() {} func (*RoleCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{42} + return fileDescriptor_007ba1c3d6266d56, []int{44} } func (m *RoleCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2314,7 +2553,7 @@ func (m *RoleDelete) Reset() { *m = RoleDelete{} } func (m *RoleDelete) String() string { return proto.CompactTextString(m) } func (*RoleDelete) ProtoMessage() {} func (*RoleDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{43} + return fileDescriptor_007ba1c3d6266d56, []int{45} } func (m *RoleDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2360,7 +2599,7 @@ func (m *TrustedClusterCreate) Reset() { *m = TrustedClusterCreate{} } func (m *TrustedClusterCreate) String() string { return proto.CompactTextString(m) } func (*TrustedClusterCreate) ProtoMessage() {} func (*TrustedClusterCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{44} + return fileDescriptor_007ba1c3d6266d56, []int{46} } func (m *TrustedClusterCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2406,7 +2645,7 @@ func (m *TrustedClusterDelete) Reset() { *m = TrustedClusterDelete{} } func (m *TrustedClusterDelete) String() string { return proto.CompactTextString(m) } func (*TrustedClusterDelete) ProtoMessage() {} func (*TrustedClusterDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{45} + return fileDescriptor_007ba1c3d6266d56, []int{47} } func (m *TrustedClusterDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2453,7 +2692,7 @@ func (m *TrustedClusterTokenCreate) Reset() { *m = TrustedClusterTokenCr func (m *TrustedClusterTokenCreate) String() string { return proto.CompactTextString(m) } func (*TrustedClusterTokenCreate) ProtoMessage() {} func (*TrustedClusterTokenCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{46} + return fileDescriptor_007ba1c3d6266d56, []int{48} } func (m *TrustedClusterTokenCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2499,7 +2738,7 @@ func (m *GithubConnectorCreate) Reset() { *m = GithubConnectorCreate{} } func (m *GithubConnectorCreate) String() string { return proto.CompactTextString(m) } func (*GithubConnectorCreate) ProtoMessage() {} func (*GithubConnectorCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{47} + return fileDescriptor_007ba1c3d6266d56, []int{49} } func (m *GithubConnectorCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2545,7 +2784,7 @@ func (m *GithubConnectorDelete) Reset() { *m = GithubConnectorDelete{} } func (m *GithubConnectorDelete) String() string { return proto.CompactTextString(m) } func (*GithubConnectorDelete) ProtoMessage() {} func (*GithubConnectorDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{48} + return fileDescriptor_007ba1c3d6266d56, []int{50} } func (m *GithubConnectorDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2591,7 +2830,7 @@ func (m *OIDCConnectorCreate) Reset() { *m = OIDCConnectorCreate{} } func (m *OIDCConnectorCreate) String() string { return proto.CompactTextString(m) } func (*OIDCConnectorCreate) ProtoMessage() {} func (*OIDCConnectorCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{49} + return fileDescriptor_007ba1c3d6266d56, []int{51} } func (m *OIDCConnectorCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2637,7 +2876,7 @@ func (m *OIDCConnectorDelete) Reset() { *m = OIDCConnectorDelete{} } func (m *OIDCConnectorDelete) String() string { return proto.CompactTextString(m) } func (*OIDCConnectorDelete) ProtoMessage() {} func (*OIDCConnectorDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{50} + return fileDescriptor_007ba1c3d6266d56, []int{52} } func (m *OIDCConnectorDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2683,7 +2922,7 @@ func (m *SAMLConnectorCreate) Reset() { *m = SAMLConnectorCreate{} } func (m *SAMLConnectorCreate) String() string { return proto.CompactTextString(m) } func (*SAMLConnectorCreate) ProtoMessage() {} func (*SAMLConnectorCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{51} + return fileDescriptor_007ba1c3d6266d56, []int{53} } func (m *SAMLConnectorCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2729,7 +2968,7 @@ func (m *SAMLConnectorDelete) Reset() { *m = SAMLConnectorDelete{} } func (m *SAMLConnectorDelete) String() string { return proto.CompactTextString(m) } func (*SAMLConnectorDelete) ProtoMessage() {} func (*SAMLConnectorDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{52} + return fileDescriptor_007ba1c3d6266d56, []int{54} } func (m *SAMLConnectorDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2793,7 +3032,7 @@ func (m *KubeRequest) Reset() { *m = KubeRequest{} } func (m *KubeRequest) String() string { return proto.CompactTextString(m) } func (*KubeRequest) ProtoMessage() {} func (*KubeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{53} + return fileDescriptor_007ba1c3d6266d56, []int{55} } func (m *KubeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2841,7 +3080,7 @@ func (m *AppMetadata) Reset() { *m = AppMetadata{} } func (m *AppMetadata) String() string { return proto.CompactTextString(m) } func (*AppMetadata) ProtoMessage() {} func (*AppMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{54} + return fileDescriptor_007ba1c3d6266d56, []int{56} } func (m *AppMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2889,7 +3128,7 @@ func (m *AppCreate) Reset() { *m = AppCreate{} } func (m *AppCreate) String() string { return proto.CompactTextString(m) } func (*AppCreate) ProtoMessage() {} func (*AppCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{55} + return fileDescriptor_007ba1c3d6266d56, []int{57} } func (m *AppCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2937,7 +3176,7 @@ func (m *AppUpdate) Reset() { *m = AppUpdate{} } func (m *AppUpdate) String() string { return proto.CompactTextString(m) } func (*AppUpdate) ProtoMessage() {} func (*AppUpdate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{56} + return fileDescriptor_007ba1c3d6266d56, []int{58} } func (m *AppUpdate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2983,7 +3222,7 @@ func (m *AppDelete) Reset() { *m = AppDelete{} } func (m *AppDelete) String() string { return proto.CompactTextString(m) } func (*AppDelete) ProtoMessage() {} func (*AppDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{57} + return fileDescriptor_007ba1c3d6266d56, []int{59} } func (m *AppDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3038,7 +3277,7 @@ func (m *AppSessionStart) Reset() { *m = AppSessionStart{} } func (m *AppSessionStart) String() string { return proto.CompactTextString(m) } func (*AppSessionStart) ProtoMessage() {} func (*AppSessionStart) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{58} + return fileDescriptor_007ba1c3d6266d56, []int{60} } func (m *AppSessionStart) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3067,6 +3306,58 @@ func (m *AppSessionStart) XXX_DiscardUnknown() { var xxx_messageInfo_AppSessionStart proto.InternalMessageInfo +// AppSessionEnd is emitted when an application session ends. +type AppSessionEnd struct { + // Metadata is a common event metadata + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // SessionMetadata is a common event session metadata + SessionMetadata `protobuf:"bytes,3,opt,name=Session,proto3,embedded=Session" json:""` + // ServerMetadata is a common server metadata + ServerMetadata `protobuf:"bytes,4,opt,name=Server,proto3,embedded=Server" json:""` + // ConnectionMetadata holds information about the connection + ConnectionMetadata `protobuf:"bytes,5,opt,name=Connection,proto3,embedded=Connection" json:""` + // App is a common application resource metadata. + AppMetadata `protobuf:"bytes,6,opt,name=App,proto3,embedded=App" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AppSessionEnd) Reset() { *m = AppSessionEnd{} } +func (m *AppSessionEnd) String() string { return proto.CompactTextString(m) } +func (*AppSessionEnd) ProtoMessage() {} +func (*AppSessionEnd) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{61} +} +func (m *AppSessionEnd) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AppSessionEnd) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AppSessionEnd.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AppSessionEnd) XXX_Merge(src proto.Message) { + xxx_messageInfo_AppSessionEnd.Merge(m, src) +} +func (m *AppSessionEnd) XXX_Size() int { + return m.Size() +} +func (m *AppSessionEnd) XXX_DiscardUnknown() { + xxx_messageInfo_AppSessionEnd.DiscardUnknown(m) +} + +var xxx_messageInfo_AppSessionEnd proto.InternalMessageInfo + // AppSessionChunk is emitted at the start of a 5 minute chunk on each // proxy. This chunk is used to buffer 5 minutes of audit events at a time // for applications. @@ -3095,7 +3386,7 @@ func (m *AppSessionChunk) Reset() { *m = AppSessionChunk{} } func (m *AppSessionChunk) String() string { return proto.CompactTextString(m) } func (*AppSessionChunk) ProtoMessage() {} func (*AppSessionChunk) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{59} + return fileDescriptor_007ba1c3d6266d56, []int{62} } func (m *AppSessionChunk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3137,7 +3428,9 @@ type AppSessionRequest struct { // Method is the request HTTP method, like GET/POST/DELETE/etc. Method string `protobuf:"bytes,5,opt,name=Method,proto3" json:"method"` // App is a common application resource metadata. - AppMetadata `protobuf:"bytes,6,opt,name=App,proto3,embedded=App" json:""` + AppMetadata `protobuf:"bytes,6,opt,name=App,proto3,embedded=App" json:""` + // AWS contains extra AWS metadata of the request. + AWSRequestMetadata `protobuf:"bytes,7,opt,name=AWS,proto3,embedded=AWS" json:""` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -3147,7 +3440,7 @@ func (m *AppSessionRequest) Reset() { *m = AppSessionRequest{} } func (m *AppSessionRequest) String() string { return proto.CompactTextString(m) } func (*AppSessionRequest) ProtoMessage() {} func (*AppSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{60} + return fileDescriptor_007ba1c3d6266d56, []int{63} } func (m *AppSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3176,6 +3469,52 @@ func (m *AppSessionRequest) XXX_DiscardUnknown() { var xxx_messageInfo_AppSessionRequest proto.InternalMessageInfo +// AWSRequestMetadata contains extra AWS metadata of an AppSessionRequest. +type AWSRequestMetadata struct { + // AWSRegion is the requested AWS region. + AWSRegion string `protobuf:"bytes,1,opt,name=AWSRegion,proto3" json:"aws_region,omitempty"` + // AWSService is the requested AWS service name. + AWSService string `protobuf:"bytes,2,opt,name=AWSService,proto3" json:"aws_service,omitempty"` + // AWSHost is the requested host of the AWS service. + AWSHost string `protobuf:"bytes,3,opt,name=AWSHost,proto3" json:"aws_host,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AWSRequestMetadata) Reset() { *m = AWSRequestMetadata{} } +func (m *AWSRequestMetadata) String() string { return proto.CompactTextString(m) } +func (*AWSRequestMetadata) ProtoMessage() {} +func (*AWSRequestMetadata) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{64} +} +func (m *AWSRequestMetadata) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AWSRequestMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AWSRequestMetadata.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AWSRequestMetadata) XXX_Merge(src proto.Message) { + xxx_messageInfo_AWSRequestMetadata.Merge(m, src) +} +func (m *AWSRequestMetadata) XXX_Size() int { + return m.Size() +} +func (m *AWSRequestMetadata) XXX_DiscardUnknown() { + xxx_messageInfo_AWSRequestMetadata.DiscardUnknown(m) +} + +var xxx_messageInfo_AWSRequestMetadata proto.InternalMessageInfo + // DatabaseMetadata contains common database information. type DatabaseMetadata struct { // DatabaseService is the name of the database service proxying the database. @@ -3207,7 +3546,7 @@ func (m *DatabaseMetadata) Reset() { *m = DatabaseMetadata{} } func (m *DatabaseMetadata) String() string { return proto.CompactTextString(m) } func (*DatabaseMetadata) ProtoMessage() {} func (*DatabaseMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{61} + return fileDescriptor_007ba1c3d6266d56, []int{65} } func (m *DatabaseMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3255,7 +3594,7 @@ func (m *DatabaseCreate) Reset() { *m = DatabaseCreate{} } func (m *DatabaseCreate) String() string { return proto.CompactTextString(m) } func (*DatabaseCreate) ProtoMessage() {} func (*DatabaseCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{62} + return fileDescriptor_007ba1c3d6266d56, []int{66} } func (m *DatabaseCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3303,7 +3642,7 @@ func (m *DatabaseUpdate) Reset() { *m = DatabaseUpdate{} } func (m *DatabaseUpdate) String() string { return proto.CompactTextString(m) } func (*DatabaseUpdate) ProtoMessage() {} func (*DatabaseUpdate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{63} + return fileDescriptor_007ba1c3d6266d56, []int{67} } func (m *DatabaseUpdate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3349,7 +3688,7 @@ func (m *DatabaseDelete) Reset() { *m = DatabaseDelete{} } func (m *DatabaseDelete) String() string { return proto.CompactTextString(m) } func (*DatabaseDelete) ProtoMessage() {} func (*DatabaseDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{64} + return fileDescriptor_007ba1c3d6266d56, []int{68} } func (m *DatabaseDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3403,7 +3742,7 @@ func (m *DatabaseSessionStart) Reset() { *m = DatabaseSessionStart{} } func (m *DatabaseSessionStart) String() string { return proto.CompactTextString(m) } func (*DatabaseSessionStart) ProtoMessage() {} func (*DatabaseSessionStart) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{65} + return fileDescriptor_007ba1c3d6266d56, []int{69} } func (m *DatabaseSessionStart) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3457,7 +3796,7 @@ func (m *DatabaseSessionQuery) Reset() { *m = DatabaseSessionQuery{} } func (m *DatabaseSessionQuery) String() string { return proto.CompactTextString(m) } func (*DatabaseSessionQuery) ProtoMessage() {} func (*DatabaseSessionQuery) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{66} + return fileDescriptor_007ba1c3d6266d56, []int{70} } func (m *DatabaseSessionQuery) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3510,7 +3849,7 @@ func (m *PostgresParse) Reset() { *m = PostgresParse{} } func (m *PostgresParse) String() string { return proto.CompactTextString(m) } func (*PostgresParse) ProtoMessage() {} func (*PostgresParse) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{67} + return fileDescriptor_007ba1c3d6266d56, []int{71} } func (m *PostgresParse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3565,7 +3904,7 @@ func (m *PostgresBind) Reset() { *m = PostgresBind{} } func (m *PostgresBind) String() string { return proto.CompactTextString(m) } func (*PostgresBind) ProtoMessage() {} func (*PostgresBind) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{68} + return fileDescriptor_007ba1c3d6266d56, []int{72} } func (m *PostgresBind) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3616,7 +3955,7 @@ func (m *PostgresExecute) Reset() { *m = PostgresExecute{} } func (m *PostgresExecute) String() string { return proto.CompactTextString(m) } func (*PostgresExecute) ProtoMessage() {} func (*PostgresExecute) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{69} + return fileDescriptor_007ba1c3d6266d56, []int{73} } func (m *PostgresExecute) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3669,7 +4008,7 @@ func (m *PostgresClose) Reset() { *m = PostgresClose{} } func (m *PostgresClose) String() string { return proto.CompactTextString(m) } func (*PostgresClose) ProtoMessage() {} func (*PostgresClose) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{70} + return fileDescriptor_007ba1c3d6266d56, []int{74} } func (m *PostgresClose) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3722,7 +4061,7 @@ func (m *PostgresFunctionCall) Reset() { *m = PostgresFunctionCall{} } func (m *PostgresFunctionCall) String() string { return proto.CompactTextString(m) } func (*PostgresFunctionCall) ProtoMessage() {} func (*PostgresFunctionCall) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{71} + return fileDescriptor_007ba1c3d6266d56, []int{75} } func (m *PostgresFunctionCall) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3784,7 +4123,7 @@ func (m *WindowsDesktopSessionStart) Reset() { *m = WindowsDesktopSessio func (m *WindowsDesktopSessionStart) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopSessionStart) ProtoMessage() {} func (*WindowsDesktopSessionStart) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{72} + return fileDescriptor_007ba1c3d6266d56, []int{76} } func (m *WindowsDesktopSessionStart) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3832,7 +4171,7 @@ func (m *DatabaseSessionEnd) Reset() { *m = DatabaseSessionEnd{} } func (m *DatabaseSessionEnd) String() string { return proto.CompactTextString(m) } func (*DatabaseSessionEnd) ProtoMessage() {} func (*DatabaseSessionEnd) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{73} + return fileDescriptor_007ba1c3d6266d56, []int{77} } func (m *DatabaseSessionEnd) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3878,7 +4217,7 @@ func (m *MFADeviceMetadata) Reset() { *m = MFADeviceMetadata{} } func (m *MFADeviceMetadata) String() string { return proto.CompactTextString(m) } func (*MFADeviceMetadata) ProtoMessage() {} func (*MFADeviceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{74} + return fileDescriptor_007ba1c3d6266d56, []int{78} } func (m *MFADeviceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3924,7 +4263,7 @@ func (m *MFADeviceAdd) Reset() { *m = MFADeviceAdd{} } func (m *MFADeviceAdd) String() string { return proto.CompactTextString(m) } func (*MFADeviceAdd) ProtoMessage() {} func (*MFADeviceAdd) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{75} + return fileDescriptor_007ba1c3d6266d56, []int{79} } func (m *MFADeviceAdd) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3970,7 +4309,7 @@ func (m *MFADeviceDelete) Reset() { *m = MFADeviceDelete{} } func (m *MFADeviceDelete) String() string { return proto.CompactTextString(m) } func (*MFADeviceDelete) ProtoMessage() {} func (*MFADeviceDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{76} + return fileDescriptor_007ba1c3d6266d56, []int{80} } func (m *MFADeviceDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4014,7 +4353,7 @@ func (m *BillingInformationUpdate) Reset() { *m = BillingInformationUpda func (m *BillingInformationUpdate) String() string { return proto.CompactTextString(m) } func (*BillingInformationUpdate) ProtoMessage() {} func (*BillingInformationUpdate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{77} + return fileDescriptor_007ba1c3d6266d56, []int{81} } func (m *BillingInformationUpdate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4058,7 +4397,7 @@ func (m *BillingCardCreate) Reset() { *m = BillingCardCreate{} } func (m *BillingCardCreate) String() string { return proto.CompactTextString(m) } func (*BillingCardCreate) ProtoMessage() {} func (*BillingCardCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{78} + return fileDescriptor_007ba1c3d6266d56, []int{82} } func (m *BillingCardCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4102,7 +4441,7 @@ func (m *BillingCardDelete) Reset() { *m = BillingCardDelete{} } func (m *BillingCardDelete) String() string { return proto.CompactTextString(m) } func (*BillingCardDelete) ProtoMessage() {} func (*BillingCardDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{79} + return fileDescriptor_007ba1c3d6266d56, []int{83} } func (m *BillingCardDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4141,17 +4480,19 @@ type LockCreate struct { // ResourceMetadata is a common resource event metadata ResourceMetadata `protobuf:"bytes,2,opt,name=Resource,proto3,embedded=Resource" json:""` // User is a common user event metadata - UserMetadata `protobuf:"bytes,3,opt,name=User,proto3,embedded=User" json:""` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + UserMetadata `protobuf:"bytes,3,opt,name=User,proto3,embedded=User" json:""` + // Target describes the set of interactions that the lock applies to + Target types.LockTarget `protobuf:"bytes,4,opt,name=Target,proto3" json:"target"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *LockCreate) Reset() { *m = LockCreate{} } func (m *LockCreate) String() string { return proto.CompactTextString(m) } func (*LockCreate) ProtoMessage() {} func (*LockCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{80} + return fileDescriptor_007ba1c3d6266d56, []int{84} } func (m *LockCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4197,7 +4538,7 @@ func (m *LockDelete) Reset() { *m = LockDelete{} } func (m *LockDelete) String() string { return proto.CompactTextString(m) } func (*LockDelete) ProtoMessage() {} func (*LockDelete) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{81} + return fileDescriptor_007ba1c3d6266d56, []int{85} } func (m *LockDelete) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4241,7 +4582,7 @@ func (m *RecoveryCodeGenerate) Reset() { *m = RecoveryCodeGenerate{} } func (m *RecoveryCodeGenerate) String() string { return proto.CompactTextString(m) } func (*RecoveryCodeGenerate) ProtoMessage() {} func (*RecoveryCodeGenerate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{82} + return fileDescriptor_007ba1c3d6266d56, []int{86} } func (m *RecoveryCodeGenerate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4288,7 +4629,7 @@ func (m *RecoveryCodeUsed) Reset() { *m = RecoveryCodeUsed{} } func (m *RecoveryCodeUsed) String() string { return proto.CompactTextString(m) } func (*RecoveryCodeUsed) ProtoMessage() {} func (*RecoveryCodeUsed) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{83} + return fileDescriptor_007ba1c3d6266d56, []int{87} } func (m *RecoveryCodeUsed) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4354,7 +4695,7 @@ func (m *WindowsDesktopSessionEnd) Reset() { *m = WindowsDesktopSessionE func (m *WindowsDesktopSessionEnd) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopSessionEnd) ProtoMessage() {} func (*WindowsDesktopSessionEnd) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{84} + return fileDescriptor_007ba1c3d6266d56, []int{88} } func (m *WindowsDesktopSessionEnd) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4400,7 +4741,7 @@ func (m *CertificateCreate) Reset() { *m = CertificateCreate{} } func (m *CertificateCreate) String() string { return proto.CompactTextString(m) } func (*CertificateCreate) ProtoMessage() {} func (*CertificateCreate) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{85} + return fileDescriptor_007ba1c3d6266d56, []int{89} } func (m *CertificateCreate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4448,7 +4789,7 @@ func (m *RenewableCertificateGenerationMismatch) Reset() { func (m *RenewableCertificateGenerationMismatch) String() string { return proto.CompactTextString(m) } func (*RenewableCertificateGenerationMismatch) ProtoMessage() {} func (*RenewableCertificateGenerationMismatch) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{86} + return fileDescriptor_007ba1c3d6266d56, []int{90} } func (m *RenewableCertificateGenerationMismatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4496,7 +4837,7 @@ func (m *Unknown) Reset() { *m = Unknown{} } func (m *Unknown) String() string { return proto.CompactTextString(m) } func (*Unknown) ProtoMessage() {} func (*Unknown) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{87} + return fileDescriptor_007ba1c3d6266d56, []int{91} } func (m *Unknown) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4620,6 +4961,15 @@ type OneOf struct { // *OneOf_AccessRequestResourceSearch // *OneOf_SQLServerRPCRequest // *OneOf_DatabaseSessionMalformedPacket + // *OneOf_SFTP + // *OneOf_UpgradeWindowStartUpdate + // *OneOf_AppSessionEnd + // *OneOf_SessionRecordingAccess + // *OneOf_KubernetesClusterCreate + // *OneOf_KubernetesClusterUpdate + // *OneOf_KubernetesClusterDelete + // *OneOf_SSMRun + // *OneOf_ElasticsearchRequest Event isOneOf_Event `protobuf_oneof:"Event"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -4630,7 +4980,7 @@ func (m *OneOf) Reset() { *m = OneOf{} } func (m *OneOf) String() string { return proto.CompactTextString(m) } func (*OneOf) ProtoMessage() {} func (*OneOf) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{88} + return fileDescriptor_007ba1c3d6266d56, []int{92} } func (m *OneOf) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4935,6 +5285,33 @@ type OneOf_SQLServerRPCRequest struct { type OneOf_DatabaseSessionMalformedPacket struct { DatabaseSessionMalformedPacket *DatabaseSessionMalformedPacket `protobuf:"bytes,90,opt,name=DatabaseSessionMalformedPacket,proto3,oneof" json:"DatabaseSessionMalformedPacket,omitempty"` } +type OneOf_SFTP struct { + SFTP *SFTP `protobuf:"bytes,91,opt,name=SFTP,proto3,oneof" json:"SFTP,omitempty"` +} +type OneOf_UpgradeWindowStartUpdate struct { + UpgradeWindowStartUpdate *UpgradeWindowStartUpdate `protobuf:"bytes,92,opt,name=UpgradeWindowStartUpdate,proto3,oneof" json:"UpgradeWindowStartUpdate,omitempty"` +} +type OneOf_AppSessionEnd struct { + AppSessionEnd *AppSessionEnd `protobuf:"bytes,93,opt,name=AppSessionEnd,proto3,oneof" json:"AppSessionEnd,omitempty"` +} +type OneOf_SessionRecordingAccess struct { + SessionRecordingAccess *SessionRecordingAccess `protobuf:"bytes,94,opt,name=SessionRecordingAccess,proto3,oneof" json:"SessionRecordingAccess,omitempty"` +} +type OneOf_KubernetesClusterCreate struct { + KubernetesClusterCreate *KubernetesClusterCreate `protobuf:"bytes,96,opt,name=KubernetesClusterCreate,proto3,oneof" json:"KubernetesClusterCreate,omitempty"` +} +type OneOf_KubernetesClusterUpdate struct { + KubernetesClusterUpdate *KubernetesClusterUpdate `protobuf:"bytes,97,opt,name=KubernetesClusterUpdate,proto3,oneof" json:"KubernetesClusterUpdate,omitempty"` +} +type OneOf_KubernetesClusterDelete struct { + KubernetesClusterDelete *KubernetesClusterDelete `protobuf:"bytes,98,opt,name=KubernetesClusterDelete,proto3,oneof" json:"KubernetesClusterDelete,omitempty"` +} +type OneOf_SSMRun struct { + SSMRun *SSMRun `protobuf:"bytes,99,opt,name=SSMRun,proto3,oneof" json:"SSMRun,omitempty"` +} +type OneOf_ElasticsearchRequest struct { + ElasticsearchRequest *ElasticsearchRequest `protobuf:"bytes,100,opt,name=ElasticsearchRequest,proto3,oneof" json:"ElasticsearchRequest,omitempty"` +} func (*OneOf_UserLogin) isOneOf_Event() {} func (*OneOf_UserCreate) isOneOf_Event() {} @@ -5026,6 +5403,15 @@ func (*OneOf_MySQLRefresh) isOneOf_Event() {} func (*OneOf_AccessRequestResourceSearch) isOneOf_Event() {} func (*OneOf_SQLServerRPCRequest) isOneOf_Event() {} func (*OneOf_DatabaseSessionMalformedPacket) isOneOf_Event() {} +func (*OneOf_SFTP) isOneOf_Event() {} +func (*OneOf_UpgradeWindowStartUpdate) isOneOf_Event() {} +func (*OneOf_AppSessionEnd) isOneOf_Event() {} +func (*OneOf_SessionRecordingAccess) isOneOf_Event() {} +func (*OneOf_KubernetesClusterCreate) isOneOf_Event() {} +func (*OneOf_KubernetesClusterUpdate) isOneOf_Event() {} +func (*OneOf_KubernetesClusterDelete) isOneOf_Event() {} +func (*OneOf_SSMRun) isOneOf_Event() {} +func (*OneOf_ElasticsearchRequest) isOneOf_Event() {} func (m *OneOf) GetEvent() isOneOf_Event { if m != nil { @@ -5664,6 +6050,69 @@ func (m *OneOf) GetDatabaseSessionMalformedPacket() *DatabaseSessionMalformedPac return nil } +func (m *OneOf) GetSFTP() *SFTP { + if x, ok := m.GetEvent().(*OneOf_SFTP); ok { + return x.SFTP + } + return nil +} + +func (m *OneOf) GetUpgradeWindowStartUpdate() *UpgradeWindowStartUpdate { + if x, ok := m.GetEvent().(*OneOf_UpgradeWindowStartUpdate); ok { + return x.UpgradeWindowStartUpdate + } + return nil +} + +func (m *OneOf) GetAppSessionEnd() *AppSessionEnd { + if x, ok := m.GetEvent().(*OneOf_AppSessionEnd); ok { + return x.AppSessionEnd + } + return nil +} + +func (m *OneOf) GetSessionRecordingAccess() *SessionRecordingAccess { + if x, ok := m.GetEvent().(*OneOf_SessionRecordingAccess); ok { + return x.SessionRecordingAccess + } + return nil +} + +func (m *OneOf) GetKubernetesClusterCreate() *KubernetesClusterCreate { + if x, ok := m.GetEvent().(*OneOf_KubernetesClusterCreate); ok { + return x.KubernetesClusterCreate + } + return nil +} + +func (m *OneOf) GetKubernetesClusterUpdate() *KubernetesClusterUpdate { + if x, ok := m.GetEvent().(*OneOf_KubernetesClusterUpdate); ok { + return x.KubernetesClusterUpdate + } + return nil +} + +func (m *OneOf) GetKubernetesClusterDelete() *KubernetesClusterDelete { + if x, ok := m.GetEvent().(*OneOf_KubernetesClusterDelete); ok { + return x.KubernetesClusterDelete + } + return nil +} + +func (m *OneOf) GetSSMRun() *SSMRun { + if x, ok := m.GetEvent().(*OneOf_SSMRun); ok { + return x.SSMRun + } + return nil +} + +func (m *OneOf) GetElasticsearchRequest() *ElasticsearchRequest { + if x, ok := m.GetEvent().(*OneOf_ElasticsearchRequest); ok { + return x.ElasticsearchRequest + } + return nil +} + // XXX_OneofWrappers is for the internal use of the proto package. func (*OneOf) XXX_OneofWrappers() []interface{} { return []interface{}{ @@ -5757,6 +6206,15 @@ func (*OneOf) XXX_OneofWrappers() []interface{} { (*OneOf_AccessRequestResourceSearch)(nil), (*OneOf_SQLServerRPCRequest)(nil), (*OneOf_DatabaseSessionMalformedPacket)(nil), + (*OneOf_SFTP)(nil), + (*OneOf_UpgradeWindowStartUpdate)(nil), + (*OneOf_AppSessionEnd)(nil), + (*OneOf_SessionRecordingAccess)(nil), + (*OneOf_KubernetesClusterCreate)(nil), + (*OneOf_KubernetesClusterUpdate)(nil), + (*OneOf_KubernetesClusterDelete)(nil), + (*OneOf_SSMRun)(nil), + (*OneOf_ElasticsearchRequest)(nil), } } @@ -5777,7 +6235,7 @@ func (m *StreamStatus) Reset() { *m = StreamStatus{} } func (m *StreamStatus) String() string { return proto.CompactTextString(m) } func (*StreamStatus) ProtoMessage() {} func (*StreamStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{89} + return fileDescriptor_007ba1c3d6266d56, []int{93} } func (m *StreamStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5825,7 +6283,7 @@ func (m *SessionUpload) Reset() { *m = SessionUpload{} } func (m *SessionUpload) String() string { return proto.CompactTextString(m) } func (*SessionUpload) ProtoMessage() {} func (*SessionUpload) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{90} + return fileDescriptor_007ba1c3d6266d56, []int{94} } func (m *SessionUpload) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5924,7 +6382,7 @@ func (m *Identity) Reset() { *m = Identity{} } func (m *Identity) String() string { return proto.CompactTextString(m) } func (*Identity) ProtoMessage() {} func (*Identity) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{91} + return fileDescriptor_007ba1c3d6266d56, []int{95} } func (m *Identity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5974,7 +6432,7 @@ func (m *RouteToApp) Reset() { *m = RouteToApp{} } func (m *RouteToApp) String() string { return proto.CompactTextString(m) } func (*RouteToApp) ProtoMessage() {} func (*RouteToApp) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{92} + return fileDescriptor_007ba1c3d6266d56, []int{96} } func (m *RouteToApp) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6022,7 +6480,7 @@ func (m *RouteToDatabase) Reset() { *m = RouteToDatabase{} } func (m *RouteToDatabase) String() string { return proto.CompactTextString(m) } func (*RouteToDatabase) ProtoMessage() {} func (*RouteToDatabase) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{93} + return fileDescriptor_007ba1c3d6266d56, []int{97} } func (m *RouteToDatabase) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6079,7 +6537,7 @@ func (m *AccessRequestResourceSearch) Reset() { *m = AccessRequestResour func (m *AccessRequestResourceSearch) String() string { return proto.CompactTextString(m) } func (*AccessRequestResourceSearch) ProtoMessage() {} func (*AccessRequestResourceSearch) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{94} + return fileDescriptor_007ba1c3d6266d56, []int{98} } func (m *AccessRequestResourceSearch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6130,7 +6588,7 @@ func (m *MySQLStatementPrepare) Reset() { *m = MySQLStatementPrepare{} } func (m *MySQLStatementPrepare) String() string { return proto.CompactTextString(m) } func (*MySQLStatementPrepare) ProtoMessage() {} func (*MySQLStatementPrepare) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{95} + return fileDescriptor_007ba1c3d6266d56, []int{99} } func (m *MySQLStatementPrepare) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6183,7 +6641,7 @@ func (m *MySQLStatementExecute) Reset() { *m = MySQLStatementExecute{} } func (m *MySQLStatementExecute) String() string { return proto.CompactTextString(m) } func (*MySQLStatementExecute) ProtoMessage() {} func (*MySQLStatementExecute) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{96} + return fileDescriptor_007ba1c3d6266d56, []int{100} } func (m *MySQLStatementExecute) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6238,7 +6696,7 @@ func (m *MySQLStatementSendLongData) Reset() { *m = MySQLStatementSendLo func (m *MySQLStatementSendLongData) String() string { return proto.CompactTextString(m) } func (*MySQLStatementSendLongData) ProtoMessage() {} func (*MySQLStatementSendLongData) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{97} + return fileDescriptor_007ba1c3d6266d56, []int{101} } func (m *MySQLStatementSendLongData) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6289,7 +6747,7 @@ func (m *MySQLStatementClose) Reset() { *m = MySQLStatementClose{} } func (m *MySQLStatementClose) String() string { return proto.CompactTextString(m) } func (*MySQLStatementClose) ProtoMessage() {} func (*MySQLStatementClose) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{98} + return fileDescriptor_007ba1c3d6266d56, []int{102} } func (m *MySQLStatementClose) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6340,7 +6798,7 @@ func (m *MySQLStatementReset) Reset() { *m = MySQLStatementReset{} } func (m *MySQLStatementReset) String() string { return proto.CompactTextString(m) } func (*MySQLStatementReset) ProtoMessage() {} func (*MySQLStatementReset) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{99} + return fileDescriptor_007ba1c3d6266d56, []int{103} } func (m *MySQLStatementReset) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6393,7 +6851,7 @@ func (m *MySQLStatementFetch) Reset() { *m = MySQLStatementFetch{} } func (m *MySQLStatementFetch) String() string { return proto.CompactTextString(m) } func (*MySQLStatementFetch) ProtoMessage() {} func (*MySQLStatementFetch) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{100} + return fileDescriptor_007ba1c3d6266d56, []int{104} } func (m *MySQLStatementFetch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6446,7 +6904,7 @@ func (m *MySQLStatementBulkExecute) Reset() { *m = MySQLStatementBulkExe func (m *MySQLStatementBulkExecute) String() string { return proto.CompactTextString(m) } func (*MySQLStatementBulkExecute) ProtoMessage() {} func (*MySQLStatementBulkExecute) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{101} + return fileDescriptor_007ba1c3d6266d56, []int{105} } func (m *MySQLStatementBulkExecute) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6497,7 +6955,7 @@ func (m *MySQLInitDB) Reset() { *m = MySQLInitDB{} } func (m *MySQLInitDB) String() string { return proto.CompactTextString(m) } func (*MySQLInitDB) ProtoMessage() {} func (*MySQLInitDB) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{102} + return fileDescriptor_007ba1c3d6266d56, []int{106} } func (m *MySQLInitDB) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6547,7 +7005,7 @@ func (m *MySQLCreateDB) Reset() { *m = MySQLCreateDB{} } func (m *MySQLCreateDB) String() string { return proto.CompactTextString(m) } func (*MySQLCreateDB) ProtoMessage() {} func (*MySQLCreateDB) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{103} + return fileDescriptor_007ba1c3d6266d56, []int{107} } func (m *MySQLCreateDB) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6597,7 +7055,7 @@ func (m *MySQLDropDB) Reset() { *m = MySQLDropDB{} } func (m *MySQLDropDB) String() string { return proto.CompactTextString(m) } func (*MySQLDropDB) ProtoMessage() {} func (*MySQLDropDB) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{104} + return fileDescriptor_007ba1c3d6266d56, []int{108} } func (m *MySQLDropDB) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6645,7 +7103,7 @@ func (m *MySQLShutDown) Reset() { *m = MySQLShutDown{} } func (m *MySQLShutDown) String() string { return proto.CompactTextString(m) } func (*MySQLShutDown) ProtoMessage() {} func (*MySQLShutDown) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{105} + return fileDescriptor_007ba1c3d6266d56, []int{109} } func (m *MySQLShutDown) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6696,7 +7154,7 @@ func (m *MySQLProcessKill) Reset() { *m = MySQLProcessKill{} } func (m *MySQLProcessKill) String() string { return proto.CompactTextString(m) } func (*MySQLProcessKill) ProtoMessage() {} func (*MySQLProcessKill) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{106} + return fileDescriptor_007ba1c3d6266d56, []int{110} } func (m *MySQLProcessKill) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6745,7 +7203,7 @@ func (m *MySQLDebug) Reset() { *m = MySQLDebug{} } func (m *MySQLDebug) String() string { return proto.CompactTextString(m) } func (*MySQLDebug) ProtoMessage() {} func (*MySQLDebug) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{107} + return fileDescriptor_007ba1c3d6266d56, []int{111} } func (m *MySQLDebug) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6795,7 +7253,7 @@ func (m *MySQLRefresh) Reset() { *m = MySQLRefresh{} } func (m *MySQLRefresh) String() string { return proto.CompactTextString(m) } func (*MySQLRefresh) ProtoMessage() {} func (*MySQLRefresh) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{108} + return fileDescriptor_007ba1c3d6266d56, []int{112} } func (m *MySQLRefresh) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6835,7 +7293,7 @@ type SQLServerRPCRequest struct { // Database contains database related metadata. DatabaseMetadata `protobuf:"bytes,4,opt,name=Database,proto3,embedded=Database" json:""` // Procname is the RPC SQL Server procedure name. - Procname string `protobuf:"bytes,5,opt,name=Procname,proto3" json:"procname,omitempty"` + Procname string `protobuf:"bytes,5,opt,name=Procname,proto3" json:"proc_name,omitempty"` // Parameters are the RPC parameters used to execute RPC Procedure.. Parameters []string `protobuf:"bytes,6,rep,name=Parameters,proto3" json:"parameters,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -6847,7 +7305,7 @@ func (m *SQLServerRPCRequest) Reset() { *m = SQLServerRPCRequest{} } func (m *SQLServerRPCRequest) String() string { return proto.CompactTextString(m) } func (*SQLServerRPCRequest) ProtoMessage() {} func (*SQLServerRPCRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{109} + return fileDescriptor_007ba1c3d6266d56, []int{113} } func (m *SQLServerRPCRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6897,7 +7355,7 @@ func (m *DatabaseSessionMalformedPacket) Reset() { *m = DatabaseSessionM func (m *DatabaseSessionMalformedPacket) String() string { return proto.CompactTextString(m) } func (*DatabaseSessionMalformedPacket) ProtoMessage() {} func (*DatabaseSessionMalformedPacket) Descriptor() ([]byte, []int) { - return fileDescriptor_8f22242cb04491f9, []int{110} + return fileDescriptor_007ba1c3d6266d56, []int{114} } func (m *DatabaseSessionMalformedPacket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6926,8 +7384,450 @@ func (m *DatabaseSessionMalformedPacket) XXX_DiscardUnknown() { var xxx_messageInfo_DatabaseSessionMalformedPacket proto.InternalMessageInfo +// ElasticsearchRequest is emitted when user executes an Elasticsearch request, which isn't +// covered by API-specific events. +type ElasticsearchRequest struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata. + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // SessionMetadata is a common event session metadata. + SessionMetadata `protobuf:"bytes,3,opt,name=Session,proto3,embedded=Session" json:""` + // Database contains database related metadata. + DatabaseMetadata `protobuf:"bytes,4,opt,name=Database,proto3,embedded=Database" json:""` + // Path is relative path in the URL. + Path string `protobuf:"bytes,5,opt,name=Path,proto3" json:"path"` + // RawQuery are the encoded query values. + RawQuery string `protobuf:"bytes,6,opt,name=RawQuery,proto3" json:"raw_query"` + // Method is the request HTTP method, like GET/POST/DELETE/etc. + Method string `protobuf:"bytes,7,opt,name=Method,proto3" json:"method"` + // Body is the request HTTP body. + Body []byte `protobuf:"bytes,8,opt,name=Body,proto3" json:"body"` + // Headers are the HTTP request headers. + Headers github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,9,opt,name=Headers,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"headers,omitempty"` + // Category represents the category if API being accessed in a given request. + Category ElasticsearchCategory `protobuf:"varint,10,opt,name=Category,proto3,enum=events.ElasticsearchCategory" json:"category"` + // Target is an optional field indicating the target index or set of indices used as a subject of request. + Target string `protobuf:"bytes,11,opt,name=Target,proto3" json:"target"` + // Query is an optional text of query (e.g. an SQL select statement for _sql API), if a request includes it. + Query string `protobuf:"bytes,12,opt,name=Query,proto3" json:"query"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ElasticsearchRequest) Reset() { *m = ElasticsearchRequest{} } +func (m *ElasticsearchRequest) String() string { return proto.CompactTextString(m) } +func (*ElasticsearchRequest) ProtoMessage() {} +func (*ElasticsearchRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{115} +} +func (m *ElasticsearchRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ElasticsearchRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ElasticsearchRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ElasticsearchRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ElasticsearchRequest.Merge(m, src) +} +func (m *ElasticsearchRequest) XXX_Size() int { + return m.Size() +} +func (m *ElasticsearchRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ElasticsearchRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ElasticsearchRequest proto.InternalMessageInfo + +// UpgradeWindowStartMetadata contains common upgrade window information. +type UpgradeWindowStartMetadata struct { + // UpgradeWindowStart is the upgrade window time. + UpgradeWindowStart string `protobuf:"bytes,1,opt,name=UpgradeWindowStart,proto3" json:"upgrade_window_start,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *UpgradeWindowStartMetadata) Reset() { *m = UpgradeWindowStartMetadata{} } +func (m *UpgradeWindowStartMetadata) String() string { return proto.CompactTextString(m) } +func (*UpgradeWindowStartMetadata) ProtoMessage() {} +func (*UpgradeWindowStartMetadata) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{116} +} +func (m *UpgradeWindowStartMetadata) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpgradeWindowStartMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpgradeWindowStartMetadata.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *UpgradeWindowStartMetadata) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpgradeWindowStartMetadata.Merge(m, src) +} +func (m *UpgradeWindowStartMetadata) XXX_Size() int { + return m.Size() +} +func (m *UpgradeWindowStartMetadata) XXX_DiscardUnknown() { + xxx_messageInfo_UpgradeWindowStartMetadata.DiscardUnknown(m) +} + +var xxx_messageInfo_UpgradeWindowStartMetadata proto.InternalMessageInfo + +// UpgradeWindowStartUpdate is emitted when a user updates the cloud upgrade window start time. +type UpgradeWindowStartUpdate struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata. + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // SessionMetadata is a common event session metadata. + SessionMetadata `protobuf:"bytes,3,opt,name=Session,proto3,embedded=Session" json:""` + // UpgradeWindowStartMetadata contains upgrade window related metadata. + UpgradeWindowStartMetadata `protobuf:"bytes,4,opt,name=UpgradeWindowStart,proto3,embedded=UpgradeWindowStart" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *UpgradeWindowStartUpdate) Reset() { *m = UpgradeWindowStartUpdate{} } +func (m *UpgradeWindowStartUpdate) String() string { return proto.CompactTextString(m) } +func (*UpgradeWindowStartUpdate) ProtoMessage() {} +func (*UpgradeWindowStartUpdate) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{117} +} +func (m *UpgradeWindowStartUpdate) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UpgradeWindowStartUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UpgradeWindowStartUpdate.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *UpgradeWindowStartUpdate) XXX_Merge(src proto.Message) { + xxx_messageInfo_UpgradeWindowStartUpdate.Merge(m, src) +} +func (m *UpgradeWindowStartUpdate) XXX_Size() int { + return m.Size() +} +func (m *UpgradeWindowStartUpdate) XXX_DiscardUnknown() { + xxx_messageInfo_UpgradeWindowStartUpdate.DiscardUnknown(m) +} + +var xxx_messageInfo_UpgradeWindowStartUpdate proto.InternalMessageInfo + +// SessionRecordingAccess is emitted when a session recording is accessed, allowing +// session views to be included in the audit log +type SessionRecordingAccess struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // SessionID is the ID of the session. + SessionID string `protobuf:"bytes,2,opt,name=SessionID,proto3" json:"sid"` + // UserMetadata is a common user event metadata. + UserMetadata `protobuf:"bytes,3,opt,name=UserMetadata,proto3,embedded=UserMetadata" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SessionRecordingAccess) Reset() { *m = SessionRecordingAccess{} } +func (m *SessionRecordingAccess) String() string { return proto.CompactTextString(m) } +func (*SessionRecordingAccess) ProtoMessage() {} +func (*SessionRecordingAccess) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{118} +} +func (m *SessionRecordingAccess) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SessionRecordingAccess) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SessionRecordingAccess.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SessionRecordingAccess) XXX_Merge(src proto.Message) { + xxx_messageInfo_SessionRecordingAccess.Merge(m, src) +} +func (m *SessionRecordingAccess) XXX_Size() int { + return m.Size() +} +func (m *SessionRecordingAccess) XXX_DiscardUnknown() { + xxx_messageInfo_SessionRecordingAccess.DiscardUnknown(m) +} + +var xxx_messageInfo_SessionRecordingAccess proto.InternalMessageInfo + +// KubeClusterMetadata contains common kubernetes cluster information. +type KubeClusterMetadata struct { + // KubeLabels are the configured cluster labels. + KubeLabels map[string]string `protobuf:"bytes,1,rep,name=KubeLabels,proto3" json:"kube_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *KubeClusterMetadata) Reset() { *m = KubeClusterMetadata{} } +func (m *KubeClusterMetadata) String() string { return proto.CompactTextString(m) } +func (*KubeClusterMetadata) ProtoMessage() {} +func (*KubeClusterMetadata) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{119} +} +func (m *KubeClusterMetadata) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *KubeClusterMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_KubeClusterMetadata.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *KubeClusterMetadata) XXX_Merge(src proto.Message) { + xxx_messageInfo_KubeClusterMetadata.Merge(m, src) +} +func (m *KubeClusterMetadata) XXX_Size() int { + return m.Size() +} +func (m *KubeClusterMetadata) XXX_DiscardUnknown() { + xxx_messageInfo_KubeClusterMetadata.DiscardUnknown(m) +} + +var xxx_messageInfo_KubeClusterMetadata proto.InternalMessageInfo + +// KubernetesClusterCreate is emitted when a new kubernetes cluster resource is created. +type KubernetesClusterCreate struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata. + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // ResourceMetadata is a common resource event metadata. + ResourceMetadata `protobuf:"bytes,3,opt,name=Resource,proto3,embedded=Resource" json:""` + // KubeClusterMetadata is a common kubernetes resource metadata. + KubeClusterMetadata `protobuf:"bytes,4,opt,name=KubeClusterMetadata,proto3,embedded=KubeClusterMetadata" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *KubernetesClusterCreate) Reset() { *m = KubernetesClusterCreate{} } +func (m *KubernetesClusterCreate) String() string { return proto.CompactTextString(m) } +func (*KubernetesClusterCreate) ProtoMessage() {} +func (*KubernetesClusterCreate) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{120} +} +func (m *KubernetesClusterCreate) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *KubernetesClusterCreate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_KubernetesClusterCreate.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *KubernetesClusterCreate) XXX_Merge(src proto.Message) { + xxx_messageInfo_KubernetesClusterCreate.Merge(m, src) +} +func (m *KubernetesClusterCreate) XXX_Size() int { + return m.Size() +} +func (m *KubernetesClusterCreate) XXX_DiscardUnknown() { + xxx_messageInfo_KubernetesClusterCreate.DiscardUnknown(m) +} + +var xxx_messageInfo_KubernetesClusterCreate proto.InternalMessageInfo + +// KubernetesClusterUpdate is emitted when an existing kubernetes cluster resource is updated. +type KubernetesClusterUpdate struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata. + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // ResourceMetadata is a common resource event metadata. + ResourceMetadata `protobuf:"bytes,3,opt,name=Resource,proto3,embedded=Resource" json:""` + // KubeClusterMetadata is a common kubernetes resource metadata. + KubeClusterMetadata `protobuf:"bytes,4,opt,name=KubeClusterMetadata,proto3,embedded=KubeClusterMetadata" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *KubernetesClusterUpdate) Reset() { *m = KubernetesClusterUpdate{} } +func (m *KubernetesClusterUpdate) String() string { return proto.CompactTextString(m) } +func (*KubernetesClusterUpdate) ProtoMessage() {} +func (*KubernetesClusterUpdate) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{121} +} +func (m *KubernetesClusterUpdate) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *KubernetesClusterUpdate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_KubernetesClusterUpdate.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *KubernetesClusterUpdate) XXX_Merge(src proto.Message) { + xxx_messageInfo_KubernetesClusterUpdate.Merge(m, src) +} +func (m *KubernetesClusterUpdate) XXX_Size() int { + return m.Size() +} +func (m *KubernetesClusterUpdate) XXX_DiscardUnknown() { + xxx_messageInfo_KubernetesClusterUpdate.DiscardUnknown(m) +} + +var xxx_messageInfo_KubernetesClusterUpdate proto.InternalMessageInfo + +// KubernetesClusterDelete is emitted when a kubernetes cluster resource is deleted. +type KubernetesClusterDelete struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // User is a common user event metadata. + UserMetadata `protobuf:"bytes,2,opt,name=User,proto3,embedded=User" json:""` + // ResourceMetadata is a common resource event metadata. + ResourceMetadata `protobuf:"bytes,3,opt,name=Resource,proto3,embedded=Resource" json:""` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *KubernetesClusterDelete) Reset() { *m = KubernetesClusterDelete{} } +func (m *KubernetesClusterDelete) String() string { return proto.CompactTextString(m) } +func (*KubernetesClusterDelete) ProtoMessage() {} +func (*KubernetesClusterDelete) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{122} +} +func (m *KubernetesClusterDelete) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *KubernetesClusterDelete) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_KubernetesClusterDelete.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *KubernetesClusterDelete) XXX_Merge(src proto.Message) { + xxx_messageInfo_KubernetesClusterDelete.Merge(m, src) +} +func (m *KubernetesClusterDelete) XXX_Size() int { + return m.Size() +} +func (m *KubernetesClusterDelete) XXX_DiscardUnknown() { + xxx_messageInfo_KubernetesClusterDelete.DiscardUnknown(m) +} + +var xxx_messageInfo_KubernetesClusterDelete proto.InternalMessageInfo + +// SSMRun is emitted after an AWS SSM document completes execution. +type SSMRun struct { + // Metadata is a common event metadata. + Metadata `protobuf:"bytes,1,opt,name=Metadata,proto3,embedded=Metadata" json:""` + // CommandID is the id of the SSM command that was run. + CommandID string `protobuf:"bytes,2,opt,name=CommandID,proto3" json:"command_id"` + // InstanceID is the id of the EC2 instance the command was run on. + InstanceID string `protobuf:"bytes,3,opt,name=InstanceID,proto3" json:"instance_id"` + // ExitCode is the exit code resulting from the script run. + ExitCode int64 `protobuf:"varint,4,opt,name=ExitCode,proto3" json:"exit_code"` + // Status represents the success or failure status of a script run. + Status string `protobuf:"bytes,5,opt,name=Status,proto3" json:"status"` + // AccountID is the id of the AWS account that ran the command. + AccountID string `protobuf:"bytes,6,opt,name=AccountID,proto3" json:"account_id"` + // Region is the AWS region the command was ran in. + Region string `protobuf:"bytes,7,opt,name=Region,proto3" json:"region"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SSMRun) Reset() { *m = SSMRun{} } +func (m *SSMRun) String() string { return proto.CompactTextString(m) } +func (*SSMRun) ProtoMessage() {} +func (*SSMRun) Descriptor() ([]byte, []int) { + return fileDescriptor_007ba1c3d6266d56, []int{123} +} +func (m *SSMRun) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SSMRun) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SSMRun.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SSMRun) XXX_Merge(src proto.Message) { + xxx_messageInfo_SSMRun.Merge(m, src) +} +func (m *SSMRun) XXX_Size() int { + return m.Size() +} +func (m *SSMRun) XXX_DiscardUnknown() { + xxx_messageInfo_SSMRun.DiscardUnknown(m) +} + +var xxx_messageInfo_SSMRun proto.InternalMessageInfo + func init() { proto.RegisterEnum("events.EventAction", EventAction_name, EventAction_value) + proto.RegisterEnum("events.SFTPAction", SFTPAction_name, SFTPAction_value) + proto.RegisterEnum("events.ElasticsearchCategory", ElasticsearchCategory_name, ElasticsearchCategory_value) proto.RegisterEnum("events.SessionNetwork_NetworkOperation", SessionNetwork_NetworkOperation_name, SessionNetwork_NetworkOperation_value) proto.RegisterType((*Metadata)(nil), "events.Metadata") proto.RegisterType((*SessionMetadata)(nil), "events.SessionMetadata") @@ -6969,6 +7869,8 @@ func init() { proto.RegisterType((*CommandMetadata)(nil), "events.CommandMetadata") proto.RegisterType((*Exec)(nil), "events.Exec") proto.RegisterType((*SCP)(nil), "events.SCP") + proto.RegisterType((*SFTPAttributes)(nil), "events.SFTPAttributes") + proto.RegisterType((*SFTP)(nil), "events.SFTP") proto.RegisterType((*Subsystem)(nil), "events.Subsystem") proto.RegisterType((*ClientDisconnect)(nil), "events.ClientDisconnect") proto.RegisterType((*AuthAttempt)(nil), "events.AuthAttempt") @@ -6991,8 +7893,10 @@ func init() { proto.RegisterType((*AppUpdate)(nil), "events.AppUpdate") proto.RegisterType((*AppDelete)(nil), "events.AppDelete") proto.RegisterType((*AppSessionStart)(nil), "events.AppSessionStart") + proto.RegisterType((*AppSessionEnd)(nil), "events.AppSessionEnd") proto.RegisterType((*AppSessionChunk)(nil), "events.AppSessionChunk") proto.RegisterType((*AppSessionRequest)(nil), "events.AppSessionRequest") + proto.RegisterType((*AWSRequestMetadata)(nil), "events.AWSRequestMetadata") proto.RegisterType((*DatabaseMetadata)(nil), "events.DatabaseMetadata") proto.RegisterMapType((map[string]string)(nil), "events.DatabaseMetadata.DatabaseLabelsEntry") proto.RegisterType((*DatabaseCreate)(nil), "events.DatabaseCreate") @@ -7047,495 +7951,582 @@ func init() { proto.RegisterType((*MySQLRefresh)(nil), "events.MySQLRefresh") proto.RegisterType((*SQLServerRPCRequest)(nil), "events.SQLServerRPCRequest") proto.RegisterType((*DatabaseSessionMalformedPacket)(nil), "events.DatabaseSessionMalformedPacket") + proto.RegisterType((*ElasticsearchRequest)(nil), "events.ElasticsearchRequest") + proto.RegisterType((*UpgradeWindowStartMetadata)(nil), "events.UpgradeWindowStartMetadata") + proto.RegisterType((*UpgradeWindowStartUpdate)(nil), "events.UpgradeWindowStartUpdate") + proto.RegisterType((*SessionRecordingAccess)(nil), "events.SessionRecordingAccess") + proto.RegisterType((*KubeClusterMetadata)(nil), "events.KubeClusterMetadata") + proto.RegisterMapType((map[string]string)(nil), "events.KubeClusterMetadata.KubeLabelsEntry") + proto.RegisterType((*KubernetesClusterCreate)(nil), "events.KubernetesClusterCreate") + proto.RegisterType((*KubernetesClusterUpdate)(nil), "events.KubernetesClusterUpdate") + proto.RegisterType((*KubernetesClusterDelete)(nil), "events.KubernetesClusterDelete") + proto.RegisterType((*SSMRun)(nil), "events.SSMRun") } -func init() { proto.RegisterFile("events.proto", fileDescriptor_8f22242cb04491f9) } - -var fileDescriptor_8f22242cb04491f9 = []byte{ - // 7723 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x5d, 0x6c, 0x1c, 0xc9, - 0x79, 0x20, 0x67, 0x86, 0x3f, 0xc3, 0x1a, 0xfe, 0x96, 0x28, 0xa9, 0x57, 0xab, 0xd5, 0xec, 0xb6, - 0x6c, 0xad, 0xe4, 0xd5, 0x92, 0xd6, 0xcf, 0x5a, 0xbb, 0xeb, 0x5d, 0xaf, 0x86, 0x33, 0xd4, 0x72, - 0xbc, 0x94, 0xc8, 0x2d, 0x52, 0xbb, 0xbe, 0x33, 0xbc, 0x83, 0xe6, 0x74, 0x89, 0xec, 0xd5, 0x4c, - 0x77, 0xbb, 0xbb, 0x47, 0x14, 0xf7, 0xe9, 0x0e, 0xe7, 0xbb, 0x33, 0x0e, 0xbe, 0xc3, 0xc1, 0xf7, - 0x70, 0x0f, 0xf7, 0xe0, 0x83, 0x71, 0x07, 0x24, 0x88, 0x11, 0x27, 0x41, 0x62, 0xc7, 0x48, 0x5e, - 0x12, 0x3b, 0xc1, 0x26, 0x81, 0x1d, 0x27, 0x0e, 0x1c, 0x20, 0x0f, 0xe3, 0xc4, 0x41, 0x5e, 0x06, - 0x09, 0x62, 0x24, 0x01, 0xe2, 0xfc, 0x3c, 0x04, 0xf5, 0x55, 0x75, 0x77, 0x55, 0x77, 0x0f, 0x25, - 0x8a, 0xda, 0x30, 0x5c, 0xf2, 0x89, 0x9c, 0xef, 0xaf, 0xbb, 0xbf, 0xaa, 0xfa, 0xea, 0xab, 0xaf, - 0xbe, 0xfa, 0x0a, 0x8d, 0xd1, 0x7b, 0xd4, 0x0e, 0xfc, 0x59, 0xd7, 0x73, 0x02, 0x07, 0x0f, 0xf3, - 0x5f, 0xa7, 0x66, 0x36, 0x9c, 0x0d, 0x07, 0x40, 0x73, 0xec, 0x3f, 0x8e, 0x3d, 0x55, 0xde, 0x70, - 0x9c, 0x8d, 0x16, 0x9d, 0x83, 0x5f, 0xeb, 0x9d, 0x3b, 0x73, 0x81, 0xd5, 0xa6, 0x7e, 0x60, 0xb4, - 0x5d, 0x41, 0x70, 0x3a, 0x49, 0xe0, 0x07, 0x5e, 0xa7, 0x19, 0x08, 0x6c, 0x75, 0xc3, 0x0a, 0x36, - 0x3b, 0xeb, 0xb3, 0x4d, 0xa7, 0x3d, 0xb7, 0xe1, 0x19, 0xf7, 0xac, 0xc0, 0x08, 0x2c, 0xc7, 0x36, - 0x5a, 0x73, 0x01, 0x6d, 0x51, 0xd7, 0xf1, 0x82, 0x39, 0xc3, 0xb5, 0xe6, 0x82, 0x6d, 0x97, 0xfa, - 0x73, 0x5b, 0x9e, 0xe1, 0xba, 0xd4, 0x8b, 0xff, 0xe1, 0x42, 0xf4, 0x2f, 0xe7, 0x51, 0xf1, 0x26, - 0x0d, 0x0c, 0xd3, 0x08, 0x0c, 0x7c, 0x1a, 0x0d, 0xd5, 0x6d, 0x93, 0xde, 0xd7, 0x72, 0x4f, 0xe7, - 0xce, 0x17, 0xe6, 0x87, 0x7b, 0xdd, 0x72, 0x9e, 0x5a, 0x84, 0x03, 0xf1, 0x53, 0x68, 0x70, 0x6d, - 0xdb, 0xa5, 0x5a, 0xfe, 0xe9, 0xdc, 0xf9, 0xd1, 0xf9, 0xd1, 0x5e, 0xb7, 0x3c, 0x04, 0x9f, 0x47, - 0x00, 0x8c, 0x9f, 0x41, 0xf9, 0x7a, 0x4d, 0x2b, 0x00, 0x72, 0xba, 0xd7, 0x2d, 0x8f, 0x77, 0x2c, - 0xf3, 0xa2, 0xd3, 0xb6, 0x02, 0xda, 0x76, 0x83, 0x6d, 0x92, 0xaf, 0xd7, 0xf0, 0x39, 0x34, 0x58, - 0x75, 0x4c, 0xaa, 0x0d, 0x02, 0x11, 0xee, 0x75, 0xcb, 0x13, 0x4d, 0xc7, 0xa4, 0x12, 0x15, 0xe0, - 0xf1, 0x75, 0x34, 0xb8, 0x66, 0xb5, 0xa9, 0x36, 0xf4, 0x74, 0xee, 0x7c, 0xe9, 0xf2, 0xa9, 0x59, - 0xae, 0x86, 0xd9, 0x50, 0x0d, 0xb3, 0x6b, 0xa1, 0x9e, 0xe6, 0xa7, 0xde, 0xef, 0x96, 0x07, 0x7a, - 0xdd, 0xf2, 0x20, 0x53, 0xdd, 0xff, 0xfc, 0x51, 0x39, 0x47, 0x80, 0x13, 0xbf, 0x82, 0x4a, 0xd5, - 0x56, 0xc7, 0x0f, 0xa8, 0x77, 0xcb, 0x68, 0x53, 0x6d, 0x18, 0x1e, 0x78, 0xaa, 0xd7, 0x2d, 0x9f, - 0x68, 0x72, 0x70, 0xc3, 0x36, 0xda, 0xf2, 0x83, 0x65, 0x72, 0xfd, 0x5d, 0x34, 0xb9, 0x4a, 0x7d, - 0xdf, 0x72, 0xec, 0x48, 0x35, 0x1f, 0x45, 0xa3, 0x02, 0x54, 0xaf, 0x81, 0x7a, 0x46, 0xe7, 0x47, - 0x7a, 0xdd, 0x72, 0xc1, 0xb7, 0x4c, 0x12, 0x63, 0xf0, 0xc7, 0xd1, 0xc8, 0xdb, 0x56, 0xb0, 0x79, - 0xf3, 0x46, 0x45, 0xa8, 0xe9, 0x44, 0xaf, 0x5b, 0xc6, 0x5b, 0x56, 0xb0, 0xd9, 0x68, 0xdf, 0x31, - 0xa4, 0xe7, 0x85, 0x64, 0xfa, 0xff, 0xcb, 0xa3, 0xb1, 0xdb, 0x3e, 0xf5, 0xa2, 0x27, 0x9d, 0x43, - 0x83, 0xec, 0xb7, 0x78, 0x08, 0x28, 0xa9, 0xe3, 0x53, 0x4f, 0x56, 0x12, 0xc3, 0xe3, 0x0b, 0x68, - 0x68, 0xc9, 0xd9, 0xb0, 0x6c, 0xf1, 0xa0, 0x63, 0xbd, 0x6e, 0x79, 0xb2, 0xc5, 0x00, 0x12, 0x25, - 0xa7, 0xc0, 0x9f, 0x42, 0x63, 0xf5, 0x36, 0x6b, 0x74, 0xc7, 0x36, 0x02, 0xc7, 0x13, 0x8d, 0x04, - 0xea, 0xb0, 0x24, 0xb8, 0xc4, 0xa8, 0xd0, 0xe3, 0x97, 0x11, 0xaa, 0xbc, 0xbd, 0x4a, 0x9c, 0x16, - 0xad, 0x90, 0x5b, 0xa2, 0xf5, 0x80, 0xdb, 0xd8, 0xf2, 0x1b, 0x9e, 0xd3, 0xa2, 0x0d, 0xc3, 0x93, - 0x1f, 0x2b, 0x51, 0xe3, 0x05, 0x34, 0x51, 0x69, 0x36, 0xa9, 0xef, 0x13, 0xfa, 0xf9, 0x0e, 0xf5, - 0x03, 0x5f, 0x1b, 0x7a, 0xba, 0x70, 0x7e, 0x74, 0xfe, 0xa9, 0x5e, 0xb7, 0xfc, 0x84, 0x01, 0x98, - 0x86, 0x27, 0x50, 0x92, 0x88, 0x04, 0x93, 0xfe, 0x0b, 0x05, 0x34, 0xb1, 0x4a, 0xbd, 0x7b, 0x92, - 0xa2, 0x2a, 0xac, 0x95, 0x18, 0x84, 0xb5, 0x99, 0xef, 0x1a, 0x4d, 0x2a, 0x74, 0x76, 0xb2, 0xd7, - 0x2d, 0x1f, 0xb3, 0x43, 0xa0, 0x24, 0x34, 0x49, 0x8f, 0x2f, 0xa0, 0x22, 0x07, 0xd5, 0x6b, 0x42, - 0x8d, 0xe3, 0xbd, 0x6e, 0x79, 0xd4, 0x07, 0x58, 0xc3, 0x32, 0x49, 0x84, 0x66, 0xdf, 0xc1, 0xff, - 0x5f, 0x74, 0xfc, 0x80, 0x09, 0x17, 0x5a, 0x84, 0xef, 0x10, 0x0c, 0x9b, 0x02, 0x25, 0x7f, 0x87, - 0xca, 0x84, 0x5f, 0x42, 0x88, 0x43, 0x2a, 0xa6, 0xe9, 0x09, 0x55, 0x3e, 0xd1, 0xeb, 0x96, 0x8f, - 0x0b, 0x11, 0x86, 0x69, 0xca, 0xed, 0x20, 0x11, 0xe3, 0x36, 0x1a, 0xe3, 0xbf, 0x96, 0x8c, 0x75, - 0xda, 0xe2, 0x7a, 0x2c, 0x5d, 0x3e, 0x3f, 0x2b, 0x2c, 0x8e, 0xaa, 0x9d, 0x59, 0x99, 0x74, 0xc1, - 0x0e, 0xbc, 0xed, 0xf9, 0xb2, 0x18, 0x2b, 0x27, 0xc5, 0xa3, 0x5a, 0x80, 0x93, 0x1b, 0x5d, 0xe6, - 0x39, 0xf5, 0x1a, 0x9a, 0x4e, 0xc9, 0xc0, 0x53, 0xa8, 0x70, 0x97, 0x6e, 0x73, 0x3d, 0x13, 0xf6, - 0x2f, 0x9e, 0x41, 0x43, 0xf7, 0x8c, 0x56, 0x47, 0x98, 0x05, 0xc2, 0x7f, 0xbc, 0x9c, 0x7f, 0x31, - 0xa7, 0xff, 0x6a, 0x0e, 0xe1, 0xaa, 0x63, 0xdb, 0xb4, 0x19, 0xc8, 0x23, 0xe9, 0x13, 0x68, 0x74, - 0xc9, 0x69, 0x1a, 0x2d, 0x50, 0x00, 0x6f, 0x30, 0xad, 0xd7, 0x2d, 0xcf, 0xb0, 0x2f, 0x9f, 0x6d, - 0x31, 0x8c, 0xf4, 0x4a, 0x31, 0x29, 0xd3, 0x1c, 0xa1, 0x6d, 0x27, 0xa0, 0xc0, 0x98, 0x8f, 0x35, - 0x07, 0x8c, 0x1e, 0xa0, 0x64, 0xcd, 0xc5, 0xc4, 0x78, 0x0e, 0x15, 0x57, 0x98, 0xed, 0x68, 0x3a, - 0x2d, 0xd1, 0x6a, 0x30, 0x5a, 0xc0, 0x9e, 0x48, 0x2c, 0x11, 0x91, 0xbe, 0x88, 0x26, 0xaa, 0x2d, - 0x8b, 0xda, 0x81, 0xfc, 0xd6, 0x6c, 0xd4, 0x55, 0x36, 0xa8, 0x1d, 0xc8, 0x6f, 0xcd, 0x86, 0x66, - 0xc3, 0x60, 0x50, 0xf9, 0xad, 0x23, 0x52, 0xfd, 0x7b, 0x05, 0xf4, 0xc4, 0x1b, 0x9d, 0x75, 0xea, - 0xd9, 0x34, 0xa0, 0xbe, 0x30, 0x32, 0x91, 0xd4, 0x5b, 0x68, 0x3a, 0x85, 0x14, 0xd2, 0x9f, 0xee, - 0x75, 0xcb, 0xa7, 0xef, 0x46, 0xc8, 0x86, 0xb0, 0x5b, 0xd2, 0x53, 0xd2, 0xac, 0x78, 0x11, 0x4d, - 0xc6, 0x40, 0xf6, 0x12, 0xbe, 0x96, 0x87, 0xd1, 0x76, 0xa6, 0xd7, 0x2d, 0x9f, 0x92, 0xa4, 0xb1, - 0xd7, 0x96, 0x9b, 0x3e, 0xc9, 0x86, 0xdf, 0x40, 0x53, 0x31, 0xe8, 0x75, 0xcf, 0xe9, 0xb8, 0xbe, - 0x56, 0x00, 0x51, 0xe5, 0x5e, 0xb7, 0xfc, 0xa4, 0x24, 0x6a, 0x03, 0x90, 0x92, 0xac, 0x14, 0x23, - 0xfe, 0x42, 0x4e, 0x96, 0x26, 0xba, 0xef, 0x20, 0x74, 0xdf, 0x6b, 0x61, 0xf7, 0xed, 0xab, 0xa4, - 0xd9, 0x24, 0xa7, 0xe8, 0xcd, 0x89, 0xd7, 0x48, 0xf5, 0xe6, 0xd4, 0x13, 0x4f, 0x55, 0xd1, 0xf1, - 0x4c, 0x59, 0xbb, 0xea, 0xd5, 0x7f, 0x51, 0x90, 0xa5, 0xac, 0x38, 0x66, 0xd4, 0x98, 0xcb, 0x72, - 0x63, 0xae, 0x38, 0x26, 0xcc, 0x3c, 0xbc, 0x31, 0x9f, 0xe9, 0x75, 0xcb, 0x4f, 0x49, 0x2f, 0xeb, - 0x3a, 0x66, 0x72, 0x02, 0x4a, 0xf3, 0xe2, 0x77, 0xd0, 0x89, 0x14, 0x90, 0xdb, 0x39, 0xde, 0xfb, - 0xcf, 0xf5, 0xba, 0x65, 0x3d, 0x43, 0x6a, 0xd2, 0xec, 0xf5, 0x91, 0x82, 0x0d, 0x74, 0x52, 0xd2, - 0xba, 0x63, 0x07, 0x86, 0x65, 0x8b, 0x09, 0x93, 0x8f, 0x92, 0x67, 0x7b, 0xdd, 0xf2, 0x59, 0xb9, - 0x0f, 0x86, 0x34, 0xc9, 0x97, 0xef, 0x27, 0x07, 0x9b, 0x48, 0xcb, 0x40, 0xd5, 0xdb, 0xc6, 0x46, - 0xe8, 0x05, 0x9c, 0xef, 0x75, 0xcb, 0x1f, 0xc9, 0x7c, 0x86, 0xc5, 0xa8, 0xa4, 0x87, 0xf4, 0x95, - 0x84, 0x09, 0xc2, 0x31, 0xee, 0x96, 0x63, 0x52, 0xf8, 0x86, 0x21, 0x90, 0xaf, 0xf7, 0xba, 0xe5, - 0x33, 0x92, 0x7c, 0xdb, 0x31, 0x69, 0xf2, 0xf5, 0x33, 0xb8, 0xf5, 0x1f, 0x0d, 0x31, 0x73, 0x0b, - 0xf3, 0xfa, 0x6a, 0x60, 0x78, 0x01, 0x7e, 0x39, 0x76, 0x94, 0xa0, 0x55, 0x4b, 0x97, 0xa7, 0xc2, - 0xbe, 0x1b, 0xc2, 0xe7, 0xc7, 0x98, 0x89, 0xfd, 0x7e, 0xb7, 0x9c, 0xeb, 0x75, 0xcb, 0x03, 0xa4, - 0x28, 0x59, 0x0f, 0x3e, 0xa7, 0xe7, 0x81, 0x6f, 0x26, 0xe4, 0x93, 0xe7, 0xfd, 0x04, 0x2f, 0x9f, - 0xe3, 0x5f, 0x43, 0x23, 0xe2, 0x1d, 0xa0, 0x45, 0x4a, 0x97, 0x4f, 0xc6, 0xd6, 0x5e, 0xf1, 0x4f, - 0x12, 0xdc, 0x21, 0x17, 0x7e, 0x05, 0x0d, 0x73, 0x23, 0x0e, 0xda, 0x2e, 0x5d, 0x3e, 0x91, 0x3d, - 0x5b, 0x24, 0xd8, 0x05, 0x0f, 0x5e, 0x44, 0x28, 0x36, 0xe0, 0x91, 0x37, 0x26, 0x24, 0xa4, 0x4d, - 0x7b, 0x42, 0x8a, 0xc4, 0x8b, 0x3f, 0x81, 0xc6, 0xd6, 0xa8, 0xd7, 0xb6, 0x6c, 0xa3, 0xb5, 0x6a, - 0xbd, 0x17, 0x3a, 0x64, 0xe0, 0xdc, 0xf8, 0xd6, 0x7b, 0x72, 0x5b, 0x28, 0x74, 0xf8, 0x73, 0x59, - 0x06, 0x72, 0x04, 0x5e, 0xe4, 0x99, 0x07, 0x5a, 0x8e, 0xc4, 0xfb, 0x64, 0xd8, 0xcb, 0x37, 0xd1, - 0xb8, 0x32, 0x36, 0xb4, 0x22, 0x88, 0x7e, 0x2a, 0x2d, 0x5a, 0x1a, 0xe8, 0x09, 0xb1, 0xaa, 0x04, - 0xe6, 0x27, 0xd4, 0x6d, 0x2b, 0xb0, 0x8c, 0x56, 0xd5, 0x69, 0xb7, 0x0d, 0xdb, 0xd4, 0x46, 0x63, - 0x7f, 0xc7, 0xe2, 0x98, 0x46, 0x93, 0xa3, 0x64, 0x3f, 0x41, 0x65, 0x62, 0xf6, 0x57, 0xb4, 0x21, - 0xa1, 0x4d, 0xc7, 0x33, 0x2d, 0x7b, 0x43, 0x43, 0xa0, 0x34, 0x30, 0x7c, 0x3e, 0xc7, 0x35, 0xbc, - 0x10, 0x29, 0x1b, 0xbe, 0x24, 0xe3, 0xa7, 0x07, 0x8b, 0xa5, 0xa9, 0xb1, 0x94, 0x4b, 0xf5, 0xb3, - 0x05, 0x54, 0x12, 0xa4, 0x9f, 0x76, 0x2c, 0xfb, 0xa8, 0x83, 0xef, 0xa5, 0x83, 0x67, 0x76, 0xd4, - 0xe1, 0xc7, 0xd5, 0x51, 0xf5, 0x2f, 0xe5, 0x23, 0x6b, 0xb4, 0xe2, 0x59, 0xf6, 0xde, 0xac, 0xd1, - 0x39, 0x84, 0xaa, 0x9b, 0x1d, 0xfb, 0x2e, 0x5f, 0xeb, 0xe5, 0xe3, 0xb5, 0x5e, 0xd3, 0x22, 0x12, - 0x86, 0x2d, 0xf8, 0x6a, 0x4c, 0x3e, 0x6b, 0x99, 0xb1, 0xf9, 0xd1, 0xf7, 0xb9, 0xa4, 0xdc, 0xf3, - 0x04, 0xc0, 0xb8, 0x8c, 0x86, 0xe6, 0xb7, 0x03, 0xea, 0x83, 0xe6, 0x0b, 0x7c, 0x41, 0xb8, 0xce, - 0x00, 0x84, 0xc3, 0xf1, 0x55, 0x34, 0x5d, 0xa3, 0x2d, 0x63, 0xfb, 0xa6, 0xd5, 0x6a, 0x59, 0x3e, - 0x6d, 0x3a, 0xb6, 0xe9, 0x83, 0x92, 0xc5, 0xe3, 0xda, 0x3e, 0x49, 0x13, 0x60, 0x1d, 0x0d, 0x2f, - 0xdf, 0xb9, 0xe3, 0xd3, 0x00, 0xd4, 0x57, 0x98, 0x47, 0xbd, 0x6e, 0x79, 0xd8, 0x01, 0x08, 0x11, - 0x18, 0xfd, 0xeb, 0x39, 0x34, 0x55, 0xa3, 0xfe, 0xdd, 0xc0, 0x71, 0xa3, 0x5e, 0xbe, 0x27, 0x95, - 0x5c, 0x40, 0x23, 0x37, 0xa9, 0xef, 0xb3, 0x69, 0x29, 0x0f, 0x5f, 0x3b, 0x29, 0xbe, 0x76, 0xa4, - 0xcd, 0xc1, 0x24, 0xc4, 0x67, 0x7f, 0x55, 0xe1, 0x01, 0x5f, 0xa5, 0xff, 0x24, 0x8f, 0x4e, 0x8a, - 0x37, 0xae, 0xb6, 0x2c, 0x77, 0xdd, 0x31, 0x3c, 0x93, 0xd0, 0x26, 0xb5, 0xee, 0xd1, 0x83, 0x39, - 0xf0, 0xd4, 0xa1, 0x33, 0xb8, 0x87, 0xa1, 0x73, 0x19, 0x95, 0x84, 0x66, 0xc0, 0xb3, 0xe7, 0xd3, - 0xf6, 0x54, 0xaf, 0x5b, 0x1e, 0x33, 0x39, 0x18, 0x16, 0x45, 0x44, 0x26, 0x62, 0x9d, 0x64, 0x89, - 0xda, 0x1b, 0xc1, 0x26, 0x74, 0x92, 0x21, 0xde, 0x49, 0x5a, 0x00, 0x21, 0x02, 0xa3, 0xff, 0x55, - 0x1e, 0xcd, 0x24, 0x55, 0xbe, 0x4a, 0x6d, 0xf3, 0x48, 0xdf, 0x1f, 0x8c, 0xbe, 0xff, 0x30, 0x8f, - 0xc6, 0xa3, 0xa9, 0xe7, 0x5d, 0xda, 0xdc, 0x1f, 0x97, 0x29, 0x9e, 0x10, 0x0a, 0x7b, 0x9e, 0x10, - 0xf6, 0xa2, 0x65, 0x1d, 0x0d, 0x13, 0x6a, 0xf8, 0x62, 0x5a, 0x19, 0xe5, 0x1a, 0xf3, 0x00, 0x42, - 0x04, 0x06, 0x3f, 0x83, 0x46, 0x6e, 0x1a, 0xf7, 0xad, 0x76, 0xa7, 0x2d, 0x6c, 0x1d, 0x84, 0x94, - 0xda, 0xc6, 0x7d, 0x12, 0xc2, 0xf5, 0x3f, 0xca, 0xa1, 0x09, 0xa1, 0x54, 0x21, 0x7c, 0x4f, 0x5a, - 0x8d, 0xb5, 0x93, 0xdf, 0xb3, 0x76, 0x0a, 0x8f, 0xae, 0x1d, 0xfd, 0xeb, 0x83, 0x4c, 0x3d, 0xcc, - 0xf5, 0x3b, 0xec, 0xa3, 0x31, 0x6e, 0x91, 0xa1, 0x47, 0x68, 0x91, 0x43, 0xe3, 0x57, 0xeb, 0x7f, - 0x3f, 0x82, 0x90, 0xd0, 0xfe, 0xc2, 0x91, 0x0d, 0xdf, 0x5b, 0xaf, 0xa9, 0xa1, 0xe9, 0x05, 0x7b, - 0xd3, 0xb0, 0x9b, 0xd4, 0x8c, 0x57, 0x17, 0xac, 0xeb, 0x14, 0x79, 0xbc, 0x9a, 0x0a, 0x64, 0xbc, - 0xbc, 0x20, 0x69, 0x06, 0x7c, 0x09, 0x95, 0xea, 0x76, 0x40, 0x3d, 0xa3, 0x19, 0x58, 0xf7, 0x28, - 0xf4, 0x9e, 0xe2, 0xfc, 0x64, 0xaf, 0x5b, 0x2e, 0x59, 0x31, 0x98, 0xc8, 0x34, 0xf8, 0x2a, 0x1a, - 0x5b, 0x31, 0xbc, 0xc0, 0x6a, 0x5a, 0xae, 0x61, 0x07, 0xbe, 0x56, 0x84, 0xa5, 0x11, 0xcc, 0x3d, - 0xae, 0x04, 0x27, 0x0a, 0x15, 0xfe, 0x1c, 0x1a, 0x85, 0x25, 0x38, 0xec, 0x09, 0x8c, 0x3e, 0x70, - 0x4f, 0xe0, 0x6c, 0x1c, 0xe7, 0xe4, 0x8b, 0x24, 0x9f, 0x31, 0xc7, 0x43, 0x01, 0xb6, 0x09, 0x62, - 0x89, 0xf8, 0x33, 0x68, 0x64, 0xc1, 0x36, 0x41, 0x38, 0x7a, 0xa0, 0x70, 0x5d, 0x08, 0x3f, 0x11, - 0x0b, 0x77, 0xdc, 0x84, 0xec, 0x50, 0x5c, 0xf6, 0x28, 0x2b, 0x7d, 0x70, 0xa3, 0x6c, 0xec, 0x03, - 0x58, 0xbd, 0x8e, 0x3f, 0xae, 0xd5, 0xeb, 0xc4, 0x23, 0xae, 0x5e, 0xf5, 0xf7, 0x50, 0x69, 0x7e, - 0xe5, 0x46, 0x34, 0x7a, 0x9f, 0x40, 0x85, 0x15, 0xb1, 0x07, 0x33, 0xc8, 0x27, 0x4c, 0xd7, 0x32, - 0x09, 0x83, 0xe1, 0x0b, 0xa8, 0x58, 0x85, 0x70, 0xa4, 0x08, 0xe7, 0x0f, 0xf2, 0x70, 0x7e, 0x13, - 0x60, 0x10, 0xce, 0x0f, 0xd1, 0xf8, 0xa3, 0x68, 0x64, 0xc5, 0x73, 0x36, 0x3c, 0xa3, 0x2d, 0x62, - 0x5d, 0x25, 0xe6, 0xec, 0xbb, 0x1c, 0x44, 0x42, 0x9c, 0xfe, 0xbf, 0x72, 0x68, 0x78, 0x35, 0x30, - 0x82, 0x8e, 0xcf, 0x38, 0x56, 0x3b, 0xb0, 0x82, 0x86, 0x67, 0x17, 0x39, 0x87, 0xcf, 0x41, 0x24, - 0xc4, 0xe1, 0x0b, 0x68, 0x68, 0xc1, 0xf3, 0x1c, 0x4f, 0xde, 0x96, 0xa1, 0x0c, 0x20, 0x6f, 0xcb, - 0x00, 0x05, 0xbe, 0x86, 0x4a, 0xdc, 0xe6, 0xf0, 0x85, 0x07, 0x7f, 0x8f, 0xe3, 0xbd, 0x6e, 0x79, - 0x5a, 0x2c, 0x3a, 0xe4, 0xfd, 0x29, 0x89, 0x52, 0xff, 0x76, 0x41, 0x72, 0x0a, 0xb8, 0xc6, 0x0f, - 0xe1, 0xe2, 0xfd, 0x0a, 0x2a, 0xcc, 0xaf, 0xdc, 0x10, 0x06, 0xf0, 0x58, 0xc8, 0x2a, 0x75, 0x95, - 0x04, 0x1f, 0xa3, 0xc6, 0xa7, 0xd1, 0xe0, 0x0a, 0xeb, 0x3e, 0xc3, 0xd0, 0x3d, 0x8a, 0xbd, 0x6e, - 0x79, 0xd0, 0x65, 0xfd, 0x07, 0xa0, 0x80, 0x35, 0x82, 0x4d, 0xb0, 0x65, 0xa3, 0x02, 0x6b, 0x04, - 0x9b, 0x04, 0xa0, 0x0c, 0x5b, 0xf1, 0x36, 0xee, 0x09, 0xab, 0x05, 0x58, 0xc3, 0xdb, 0xb8, 0x47, - 0x00, 0x8a, 0xe7, 0x10, 0x22, 0x34, 0xe8, 0x78, 0x36, 0x6c, 0x71, 0x8e, 0x82, 0x9b, 0x0c, 0xd6, - 0xd0, 0x03, 0x68, 0xa3, 0xe9, 0x98, 0x94, 0x48, 0x24, 0xfa, 0xff, 0x8f, 0xe3, 0x2f, 0x35, 0xcb, - 0xbf, 0x7b, 0xd4, 0x84, 0xbb, 0x68, 0x42, 0x43, 0xac, 0x44, 0xd2, 0x8d, 0x54, 0x46, 0x43, 0x37, - 0x5a, 0xc6, 0x86, 0x0f, 0x6d, 0x38, 0xc4, 0xa3, 0x12, 0x77, 0x18, 0x80, 0x70, 0x78, 0xa2, 0x9d, - 0x8a, 0x0f, 0x6e, 0xa7, 0xff, 0x3d, 0x14, 0x8d, 0xb6, 0x5b, 0x34, 0xd8, 0x72, 0xbc, 0xa3, 0xa6, - 0x7a, 0xd8, 0xa6, 0x3a, 0x87, 0x46, 0x56, 0xbd, 0x26, 0x2c, 0x33, 0x79, 0x6b, 0x8d, 0xf5, 0xba, - 0xe5, 0xa2, 0xef, 0x35, 0xf9, 0x12, 0x33, 0x44, 0x32, 0xba, 0x9a, 0x1f, 0x00, 0xdd, 0x48, 0x4c, - 0x67, 0xfa, 0x81, 0xa0, 0x13, 0x48, 0x41, 0xb7, 0xe2, 0x78, 0x81, 0x68, 0xb8, 0x88, 0xce, 0x75, - 0xbc, 0x80, 0x84, 0x48, 0xfc, 0x1c, 0x42, 0x6b, 0xd5, 0x95, 0xb7, 0xa8, 0x07, 0xea, 0xe2, 0x63, - 0x11, 0xcc, 0xf5, 0x3d, 0x0e, 0x22, 0x12, 0x1a, 0xaf, 0xa1, 0xd1, 0x65, 0x97, 0x7a, 0x90, 0x3c, - 0x01, 0x1e, 0xc0, 0xc4, 0xe5, 0x67, 0x13, 0xaa, 0x15, 0xed, 0x3e, 0x2b, 0xfe, 0x46, 0xe4, 0x7c, - 0x7e, 0x71, 0xc2, 0x9f, 0x24, 0x16, 0x84, 0xaf, 0xa1, 0xe1, 0x0a, 0xf7, 0xf3, 0x4a, 0x20, 0x32, - 0x52, 0xd9, 0x02, 0xfb, 0xc3, 0x51, 0x7c, 0x51, 0x68, 0xc0, 0xff, 0x44, 0x90, 0xeb, 0x17, 0xd0, - 0x54, 0xf2, 0x31, 0xb8, 0x84, 0x46, 0xaa, 0xcb, 0xb7, 0x6e, 0x2d, 0x54, 0xd7, 0xa6, 0x06, 0x70, - 0x11, 0x0d, 0xae, 0x2e, 0xdc, 0xaa, 0x4d, 0xe5, 0xf4, 0xaf, 0x49, 0x16, 0x84, 0x75, 0xad, 0xa3, - 0x08, 0xee, 0x9e, 0xc2, 0x22, 0x53, 0x10, 0xb6, 0x5c, 0xf3, 0x0c, 0xdb, 0x6f, 0x5b, 0x41, 0x40, - 0x4d, 0x31, 0x4b, 0x40, 0x58, 0x2f, 0xb8, 0x4f, 0x52, 0x78, 0x7c, 0x11, 0x8d, 0x03, 0x4c, 0x44, - 0xf2, 0x4c, 0xe8, 0xbd, 0x82, 0xc1, 0xbb, 0x4f, 0x54, 0xa4, 0xfe, 0x7b, 0x71, 0x10, 0x77, 0x89, - 0x1a, 0x07, 0x35, 0xf0, 0xf7, 0x6f, 0xa4, 0xbd, 0xf4, 0x9f, 0x1b, 0xe4, 0x5b, 0xf2, 0x3c, 0xc5, - 0x65, 0x3f, 0x54, 0x79, 0x35, 0xf4, 0x0d, 0x85, 0x26, 0x27, 0x22, 0x4d, 0x00, 0x34, 0xa5, 0x01, - 0xee, 0x47, 0x5e, 0x44, 0xc3, 0x37, 0x69, 0xb0, 0xe9, 0x98, 0x62, 0x03, 0x74, 0xa6, 0xd7, 0x2d, - 0x4f, 0xb5, 0x01, 0x22, 0xf9, 0x7b, 0x82, 0x06, 0xdf, 0x45, 0xb8, 0x6e, 0x52, 0x3b, 0xb0, 0x82, - 0xed, 0x4a, 0x10, 0x78, 0xd6, 0x7a, 0x27, 0xa0, 0xbe, 0xd0, 0xdb, 0xc9, 0xd4, 0x3a, 0x65, 0x15, - 0xf2, 0xc3, 0x60, 0xcf, 0x73, 0xc6, 0x88, 0xc8, 0x63, 0xb1, 0xff, 0xd8, 0x2d, 0x0f, 0x73, 0x1a, - 0x92, 0x21, 0x16, 0xbf, 0x89, 0x46, 0x6f, 0xde, 0xa8, 0xd4, 0xe8, 0x3d, 0xab, 0x49, 0xc5, 0xe6, - 0xc5, 0x13, 0x91, 0x16, 0x43, 0x44, 0xa4, 0x12, 0xc8, 0x7f, 0x68, 0xdf, 0x31, 0x1a, 0x26, 0xc0, - 0xe5, 0xfc, 0x87, 0x88, 0x98, 0xf5, 0x16, 0x9e, 0x49, 0x21, 0xa2, 0x0b, 0x51, 0x6f, 0x51, 0xf3, - 0x2b, 0x92, 0xba, 0xe2, 0xd8, 0x44, 0x6f, 0x29, 0xee, 0xa1, 0xb7, 0xfc, 0x65, 0x0e, 0x4d, 0x11, - 0xea, 0x3b, 0x1d, 0x2f, 0xfe, 0x02, 0x7c, 0x0e, 0x0d, 0x4a, 0x9b, 0xf4, 0x10, 0x35, 0x49, 0xec, - 0x0c, 0x03, 0x1e, 0xaf, 0xa2, 0x91, 0x85, 0xfb, 0xae, 0xe5, 0x51, 0x5f, 0xf4, 0x91, 0x9d, 0x56, - 0x88, 0x4f, 0x89, 0x15, 0xe2, 0x34, 0xe5, 0x2c, 0xa9, 0xc5, 0x21, 0x07, 0x43, 0x46, 0x89, 0x6b, - 0x1a, 0x01, 0x35, 0xe7, 0xb7, 0x85, 0xef, 0xcf, 0x33, 0x4a, 0x38, 0xb0, 0xb1, 0xbe, 0xad, 0x64, - 0x94, 0x84, 0xa4, 0xf8, 0x2c, 0x2a, 0xac, 0xad, 0x2d, 0x89, 0xce, 0x03, 0x89, 0x76, 0x41, 0x20, - 0xa7, 0xcc, 0x30, 0xac, 0xfe, 0xe5, 0x3c, 0x42, 0xac, 0x8f, 0x56, 0x3d, 0x6a, 0x04, 0xfb, 0x63, - 0x68, 0xe6, 0x51, 0x31, 0x54, 0xb8, 0x18, 0x1f, 0x5a, 0xc8, 0x9b, 0x6c, 0x88, 0xe4, 0xb3, 0x43, - 0x3c, 0x73, 0xe6, 0x88, 0xd3, 0xa2, 0x3c, 0x59, 0x44, 0xe4, 0x1c, 0x7a, 0x0c, 0x40, 0x38, 0x1c, - 0x3f, 0x87, 0x46, 0x45, 0x23, 0x3b, 0x61, 0x24, 0x9b, 0x2f, 0xf9, 0x42, 0x20, 0x89, 0xf1, 0xfa, - 0x77, 0x72, 0x5c, 0x29, 0x35, 0xda, 0xa2, 0x07, 0x57, 0x29, 0xfa, 0x17, 0x73, 0x08, 0x33, 0x61, - 0x2b, 0x86, 0xef, 0x6f, 0x39, 0x9e, 0x59, 0xdd, 0x34, 0xec, 0x8d, 0x7d, 0xf9, 0x1c, 0xfd, 0x6f, - 0x86, 0xd0, 0x31, 0x65, 0x57, 0xf9, 0x80, 0xf7, 0xb7, 0x0b, 0x6a, 0x7f, 0x83, 0xc5, 0x3b, 0xf4, - 0x37, 0x79, 0xf1, 0xce, 0x7b, 0xde, 0x47, 0xd0, 0xa8, 0xf8, 0xe6, 0x7a, 0x4d, 0xf4, 0x3c, 0x98, - 0xf6, 0x2d, 0x93, 0xc4, 0x08, 0xfc, 0x3c, 0x1a, 0x13, 0x3f, 0x98, 0xf5, 0x0f, 0xe3, 0xb3, 0xd0, - 0x8f, 0x7d, 0x06, 0x20, 0x0a, 0x1a, 0xbf, 0x80, 0x46, 0x59, 0xe7, 0xdc, 0x80, 0x2c, 0xcd, 0x91, - 0x38, 0x99, 0xd1, 0x0c, 0x81, 0xb2, 0x49, 0x88, 0x28, 0xd9, 0x94, 0x22, 0xf6, 0x1a, 0x8a, 0xf1, - 0x94, 0xc2, 0xf7, 0x1a, 0xe4, 0x29, 0x45, 0xec, 0x3a, 0xbc, 0x83, 0x4a, 0x15, 0xdb, 0x76, 0x78, - 0xb6, 0xb0, 0x2f, 0x02, 0x6a, 0x7d, 0xe7, 0x92, 0xb3, 0x90, 0x62, 0x17, 0xd3, 0x67, 0x4e, 0x26, - 0xb2, 0x40, 0x7c, 0x99, 0x35, 0xc4, 0x3d, 0x8b, 0x6e, 0x51, 0x4f, 0xa4, 0x2c, 0x40, 0x50, 0xd1, - 0x13, 0x30, 0x39, 0xe1, 0x2e, 0xa4, 0xc3, 0xf3, 0x68, 0x7c, 0xc5, 0x73, 0x5c, 0xc7, 0xa7, 0x26, - 0x57, 0x54, 0x09, 0x18, 0x4f, 0xf7, 0xba, 0x65, 0xcd, 0x15, 0x88, 0x06, 0x68, 0x4c, 0x62, 0x57, - 0x59, 0xf0, 0x1d, 0x34, 0x23, 0x94, 0x49, 0xcd, 0xb0, 0x45, 0xeb, 0x35, 0x5f, 0x1b, 0x83, 0x44, - 0x33, 0x9c, 0xec, 0x0c, 0xf5, 0xda, 0xfc, 0x99, 0x30, 0x98, 0xe7, 0x09, 0x58, 0xc3, 0x32, 0xe5, - 0xa6, 0xce, 0x94, 0xa7, 0x6f, 0xb1, 0x05, 0x64, 0xf8, 0x13, 0x3f, 0xaf, 0x66, 0x1a, 0xe7, 0xe2, - 0x60, 0x92, 0xc8, 0xd8, 0x53, 0x52, 0x8b, 0xd9, 0xe2, 0xf5, 0x0d, 0xcb, 0x36, 0x45, 0x74, 0x08, - 0x16, 0xaf, 0x77, 0x2d, 0xdb, 0x24, 0x00, 0x65, 0x58, 0x29, 0xfd, 0x0a, 0xb0, 0x6c, 0x42, 0xe2, - 0xd3, 0x90, 0xfe, 0xf5, 0x5c, 0x62, 0xb4, 0xed, 0xa3, 0x21, 0x53, 0xba, 0x7f, 0xa1, 0x4f, 0xf7, - 0xd7, 0xbf, 0x92, 0x47, 0x25, 0xb6, 0x20, 0xbb, 0xe1, 0x78, 0x5b, 0x86, 0xb7, 0x3f, 0x51, 0xaa, - 0xc7, 0xb6, 0x69, 0x25, 0xf9, 0x7b, 0x83, 0xbb, 0xf0, 0xf7, 0x4e, 0xa3, 0x41, 0x69, 0x9f, 0x95, - 0x47, 0x8d, 0xd8, 0xa2, 0x16, 0xa0, 0xfa, 0x7f, 0xc8, 0x23, 0xf4, 0x99, 0x4b, 0x97, 0x0e, 0xb1, - 0x82, 0xf4, 0xff, 0x93, 0x43, 0x93, 0x22, 0x8c, 0x29, 0xa5, 0xdb, 0x8f, 0x84, 0x01, 0x68, 0x79, - 0x44, 0x71, 0x10, 0x09, 0x71, 0xcc, 0xd4, 0x2c, 0xdc, 0xb7, 0x02, 0x88, 0xe4, 0x48, 0xf9, 0xf6, - 0x54, 0xc0, 0x64, 0x53, 0x13, 0xd2, 0xe1, 0xe7, 0xc3, 0x00, 0x6d, 0x21, 0xb6, 0xaf, 0x8c, 0x61, - 0x21, 0x33, 0x48, 0xab, 0x7f, 0x63, 0x10, 0x0d, 0x2e, 0xdc, 0xa7, 0xcd, 0x03, 0xde, 0x34, 0xd2, - 0xb2, 0x6f, 0x70, 0x8f, 0xcb, 0xbe, 0x47, 0xd9, 0x71, 0x7a, 0x2d, 0x6e, 0xcf, 0x61, 0xf5, 0xf1, - 0x89, 0x96, 0x4f, 0x3e, 0x3e, 0x6c, 0xe9, 0x83, 0xb7, 0x61, 0xf9, 0x5b, 0x05, 0x54, 0x58, 0xad, - 0xae, 0x1c, 0xf5, 0x9b, 0x7d, 0xed, 0x37, 0x3b, 0x47, 0xf4, 0xf5, 0x28, 0x48, 0x57, 0x8c, 0x93, - 0x34, 0x12, 0xf1, 0xb8, 0x2f, 0xe5, 0xd1, 0xe8, 0x6a, 0x67, 0xdd, 0xdf, 0xf6, 0x03, 0xda, 0x3e, - 0xe0, 0xad, 0x19, 0xfa, 0x17, 0x83, 0x59, 0xfe, 0x05, 0x3e, 0x1b, 0x5a, 0x46, 0x69, 0x21, 0x15, - 0x59, 0xc6, 0xd0, 0x1e, 0xfe, 0x52, 0x1e, 0x4d, 0xf1, 0xd5, 0x79, 0xcd, 0xf2, 0x9b, 0x8f, 0x21, - 0x25, 0x65, 0xff, 0xb5, 0xb2, 0xb7, 0x88, 0xd6, 0x43, 0x24, 0xfa, 0xe8, 0xff, 0x31, 0x8f, 0x4a, - 0x95, 0x4e, 0xb0, 0x59, 0x09, 0x60, 0x72, 0x39, 0x94, 0xd3, 0xfc, 0xef, 0xe4, 0xd0, 0x24, 0x7b, - 0x91, 0x35, 0xe7, 0x2e, 0xb5, 0x1f, 0xc3, 0x3a, 0x51, 0x5e, 0xef, 0xe5, 0x1f, 0x71, 0xbd, 0x17, - 0xea, 0xb2, 0xb0, 0xcb, 0x75, 0xef, 0x77, 0x72, 0x08, 0xb1, 0x65, 0xe0, 0x87, 0xe4, 0x33, 0x1e, - 0xc3, 0x3a, 0x62, 0x3f, 0x3f, 0xe3, 0x7b, 0x39, 0x34, 0xb3, 0xe6, 0xb1, 0x89, 0xdc, 0x14, 0xf3, - 0xf9, 0x01, 0x6f, 0x97, 0xf4, 0x07, 0x1d, 0xf0, 0x16, 0xfa, 0x41, 0x0e, 0x3d, 0xa1, 0x7e, 0xd0, - 0x87, 0xc1, 0x0a, 0xfc, 0x7e, 0x0e, 0x1d, 0x7f, 0x1d, 0xce, 0x60, 0x47, 0x31, 0xc6, 0x0f, 0xdf, - 0x17, 0x1d, 0xf0, 0x9e, 0xf7, 0xdd, 0x1c, 0x3a, 0xb6, 0x5c, 0xaf, 0x55, 0x3f, 0x2c, 0x2d, 0x94, - 0xfa, 0x9e, 0x0f, 0x41, 0xfb, 0xac, 0x56, 0x6e, 0x2e, 0x7d, 0x98, 0xda, 0x47, 0xf9, 0x9e, 0x03, - 0xde, 0x3e, 0xff, 0x69, 0x18, 0x95, 0xd8, 0xba, 0x56, 0xc4, 0xf4, 0x0e, 0xb5, 0xa7, 0x7f, 0x19, - 0x95, 0x84, 0x1a, 0x60, 0x49, 0x29, 0x1d, 0x9c, 0x10, 0x05, 0x0c, 0x1a, 0xb0, 0xb4, 0x94, 0x89, - 0xd8, 0x8a, 0xeb, 0x2d, 0xea, 0xad, 0xcb, 0xc9, 0x4a, 0xf7, 0xa8, 0xb7, 0x4e, 0x00, 0x8a, 0x97, - 0xe2, 0x4d, 0xc9, 0xca, 0x4a, 0x1d, 0x4e, 0x4b, 0x8b, 0x95, 0x2a, 0x1c, 0xff, 0x8e, 0xc2, 0xd2, - 0x86, 0x6b, 0xf1, 0x73, 0xd6, 0x72, 0xa2, 0x64, 0x92, 0x13, 0xdf, 0x42, 0xd3, 0x21, 0x2c, 0x3e, - 0x2a, 0x5c, 0xcc, 0x10, 0x97, 0x75, 0x48, 0x38, 0xcd, 0x8a, 0x5f, 0x43, 0x63, 0x21, 0x10, 0x62, - 0xd6, 0xa3, 0x20, 0xea, 0xc9, 0x5e, 0xb7, 0x7c, 0x32, 0x12, 0x75, 0xd7, 0x52, 0x12, 0x41, 0x15, - 0x06, 0x59, 0x00, 0x2c, 0x3b, 0x51, 0x86, 0x80, 0xc4, 0x86, 0xab, 0xc2, 0x80, 0x5f, 0x00, 0x01, - 0xae, 0x63, 0xfb, 0x14, 0x62, 0x7c, 0x25, 0xc8, 0xe4, 0x81, 0x4d, 0x4f, 0x4f, 0xc0, 0x79, 0xbe, - 0x96, 0x42, 0x86, 0x97, 0x11, 0x8a, 0x63, 0x31, 0x22, 0x2b, 0x76, 0xd7, 0x51, 0x22, 0x49, 0x84, - 0xfe, 0x07, 0x6c, 0xfd, 0xe6, 0xba, 0x51, 0x4f, 0x7e, 0x1e, 0x0d, 0x57, 0x5c, 0xf7, 0x36, 0xa9, - 0x8b, 0xe8, 0x24, 0x24, 0x6d, 0x1a, 0xae, 0xdb, 0xe8, 0x78, 0x96, 0xbc, 0xe3, 0xc2, 0x89, 0x70, - 0x15, 0x8d, 0x57, 0x5c, 0x77, 0xa5, 0xb3, 0xde, 0xb2, 0x9a, 0x52, 0xf5, 0x02, 0x5e, 0x02, 0xc3, - 0x75, 0x1b, 0x2e, 0x60, 0x92, 0xb5, 0x1f, 0x54, 0x1e, 0xfc, 0x0e, 0x1a, 0xad, 0xb8, 0xae, 0x38, - 0x3c, 0x5f, 0x80, 0x3d, 0x0d, 0x3d, 0xfc, 0x26, 0xe9, 0xdd, 0x66, 0x23, 0x22, 0x7e, 0x4e, 0xfe, - 0xb4, 0xd8, 0xe3, 0x98, 0x61, 0x0f, 0x4a, 0x1d, 0x92, 0x8f, 0x45, 0xe2, 0x8f, 0xa3, 0x91, 0x8a, - 0xeb, 0x4a, 0xe1, 0x01, 0x08, 0xa5, 0x32, 0xae, 0x44, 0x13, 0x85, 0x64, 0xa7, 0x5e, 0x41, 0x13, - 0xea, 0xc3, 0x76, 0x75, 0x90, 0xfe, 0xa7, 0x39, 0xf8, 0xa0, 0x03, 0xbe, 0x63, 0x78, 0x05, 0x15, - 0x2a, 0xae, 0x2b, 0xcc, 0xc9, 0xb1, 0x8c, 0xf6, 0x48, 0xa6, 0xc5, 0x55, 0x5c, 0x37, 0xfc, 0x74, - 0xbe, 0xa7, 0x7f, 0xb8, 0x3e, 0xfd, 0xdb, 0xfc, 0xd3, 0x0f, 0xf8, 0x16, 0xfc, 0x37, 0x0a, 0x68, - 0xb2, 0xe2, 0xba, 0x47, 0xf5, 0x01, 0x1e, 0x57, 0xf2, 0xdd, 0x25, 0x84, 0x24, 0xf3, 0x38, 0x12, - 0xe5, 0xb6, 0x94, 0x24, 0xd3, 0xa8, 0xe5, 0x88, 0x44, 0x14, 0x76, 0xbf, 0xe2, 0xae, 0xba, 0xdf, - 0x6f, 0x28, 0x0d, 0x07, 0x67, 0x9d, 0x8f, 0x1a, 0x6e, 0x68, 0x4f, 0x1e, 0xd5, 0x84, 0xac, 0x4c, - 0x91, 0x59, 0x2f, 0x52, 0x10, 0xc2, 0x73, 0x1e, 0x4d, 0x86, 0x6a, 0x58, 0x26, 0x49, 0xd0, 0x86, - 0x6d, 0x38, 0xb2, 0xab, 0x36, 0xfc, 0x6a, 0x1e, 0x4d, 0xc7, 0x6d, 0xf8, 0x38, 0x1c, 0xd3, 0x39, - 0x84, 0x78, 0x90, 0x32, 0xda, 0x48, 0x1c, 0xe7, 0x29, 0xe1, 0x3e, 0x40, 0x45, 0x4a, 0x78, 0x4c, - 0x12, 0xed, 0x2a, 0x14, 0x32, 0x77, 0x15, 0x2e, 0xa0, 0x22, 0x31, 0xb6, 0xde, 0xec, 0x50, 0x6f, - 0x5b, 0x4c, 0xa5, 0x10, 0x4a, 0xf7, 0x8c, 0xad, 0xc6, 0xe7, 0x19, 0x90, 0x44, 0x68, 0xac, 0x47, - 0xc9, 0x80, 0x52, 0xf0, 0x98, 0x27, 0x03, 0x46, 0x29, 0x80, 0x42, 0x49, 0xc3, 0xbb, 0x52, 0xd2, - 0x0f, 0x86, 0xd1, 0x54, 0xcd, 0x08, 0x8c, 0x75, 0xc3, 0xa7, 0xd2, 0x42, 0x62, 0x32, 0x84, 0xb1, - 0x8e, 0x60, 0x45, 0x15, 0xb3, 0x20, 0xf1, 0xcc, 0x5c, 0x6f, 0xf8, 0x1c, 0x2a, 0x17, 0x06, 0x4a, - 0x30, 0xe0, 0x4f, 0xc6, 0x72, 0xa3, 0x9a, 0x4a, 0xdc, 0x9d, 0x01, 0x8d, 0x99, 0xeb, 0x0d, 0x57, - 0x80, 0x49, 0x8a, 0x10, 0x5f, 0x44, 0xa5, 0x10, 0xc6, 0x9c, 0xa7, 0x42, 0xfc, 0xcd, 0xe6, 0x3a, - 0xf3, 0x9d, 0x88, 0x8c, 0xc6, 0x2f, 0xa1, 0xb1, 0xf0, 0xa7, 0xe4, 0x96, 0x80, 0xaf, 0x65, 0xae, - 0xa7, 0x1c, 0x47, 0x99, 0x54, 0x66, 0x85, 0xf1, 0x39, 0xa4, 0xb0, 0x26, 0xea, 0xa9, 0x29, 0xa4, - 0xf8, 0xf3, 0x68, 0x22, 0xfc, 0x2d, 0x9c, 0xad, 0x61, 0x70, 0xb6, 0x2e, 0x86, 0x9a, 0x4f, 0xaa, - 0x75, 0x56, 0x25, 0xe7, 0x6e, 0xd7, 0x93, 0xc2, 0xed, 0x3a, 0x66, 0xae, 0xa7, 0xbd, 0xae, 0xc4, - 0x03, 0x70, 0x1d, 0x4d, 0x87, 0x90, 0xca, 0xdb, 0xab, 0x84, 0x6e, 0xb0, 0x51, 0x39, 0x12, 0x3b, - 0xcb, 0xe6, 0x7a, 0x03, 0x2a, 0xad, 0x01, 0x42, 0xf6, 0xd9, 0x53, 0x5c, 0xb8, 0x85, 0x4e, 0x2b, - 0x40, 0xd3, 0xdf, 0xb4, 0xee, 0x04, 0xc2, 0xd3, 0xad, 0xd7, 0xc4, 0x72, 0x00, 0x8a, 0xee, 0x44, - 0x52, 0x39, 0x4d, 0x58, 0x61, 0xaa, 0xa1, 0x94, 0xed, 0xdb, 0x51, 0x1a, 0x5e, 0x45, 0x33, 0x21, - 0xfe, 0xf5, 0xea, 0xca, 0x8a, 0xe7, 0xbc, 0x4b, 0x9b, 0x41, 0xbd, 0x26, 0x56, 0x0a, 0x70, 0xd6, - 0xcb, 0x5c, 0x6f, 0x6c, 0x34, 0x5d, 0xd6, 0x29, 0x18, 0x4e, 0x15, 0x9e, 0xc9, 0x8c, 0xdf, 0x42, - 0xc7, 0x25, 0x78, 0xdd, 0xf6, 0x03, 0xc3, 0x6e, 0xd2, 0x7a, 0x4d, 0x2c, 0x1f, 0x60, 0x29, 0x23, - 0xa4, 0x5a, 0x02, 0xa9, 0x8a, 0xcd, 0x66, 0x3f, 0x55, 0x41, 0xc7, 0x32, 0x5a, 0x6a, 0x57, 0x3e, - 0xeb, 0x97, 0xf2, 0x71, 0xe7, 0x38, 0xe0, 0x8e, 0xeb, 0x3c, 0x2a, 0x86, 0x5f, 0x22, 0xa6, 0x10, - 0xad, 0x5f, 0x07, 0x4f, 0xca, 0x08, 0xf1, 0x8a, 0x3a, 0x0e, 0xb8, 0x33, 0xfb, 0x38, 0xd4, 0xf1, - 0x7e, 0x2e, 0x56, 0xc7, 0x01, 0x77, 0x70, 0xbf, 0x5b, 0x88, 0x47, 0xf6, 0x91, 0x97, 0xfb, 0xb8, - 0x9c, 0xa5, 0x78, 0xe3, 0x74, 0x78, 0x17, 0x09, 0x64, 0x72, 0xd7, 0x1c, 0x79, 0xc4, 0xae, 0xf9, - 0xc3, 0x74, 0x7b, 0x72, 0x07, 0xe4, 0x40, 0xb6, 0xe7, 0x63, 0x18, 0xac, 0xf8, 0x32, 0x1a, 0x0f, - 0xff, 0xe7, 0x9e, 0xda, 0x90, 0x74, 0xf0, 0x6c, 0x5d, 0x38, 0x6a, 0x2a, 0x09, 0xfe, 0x2c, 0x3a, - 0xa9, 0x00, 0x56, 0x0c, 0xcf, 0x68, 0xd3, 0x80, 0x7a, 0xdc, 0x47, 0x10, 0x75, 0xfe, 0x42, 0xee, - 0x86, 0x1b, 0xa1, 0xe5, 0x52, 0x79, 0x7d, 0x24, 0x48, 0x9d, 0x63, 0x64, 0x17, 0xbb, 0xea, 0x7f, - 0x9e, 0x47, 0xe3, 0x2b, 0x8e, 0x1f, 0x6c, 0x78, 0xd4, 0x5f, 0x31, 0x3c, 0x9f, 0x1e, 0xde, 0x16, - 0x7d, 0x11, 0x8d, 0x43, 0x22, 0x70, 0x9b, 0xda, 0x81, 0x54, 0x00, 0x90, 0x17, 0xc3, 0x08, 0x11, - 0xe0, 0x36, 0x12, 0x95, 0x10, 0x97, 0xd1, 0x10, 0xef, 0x03, 0x52, 0x7a, 0x36, 0xef, 0x00, 0x1c, - 0xae, 0x7f, 0xb5, 0x80, 0xc6, 0x42, 0x2d, 0xcf, 0x5b, 0x07, 0xf5, 0xb8, 0xf5, 0xfe, 0x2a, 0x79, - 0x0e, 0xa1, 0x15, 0xc7, 0x0b, 0x8c, 0x96, 0x54, 0x91, 0x19, 0x96, 0x0c, 0x2e, 0x40, 0x39, 0x8f, - 0x44, 0x82, 0x67, 0x11, 0x92, 0x06, 0xd8, 0x08, 0x0c, 0xb0, 0x89, 0x5e, 0xb7, 0x8c, 0xe2, 0x71, - 0x45, 0x24, 0x0a, 0xfd, 0xd7, 0xf2, 0x68, 0x32, 0x6c, 0xa4, 0x85, 0xfb, 0xb4, 0xd9, 0x09, 0x0e, - 0xf1, 0x60, 0x50, 0xb5, 0x3d, 0xf4, 0x40, 0x6d, 0xeb, 0x7f, 0x2b, 0x19, 0x92, 0x6a, 0xcb, 0x39, - 0x32, 0x24, 0xff, 0x1a, 0x7d, 0x5c, 0xff, 0x42, 0x01, 0xcd, 0x84, 0x5a, 0xbf, 0xd1, 0xb1, 0xc1, - 0x4d, 0xa8, 0x1a, 0xad, 0xd6, 0x61, 0x9e, 0x97, 0x4b, 0xa1, 0x22, 0x96, 0xc5, 0xc9, 0x9a, 0x71, - 0xbe, 0xc9, 0x76, 0x47, 0x80, 0x1b, 0x8e, 0x65, 0x12, 0x99, 0x08, 0xbf, 0x86, 0xc6, 0xc2, 0x9f, - 0x15, 0x6f, 0x23, 0x9c, 0x8c, 0x61, 0xe9, 0x1c, 0x31, 0x19, 0xde, 0x86, 0x52, 0xeb, 0x5a, 0x66, - 0xd0, 0xbf, 0x32, 0x8c, 0x4e, 0xbd, 0x6d, 0xd9, 0xa6, 0xb3, 0xe5, 0x8b, 0xaa, 0x67, 0x07, 0xdf, - 0xe9, 0x7d, 0x7c, 0xc5, 0x86, 0x62, 0xcf, 0x64, 0x68, 0x17, 0x6e, 0xeb, 0x9b, 0xe8, 0x78, 0x52, - 0xa5, 0x5e, 0x74, 0xb0, 0x54, 0xb4, 0xce, 0x16, 0x27, 0x68, 0x84, 0x85, 0xe7, 0x44, 0xfc, 0x89, - 0x64, 0x73, 0x26, 0x2b, 0xd7, 0x8d, 0x3c, 0x4c, 0xe5, 0xba, 0x8f, 0xa1, 0xe1, 0x9a, 0xd3, 0x36, - 0xac, 0x30, 0xc5, 0x17, 0x46, 0x71, 0xf4, 0x5c, 0xc0, 0x10, 0x41, 0xc1, 0xe4, 0x8b, 0x07, 0x43, - 0x93, 0x8d, 0xc6, 0xf2, 0x43, 0x86, 0x8e, 0x4f, 0x3d, 0x22, 0x13, 0x61, 0x07, 0x8d, 0x8b, 0xc7, - 0x89, 0x68, 0x11, 0x82, 0x68, 0xd1, 0x0b, 0xa1, 0x8e, 0xfa, 0x77, 0xab, 0x59, 0x85, 0x8f, 0x87, - 0x8d, 0xe0, 0xed, 0xc2, 0x8f, 0xe1, 0x71, 0x23, 0xa2, 0xca, 0x97, 0x94, 0x00, 0x46, 0xa6, 0x94, - 0x56, 0x02, 0x58, 0x19, 0x99, 0xe8, 0xd4, 0x75, 0x84, 0xd3, 0x0f, 0xdb, 0x55, 0xe4, 0xe3, 0xbf, - 0xe7, 0x11, 0x4e, 0x2c, 0x20, 0x16, 0x0e, 0xb1, 0x1f, 0xa4, 0xff, 0x7c, 0x0e, 0x4d, 0xa7, 0x8e, - 0x44, 0xe3, 0x2b, 0x08, 0x71, 0x88, 0x74, 0x16, 0x0c, 0x0e, 0x11, 0xc6, 0xc7, 0xa4, 0xc5, 0x1c, - 0x10, 0x93, 0xe1, 0x39, 0x54, 0xe4, 0xbf, 0xa2, 0x4b, 0x08, 0x92, 0x2c, 0x9d, 0x8e, 0x65, 0x92, - 0x88, 0x28, 0x7e, 0x0a, 0x5c, 0xc7, 0x51, 0xc8, 0x64, 0x09, 0xb6, 0xdd, 0xe8, 0x29, 0x8c, 0x4c, - 0xff, 0x76, 0x0e, 0x8d, 0x45, 0x2f, 0x5c, 0x31, 0xf7, 0xab, 0xe9, 0x86, 0xc5, 0xe9, 0xf2, 0xc2, - 0x83, 0x4e, 0x97, 0x27, 0x8c, 0x0a, 0xc7, 0xea, 0xbf, 0x9d, 0x43, 0x93, 0x11, 0xed, 0x3e, 0xc6, - 0x58, 0xf6, 0xfc, 0x21, 0xff, 0x23, 0x87, 0xb4, 0x79, 0xab, 0xd5, 0xb2, 0xec, 0x8d, 0xba, 0x7d, - 0xc7, 0xf1, 0xda, 0x70, 0x78, 0x72, 0xff, 0x82, 0x68, 0xfa, 0x7f, 0xcd, 0xa1, 0x69, 0xf1, 0x42, - 0x55, 0xc3, 0x33, 0xf7, 0x2f, 0xba, 0x99, 0x7c, 0x93, 0xfd, 0x6b, 0x65, 0xc8, 0x8f, 0x5e, 0x72, - 0x9a, 0x77, 0x3f, 0x04, 0x69, 0xde, 0xec, 0x33, 0x0e, 0x78, 0x2a, 0xda, 0x7f, 0xcb, 0xa1, 0x19, - 0x42, 0x9b, 0xce, 0x3d, 0xea, 0x6d, 0x57, 0x1d, 0x93, 0xbe, 0x4e, 0x6d, 0xea, 0xed, 0x57, 0x27, - 0xfd, 0x75, 0xa8, 0x27, 0x11, 0xbf, 0xcc, 0x6d, 0x9f, 0x9a, 0x07, 0xa7, 0x08, 0x89, 0xfe, 0xcb, - 0x23, 0x48, 0xcb, 0xf4, 0x4c, 0x0e, 0xec, 0xa4, 0xde, 0xd7, 0xdd, 0x1c, 0x7c, 0x5c, 0xee, 0xe6, - 0xd0, 0xee, 0xdc, 0xcd, 0xe1, 0xdd, 0xba, 0x9b, 0x23, 0x0f, 0xe3, 0x6e, 0xb6, 0x93, 0xee, 0x66, - 0x11, 0xdc, 0xcd, 0x2b, 0x3b, 0xba, 0x9b, 0x0b, 0xb6, 0xf9, 0x88, 0xce, 0xe6, 0x81, 0x2d, 0xbd, - 0xf9, 0x08, 0x5e, 0x32, 0x3e, 0xcf, 0x8c, 0x5b, 0xd3, 0xf1, 0x4c, 0xca, 0x4b, 0x69, 0x16, 0x79, - 0x34, 0xd8, 0x13, 0x30, 0x12, 0x61, 0x53, 0x75, 0x4c, 0xc7, 0x1f, 0xa6, 0x8e, 0xe9, 0x63, 0xf0, - 0xc2, 0xbf, 0x97, 0x43, 0xd3, 0x55, 0xea, 0x05, 0xd6, 0x1d, 0xab, 0x69, 0x04, 0x8f, 0x63, 0x0b, - 0xb2, 0x82, 0x26, 0x25, 0x81, 0xd2, 0xfd, 0x6e, 0x70, 0x2e, 0xba, 0x49, 0xbd, 0x00, 0x5c, 0x49, - 0x39, 0x23, 0x20, 0x41, 0xcf, 0x1e, 0x1f, 0xd6, 0x12, 0x12, 0x63, 0x37, 0x7a, 0x7c, 0x08, 0xe7, - 0x8a, 0xb4, 0xc4, 0x2f, 0x12, 0xd1, 0xeb, 0x5f, 0xcb, 0xa1, 0x73, 0x84, 0xda, 0x74, 0xcb, 0x58, - 0x6f, 0x51, 0x49, 0xb0, 0xb0, 0xed, 0x6c, 0xdc, 0x5b, 0x7e, 0xdb, 0x08, 0x9a, 0x9b, 0x7b, 0xfa, - 0xca, 0x1b, 0xea, 0x1d, 0x6b, 0xbb, 0xb0, 0x4e, 0x0a, 0x9f, 0xfe, 0xc3, 0x1c, 0x1a, 0xb9, 0x6d, - 0xdf, 0xb5, 0x9d, 0xad, 0xbd, 0x55, 0x9c, 0xba, 0x82, 0x4a, 0x42, 0x8c, 0xa4, 0x71, 0x7e, 0x69, - 0x1e, 0x07, 0x37, 0xf8, 0xcd, 0x7a, 0x32, 0x15, 0x7e, 0x25, 0x62, 0x82, 0x34, 0x15, 0xe9, 0x12, - 0xb7, 0x90, 0x29, 0x71, 0x99, 0x9e, 0x4c, 0x8e, 0x4f, 0x8b, 0xcb, 0x1c, 0xa4, 0xa3, 0x9f, 0xec, - 0x55, 0xf8, 0x5d, 0x0e, 0xfa, 0x5f, 0x5f, 0x42, 0x43, 0xcb, 0x36, 0x5d, 0xbe, 0x83, 0x2f, 0x49, - 0x55, 0xb5, 0xc4, 0x77, 0x4d, 0xcb, 0x7a, 0x02, 0xc4, 0xe2, 0x00, 0x91, 0x6a, 0x6f, 0x5d, 0x95, - 0x6b, 0x0d, 0x09, 0xdd, 0x62, 0x99, 0x87, 0x63, 0x16, 0x07, 0x88, 0x5c, 0x93, 0xe8, 0xaa, 0x5c, - 0x8c, 0x47, 0x74, 0x1c, 0x85, 0x8b, 0x63, 0x42, 0x2e, 0xe1, 0xbc, 0x2c, 0x65, 0xd5, 0xbe, 0x49, - 0x46, 0x37, 0xd2, 0x14, 0x8b, 0x03, 0x24, 0xbb, 0x66, 0x8e, 0x72, 0xc7, 0x8f, 0x88, 0x6f, 0xcc, - 0x24, 0xa6, 0x1e, 0xc0, 0x2d, 0x0e, 0x10, 0xf5, 0x3e, 0xa0, 0x6b, 0xca, 0xed, 0x29, 0xc9, 0xf4, - 0x1c, 0x09, 0xb5, 0x38, 0x40, 0x12, 0xf7, 0xac, 0x28, 0x57, 0x79, 0x88, 0xed, 0x9e, 0xe4, 0x43, - 0x01, 0x27, 0x3d, 0x94, 0x5f, 0xfb, 0xf1, 0x6a, 0xa2, 0xc4, 0xbe, 0x48, 0x7f, 0x3b, 0x9e, 0x60, - 0xe6, 0xc8, 0xc5, 0x01, 0x92, 0x28, 0xc8, 0x7f, 0x3e, 0xac, 0xba, 0x2e, 0x6c, 0xf9, 0x84, 0xe4, - 0xbc, 0x59, 0xef, 0x31, 0x2d, 0x85, 0x55, 0xd9, 0xaf, 0xca, 0xd5, 0xb6, 0x85, 0x71, 0xc6, 0x89, - 0xa7, 0x2c, 0xd8, 0x26, 0x6b, 0x1d, 0xc9, 0x73, 0xb8, 0x9e, 0xac, 0x4b, 0x2b, 0xaa, 0x1d, 0x9f, - 0x48, 0x70, 0x0a, 0xec, 0xe2, 0x00, 0x49, 0xd6, 0xb1, 0xbd, 0xa6, 0xd4, 0x44, 0x15, 0xb9, 0xdb, - 0x49, 0xad, 0x32, 0x94, 0xa4, 0x55, 0xa8, 0x9e, 0x7a, 0x3d, 0x59, 0xa4, 0x53, 0x1b, 0xcf, 0x7c, - 0xb4, 0xc0, 0x4a, 0x8f, 0x0e, 0x8b, 0x7a, 0x5e, 0x53, 0x8a, 0x29, 0x42, 0xbd, 0xe2, 0x8c, 0x47, - 0x1b, 0x81, 0x21, 0x3f, 0x9a, 0x97, 0x5d, 0x54, 0xca, 0xfa, 0x69, 0x93, 0x99, 0x0d, 0x0a, 0x38, - 0xa9, 0x41, 0x79, 0x09, 0xc0, 0x6b, 0x4a, 0x81, 0x14, 0x6d, 0x4a, 0x7d, 0xa8, 0x84, 0x62, 0x0f, - 0x95, 0x4b, 0xa9, 0x5c, 0x95, 0xeb, 0x86, 0x68, 0xd3, 0x6a, 0x03, 0xc5, 0x18, 0xd6, 0x40, 0x52, - 0x7d, 0x91, 0x32, 0xd4, 0x24, 0xd0, 0x30, 0x90, 0x97, 0xa2, 0x37, 0xac, 0xae, 0x2c, 0x0e, 0x10, - 0xa8, 0x56, 0xa0, 0xf3, 0x6a, 0x17, 0xda, 0x31, 0xa0, 0x18, 0x8b, 0x8a, 0x56, 0xde, 0xa7, 0xcd, - 0xc5, 0x01, 0xc2, 0x2b, 0x61, 0x5c, 0x92, 0x0e, 0xc4, 0x6b, 0x33, 0xaa, 0x89, 0x88, 0x10, 0xcc, - 0x44, 0xc4, 0xc7, 0xe6, 0x6f, 0xa4, 0x0f, 0x8d, 0x6b, 0xc7, 0xd5, 0xf5, 0x43, 0x12, 0xbf, 0x38, - 0x40, 0xd2, 0x07, 0xcd, 0xaf, 0x29, 0xe7, 0xa8, 0xb5, 0x13, 0x89, 0x9c, 0xb8, 0x18, 0xc5, 0xd4, - 0x25, 0x9f, 0xb8, 0x5e, 0xce, 0x2c, 0x54, 0xa5, 0x9d, 0x04, 0x01, 0x4f, 0x46, 0x02, 0xd2, 0x24, - 0x8b, 0x03, 0x24, 0xb3, 0xc4, 0x55, 0x35, 0x75, 0x9a, 0x59, 0xd3, 0x54, 0xc7, 0x35, 0x81, 0x5e, - 0x1c, 0x20, 0xa9, 0xf3, 0xcf, 0x57, 0xe5, 0x63, 0xc4, 0xda, 0x13, 0x6a, 0x23, 0xc6, 0x18, 0xd6, - 0x88, 0xd2, 0x71, 0xe3, 0xab, 0xf2, 0xa9, 0x5d, 0xed, 0x54, 0x9a, 0x2b, 0xb6, 0x9c, 0xd2, 0xe9, - 0x5e, 0x92, 0x7d, 0x48, 0x56, 0x7b, 0x12, 0xf8, 0x4f, 0x87, 0xfc, 0x59, 0x34, 0x8b, 0x03, 0x24, - 0xfb, 0x80, 0x2d, 0xc9, 0x3e, 0xa7, 0xaa, 0x9d, 0xde, 0x49, 0x66, 0xf4, 0x76, 0xd9, 0x67, 0x5c, - 0x8d, 0x1d, 0x8e, 0x8a, 0x6a, 0x4f, 0xa9, 0x67, 0x39, 0xfa, 0x12, 0x2e, 0x0e, 0x90, 0x1d, 0x0e, - 0x9c, 0xde, 0xee, 0x73, 0x6e, 0x53, 0x3b, 0xa3, 0x56, 0xfd, 0xc8, 0x24, 0x5a, 0x1c, 0x20, 0x7d, - 0x4e, 0x7d, 0xde, 0xee, 0x73, 0x78, 0x52, 0x2b, 0xef, 0x28, 0x36, 0xd2, 0x47, 0x9f, 0xa3, 0x97, - 0xcb, 0x99, 0x27, 0x18, 0xb5, 0xa7, 0xd5, 0xae, 0x9b, 0x41, 0xc2, 0xba, 0x6e, 0xd6, 0xd9, 0xc7, - 0xe5, 0xcc, 0x23, 0x84, 0xda, 0x33, 0x3b, 0x08, 0x8c, 0xde, 0x31, 0xf3, 0xf0, 0xe1, 0x72, 0xe6, - 0x19, 0x3e, 0x4d, 0x57, 0x05, 0x66, 0x90, 0x30, 0x81, 0x59, 0xa7, 0xff, 0x96, 0x33, 0x0f, 0xd1, - 0x69, 0x67, 0x77, 0x10, 0x18, 0xbf, 0x61, 0xd6, 0xf1, 0xbb, 0x6b, 0xca, 0x29, 0x36, 0xed, 0x23, - 0xaa, 0xdd, 0x90, 0x50, 0xcc, 0x6e, 0xc8, 0xe7, 0xdd, 0xaa, 0xa9, 0x44, 0x7f, 0xed, 0xa3, 0xea, - 0x30, 0x4f, 0xa0, 0xd9, 0x30, 0x4f, 0x1e, 0x0d, 0xa8, 0xa6, 0x92, 0xce, 0xb5, 0x73, 0xfd, 0x84, - 0x00, 0x5a, 0x15, 0xc2, 0xd3, 0xd4, 0xeb, 0x19, 0x59, 0xcf, 0xda, 0xb3, 0x6a, 0xf4, 0x31, 0x45, - 0xb0, 0x38, 0x40, 0x32, 0x72, 0xa5, 0x49, 0x76, 0x72, 0x97, 0x76, 0x5e, 0x1d, 0xb6, 0x59, 0x34, - 0x6c, 0xd8, 0x66, 0x26, 0x86, 0x2d, 0x65, 0xed, 0x0f, 0x68, 0x17, 0x54, 0xc7, 0x2c, 0x4d, 0xc1, - 0x1c, 0xb3, 0x8c, 0x7d, 0x05, 0x92, 0x9d, 0xae, 0xa4, 0x7d, 0x6c, 0xc7, 0x37, 0x04, 0x9a, 0x8c, - 0x37, 0xe4, 0xd9, 0x3b, 0xb1, 0xef, 0x74, 0xdb, 0x6d, 0x39, 0x86, 0xa9, 0x3d, 0x97, 0xe9, 0x3b, - 0x71, 0xa4, 0xe4, 0x3b, 0x71, 0x00, 0x9b, 0xe5, 0xe5, 0xf8, 0xb9, 0x76, 0x51, 0x9d, 0xe5, 0x65, - 0x1c, 0x9b, 0xe5, 0x95, 0x58, 0x7b, 0x35, 0x15, 0xb5, 0xd6, 0x9e, 0x57, 0x3b, 0x40, 0x02, 0xcd, - 0x3a, 0x40, 0x32, 0xce, 0xfd, 0x4e, 0xff, 0x88, 0xb1, 0x36, 0x0b, 0xd2, 0x9e, 0x8e, 0xca, 0x72, - 0xf7, 0xa1, 0x5b, 0x1c, 0x20, 0xfd, 0xa3, 0xce, 0xf5, 0x8c, 0x00, 0xb0, 0x36, 0xa7, 0x76, 0xb0, - 0x14, 0x01, 0xeb, 0x60, 0xe9, 0xb0, 0x71, 0x3d, 0x23, 0x82, 0xab, 0x7d, 0xbc, 0xaf, 0xa8, 0xe8, - 0x9b, 0x33, 0xe2, 0xbe, 0x57, 0xe5, 0x10, 0xac, 0x76, 0x49, 0x9d, 0xec, 0x62, 0x0c, 0x9b, 0xec, - 0xa4, 0x50, 0xed, 0x55, 0x39, 0xe2, 0xa9, 0x5d, 0x4e, 0x73, 0xc5, 0x53, 0xa4, 0x14, 0x19, 0x25, - 0xd9, 0x01, 0x46, 0xed, 0x8a, 0xda, 0xeb, 0xb2, 0x68, 0x58, 0xaf, 0xcb, 0x0c, 0x4e, 0xde, 0x48, - 0xc7, 0x09, 0xb5, 0xab, 0xc9, 0xc8, 0xa9, 0x8a, 0x67, 0x9e, 0x4f, 0x2a, 0xb6, 0x78, 0x3d, 0x99, - 0x79, 0xac, 0xbd, 0xa0, 0xfa, 0xb7, 0x2a, 0x96, 0xf9, 0xb7, 0x89, 0x4c, 0xe5, 0xeb, 0xc9, 0x64, - 0x5d, 0xed, 0x13, 0xd9, 0x12, 0xa2, 0xbe, 0x92, 0x4c, 0xee, 0xbd, 0x9e, 0xcc, 0x6f, 0xd5, 0xae, - 0x65, 0x4b, 0x88, 0xb4, 0x9b, 0xcc, 0x87, 0xbd, 0x24, 0x9d, 0xf9, 0xd3, 0x5e, 0x54, 0x5d, 0xc7, - 0x08, 0xc1, 0x5c, 0xc7, 0xf8, 0x64, 0xe0, 0x25, 0xe9, 0xac, 0x9c, 0xf6, 0x52, 0x8a, 0x25, 0x7a, - 0x59, 0xe9, 0x44, 0xdd, 0x25, 0xe9, 0x8c, 0x99, 0xf6, 0x72, 0x8a, 0x25, 0x7a, 0x3b, 0xe9, 0x24, - 0x9a, 0xb9, 0x53, 0x02, 0x80, 0xf6, 0x49, 0x90, 0xa1, 0x3f, 0x78, 0x4f, 0x77, 0x71, 0x80, 0xec, - 0x94, 0x48, 0xf0, 0x4e, 0xff, 0xa8, 0xab, 0xf6, 0x8a, 0x3a, 0x84, 0xfb, 0xd1, 0xb1, 0x21, 0xdc, - 0x37, 0x72, 0xfb, 0x6a, 0x22, 0x19, 0x50, 0x7b, 0x55, 0x35, 0x71, 0x0a, 0x92, 0x99, 0xb8, 0x64, - 0xea, 0xa0, 0x92, 0xe5, 0xa6, 0x7d, 0x4a, 0x35, 0x71, 0x32, 0x8e, 0x99, 0x38, 0x25, 0x23, 0xae, - 0x9a, 0x4a, 0xbe, 0xd2, 0x5e, 0x53, 0x4d, 0x5c, 0x02, 0xcd, 0x4c, 0x5c, 0x32, 0x5d, 0xeb, 0xd5, - 0x44, 0x0e, 0x92, 0x76, 0x3d, 0xfb, 0xfd, 0x01, 0x29, 0xbf, 0x3f, 0xcf, 0x58, 0x22, 0xd9, 0xc9, - 0x34, 0x5a, 0x45, 0x1d, 0xbf, 0x59, 0x34, 0x6c, 0xfc, 0x66, 0x26, 0xe2, 0x2c, 0x67, 0xd6, 0xdc, - 0xd4, 0xe6, 0x77, 0x58, 0x38, 0xc4, 0xae, 0x48, 0x56, 0xb5, 0xce, 0xeb, 0xc9, 0x0b, 0xdd, 0xb4, - 0x6a, 0x9f, 0x35, 0x72, 0xb8, 0x0c, 0x4a, 0x5e, 0x00, 0x57, 0xcf, 0x08, 0x02, 0x6a, 0x35, 0xd5, - 0xba, 0xa6, 0x08, 0x98, 0x75, 0x4d, 0x87, 0x0e, 0x6f, 0xa4, 0xef, 0xd1, 0xd4, 0x16, 0x12, 0x5b, - 0xe2, 0x09, 0x3c, 0xb3, 0x4e, 0xa9, 0xbb, 0x37, 0x49, 0xf6, 0x55, 0x8b, 0xda, 0x8d, 0xc4, 0x7c, - 0x9d, 0x41, 0x03, 0xf3, 0x75, 0xd6, 0x35, 0x8d, 0x9f, 0xed, 0x7b, 0x63, 0xa6, 0xf6, 0x3a, 0x88, - 0x2d, 0xf7, 0x13, 0x2b, 0xc8, 0x16, 0x07, 0x48, 0xdf, 0x3b, 0x37, 0x6f, 0xa3, 0xe3, 0x37, 0xb7, - 0x57, 0xdf, 0x5c, 0x8a, 0xf2, 0xb7, 0x56, 0x3c, 0xea, 0x1a, 0x1e, 0xd5, 0x16, 0x55, 0x5f, 0x3d, - 0x93, 0x88, 0xf9, 0xea, 0x99, 0x88, 0xb4, 0xd8, 0x70, 0x2c, 0xd4, 0x77, 0x12, 0x1b, 0x8f, 0x88, - 0x6c, 0x6e, 0x66, 0x9d, 0x54, 0x04, 0x53, 0xd0, 0x92, 0x63, 0x6f, 0x40, 0xa4, 0xe2, 0xd3, 0xaa, - 0x75, 0xea, 0x4f, 0xc9, 0xac, 0x53, 0x7f, 0x2c, 0xeb, 0xea, 0x2a, 0x96, 0x8f, 0xc1, 0x37, 0xd4, - 0xae, 0x9e, 0x41, 0xc2, 0xba, 0x7a, 0x06, 0x38, 0x2d, 0x90, 0x50, 0x9f, 0x06, 0xda, 0xd2, 0x4e, - 0x02, 0x81, 0x24, 0x2d, 0x10, 0xc0, 0x69, 0x81, 0x37, 0x68, 0xd0, 0xdc, 0xd4, 0x6e, 0xee, 0x24, - 0x10, 0x48, 0xd2, 0x02, 0x01, 0xcc, 0x16, 0x9b, 0x2a, 0x78, 0xbe, 0xd3, 0xba, 0x1b, 0xb6, 0xd9, - 0x2d, 0x75, 0xb1, 0xd9, 0x97, 0x90, 0x2d, 0x36, 0xfb, 0x22, 0xf1, 0x17, 0x1f, 0x3a, 0xc4, 0xad, - 0x2d, 0xc3, 0x03, 0x67, 0x63, 0xbf, 0xe0, 0x61, 0xb8, 0x16, 0x07, 0xc8, 0xc3, 0x86, 0xd0, 0x9f, - 0x8b, 0xa2, 0xd7, 0xda, 0x0a, 0x3c, 0x6a, 0x32, 0x8a, 0x55, 0x70, 0xf0, 0xe2, 0x00, 0x89, 0xe2, - 0xdb, 0xd7, 0x50, 0x09, 0x3e, 0xaa, 0x6e, 0x5b, 0x41, 0x6d, 0x5e, 0x7b, 0x53, 0x5d, 0x32, 0x49, - 0x28, 0xb6, 0x64, 0x92, 0x7e, 0x32, 0x23, 0x0e, 0x3f, 0xb9, 0x89, 0xa9, 0xcd, 0x6b, 0x44, 0x35, - 0xe2, 0x0a, 0x92, 0x19, 0x71, 0x05, 0x10, 0x3d, 0xb7, 0xe6, 0x39, 0x6e, 0x6d, 0x5e, 0x5b, 0xcd, - 0x78, 0x2e, 0x47, 0x45, 0xcf, 0xe5, 0x3f, 0xa3, 0xe7, 0xae, 0x6e, 0x76, 0x82, 0x1a, 0xfb, 0xc6, - 0xb5, 0x8c, 0xe7, 0x86, 0xc8, 0xe8, 0xb9, 0x21, 0x80, 0x99, 0x42, 0x00, 0xac, 0x78, 0x0e, 0x33, - 0xda, 0x6f, 0x58, 0xad, 0x96, 0x76, 0x5b, 0x35, 0x85, 0x49, 0x3c, 0x33, 0x85, 0x49, 0x18, 0x73, - 0x3d, 0xf9, 0x5b, 0xd1, 0xf5, 0xce, 0x86, 0xf6, 0x96, 0xea, 0x7a, 0xc6, 0x18, 0xe6, 0x7a, 0xc6, - 0xbf, 0x60, 0x75, 0xc1, 0x7e, 0x11, 0x7a, 0xc7, 0xa3, 0xfe, 0xa6, 0xf6, 0x76, 0x62, 0x75, 0x21, - 0xe1, 0x60, 0x75, 0x21, 0xfd, 0xc6, 0x1b, 0xe8, 0x49, 0x65, 0xa2, 0x09, 0x77, 0xda, 0x57, 0xa9, - 0xe1, 0x35, 0x37, 0xb5, 0xcf, 0x80, 0xa8, 0xb3, 0x99, 0x53, 0x95, 0x4a, 0xba, 0x38, 0x40, 0x76, - 0x92, 0x04, 0xcb, 0xf2, 0x37, 0x97, 0xf8, 0xb1, 0x18, 0xb2, 0x52, 0x0d, 0x17, 0xa1, 0xff, 0x2e, - 0xb1, 0x2c, 0x4f, 0x93, 0xc0, 0xb2, 0x3c, 0x0d, 0xc6, 0x2e, 0x3a, 0x93, 0x58, 0xaa, 0xdd, 0x34, - 0x5a, 0x6c, 0x5d, 0x42, 0xcd, 0x15, 0xa3, 0x79, 0x97, 0x06, 0xda, 0xbf, 0x07, 0xd9, 0xe7, 0xfa, - 0x2c, 0xf8, 0x12, 0xd4, 0x8b, 0x03, 0xe4, 0x01, 0xf2, 0xe6, 0x47, 0xd0, 0x10, 0x5c, 0xc0, 0xa3, - 0xff, 0xdf, 0x1c, 0x1a, 0x5b, 0x0d, 0x3c, 0x6a, 0xb4, 0x45, 0xbe, 0xe2, 0x29, 0x54, 0xe4, 0x2b, - 0x3d, 0x71, 0xb9, 0xdc, 0x28, 0x89, 0x7e, 0xe3, 0x73, 0x68, 0x62, 0xc9, 0xf0, 0x03, 0xe0, 0x94, - 0x6e, 0xcd, 0x26, 0x09, 0x28, 0x5e, 0xe2, 0x74, 0x9c, 0x0f, 0xb6, 0x35, 0x0b, 0x0f, 0xdc, 0xd6, - 0x2c, 0xbe, 0xdf, 0x2d, 0x0f, 0xc0, 0xe6, 0x65, 0x82, 0x57, 0xef, 0xe5, 0x50, 0x6a, 0x0d, 0xfa, - 0xe8, 0x7b, 0x4e, 0xcb, 0x68, 0x32, 0xb1, 0x95, 0x2e, 0xb6, 0x6a, 0x1e, 0x72, 0xa7, 0x3d, 0xc9, - 0x8d, 0xcf, 0xa2, 0xc2, 0xed, 0x7a, 0x4d, 0xbe, 0x88, 0xa2, 0xa3, 0x1c, 0xc3, 0x64, 0x58, 0xfc, - 0x6c, 0xb4, 0x8f, 0x70, 0x9b, 0x2c, 0x89, 0x2d, 0x74, 0xb8, 0xb4, 0xaf, 0xe3, 0xb5, 0x88, 0x84, - 0xd2, 0x7f, 0x65, 0x2c, 0xde, 0x46, 0xc4, 0xe7, 0x44, 0x16, 0x81, 0x74, 0x31, 0x47, 0xe2, 0xcc, - 0x2e, 0xcf, 0x1a, 0xf8, 0x14, 0x1a, 0xab, 0xb7, 0x5d, 0xea, 0xf9, 0x8e, 0x0d, 0x25, 0xf3, 0xf3, - 0xf1, 0x9e, 0x98, 0x25, 0xc1, 0xe5, 0xbc, 0x5f, 0x99, 0x3e, 0xae, 0xf7, 0x5f, 0x78, 0x60, 0xbd, - 0xff, 0x0b, 0x68, 0xe8, 0x36, 0x5c, 0xd3, 0x27, 0x5d, 0x0d, 0xd0, 0x49, 0x5c, 0xd2, 0xc7, 0x29, - 0xf0, 0x45, 0x34, 0x0c, 0x1b, 0x63, 0xbe, 0x36, 0x04, 0xb4, 0x70, 0x16, 0xbe, 0x05, 0x10, 0xb9, - 0x38, 0x0c, 0xa7, 0xc1, 0x6f, 0xa0, 0xa9, 0xb8, 0xd2, 0x0c, 0x14, 0xf2, 0x09, 0x13, 0x98, 0xe1, - 0xfc, 0xec, 0xdd, 0x08, 0xc7, 0x2b, 0x00, 0xc9, 0x22, 0x52, 0x8c, 0x78, 0x11, 0x4d, 0xc6, 0x30, - 0xa6, 0xa2, 0xf0, 0xe0, 0xc4, 0x99, 0x5e, 0xb7, 0x7c, 0x4a, 0x92, 0xc5, 0xd4, 0x29, 0x8b, 0x4a, - 0xb2, 0xe1, 0x7a, 0x7c, 0xe7, 0x49, 0xf1, 0x81, 0x7d, 0xf8, 0x98, 0xd8, 0x9a, 0x1f, 0x11, 0x77, - 0x9e, 0xa8, 0x37, 0x9d, 0xdc, 0x40, 0x13, 0xc4, 0xe9, 0x04, 0x74, 0xcd, 0x09, 0x0b, 0x37, 0xf3, - 0xcc, 0x5a, 0x78, 0x27, 0x8f, 0x61, 0x1a, 0x81, 0x13, 0x1e, 0x3f, 0x96, 0x8f, 0x49, 0xab, 0x5c, - 0xf8, 0x56, 0x56, 0x0d, 0x68, 0xe9, 0x50, 0xb0, 0xf4, 0x79, 0x69, 0x61, 0x19, 0x45, 0x9f, 0xff, - 0x4b, 0x0e, 0x0d, 0xaf, 0x79, 0x86, 0x15, 0xf8, 0x62, 0x9b, 0xea, 0xf8, 0xec, 0x96, 0x67, 0xb8, - 0xac, 0x7f, 0xcc, 0xc2, 0x0e, 0xfd, 0x5b, 0x46, 0xab, 0x43, 0xfd, 0xf9, 0xb7, 0xd9, 0xd7, 0xfd, - 0x49, 0xb7, 0xfc, 0xc9, 0x0d, 0x88, 0xcf, 0xce, 0x36, 0x9d, 0xf6, 0xdc, 0x86, 0x67, 0xdc, 0xb3, - 0xf8, 0x8d, 0x07, 0x46, 0x6b, 0x2e, 0xa0, 0x2d, 0xea, 0x3a, 0x5e, 0x30, 0x67, 0xb8, 0xd6, 0x5c, - 0xb0, 0xed, 0x52, 0x7f, 0x2e, 0x92, 0xc4, 0x9f, 0xc0, 0xba, 0x40, 0x00, 0xff, 0xc9, 0x5d, 0x80, - 0xe3, 0xf0, 0x2d, 0x84, 0xc4, 0xa7, 0x56, 0x5c, 0x57, 0xec, 0x79, 0x49, 0x01, 0xfd, 0x10, 0xc3, - 0x3b, 0x76, 0xa4, 0x30, 0xc3, 0x95, 0xcb, 0x41, 0x49, 0x12, 0x58, 0x2f, 0x58, 0x13, 0x6f, 0x14, - 0xaa, 0x69, 0x3c, 0xd6, 0x78, 0xf8, 0xb2, 0x19, 0x4a, 0x4a, 0xb2, 0xe1, 0x75, 0x34, 0x29, 0xe4, - 0x46, 0x19, 0xb3, 0x13, 0xaa, 0xd1, 0x48, 0xa0, 0x79, 0xa7, 0x8d, 0xde, 0xd1, 0x14, 0x60, 0xf9, - 0x19, 0x09, 0x0e, 0x3c, 0x1f, 0x9f, 0xc4, 0x83, 0xda, 0x53, 0xda, 0x24, 0xf4, 0x58, 0xb8, 0xfb, - 0x21, 0xe4, 0xe7, 0x25, 0xab, 0xe4, 0xe2, 0x48, 0x0a, 0x8b, 0x2c, 0x83, 0xf7, 0xfa, 0xa9, 0x0c, - 0x19, 0xc9, 0x3e, 0xaf, 0xb2, 0xe0, 0x2a, 0x1a, 0x8f, 0x42, 0x6e, 0xb7, 0x99, 0x65, 0x9b, 0x8e, - 0xab, 0x34, 0x25, 0x92, 0x71, 0x65, 0x21, 0x0a, 0x0f, 0xbe, 0x82, 0x8a, 0x7c, 0xd3, 0xaa, 0xce, - 0x77, 0xd9, 0xc2, 0x44, 0x0a, 0x80, 0x35, 0x2c, 0xb9, 0xc5, 0x22, 0x42, 0xfc, 0x2a, 0x2a, 0x55, - 0xde, 0x5e, 0x65, 0x76, 0xa6, 0x42, 0x6e, 0xf9, 0xda, 0xb1, 0xf8, 0xf8, 0x02, 0x1c, 0xd0, 0x77, - 0x5a, 0xb4, 0x61, 0x78, 0x8a, 0xf1, 0x90, 0xe9, 0xf1, 0x02, 0x9a, 0x50, 0x66, 0x6d, 0x5f, 0x9b, - 0x89, 0x2f, 0x6d, 0x35, 0x00, 0xd3, 0x10, 0x15, 0xca, 0x94, 0x2a, 0x04, 0x2a, 0x13, 0xeb, 0x35, - 0x35, 0xcb, 0x37, 0x5a, 0x2d, 0x67, 0x8b, 0x50, 0xcb, 0xf7, 0x3b, 0x14, 0xb6, 0xe8, 0x8a, 0xbc, - 0xd7, 0x98, 0x02, 0xd5, 0xf0, 0x38, 0x4e, 0xa9, 0x11, 0xa1, 0xb2, 0xe1, 0x77, 0x11, 0xae, 0xb0, - 0xdf, 0xea, 0x3d, 0x1c, 0x27, 0xfa, 0xde, 0xc3, 0x71, 0x4e, 0x98, 0x8f, 0x33, 0x06, 0xe7, 0x6a, - 0xf4, 0xb9, 0x8f, 0x23, 0x43, 0xaa, 0xfe, 0x0f, 0x39, 0x79, 0xf0, 0x44, 0x15, 0xae, 0x73, 0x99, - 0x15, 0xae, 0x2f, 0xa2, 0x51, 0x31, 0xe5, 0x44, 0xb9, 0xd6, 0x70, 0xa2, 0x2c, 0xcc, 0x28, 0xb2, - 0x4c, 0x12, 0x13, 0xc0, 0x69, 0x9e, 0xb8, 0x28, 0x4d, 0x41, 0x3a, 0xcd, 0x13, 0x17, 0xa5, 0x51, - 0x4a, 0xd2, 0x5c, 0x56, 0xef, 0x02, 0x19, 0x8c, 0x93, 0x8e, 0xc2, 0xda, 0x0a, 0x3c, 0xe9, 0x48, - 0xbe, 0x10, 0xe4, 0x65, 0x84, 0xe2, 0xb6, 0x14, 0x13, 0x24, 0x8c, 0x73, 0xb9, 0xe9, 0xe5, 0x71, - 0x1e, 0x53, 0xeb, 0x7f, 0x9c, 0x4b, 0x0d, 0x4f, 0xf6, 0x0e, 0x22, 0x7f, 0x4d, 0xd2, 0x03, 0xbc, - 0x83, 0xc8, 0x76, 0x13, 0xef, 0x20, 0x11, 0xe1, 0xf3, 0xa8, 0x98, 0xa8, 0xe5, 0x01, 0xf9, 0x3a, - 0x51, 0x21, 0x8f, 0x08, 0x8b, 0x2f, 0xa3, 0x22, 0x1b, 0x2c, 0x76, 0x7c, 0x49, 0x09, 0x54, 0x09, - 0xeb, 0x08, 0x98, 0xdc, 0xbb, 0x43, 0x3a, 0xc6, 0xa3, 0xa4, 0xdb, 0x0b, 0x9e, 0x0c, 0xd3, 0x10, - 0xa7, 0xd7, 0xff, 0xd3, 0xe0, 0x8e, 0x3e, 0xed, 0xbe, 0xa4, 0x28, 0xbe, 0xc4, 0xbc, 0x31, 0xf6, - 0xf4, 0x8a, 0x9f, 0x72, 0x1a, 0x7c, 0x40, 0x34, 0x0c, 0xde, 0x64, 0x3e, 0x51, 0x29, 0xe5, 0x42, - 0x78, 0x90, 0xf0, 0x33, 0x98, 0x51, 0x08, 0x2f, 0x91, 0x66, 0xa5, 0x30, 0xe0, 0x17, 0xd0, 0x68, - 0x5c, 0xd2, 0x6f, 0x28, 0xb6, 0x2b, 0x59, 0x95, 0xfc, 0x62, 0x4a, 0xfc, 0x39, 0x34, 0xac, 0xd4, - 0x30, 0x99, 0x7b, 0x88, 0x45, 0xc0, 0xac, 0x9c, 0x22, 0xc8, 0x5d, 0x97, 0x64, 0xfd, 0x12, 0x21, - 0x14, 0xaf, 0xa1, 0x63, 0x2b, 0x1e, 0x35, 0x61, 0xb9, 0xb9, 0x70, 0xdf, 0xf5, 0x44, 0x02, 0x27, - 0x4f, 0x64, 0xd4, 0xd9, 0x80, 0x76, 0x43, 0x74, 0x83, 0x46, 0x78, 0x49, 0x50, 0x16, 0x3b, 0x33, - 0x67, 0xfc, 0x4d, 0xde, 0xa0, 0xdb, 0x5b, 0x8e, 0x67, 0x86, 0xd7, 0x84, 0x83, 0x39, 0x13, 0x8a, - 0xbe, 0x2b, 0x50, 0xb2, 0x39, 0x53, 0x99, 0x4e, 0xbd, 0x84, 0x4a, 0x8f, 0x9a, 0x66, 0xf7, 0x8b, - 0xf9, 0x3e, 0xd1, 0xa1, 0xc3, 0x7b, 0x2c, 0x2f, 0x3a, 0x22, 0x3d, 0xd4, 0xe7, 0x88, 0xf4, 0xdf, - 0xe5, 0xfb, 0x84, 0xbe, 0x0e, 0xf5, 0x51, 0xc6, 0x48, 0x19, 0xea, 0x51, 0xc6, 0xf8, 0x14, 0xa9, - 0x65, 0x12, 0x99, 0x28, 0x71, 0xe8, 0x79, 0xf8, 0x81, 0x87, 0x9e, 0x7f, 0xa6, 0xb0, 0x53, 0x68, - 0xf0, 0x48, 0xf7, 0xbb, 0xd1, 0xfd, 0x65, 0x54, 0x8a, 0x34, 0x2b, 0x0a, 0x99, 0x8d, 0x47, 0x49, - 0xbd, 0x1c, 0x0c, 0x3c, 0x12, 0x11, 0xbe, 0xc0, 0xdf, 0x75, 0xd5, 0x7a, 0x8f, 0x17, 0xe7, 0x18, - 0xe7, 0xb5, 0xbe, 0xd8, 0xbb, 0x35, 0x7c, 0xeb, 0x3d, 0x4a, 0x22, 0xb4, 0xfe, 0x9b, 0xf9, 0xcc, - 0xf8, 0xea, 0x51, 0x1b, 0xed, 0xa2, 0x8d, 0x32, 0x94, 0xc8, 0x23, 0xc3, 0x47, 0x4a, 0xdc, 0x85, - 0x12, 0x7f, 0x92, 0xcf, 0x8c, 0xa3, 0x1f, 0x29, 0x71, 0x37, 0xd6, 0xe2, 0x22, 0x1a, 0x25, 0xce, - 0x96, 0x5f, 0x75, 0x3a, 0x76, 0x20, 0x6c, 0x05, 0x18, 0x6a, 0xcf, 0xd9, 0xf2, 0x1b, 0x4d, 0x06, - 0x25, 0x31, 0x81, 0xfe, 0xd3, 0xfc, 0x0e, 0x3b, 0x0d, 0x47, 0x8a, 0xff, 0x20, 0xa7, 0xc8, 0x6f, - 0xe6, 0x95, 0x9d, 0x8c, 0x43, 0x5d, 0x13, 0x64, 0xb5, 0xb9, 0x49, 0xdb, 0x46, 0xb2, 0x26, 0x88, - 0x0f, 0x50, 0x71, 0x32, 0x39, 0x26, 0xd1, 0xbf, 0x95, 0x4f, 0x6c, 0xe5, 0x1c, 0xe9, 0xee, 0xa1, - 0x75, 0x17, 0xf5, 0x3a, 0xb1, 0x3b, 0x75, 0xa4, 0xb9, 0x87, 0xd5, 0xdc, 0x17, 0xf3, 0x89, 0x8d, - 0xbc, 0xc3, 0x5b, 0x65, 0xe0, 0x5b, 0xf9, 0xf4, 0xa6, 0xe4, 0xe1, 0xed, 0x49, 0x17, 0xd1, 0xa8, - 0xd0, 0x43, 0x34, 0x55, 0x70, 0xbb, 0xcf, 0x81, 0x10, 0xbd, 0x8b, 0x08, 0xf4, 0xff, 0x9c, 0x47, - 0xea, 0x06, 0xeb, 0x21, 0xed, 0x43, 0xdf, 0xcc, 0xab, 0x5b, 0xcb, 0x87, 0xb7, 0xff, 0xcc, 0x22, - 0xb4, 0xda, 0x59, 0x17, 0x97, 0xc8, 0x0a, 0x4b, 0xc4, 0xc3, 0xbf, 0x11, 0x94, 0x48, 0x14, 0xfa, - 0x3f, 0xe7, 0x33, 0xf7, 0xbb, 0x0f, 0xb3, 0xb7, 0x56, 0x64, 0xe3, 0xcb, 0x8e, 0x0d, 0x39, 0x44, - 0x72, 0x5d, 0x01, 0x93, 0x23, 0xb9, 0x21, 0x1d, 0x7e, 0x31, 0xc3, 0x5b, 0x83, 0x72, 0xd3, 0x99, - 0xd5, 0x11, 0x65, 0xbf, 0xed, 0x77, 0xf3, 0x0f, 0xca, 0x0e, 0x38, 0xcc, 0x93, 0xea, 0xc8, 0x8a, - 0xb1, 0x0d, 0x59, 0xec, 0xac, 0x21, 0xc6, 0x78, 0x69, 0x6b, 0x97, 0x83, 0xe4, 0xbb, 0x3a, 0x04, - 0xd5, 0xc7, 0x9e, 0x45, 0x25, 0xc8, 0x53, 0xe0, 0x97, 0x9a, 0xe2, 0x31, 0x54, 0x5c, 0x9e, 0x5f, - 0x5d, 0x20, 0x6f, 0x2d, 0xd4, 0xa6, 0x06, 0x30, 0x42, 0xc3, 0xb5, 0x85, 0x5b, 0xf5, 0x85, 0xda, - 0x54, 0x6e, 0x7e, 0xea, 0xfd, 0x3f, 0x3b, 0x33, 0xf0, 0xfe, 0x8f, 0xcf, 0xe4, 0xbe, 0xff, 0xe3, - 0x33, 0xb9, 0x3f, 0xfd, 0xf1, 0x99, 0xdc, 0xfa, 0x30, 0xec, 0x03, 0x5c, 0xf9, 0x97, 0x00, 0x00, - 0x00, 0xff, 0xff, 0xd3, 0x8b, 0x48, 0xb1, 0xdb, 0xaa, 0x00, 0x00, +func init() { + proto.RegisterFile("teleport/legacy/types/events/events.proto", fileDescriptor_007ba1c3d6266d56) +} + +var fileDescriptor_007ba1c3d6266d56 = []byte{ + // 8915 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x6c, 0x1c, 0x47, + 0x96, 0x18, 0x67, 0x86, 0x1f, 0xc3, 0x1a, 0x7e, 0x0c, 0x4b, 0x92, 0xdd, 0x96, 0x65, 0x8d, 0xdd, + 0xde, 0xd5, 0x4a, 0xb6, 0x4c, 0xae, 0x3e, 0x6c, 0xad, 0xbd, 0xf6, 0x5a, 0xc3, 0x99, 0xa1, 0x66, + 0x56, 0x14, 0x39, 0xae, 0xa1, 0x2c, 0xef, 0x6d, 0xd6, 0x73, 0xcd, 0xe9, 0x12, 0xd9, 0xd6, 0xcc, + 0xf4, 0x6c, 0x77, 0x8f, 0x28, 0xfa, 0x57, 0x0e, 0xb9, 0x24, 0x9b, 0x60, 0x13, 0x04, 0x97, 0x1f, + 0xf9, 0x91, 0x1f, 0x77, 0x09, 0x12, 0x20, 0x41, 0x0e, 0xb7, 0xb8, 0xe0, 0x72, 0x97, 0x45, 0x02, + 0xe4, 0x63, 0x37, 0x81, 0x93, 0xe0, 0x36, 0x77, 0xb9, 0xe0, 0x02, 0xe4, 0xc7, 0x5c, 0xb2, 0x41, + 0xfe, 0x0c, 0xf2, 0x71, 0x48, 0x0e, 0xc8, 0x25, 0x41, 0x90, 0xa0, 0x5e, 0x55, 0x77, 0x57, 0x75, + 0xf7, 0x90, 0xa2, 0x28, 0x47, 0x47, 0x93, 0x7f, 0x24, 0xce, 0xfb, 0xea, 0xea, 0x57, 0xaf, 0xaa, + 0x5f, 0xbd, 0x7a, 0xf5, 0x0a, 0x5d, 0xf2, 0x68, 0x9b, 0xf6, 0x6c, 0xc7, 0x5b, 0x6a, 0xd3, 0x2d, + 0xa3, 0xb5, 0xbb, 0xe4, 0xed, 0xf6, 0xa8, 0xbb, 0x44, 0x1f, 0xd2, 0xae, 0xe7, 0xff, 0xb7, 0xd8, + 0x73, 0x6c, 0xcf, 0xc6, 0x93, 0xfc, 0xd7, 0xd9, 0xd3, 0x5b, 0xf6, 0x96, 0x0d, 0xa0, 0x25, 0xf6, + 0x17, 0xc7, 0x9e, 0x3d, 0xb7, 0x65, 0xdb, 0x5b, 0x6d, 0xba, 0x04, 0xbf, 0x36, 0xfb, 0xf7, 0x97, + 0x5c, 0xcf, 0xe9, 0xb7, 0x3c, 0x81, 0x2d, 0x44, 0xb1, 0x9e, 0xd5, 0xa1, 0xae, 0x67, 0x74, 0x7a, + 0x82, 0xe0, 0x7c, 0x94, 0x60, 0xc7, 0x31, 0x7a, 0x3d, 0xea, 0x88, 0x87, 0x9f, 0x7d, 0x25, 0xb9, + 0x9d, 0xf0, 0xaf, 0x20, 0x79, 0x23, 0x99, 0xc4, 0x17, 0x14, 0x91, 0xa8, 0xff, 0x42, 0x1a, 0x65, + 0xef, 0x50, 0xcf, 0x30, 0x0d, 0xcf, 0xc0, 0xe7, 0xd0, 0x44, 0xad, 0x6b, 0xd2, 0x47, 0x5a, 0xea, + 0xe5, 0xd4, 0xc5, 0xcc, 0xf2, 0xe4, 0x70, 0x50, 0x48, 0x53, 0x8b, 0x70, 0x20, 0x7e, 0x09, 0x8d, + 0x6f, 0xec, 0xf6, 0xa8, 0x96, 0x7e, 0x39, 0x75, 0x71, 0x7a, 0x79, 0x7a, 0x38, 0x28, 0x4c, 0x80, + 0x2e, 0x08, 0x80, 0xf1, 0x2b, 0x28, 0x5d, 0x2b, 0x6b, 0x19, 0x40, 0x2e, 0x0c, 0x07, 0x85, 0xd9, + 0xbe, 0x65, 0x5e, 0xb6, 0x3b, 0x96, 0x47, 0x3b, 0x3d, 0x6f, 0x97, 0xa4, 0x6b, 0x65, 0x7c, 0x01, + 0x8d, 0x97, 0x6c, 0x93, 0x6a, 0xe3, 0x40, 0x84, 0x87, 0x83, 0xc2, 0x5c, 0xcb, 0x36, 0xa9, 0x44, + 0x05, 0x78, 0x7c, 0x13, 0x8d, 0x6f, 0x58, 0x1d, 0xaa, 0x4d, 0xbc, 0x9c, 0xba, 0x98, 0xbb, 0x7a, + 0x76, 0x91, 0x6b, 0x65, 0xd1, 0xd7, 0xca, 0xe2, 0x86, 0xaf, 0xb6, 0xe5, 0xfc, 0x67, 0x83, 0xc2, + 0xd8, 0x70, 0x50, 0x18, 0x67, 0x9a, 0xfc, 0x0b, 0xbf, 0x57, 0x48, 0x11, 0xe0, 0xc4, 0xef, 0xa2, + 0x5c, 0xa9, 0xdd, 0x77, 0x3d, 0xea, 0xac, 0x19, 0x1d, 0xaa, 0x4d, 0xc2, 0x03, 0xcf, 0x0e, 0x07, + 0x85, 0xe7, 0x5a, 0x1c, 0xdc, 0xec, 0x1a, 0x1d, 0xf9, 0xc1, 0x32, 0xb9, 0xfe, 0x09, 0x9a, 0x6f, + 0x50, 0xd7, 0xb5, 0xec, 0x6e, 0xa0, 0x9a, 0x2f, 0xa3, 0x69, 0x01, 0xaa, 0x95, 0x41, 0x3d, 0xd3, + 0xcb, 0x53, 0xc3, 0x41, 0x21, 0xe3, 0x5a, 0x26, 0x09, 0x31, 0xf8, 0xab, 0x68, 0xea, 0x9e, 0xe5, + 0x6d, 0xdf, 0x59, 0x29, 0x0a, 0x35, 0x3d, 0x37, 0x1c, 0x14, 0xf0, 0x8e, 0xe5, 0x6d, 0x37, 0x3b, + 0xf7, 0x0d, 0xe9, 0x79, 0x3e, 0x99, 0xfe, 0xd7, 0xd2, 0x68, 0xe6, 0xae, 0x4b, 0x9d, 0xe0, 0x49, + 0x17, 0xd0, 0x38, 0xfb, 0x2d, 0x1e, 0x02, 0x4a, 0xea, 0xbb, 0xd4, 0x91, 0x95, 0xc4, 0xf0, 0xf8, + 0x12, 0x9a, 0x58, 0xb5, 0xb7, 0xac, 0xae, 0x78, 0xd0, 0xa9, 0xe1, 0xa0, 0x30, 0xdf, 0x66, 0x00, + 0x89, 0x92, 0x53, 0xe0, 0x6f, 0xa0, 0x99, 0x5a, 0x87, 0x75, 0xba, 0xdd, 0x35, 0x3c, 0xdb, 0x11, + 0x9d, 0x04, 0xea, 0xb0, 0x24, 0xb8, 0xc4, 0xa8, 0xd0, 0xe3, 0x77, 0x10, 0x2a, 0xde, 0x6b, 0x10, + 0xbb, 0x4d, 0x8b, 0x64, 0x4d, 0xf4, 0x1e, 0x70, 0x1b, 0x3b, 0x6e, 0xd3, 0xb1, 0xdb, 0xb4, 0x69, + 0x38, 0xf2, 0x63, 0x25, 0x6a, 0x5c, 0x41, 0x73, 0xc5, 0x56, 0x8b, 0xba, 0x2e, 0xa1, 0xdf, 0xed, + 0x53, 0xd7, 0x73, 0xb5, 0x89, 0x97, 0x33, 0x17, 0xa7, 0x97, 0x5f, 0x1a, 0x0e, 0x0a, 0x2f, 0x18, + 0x80, 0x69, 0x3a, 0x02, 0x25, 0x89, 0x88, 0x30, 0xe9, 0xff, 0x25, 0x83, 0xe6, 0x1a, 0xd4, 0x79, + 0x28, 0x29, 0xaa, 0xc8, 0x7a, 0x89, 0x41, 0x58, 0x9f, 0xb9, 0x3d, 0xa3, 0x45, 0x85, 0xce, 0x9e, + 0x1f, 0x0e, 0x0a, 0xa7, 0xba, 0x3e, 0x50, 0x12, 0x1a, 0xa5, 0xc7, 0x97, 0x50, 0x96, 0x83, 0x6a, + 0x65, 0xa1, 0xc6, 0xd9, 0xe1, 0xa0, 0x30, 0xed, 0x02, 0xac, 0x69, 0x99, 0x24, 0x40, 0xb3, 0xf7, + 0xe0, 0x7f, 0x57, 0x6d, 0xd7, 0x63, 0xc2, 0x85, 0x16, 0xe1, 0x3d, 0x04, 0xc3, 0xb6, 0x40, 0xc9, + 0xef, 0xa1, 0x32, 0xe1, 0xb7, 0x11, 0xe2, 0x90, 0xa2, 0x69, 0x3a, 0x42, 0x95, 0x2f, 0x0c, 0x07, + 0x85, 0x33, 0x42, 0x84, 0x61, 0x9a, 0x72, 0x3f, 0x48, 0xc4, 0xb8, 0x83, 0x66, 0xf8, 0xaf, 0x55, + 0x63, 0x93, 0xb6, 0xb9, 0x1e, 0x73, 0x57, 0x2f, 0x2e, 0x8a, 0xe9, 0x49, 0xd5, 0xce, 0xa2, 0x4c, + 0x5a, 0xe9, 0x7a, 0xce, 0xee, 0x72, 0x41, 0x8c, 0x95, 0xe7, 0xc5, 0xa3, 0xda, 0x80, 0x93, 0x3b, + 0x5d, 0xe6, 0x61, 0x43, 0x68, 0xc5, 0x76, 0x76, 0x0c, 0xc7, 0xa4, 0xe6, 0xf2, 0xae, 0x3c, 0x84, + 0xee, 0xfb, 0xe0, 0xe6, 0xe6, 0xae, 0x3c, 0x84, 0x24, 0xf2, 0xb3, 0xef, 0xa3, 0x85, 0x58, 0x0b, + 0x70, 0x1e, 0x65, 0x1e, 0xd0, 0x5d, 0xde, 0x4b, 0x84, 0xfd, 0x89, 0x4f, 0xa3, 0x89, 0x87, 0x46, + 0xbb, 0x2f, 0x26, 0x15, 0xc2, 0x7f, 0xbc, 0x93, 0xfe, 0x5a, 0x4a, 0xff, 0xbb, 0x29, 0x84, 0x4b, + 0x76, 0xb7, 0x4b, 0x5b, 0x9e, 0x3c, 0x0e, 0xdf, 0x42, 0xd3, 0xab, 0x76, 0xcb, 0x68, 0x83, 0xfa, + 0x78, 0x77, 0x6b, 0xc3, 0x41, 0xe1, 0x34, 0xd3, 0xdb, 0x62, 0x9b, 0x61, 0xa4, 0x16, 0x85, 0xa4, + 0x4c, 0xef, 0x84, 0x76, 0x6c, 0x8f, 0x02, 0x63, 0x3a, 0xd4, 0x3b, 0x30, 0x3a, 0x80, 0x92, 0xf5, + 0x1e, 0x12, 0xe3, 0x25, 0x94, 0xad, 0xb3, 0x99, 0xa7, 0x65, 0xb7, 0x45, 0x9f, 0xc3, 0x58, 0x83, + 0xd9, 0x48, 0x62, 0x09, 0x88, 0xf4, 0x2a, 0x9a, 0x2b, 0xb5, 0x2d, 0xda, 0xf5, 0xe4, 0x56, 0xb3, + 0x31, 0x5b, 0xdc, 0xa2, 0x5d, 0x4f, 0x6e, 0x35, 0x1b, 0xd8, 0x4d, 0x83, 0x41, 0xe5, 0x56, 0x07, + 0xa4, 0xfa, 0x4f, 0x32, 0xe8, 0x85, 0xdb, 0xfd, 0x4d, 0xea, 0x74, 0xa9, 0x47, 0x5d, 0x31, 0x45, + 0x05, 0x52, 0xd7, 0xd0, 0x42, 0x0c, 0x29, 0xa4, 0xbf, 0x3c, 0x1c, 0x14, 0xce, 0x3d, 0x08, 0x90, + 0x4d, 0x31, 0xeb, 0x49, 0x4f, 0x89, 0xb3, 0xe2, 0x2a, 0x9a, 0x0f, 0x81, 0xac, 0x11, 0xae, 0x96, + 0x86, 0xb1, 0x7a, 0x7e, 0x38, 0x28, 0x9c, 0x95, 0xa4, 0xb1, 0x66, 0xcb, 0x86, 0x13, 0x65, 0xc3, + 0xb7, 0x51, 0x3e, 0x04, 0xdd, 0x72, 0xec, 0x7e, 0xcf, 0xd5, 0x32, 0x20, 0xaa, 0x30, 0x1c, 0x14, + 0x5e, 0x94, 0x44, 0x6d, 0x01, 0x52, 0x92, 0x15, 0x63, 0xc4, 0x3f, 0x9f, 0x92, 0xa5, 0x09, 0xe3, + 0x1f, 0x07, 0xe3, 0xbf, 0xe1, 0x1b, 0xff, 0x48, 0x25, 0x2d, 0x46, 0x39, 0xc5, 0x58, 0x88, 0x34, + 0x23, 0x36, 0x16, 0x62, 0x4f, 0x3c, 0x5b, 0x42, 0x67, 0x12, 0x65, 0x1d, 0xc8, 0xaa, 0xff, 0x63, + 0x46, 0x96, 0x52, 0xb7, 0xcd, 0xa0, 0x33, 0xd7, 0xe5, 0xce, 0xac, 0xdb, 0x26, 0x7c, 0xb7, 0x78, + 0x67, 0xbe, 0x32, 0x1c, 0x14, 0x5e, 0x92, 0x1a, 0xdb, 0xb3, 0xcd, 0xe8, 0xe7, 0x2b, 0xce, 0x8b, + 0x3f, 0x46, 0xcf, 0xc5, 0x80, 0x7c, 0x96, 0xe4, 0xd6, 0x7f, 0x61, 0x38, 0x28, 0xe8, 0x09, 0x52, + 0xa3, 0x93, 0xe6, 0x08, 0x29, 0xd8, 0x40, 0xcf, 0x4b, 0x5a, 0xb7, 0xbb, 0x9e, 0x61, 0x75, 0xc5, + 0xe7, 0x96, 0x8f, 0x92, 0xaf, 0x0c, 0x07, 0x85, 0x57, 0x65, 0x1b, 0xf4, 0x69, 0xa2, 0x8d, 0x1f, + 0x25, 0x07, 0x9b, 0x48, 0x4b, 0x40, 0xd5, 0x3a, 0xc6, 0x96, 0xef, 0x43, 0x5c, 0x1c, 0x0e, 0x0a, + 0x5f, 0x4a, 0x7c, 0x86, 0xc5, 0xa8, 0xa4, 0x87, 0x8c, 0x94, 0x84, 0x09, 0xc2, 0x21, 0x6e, 0xcd, + 0x36, 0x29, 0xbc, 0xc3, 0x04, 0xc8, 0xd7, 0x87, 0x83, 0xc2, 0x79, 0x49, 0x7e, 0xd7, 0x36, 0x69, + 0xb4, 0xf9, 0x09, 0xdc, 0xfa, 0xef, 0x4d, 0xb0, 0xc9, 0x1a, 0xbc, 0x82, 0x86, 0x67, 0x38, 0x1e, + 0x7e, 0x27, 0x74, 0xb3, 0xa0, 0x57, 0x73, 0x57, 0xf3, 0xbe, 0xed, 0xfa, 0xf0, 0xe5, 0x19, 0x36, + 0x41, 0xff, 0xd6, 0xa0, 0x90, 0x1a, 0x0e, 0x0a, 0x63, 0x24, 0x2b, 0xcd, 0x1e, 0xdc, 0x23, 0x48, + 0x03, 0xdf, 0x69, 0x9f, 0x4f, 0xf6, 0x1a, 0x22, 0xbc, 0xdc, 0x43, 0x78, 0x1f, 0x4d, 0x89, 0x36, + 0x40, 0x8f, 0xe4, 0xae, 0x3e, 0x1f, 0x7e, 0x2b, 0x14, 0xef, 0x26, 0xc2, 0xed, 0x73, 0xe1, 0x77, + 0xd1, 0x24, 0x9f, 0xc4, 0x41, 0xdb, 0xb9, 0xab, 0xcf, 0x25, 0x7f, 0x6b, 0x22, 0xec, 0x82, 0x07, + 0x57, 0x11, 0x0a, 0x27, 0xf0, 0xc0, 0x97, 0x13, 0x12, 0xe2, 0x53, 0x7b, 0x44, 0x8a, 0xc4, 0x8b, + 0xdf, 0x42, 0x33, 0x1b, 0xd4, 0xe9, 0x58, 0x5d, 0xa3, 0xdd, 0xb0, 0x3e, 0xf5, 0xdd, 0x39, 0x70, + 0x8d, 0x5c, 0xeb, 0x53, 0xb9, 0x2f, 0x14, 0x3a, 0xfc, 0x9d, 0xa4, 0x09, 0x72, 0x0a, 0x1a, 0xf2, + 0xca, 0xbe, 0x33, 0x47, 0xa4, 0x3d, 0x09, 0xf3, 0xe5, 0x07, 0x68, 0x56, 0x19, 0x1b, 0x5a, 0x16, + 0x44, 0xbf, 0x14, 0x17, 0x2d, 0x0d, 0xf4, 0x88, 0x58, 0x55, 0x02, 0xf3, 0x32, 0x6a, 0x5d, 0xcb, + 0xb3, 0x8c, 0x76, 0xc9, 0xee, 0x74, 0x8c, 0xae, 0xa9, 0x4d, 0x87, 0xde, 0x92, 0xc5, 0x31, 0xcd, + 0x16, 0x47, 0xc9, 0x5e, 0x86, 0xca, 0xc4, 0xe6, 0x5f, 0xd1, 0x87, 0x84, 0xb6, 0x6c, 0xc7, 0xb4, + 0xba, 0x5b, 0x1a, 0x02, 0xa5, 0xc1, 0xc4, 0xe7, 0x72, 0x5c, 0xd3, 0xf1, 0x91, 0xf2, 0xc4, 0x17, + 0x65, 0xfc, 0xe6, 0x78, 0x36, 0x97, 0x9f, 0x89, 0x39, 0x64, 0x7f, 0x33, 0x83, 0x72, 0x82, 0xf4, + 0x9b, 0xb6, 0xd5, 0x3d, 0x31, 0xf0, 0xc3, 0x18, 0x78, 0xa2, 0xa1, 0x4e, 0x3e, 0x2d, 0x43, 0xd5, + 0xbf, 0x9f, 0x0e, 0x66, 0xa3, 0xba, 0x63, 0x75, 0x0f, 0x37, 0x1b, 0x5d, 0x40, 0xa8, 0xb4, 0xdd, + 0xef, 0x3e, 0xe0, 0x2b, 0xc5, 0x74, 0xb8, 0x52, 0x6c, 0x59, 0x44, 0xc2, 0xb0, 0xe5, 0x62, 0x99, + 0xc9, 0x67, 0x3d, 0x33, 0xb3, 0x3c, 0xfd, 0x19, 0x97, 0x94, 0x7a, 0x83, 0x00, 0x18, 0x17, 0xd0, + 0xc4, 0xf2, 0xae, 0x47, 0x5d, 0xd0, 0x7c, 0x86, 0x2f, 0x27, 0x37, 0x19, 0x80, 0x70, 0x38, 0xbe, + 0x8e, 0x16, 0xca, 0xb4, 0x6d, 0xec, 0xde, 0xb1, 0xda, 0x6d, 0xcb, 0xa5, 0x2d, 0xbb, 0x6b, 0xba, + 0xa0, 0x64, 0xf1, 0xb8, 0x8e, 0x4b, 0xe2, 0x04, 0x58, 0x47, 0x93, 0xeb, 0xf7, 0xef, 0xbb, 0xd4, + 0x03, 0xf5, 0x65, 0x96, 0xd1, 0x70, 0x50, 0x98, 0xb4, 0x01, 0x42, 0x04, 0x46, 0xff, 0x41, 0x0a, + 0xe5, 0xcb, 0xd4, 0x7d, 0xe0, 0xd9, 0xbd, 0xc0, 0xca, 0x0f, 0xa5, 0x92, 0x4b, 0x68, 0xea, 0x0e, + 0x75, 0x5d, 0xf6, 0x59, 0x4a, 0xc3, 0xdb, 0xce, 0x8b, 0xb7, 0x9d, 0xea, 0x70, 0x30, 0xf1, 0xf1, + 0xc9, 0x6f, 0x95, 0xd9, 0xe7, 0xad, 0xf4, 0xdf, 0x4f, 0xa3, 0xe7, 0x45, 0x8b, 0x4b, 0x6d, 0xab, + 0xb7, 0x69, 0x1b, 0x8e, 0x49, 0x68, 0x8b, 0x5a, 0x0f, 0xe9, 0xd1, 0x1c, 0x78, 0xea, 0xd0, 0x19, + 0x3f, 0xc4, 0xd0, 0xb9, 0x8a, 0x72, 0x42, 0x33, 0xe0, 0xd9, 0xf3, 0xcf, 0x76, 0x7e, 0x38, 0x28, + 0xcc, 0x98, 0x1c, 0x0c, 0x4b, 0x2a, 0x22, 0x13, 0x31, 0x23, 0x59, 0xa5, 0xdd, 0x2d, 0x6f, 0x1b, + 0x8c, 0x64, 0x82, 0x1b, 0x49, 0x1b, 0x20, 0x44, 0x60, 0xf4, 0xff, 0x9c, 0x46, 0xa7, 0xa3, 0x2a, + 0x6f, 0xd0, 0xae, 0x79, 0xa2, 0xef, 0xcf, 0x47, 0xdf, 0xff, 0x2a, 0x8d, 0x66, 0x83, 0x4f, 0xcf, + 0x27, 0xb4, 0xf5, 0x6c, 0x5c, 0xa6, 0xf0, 0x83, 0x90, 0x39, 0xf4, 0x07, 0xe1, 0x30, 0x5a, 0xd6, + 0xd1, 0x24, 0xa1, 0x86, 0x2b, 0x3e, 0x2b, 0xd3, 0x5c, 0x63, 0x0e, 0x40, 0x88, 0xc0, 0xe0, 0x57, + 0xd0, 0xd4, 0x1d, 0xe3, 0x91, 0xd5, 0xe9, 0x77, 0xc4, 0x5c, 0x07, 0x01, 0xa9, 0x8e, 0xf1, 0x88, + 0xf8, 0x70, 0xfd, 0x5f, 0xa7, 0xd0, 0x9c, 0x50, 0xaa, 0x10, 0x7e, 0x28, 0xad, 0x86, 0xda, 0x49, + 0x1f, 0x5a, 0x3b, 0x99, 0x27, 0xd7, 0x8e, 0xfe, 0x83, 0x71, 0xa6, 0x1e, 0xe6, 0xfa, 0x1d, 0xf7, + 0xd1, 0x18, 0xf6, 0xc8, 0xc4, 0x13, 0xf4, 0xc8, 0xb1, 0xf1, 0xab, 0xf5, 0xff, 0x31, 0x85, 0x90, + 0xd0, 0x7e, 0xe5, 0x64, 0x0e, 0x3f, 0x9c, 0xd5, 0x94, 0xd1, 0x42, 0xa5, 0xbb, 0x6d, 0x74, 0x5b, + 0xd4, 0x0c, 0x57, 0x17, 0xcc, 0x74, 0xb2, 0x3c, 0xda, 0x4d, 0x05, 0x32, 0x5c, 0x5e, 0x90, 0x38, + 0x03, 0xbe, 0x82, 0x72, 0xb5, 0xae, 0x47, 0x1d, 0xa3, 0xe5, 0x59, 0x0f, 0x29, 0x58, 0x4f, 0x76, + 0x79, 0x7e, 0x38, 0x28, 0xe4, 0xac, 0x10, 0x4c, 0x64, 0x1a, 0x7c, 0x1d, 0xcd, 0xd4, 0x0d, 0xc7, + 0xb3, 0x5a, 0x56, 0xcf, 0xe8, 0x7a, 0xae, 0x96, 0x85, 0xa5, 0x11, 0x7c, 0x7b, 0x7a, 0x12, 0x9c, + 0x28, 0x54, 0xf8, 0x3b, 0x68, 0x1a, 0x96, 0xe0, 0xb0, 0xa3, 0x30, 0xbd, 0xef, 0x8e, 0xc2, 0xab, + 0x61, 0x94, 0x94, 0x2f, 0x92, 0x5c, 0xc6, 0x1c, 0x0e, 0x05, 0xd8, 0x64, 0x08, 0x25, 0xe2, 0x8f, + 0xd0, 0x54, 0xa5, 0x6b, 0x82, 0x70, 0xb4, 0xaf, 0x70, 0x5d, 0x08, 0x7f, 0x2e, 0x14, 0x6e, 0xf7, + 0x22, 0xb2, 0x7d, 0x71, 0xc9, 0xa3, 0x2c, 0xf7, 0xf9, 0x8d, 0xb2, 0x99, 0xcf, 0x61, 0xf5, 0x3a, + 0xfb, 0xb4, 0x56, 0xaf, 0x73, 0x4f, 0xb8, 0x7a, 0xd5, 0x3f, 0x45, 0xb9, 0xe5, 0xfa, 0x4a, 0x30, + 0x7a, 0x5f, 0x40, 0x99, 0xba, 0xd8, 0xc1, 0x19, 0xe7, 0x1f, 0xcc, 0x9e, 0x65, 0x12, 0x06, 0xc3, + 0x97, 0x50, 0xb6, 0x04, 0xe1, 0x48, 0xb1, 0x19, 0x30, 0xce, 0x37, 0x03, 0x5a, 0x00, 0x83, 0xcd, + 0x00, 0x1f, 0x8d, 0xbf, 0x8c, 0xa6, 0xea, 0x8e, 0xbd, 0xe5, 0x18, 0x1d, 0x11, 0xeb, 0xca, 0x31, + 0x67, 0xbf, 0xc7, 0x41, 0xc4, 0xc7, 0xe9, 0x7f, 0x31, 0x85, 0x26, 0x1b, 0x9e, 0xe1, 0xf5, 0x5d, + 0xc6, 0xd1, 0xe8, 0xc3, 0x0a, 0x1a, 0x9e, 0x9d, 0xe5, 0x1c, 0x2e, 0x07, 0x11, 0x1f, 0x87, 0x2f, + 0xa1, 0x89, 0x8a, 0xe3, 0xd8, 0x8e, 0xbc, 0xa9, 0x43, 0x19, 0x40, 0xde, 0xd4, 0x01, 0x0a, 0x7c, + 0x03, 0xe5, 0xf8, 0x9c, 0xc3, 0x17, 0x1e, 0xbc, 0x1d, 0x67, 0x86, 0x83, 0xc2, 0x82, 0x58, 0x74, + 0xc8, 0xa1, 0x79, 0x89, 0x52, 0xff, 0x51, 0x46, 0x72, 0x0a, 0xb8, 0xc6, 0x8f, 0xe1, 0xe2, 0xfd, + 0x1a, 0xca, 0x2c, 0xd7, 0x57, 0xc4, 0x04, 0x78, 0xca, 0x67, 0x95, 0x4c, 0x25, 0xc2, 0xc7, 0xa8, + 0xf1, 0x39, 0x34, 0x5e, 0x67, 0xe6, 0x33, 0x09, 0xe6, 0x91, 0x1d, 0x0e, 0x0a, 0xe3, 0x3d, 0x66, + 0x3f, 0x00, 0x05, 0xac, 0xe1, 0x6d, 0xc3, 0x5c, 0x36, 0x2d, 0xb0, 0x86, 0xb7, 0x4d, 0x00, 0xca, + 0xb0, 0x45, 0x67, 0xeb, 0xa1, 0x98, 0xb5, 0x00, 0x6b, 0x38, 0x5b, 0x0f, 0x09, 0x40, 0xf1, 0x12, + 0x42, 0x84, 0x7a, 0x7d, 0xa7, 0x0b, 0x1b, 0xa4, 0xd3, 0xe0, 0x26, 0xc3, 0x6c, 0xe8, 0x00, 0xb4, + 0xd9, 0xb2, 0x4d, 0x4a, 0x24, 0x12, 0xfd, 0xaf, 0x87, 0xf1, 0x97, 0xb2, 0xe5, 0x3e, 0x38, 0xe9, + 0xc2, 0x03, 0x74, 0xa1, 0x21, 0x56, 0x22, 0xf1, 0x4e, 0x2a, 0xa0, 0x89, 0x95, 0xb6, 0xb1, 0xe5, + 0x42, 0x1f, 0x4e, 0xf0, 0xa8, 0xc4, 0x7d, 0x06, 0x20, 0x1c, 0x1e, 0xe9, 0xa7, 0xec, 0xfe, 0xfd, + 0xf4, 0x97, 0x26, 0x82, 0xd1, 0xb6, 0x46, 0xbd, 0x1d, 0xdb, 0x39, 0xe9, 0xaa, 0xc7, 0xed, 0xaa, + 0x0b, 0x68, 0xaa, 0xe1, 0xb4, 0x60, 0x99, 0xc9, 0x7b, 0x6b, 0x66, 0x38, 0x28, 0x64, 0x5d, 0xa7, + 0xc5, 0x97, 0x98, 0x3e, 0x92, 0xd1, 0x95, 0x5d, 0x0f, 0xe8, 0xa6, 0x42, 0x3a, 0xd3, 0xf5, 0x04, + 0x9d, 0x40, 0x0a, 0xba, 0xba, 0xed, 0x78, 0xa2, 0xe3, 0x02, 0xba, 0x9e, 0xed, 0x78, 0xc4, 0x47, + 0xe2, 0xd7, 0x11, 0xda, 0x28, 0xd5, 0x3f, 0xa4, 0x0e, 0xa8, 0x8b, 0x8f, 0x45, 0x98, 0xae, 0x1f, + 0x72, 0x10, 0x91, 0xd0, 0x78, 0x03, 0x4d, 0xaf, 0xf7, 0xa8, 0x63, 0x80, 0x53, 0xc6, 0x3c, 0x80, + 0xb9, 0xab, 0x5f, 0x89, 0xa8, 0x56, 0xf4, 0xfb, 0xa2, 0xf8, 0x3f, 0x20, 0xe7, 0xdf, 0x17, 0xdb, + 0xff, 0x49, 0x42, 0x41, 0xf8, 0x06, 0x9a, 0x2c, 0x72, 0x3f, 0x2f, 0x07, 0x22, 0x03, 0x95, 0x55, + 0xd8, 0x7f, 0x1c, 0xc5, 0x17, 0x85, 0x06, 0xfc, 0x4d, 0x04, 0xb9, 0x7e, 0x09, 0xe5, 0xa3, 0x8f, + 0xc1, 0x39, 0x34, 0x55, 0x5a, 0x5f, 0x5b, 0xab, 0x94, 0x36, 0xf2, 0x63, 0x38, 0x8b, 0xc6, 0x1b, + 0x95, 0xb5, 0x72, 0x3e, 0xa5, 0xff, 0xb2, 0x34, 0x83, 0x30, 0xd3, 0x3a, 0x89, 0xe0, 0x1e, 0x2a, + 0x2c, 0x92, 0x87, 0xb0, 0xe5, 0x86, 0x63, 0x74, 0xdd, 0x8e, 0xe5, 0x79, 0xd4, 0x14, 0x5f, 0x09, + 0x08, 0xeb, 0x79, 0x8f, 0x48, 0x0c, 0x8f, 0x2f, 0xa3, 0x59, 0x80, 0x89, 0x48, 0x9e, 0x09, 0xd6, + 0x2b, 0x18, 0x9c, 0x47, 0x44, 0x45, 0xea, 0xff, 0x22, 0x0c, 0xe2, 0xae, 0x52, 0xe3, 0xa8, 0x06, + 0xfe, 0xfe, 0x88, 0xf4, 0x97, 0xfe, 0xb7, 0xc6, 0xf9, 0x96, 0x3c, 0x4f, 0x90, 0x79, 0x16, 0xaa, + 0xbc, 0xee, 0xfb, 0x86, 0x42, 0x93, 0x73, 0x81, 0x26, 0x00, 0x1a, 0xd3, 0x00, 0xf7, 0x23, 0x2f, + 0xa3, 0xc9, 0x3b, 0xd4, 0xdb, 0xb6, 0x4d, 0xb1, 0x01, 0x7a, 0x7a, 0x38, 0x28, 0xe4, 0x3b, 0x00, + 0x91, 0xfc, 0x3d, 0x41, 0x83, 0x1f, 0x20, 0x5c, 0x33, 0x69, 0xd7, 0xb3, 0xbc, 0xdd, 0xa2, 0xe7, + 0x39, 0xd6, 0x66, 0xdf, 0xa3, 0xae, 0xd0, 0xdb, 0xf3, 0xb1, 0x75, 0x4a, 0x03, 0x72, 0xd5, 0x60, + 0xcf, 0xf3, 0xb4, 0x11, 0x90, 0x87, 0x62, 0xff, 0xd7, 0xa0, 0x30, 0xc9, 0x69, 0x48, 0x82, 0x58, + 0xfc, 0x01, 0x9a, 0xbe, 0xb3, 0x52, 0x2c, 0xd3, 0x87, 0x56, 0x8b, 0x8a, 0xcd, 0x8b, 0x17, 0x02, + 0x2d, 0xfa, 0x88, 0x40, 0x25, 0x90, 0xff, 0xd0, 0xb9, 0x6f, 0x34, 0x4d, 0x80, 0xcb, 0xf9, 0x0f, + 0x01, 0x31, 0xb3, 0x16, 0x9e, 0x49, 0x21, 0xa2, 0x0b, 0x81, 0xb5, 0xa8, 0xf9, 0x15, 0x51, 0x5d, + 0x71, 0x6c, 0xc4, 0x5a, 0xb2, 0x87, 0xb0, 0x96, 0xff, 0x94, 0x42, 0x79, 0x42, 0x5d, 0xbb, 0xef, + 0x84, 0x6f, 0x80, 0x2f, 0xa0, 0x71, 0x69, 0x93, 0x1e, 0xa2, 0x26, 0x91, 0x9d, 0x61, 0xc0, 0xe3, + 0x06, 0x9a, 0xaa, 0x3c, 0xea, 0x59, 0x0e, 0x75, 0x85, 0x8d, 0xec, 0xb5, 0x42, 0x7c, 0x49, 0xac, + 0x10, 0x17, 0x28, 0x67, 0x89, 0x2d, 0x0e, 0x39, 0x18, 0x32, 0x4a, 0x7a, 0xa6, 0xe1, 0x41, 0x6e, + 0x4e, 0x46, 0xca, 0x28, 0xe1, 0x40, 0x35, 0x33, 0x27, 0x24, 0xc5, 0xaf, 0xa2, 0xcc, 0xc6, 0xc6, + 0xaa, 0x30, 0x1e, 0x48, 0xd3, 0xf3, 0x3c, 0x39, 0x65, 0x86, 0x61, 0xf5, 0x5f, 0x48, 0x23, 0xc4, + 0x6c, 0xb4, 0xe4, 0x50, 0xc3, 0x7b, 0x36, 0x13, 0xcd, 0x32, 0xca, 0xfa, 0x0a, 0x17, 0xe3, 0x43, + 0xf3, 0x79, 0xa3, 0x1d, 0x11, 0x7d, 0xb6, 0x8f, 0x67, 0xce, 0x1c, 0xb1, 0xdb, 0x94, 0x27, 0x8b, + 0x88, 0x8c, 0x45, 0x87, 0x01, 0x08, 0x87, 0xe3, 0xd7, 0xd1, 0xb4, 0xe8, 0x64, 0xdb, 0x8f, 0x64, + 0xf3, 0x25, 0x9f, 0x0f, 0x24, 0x21, 0x5e, 0xff, 0x71, 0x8a, 0x2b, 0xa5, 0x4c, 0xdb, 0xf4, 0xe8, + 0x2a, 0x45, 0xff, 0x5e, 0x0a, 0x61, 0x26, 0xac, 0x6e, 0xb8, 0xee, 0x8e, 0xed, 0x98, 0xa5, 0x6d, + 0xa3, 0xbb, 0xf5, 0x4c, 0x5e, 0x47, 0xff, 0x6f, 0x13, 0xe8, 0x94, 0xb2, 0xab, 0x7c, 0xc4, 0xed, + 0xed, 0x92, 0x6a, 0x6f, 0xb0, 0x78, 0x07, 0x7b, 0x93, 0x17, 0xef, 0xdc, 0xf2, 0xbe, 0x84, 0xa6, + 0xc5, 0x3b, 0xd7, 0xca, 0xc2, 0xf2, 0xe0, 0xb3, 0x6f, 0x99, 0x24, 0x44, 0xe0, 0x37, 0xd0, 0x8c, + 0xf8, 0xc1, 0x66, 0x7f, 0x3f, 0x3e, 0x0b, 0x76, 0xec, 0x32, 0x00, 0x51, 0xd0, 0xf8, 0x4d, 0x34, + 0xcd, 0x8c, 0x73, 0x0b, 0x72, 0x3c, 0xa7, 0xc2, 0x54, 0x48, 0xd3, 0x07, 0xca, 0x53, 0x42, 0x40, + 0xc9, 0x3e, 0x29, 0x62, 0xaf, 0x21, 0x1b, 0x7e, 0x52, 0xf8, 0x5e, 0x83, 0xfc, 0x49, 0x11, 0xbb, + 0x0e, 0x1f, 0xa3, 0x5c, 0xb1, 0xdb, 0xb5, 0x3d, 0x70, 0x2d, 0x5d, 0x11, 0x50, 0x1b, 0xf9, 0x2d, + 0x79, 0x15, 0x52, 0xec, 0x42, 0xfa, 0xc4, 0x8f, 0x89, 0x2c, 0x10, 0x5f, 0x65, 0x1d, 0xf1, 0xd0, + 0xa2, 0x3b, 0xd4, 0x11, 0x29, 0x0b, 0x10, 0x54, 0x74, 0x04, 0x4c, 0x4e, 0xb8, 0xf3, 0xe9, 0xf0, + 0x32, 0x9a, 0xad, 0x3b, 0x76, 0xcf, 0x76, 0xa9, 0xc9, 0x15, 0x95, 0x03, 0xc6, 0x73, 0xc3, 0x41, + 0x41, 0xeb, 0x09, 0x44, 0x13, 0x34, 0x26, 0xb1, 0xab, 0x2c, 0xf8, 0x3e, 0x3a, 0x2d, 0x94, 0x49, + 0x4d, 0xbf, 0x47, 0x6b, 0x65, 0x57, 0x9b, 0x81, 0x44, 0x33, 0x1c, 0x35, 0x86, 0x5a, 0x79, 0xf9, + 0xbc, 0x1f, 0xcc, 0x73, 0x04, 0xac, 0x69, 0x99, 0x72, 0x57, 0x27, 0xca, 0xd3, 0x77, 0xd8, 0x02, + 0xd2, 0xff, 0x89, 0xdf, 0x50, 0xf3, 0x94, 0x53, 0x61, 0x30, 0x49, 0x64, 0xec, 0x29, 0x89, 0xc9, + 0x6c, 0xf1, 0x7a, 0xdb, 0xea, 0x9a, 0x22, 0x3a, 0x04, 0x8b, 0xd7, 0x07, 0x56, 0xd7, 0x24, 0x00, + 0x65, 0x58, 0x29, 0xfd, 0x0a, 0xb0, 0xec, 0x83, 0xc4, 0x3f, 0x43, 0xfa, 0x0f, 0x52, 0x91, 0xd1, + 0xf6, 0x0c, 0x27, 0x32, 0xc5, 0xfc, 0x33, 0x23, 0xcc, 0x5f, 0xff, 0xc5, 0x34, 0xca, 0xb1, 0x05, + 0x99, 0xc8, 0x2b, 0x7d, 0x26, 0x2d, 0x7d, 0x6a, 0x9b, 0x56, 0x92, 0xbf, 0x37, 0x7e, 0x00, 0x7f, + 0xef, 0x1c, 0x1a, 0x97, 0xf6, 0x59, 0x79, 0xd4, 0x88, 0x2d, 0x6a, 0x01, 0xaa, 0xff, 0xf1, 0x34, + 0x42, 0x1f, 0x5d, 0xb9, 0x72, 0x8c, 0x15, 0xa4, 0xff, 0xe5, 0x14, 0x9a, 0x17, 0x61, 0x4c, 0x29, + 0x59, 0x7f, 0xca, 0x0f, 0x40, 0xcb, 0x23, 0x8a, 0x83, 0x88, 0x8f, 0x63, 0x53, 0x4d, 0xe5, 0x91, + 0xe5, 0x41, 0x24, 0x47, 0xca, 0xd6, 0xa7, 0x02, 0x26, 0x4f, 0x35, 0x3e, 0x1d, 0x7e, 0xc3, 0x0f, + 0xd0, 0x66, 0xc2, 0xf9, 0x95, 0x31, 0x54, 0x12, 0x83, 0xb4, 0xfa, 0xaf, 0x8f, 0xa3, 0xf1, 0xca, + 0x23, 0xda, 0x3a, 0xe2, 0x5d, 0x23, 0x2d, 0xfb, 0xc6, 0x0f, 0xb9, 0xec, 0x7b, 0x92, 0x1d, 0xa7, + 0xf7, 0xc3, 0xfe, 0x9c, 0x54, 0x1f, 0x1f, 0xe9, 0xf9, 0xe8, 0xe3, 0xfd, 0x9e, 0x3e, 0x7a, 0x1b, + 0x96, 0xff, 0x24, 0x83, 0x32, 0x8d, 0x52, 0xfd, 0xc4, 0x6e, 0x9e, 0xa9, 0xdd, 0xec, 0x1d, 0xd1, + 0xd7, 0x83, 0x20, 0x5d, 0x36, 0x4c, 0xd2, 0x88, 0xc4, 0xe3, 0xfe, 0x20, 0x83, 0xe6, 0x1a, 0x2b, + 0x1b, 0x75, 0x69, 0x9d, 0x7c, 0x1b, 0x65, 0x57, 0xac, 0x36, 0x85, 0x1d, 0x77, 0xde, 0xa5, 0xe7, + 0x62, 0xee, 0xd3, 0xdd, 0x5a, 0xd7, 0x7b, 0xeb, 0xfa, 0x87, 0x46, 0xbb, 0x4f, 0x61, 0x95, 0x36, + 0x7d, 0xdf, 0x6a, 0xd3, 0xa6, 0x6b, 0x7d, 0x4a, 0x7f, 0x89, 0x2d, 0x03, 0x03, 0x01, 0xf8, 0xeb, + 0x28, 0x73, 0x57, 0xec, 0x57, 0x8d, 0x92, 0x73, 0xed, 0x2a, 0x97, 0xc3, 0x26, 0xc1, 0x4c, 0xdf, + 0x32, 0x41, 0x02, 0xe3, 0x62, 0xcc, 0xb7, 0xc4, 0x07, 0xf8, 0xb1, 0x98, 0xb7, 0x7c, 0xe6, 0x5b, + 0xb5, 0x32, 0x6e, 0xa0, 0x5c, 0x9d, 0x3a, 0x1d, 0x0b, 0x3a, 0xca, 0x9f, 0xb3, 0xf7, 0x16, 0xc2, + 0x3c, 0xe2, 0x5c, 0x2f, 0x64, 0x02, 0x61, 0xb2, 0x14, 0xfc, 0x2d, 0x84, 0xb8, 0x8f, 0xf2, 0x98, + 0xe7, 0xbf, 0x5e, 0x02, 0xff, 0x92, 0x9f, 0x22, 0xf2, 0x2c, 0x79, 0xf1, 0x0d, 0xcb, 0x65, 0x49, + 0x18, 0x7e, 0x80, 0xf2, 0x77, 0x6c, 0xd3, 0xba, 0x6f, 0xb5, 0xc0, 0xd3, 0x84, 0x07, 0x4c, 0xee, + 0xbf, 0x1d, 0x3c, 0x1c, 0x14, 0x5e, 0xec, 0x48, 0x7c, 0x49, 0x8f, 0x89, 0x09, 0xd6, 0xff, 0xc1, + 0x04, 0x1a, 0x67, 0xdd, 0x7e, 0x32, 0x7e, 0x0f, 0x33, 0x7e, 0x8b, 0x28, 0x7f, 0xcf, 0x76, 0x1e, + 0x58, 0xdd, 0xad, 0xb2, 0xe5, 0xc0, 0x2a, 0xdc, 0x3f, 0x87, 0x04, 0xfb, 0x9c, 0x3b, 0x1c, 0xd7, + 0x34, 0x7d, 0x24, 0x89, 0x91, 0xef, 0x33, 0x82, 0xdf, 0x46, 0x68, 0xc3, 0x70, 0xb6, 0xa8, 0x07, + 0x34, 0xd9, 0xf0, 0x54, 0x90, 0x07, 0xd0, 0x26, 0x23, 0x95, 0x4f, 0x05, 0x85, 0xc4, 0x6c, 0xb1, + 0xc7, 0x77, 0x8a, 0xd8, 0x0a, 0x68, 0x96, 0x2f, 0xf6, 0x60, 0xa7, 0x48, 0x76, 0x02, 0xf8, 0x9e, + 0x51, 0x1d, 0x21, 0x29, 0xfa, 0x86, 0x22, 0x8a, 0x50, 0x26, 0x07, 0x71, 0x98, 0x29, 0x21, 0xf8, + 0x46, 0x24, 0x19, 0xf8, 0xad, 0xc8, 0xf6, 0x00, 0x56, 0xa4, 0x8d, 0xdc, 0x1d, 0x08, 0xb7, 0x97, + 0x67, 0xf6, 0xdb, 0x5e, 0xd6, 0xbf, 0x9f, 0x46, 0xd3, 0x8d, 0xfe, 0xa6, 0xbb, 0xeb, 0x7a, 0xb4, + 0x73, 0xc4, 0xcd, 0xd8, 0x5f, 0x18, 0x8d, 0x27, 0x2d, 0x8c, 0xf0, 0xab, 0xbe, 0x52, 0xa4, 0x08, + 0x50, 0xe0, 0xd2, 0xf9, 0xea, 0xf8, 0xdb, 0x69, 0x94, 0xe7, 0x61, 0xc5, 0xb2, 0xe5, 0xb6, 0x9e, + 0x42, 0x2e, 0xdd, 0xb3, 0xd7, 0xca, 0xe1, 0x42, 0xf1, 0x8f, 0x91, 0xa1, 0xa8, 0xff, 0x5c, 0x1a, + 0xe5, 0x8a, 0x7d, 0x6f, 0xbb, 0xe8, 0x81, 0x6d, 0x1d, 0xcb, 0xf5, 0xc9, 0x3f, 0x4b, 0xa1, 0x79, + 0xd6, 0x90, 0x0d, 0xfb, 0x01, 0xed, 0x3e, 0x85, 0x00, 0x97, 0x1c, 0xa8, 0x4a, 0x3f, 0x61, 0xa0, + 0xca, 0xd7, 0x65, 0xe6, 0x80, 0x01, 0xbb, 0x1f, 0xa7, 0x10, 0x22, 0x76, 0x9b, 0x7e, 0x41, 0x5e, + 0xe3, 0x29, 0x04, 0x40, 0x9e, 0xe5, 0x6b, 0xfc, 0x24, 0x85, 0x4e, 0x6f, 0x38, 0x6c, 0x05, 0x62, + 0x8a, 0x85, 0xc8, 0x11, 0xef, 0x97, 0xf8, 0x0b, 0x1d, 0xf1, 0x1e, 0xfa, 0x9d, 0x14, 0x7a, 0x41, + 0x7d, 0xa1, 0x2f, 0xc2, 0x2c, 0xf0, 0x2f, 0x53, 0xe8, 0xcc, 0x2d, 0xcb, 0xdb, 0xee, 0x6f, 0x06, + 0x9b, 0x23, 0x5f, 0xbc, 0x37, 0x3a, 0xe2, 0x96, 0xf7, 0x9b, 0x29, 0x74, 0x6a, 0xbd, 0x56, 0x2e, + 0x7d, 0x51, 0x7a, 0x28, 0xf6, 0x3e, 0x5f, 0x80, 0xfe, 0x69, 0x14, 0xef, 0xac, 0x7e, 0x91, 0xfa, + 0x47, 0x79, 0x9f, 0x23, 0xde, 0x3f, 0x7f, 0x62, 0x12, 0xe5, 0x6e, 0xf7, 0x37, 0xa9, 0xd8, 0x8c, + 0x38, 0xd6, 0x9e, 0xfe, 0x55, 0x94, 0x13, 0x6a, 0x80, 0x55, 0xb2, 0x74, 0xe2, 0x4b, 0xd4, 0x6d, + 0x81, 0x65, 0x32, 0x91, 0x89, 0xd8, 0x8a, 0xeb, 0x43, 0xea, 0x6c, 0xca, 0x59, 0x96, 0x0f, 0xa9, + 0xb3, 0x49, 0x00, 0x8a, 0x57, 0xc3, 0x6c, 0x8a, 0x62, 0xbd, 0x06, 0x65, 0x1e, 0xc4, 0x02, 0x1d, + 0xea, 0x56, 0x04, 0xfb, 0x69, 0x46, 0xcf, 0xe2, 0x05, 0x22, 0xe4, 0x0c, 0xef, 0x28, 0x27, 0x5e, + 0x43, 0x0b, 0x3e, 0x2c, 0xac, 0x71, 0x90, 0x4d, 0x10, 0x97, 0x54, 0xdd, 0x20, 0xce, 0x8a, 0xdf, + 0x47, 0x33, 0x3e, 0x10, 0x36, 0xdb, 0xa6, 0x41, 0xd4, 0x8b, 0xc3, 0x41, 0xe1, 0xf9, 0x40, 0xd4, + 0x03, 0x4b, 0xc9, 0x60, 0x57, 0x18, 0x64, 0x01, 0xb0, 0xec, 0x44, 0x09, 0x02, 0x22, 0x99, 0x22, + 0x0a, 0x03, 0x7e, 0x13, 0x04, 0xf4, 0xec, 0xae, 0x4b, 0x61, 0x73, 0x22, 0x07, 0x29, 0x88, 0x90, + 0xad, 0xe1, 0x08, 0x38, 0x4f, 0x34, 0x55, 0xc8, 0xf0, 0x3a, 0x42, 0x61, 0x10, 0x59, 0xa4, 0xf3, + 0x1f, 0x38, 0xbc, 0x2d, 0x89, 0xd0, 0x7f, 0x9b, 0xad, 0xdf, 0x7a, 0xbd, 0xc0, 0x92, 0xdf, 0x40, + 0x93, 0xc5, 0x5e, 0xef, 0x2e, 0xa9, 0x89, 0x6d, 0x15, 0x88, 0xc2, 0x18, 0xbd, 0x5e, 0xb3, 0xef, + 0x58, 0xf2, 0x56, 0x31, 0x27, 0xc2, 0x25, 0x34, 0x5b, 0xec, 0xf5, 0xea, 0xfd, 0xcd, 0xb6, 0xd5, + 0x92, 0xca, 0xae, 0xf0, 0xca, 0x3f, 0xbd, 0x5e, 0xb3, 0x07, 0x98, 0x68, 0xc9, 0x1b, 0x95, 0x07, + 0x7f, 0x8c, 0xa6, 0x8b, 0xbd, 0x9e, 0xa8, 0xfa, 0x91, 0x81, 0xcd, 0x58, 0xdd, 0x7f, 0x27, 0xa9, + 0x6d, 0x8b, 0x01, 0x11, 0x2f, 0xf0, 0x71, 0x4e, 0x6c, 0xce, 0x9e, 0x66, 0x0f, 0x8a, 0x55, 0xf7, + 0x08, 0x45, 0xe2, 0xaf, 0xa2, 0xa9, 0x62, 0xaf, 0x27, 0x85, 0x07, 0x60, 0x0f, 0x88, 0x71, 0x45, + 0xba, 0xc8, 0x27, 0x3b, 0xfb, 0x2e, 0x9a, 0x53, 0x1f, 0x76, 0xa0, 0x0a, 0x20, 0x7f, 0x98, 0x82, + 0x17, 0x3a, 0xe2, 0xa9, 0x0e, 0xd7, 0x50, 0xa6, 0xd8, 0xeb, 0x89, 0xe9, 0xe4, 0x54, 0x42, 0x7f, + 0x44, 0xf3, 0x79, 0x8b, 0xbd, 0x9e, 0xff, 0xea, 0x3c, 0x19, 0xe9, 0x78, 0xbd, 0xfa, 0x8f, 0xf8, + 0xab, 0x1f, 0xf1, 0xdc, 0xa1, 0x5f, 0xcf, 0xa0, 0xf9, 0x62, 0xaf, 0x77, 0x52, 0xd8, 0xe4, 0x69, + 0x65, 0x0d, 0x5f, 0x41, 0x48, 0x9a, 0x1e, 0xa7, 0x82, 0xa4, 0xbc, 0x9c, 0x34, 0x35, 0x6a, 0x29, + 0x22, 0x11, 0xf9, 0xe6, 0x97, 0x3d, 0x90, 0xf9, 0xfd, 0x5c, 0x06, 0xa6, 0xe2, 0xa3, 0x7e, 0x02, + 0xf2, 0x8f, 0x4a, 0xb7, 0x89, 0x3e, 0x98, 0x3c, 0x50, 0x1f, 0xfc, 0x23, 0x65, 0xf0, 0x40, 0xa1, + 0x8c, 0x93, 0x5e, 0x98, 0x38, 0x94, 0x57, 0x3b, 0x27, 0x2b, 0x53, 0x1c, 0xcb, 0x12, 0xf9, 0x6b, + 0xfe, 0x21, 0xc1, 0x16, 0x43, 0x35, 0x2d, 0x93, 0x44, 0x68, 0xfd, 0x3e, 0x9c, 0x3a, 0x50, 0x1f, + 0x0e, 0xd2, 0x68, 0x21, 0xec, 0xc3, 0xa7, 0xb1, 0x38, 0x58, 0x42, 0x88, 0x07, 0x8a, 0x83, 0x2c, + 0x94, 0x59, 0x7e, 0x9e, 0xc8, 0x05, 0xa8, 0x38, 0x4f, 0x14, 0x92, 0x04, 0x1b, 0x5a, 0x99, 0xc4, + 0x0d, 0xad, 0x4b, 0x28, 0x4b, 0x8c, 0x9d, 0x0f, 0xfa, 0xd4, 0xd9, 0x15, 0xee, 0x0c, 0x6c, 0x67, + 0x38, 0xc6, 0x4e, 0xf3, 0xbb, 0x0c, 0x48, 0x02, 0x34, 0xd6, 0x83, 0x4c, 0x72, 0x29, 0x80, 0xcf, + 0x33, 0xc9, 0x83, 0xfc, 0xf1, 0x27, 0x31, 0x74, 0xfc, 0x0e, 0xca, 0x14, 0xef, 0x35, 0x84, 0x66, + 0x83, 0xae, 0x2d, 0xde, 0x6b, 0x08, 0x7d, 0x8d, 0xe4, 0xbd, 0xd7, 0xd0, 0x7f, 0x98, 0x42, 0x38, + 0x4e, 0x89, 0xdf, 0x42, 0xd3, 0x00, 0xdd, 0x62, 0x36, 0x23, 0x57, 0xfd, 0xdb, 0x71, 0x9b, 0x0e, + 0x40, 0x15, 0xe7, 0xce, 0x27, 0xc5, 0x6f, 0x43, 0xe1, 0x4a, 0x66, 0x79, 0x56, 0x50, 0xf7, 0x8c, + 0x57, 0xfd, 0xdb, 0x71, 0x9b, 0x2e, 0x07, 0x47, 0xea, 0x56, 0x0a, 0x62, 0xf0, 0x0b, 0xef, 0x35, + 0xaa, 0xb6, 0xeb, 0x09, 0x55, 0x73, 0xbf, 0x70, 0xc7, 0x85, 0x2a, 0x8f, 0x8a, 0x5f, 0xc8, 0xc9, + 0xf4, 0xdf, 0x99, 0x44, 0xf9, 0xb2, 0xe1, 0x19, 0x9b, 0x86, 0x4b, 0xa5, 0x45, 0xec, 0xbc, 0x0f, + 0xf3, 0x9b, 0x21, 0xb5, 0xdf, 0xdc, 0x4c, 0x68, 0x45, 0x94, 0x01, 0x7f, 0x3d, 0x94, 0x1b, 0x14, + 0x22, 0xe4, 0xef, 0x02, 0x96, 0x62, 0x6e, 0x36, 0x7b, 0x02, 0x4c, 0x62, 0x84, 0xf8, 0x32, 0xca, + 0xf9, 0x30, 0xe6, 0xb8, 0x67, 0xc2, 0xbe, 0x36, 0x37, 0x99, 0xdf, 0x4e, 0x64, 0x34, 0x7e, 0x1b, + 0xcd, 0xf8, 0x3f, 0x25, 0x97, 0x18, 0xfc, 0x7c, 0x73, 0x33, 0xb6, 0x68, 0x91, 0x49, 0x65, 0x56, + 0x98, 0x97, 0x26, 0x14, 0xd6, 0x48, 0x09, 0x53, 0x85, 0x14, 0x7f, 0x17, 0xcd, 0xf9, 0xbf, 0x85, + 0xa3, 0x3f, 0x09, 0x8e, 0xfe, 0x65, 0xdf, 0x78, 0xa2, 0x6a, 0x5d, 0x54, 0xc9, 0xb9, 0xcb, 0xff, + 0xa2, 0x70, 0xf9, 0x4f, 0x99, 0x9b, 0x71, 0x8f, 0x3f, 0xf2, 0x00, 0x5c, 0x43, 0x0b, 0x3e, 0x24, + 0xb4, 0xac, 0xa9, 0x70, 0xa1, 0x66, 0x6e, 0x36, 0x13, 0x8d, 0x2b, 0xce, 0x85, 0xdb, 0xe8, 0x9c, + 0x02, 0x34, 0xdd, 0x6d, 0xeb, 0xbe, 0x27, 0x56, 0x59, 0xb5, 0xb2, 0x58, 0x8a, 0x42, 0xa5, 0xba, + 0x40, 0x2a, 0xa7, 0xf1, 0xcb, 0x32, 0x36, 0x95, 0x4a, 0xb9, 0x7b, 0x4a, 0xc3, 0x0d, 0x74, 0xda, + 0xc7, 0xdf, 0x2a, 0xd5, 0xeb, 0x8e, 0xfd, 0x09, 0x6d, 0x79, 0xb5, 0xb2, 0x58, 0xa5, 0xc2, 0x01, + 0x69, 0x73, 0xb3, 0xb9, 0xd5, 0xea, 0x31, 0xa3, 0x60, 0x38, 0x55, 0x78, 0x22, 0x33, 0xfe, 0x10, + 0x9d, 0x91, 0xe0, 0xb5, 0xae, 0xeb, 0x19, 0xdd, 0x16, 0xad, 0x95, 0xc5, 0xd2, 0x15, 0x96, 0xd1, + 0x42, 0xaa, 0x25, 0x90, 0xaa, 0xd8, 0x64, 0xf6, 0xb3, 0x45, 0x74, 0x2a, 0xa1, 0xa7, 0x0e, 0xb4, + 0x5e, 0xfa, 0x7e, 0x3a, 0x34, 0x8e, 0x23, 0xbe, 0x68, 0x5a, 0x46, 0x59, 0xff, 0x4d, 0xc4, 0xa7, + 0x53, 0x1b, 0x65, 0xe0, 0x51, 0x19, 0x3e, 0x5e, 0x51, 0xc7, 0x11, 0x5f, 0x48, 0x3d, 0x0d, 0x75, + 0x7c, 0x96, 0x0a, 0xd5, 0x71, 0xc4, 0x17, 0x57, 0xbf, 0x99, 0x09, 0x47, 0xf6, 0xc9, 0x0a, 0xeb, + 0x69, 0x39, 0x89, 0xe1, 0xa6, 0xfd, 0xe4, 0x01, 0xb2, 0xae, 0x65, 0xd3, 0x9c, 0x7a, 0x42, 0xd3, + 0xfc, 0xdd, 0x78, 0x7f, 0x72, 0xc7, 0xeb, 0x48, 0xf6, 0xe7, 0x53, 0x18, 0xac, 0xf8, 0x2a, 0x9a, + 0xf5, 0xff, 0xe6, 0x1e, 0xea, 0x84, 0x74, 0x5a, 0x7b, 0x53, 0x38, 0xa8, 0x2a, 0x09, 0xfe, 0x36, + 0x7a, 0x5e, 0x01, 0xd4, 0x0d, 0xc7, 0xe8, 0x50, 0x8f, 0x3a, 0xdc, 0x47, 0x10, 0xc5, 0x71, 0x7d, + 0xee, 0x66, 0x2f, 0x40, 0xcb, 0xf5, 0x65, 0x47, 0x48, 0x90, 0x8c, 0x63, 0xea, 0x00, 0x19, 0x1d, + 0xff, 0x21, 0x8d, 0x66, 0xeb, 0xb6, 0xeb, 0x6d, 0x39, 0xd4, 0xad, 0x1b, 0x8e, 0x4b, 0x8f, 0x6f, + 0x8f, 0x7e, 0x0d, 0xcd, 0xc2, 0xe9, 0x99, 0x0e, 0xed, 0x7a, 0x52, 0xd5, 0x5c, 0x5e, 0x41, 0xca, + 0x47, 0x80, 0xdb, 0x48, 0x54, 0x42, 0x5c, 0x40, 0x13, 0xdc, 0x06, 0xa4, 0x33, 0x4d, 0xdc, 0x00, + 0x38, 0x5c, 0xff, 0xab, 0x19, 0x34, 0xe3, 0x6b, 0x79, 0xd9, 0x3a, 0xaa, 0x11, 0x8b, 0x67, 0xab, + 0xe4, 0x25, 0x84, 0xea, 0xb6, 0xe3, 0x19, 0x6d, 0xe9, 0x12, 0x04, 0x58, 0x32, 0xf4, 0x00, 0xca, + 0x79, 0x24, 0x12, 0xbc, 0x88, 0x90, 0x34, 0xc0, 0xa6, 0x60, 0x80, 0xcd, 0x0d, 0x07, 0x05, 0x14, + 0x8e, 0x2b, 0x22, 0x51, 0xe8, 0x7f, 0x2f, 0x8d, 0xe6, 0xfd, 0x4e, 0xaa, 0x3c, 0xa2, 0xad, 0xbe, + 0x77, 0x8c, 0x07, 0x83, 0xaa, 0xed, 0x89, 0x7d, 0xb5, 0xad, 0xff, 0x77, 0x69, 0x22, 0x29, 0xb5, + 0xed, 0x93, 0x89, 0xe4, 0xff, 0x87, 0x8d, 0xeb, 0x3f, 0x9f, 0x41, 0xa7, 0x7d, 0xad, 0xaf, 0xf4, + 0xbb, 0xe0, 0x26, 0x94, 0x8c, 0x76, 0xfb, 0x38, 0x7f, 0x97, 0x73, 0xbe, 0x22, 0xd6, 0xc5, 0x71, + 0xd4, 0x59, 0xbe, 0xc1, 0x7b, 0x5f, 0x80, 0x9b, 0xb6, 0x65, 0x12, 0x99, 0x08, 0xbf, 0x8f, 0x66, + 0xfc, 0x9f, 0x45, 0x67, 0xcb, 0xff, 0x18, 0xc3, 0xd2, 0x39, 0x60, 0x32, 0x1c, 0x25, 0x1b, 0x5a, + 0x61, 0xd0, 0x7f, 0x71, 0x12, 0x9d, 0xbd, 0x67, 0x75, 0x4d, 0x7b, 0xc7, 0x15, 0xa5, 0x42, 0x8f, + 0xbe, 0xd3, 0xfb, 0xf4, 0x2a, 0xf4, 0x85, 0x9e, 0xc9, 0xc4, 0x01, 0xdc, 0xd6, 0x0f, 0xd0, 0x99, + 0xa8, 0x4a, 0x9d, 0xa0, 0x1a, 0x83, 0xe8, 0x9d, 0x1d, 0x4e, 0xd0, 0xf4, 0xab, 0xb5, 0x8a, 0xf8, + 0x13, 0x49, 0xe6, 0x8c, 0x96, 0x7b, 0x9d, 0x7a, 0x9c, 0x72, 0xaf, 0xaf, 0xa1, 0xc9, 0xb2, 0xdd, + 0x31, 0x2c, 0xff, 0x5c, 0x0c, 0x8c, 0xe2, 0xe0, 0xb9, 0x80, 0x21, 0x82, 0x82, 0xc9, 0x17, 0x0f, + 0x86, 0x2e, 0x9b, 0x0e, 0xe5, 0xfb, 0x0c, 0x7d, 0x97, 0x3a, 0x44, 0x26, 0xc2, 0x36, 0x9a, 0x15, + 0x8f, 0x13, 0xd1, 0x22, 0x04, 0xd1, 0xa2, 0x37, 0x7d, 0x1d, 0x8d, 0x36, 0xab, 0x45, 0x85, 0x8f, + 0x87, 0x8d, 0xa0, 0x75, 0xfe, 0xcb, 0xf0, 0xb8, 0x11, 0x51, 0xe5, 0x4b, 0x4a, 0x80, 0x49, 0x26, + 0x17, 0x57, 0x02, 0xcc, 0x32, 0x32, 0xd1, 0xd9, 0x9b, 0x08, 0xc7, 0x1f, 0x76, 0xa0, 0xc8, 0xc7, + 0x9f, 0x4b, 0x23, 0x1c, 0x59, 0x40, 0x54, 0x8e, 0xb1, 0x1f, 0xa4, 0xff, 0x4a, 0x0a, 0x2d, 0xc4, + 0xea, 0x88, 0xe0, 0x6b, 0x08, 0x71, 0x88, 0x74, 0x80, 0x1a, 0xce, 0x35, 0x84, 0xb5, 0x45, 0xc4, + 0x37, 0x20, 0x24, 0xc3, 0x4b, 0x28, 0xcb, 0x7f, 0x05, 0xf7, 0xfe, 0x44, 0x59, 0xfa, 0x7d, 0xcb, + 0x24, 0x01, 0x51, 0xf8, 0x14, 0xb8, 0x01, 0x2b, 0x93, 0xc8, 0xe2, 0xed, 0xf6, 0x82, 0xa7, 0x30, + 0x32, 0xfd, 0x47, 0x29, 0x34, 0x13, 0x34, 0xb8, 0x68, 0x3e, 0xab, 0xae, 0x9b, 0x14, 0x25, 0x59, + 0x32, 0xfb, 0x95, 0x64, 0x89, 0x4c, 0x2a, 0x1c, 0xab, 0xff, 0xd3, 0x14, 0x9a, 0x0f, 0x68, 0x9f, + 0x61, 0x8c, 0xe5, 0xd0, 0x2f, 0xf2, 0xe7, 0x53, 0x48, 0x5b, 0xb6, 0xda, 0x6d, 0xab, 0xbb, 0x55, + 0xeb, 0xde, 0xb7, 0x9d, 0x0e, 0x1c, 0xd7, 0x7a, 0x76, 0x41, 0x34, 0xfd, 0x4f, 0xa7, 0xd0, 0x82, + 0x68, 0x50, 0xc9, 0x70, 0xcc, 0x67, 0x17, 0xdd, 0x8c, 0xb6, 0xe4, 0xd9, 0xf5, 0xb2, 0xfe, 0x7f, + 0x53, 0x08, 0xad, 0xda, 0xad, 0x07, 0x47, 0x3b, 0x1f, 0x12, 0xbf, 0x8d, 0x26, 0xf9, 0x59, 0x31, + 0x31, 0xdb, 0x2d, 0x2c, 0xf2, 0x3b, 0xfa, 0xd8, 0xab, 0x71, 0xc4, 0xf2, 0x9c, 0xd8, 0xae, 0x98, + 0xe4, 0x67, 0xcd, 0x88, 0x60, 0x80, 0xd3, 0x09, 0x8c, 0xec, 0x88, 0x67, 0x50, 0xfe, 0xd9, 0x14, + 0x3a, 0x4d, 0x68, 0xcb, 0x7e, 0x48, 0x9d, 0xdd, 0x92, 0x6d, 0xd2, 0x5b, 0xb4, 0x4b, 0x9d, 0x67, + 0x65, 0xdf, 0x7f, 0x1f, 0xea, 0x37, 0x85, 0x8d, 0xb9, 0xeb, 0x52, 0xf3, 0xe8, 0x14, 0xfd, 0xd2, + 0x7f, 0x6d, 0x0a, 0x69, 0x89, 0x4e, 0xcd, 0x91, 0xf5, 0x07, 0x46, 0x7a, 0xaa, 0xe3, 0x4f, 0xcb, + 0x53, 0x9d, 0x38, 0x98, 0xa7, 0x3a, 0x79, 0x50, 0x4f, 0x75, 0xea, 0x71, 0x3c, 0xd5, 0x4e, 0xd4, + 0x53, 0xcd, 0x82, 0xa7, 0x7a, 0x6d, 0x4f, 0x4f, 0xb5, 0xd2, 0x35, 0x9f, 0xd0, 0x4f, 0x3d, 0xb2, + 0xa5, 0xae, 0x9f, 0xc0, 0xc1, 0xc6, 0x17, 0xd9, 0xe4, 0xd6, 0xb2, 0x1d, 0x93, 0xf2, 0xd2, 0xd5, + 0x59, 0x1e, 0x48, 0x76, 0x04, 0x8c, 0x04, 0xd8, 0x58, 0xdd, 0xf0, 0xd9, 0xc7, 0xa9, 0x1b, 0xfe, + 0x14, 0x1c, 0xf8, 0x9f, 0xa4, 0xd0, 0x42, 0x89, 0x3a, 0x1e, 0x3f, 0x1a, 0xfe, 0x34, 0x76, 0x2f, + 0x8b, 0x68, 0x5e, 0x12, 0x28, 0xdd, 0xc6, 0x0a, 0x75, 0x48, 0x5a, 0xd4, 0xf1, 0xc0, 0x0b, 0x95, + 0x93, 0x09, 0x22, 0xf4, 0xec, 0xf1, 0x7e, 0xed, 0x3e, 0x31, 0x76, 0x83, 0xc7, 0xfb, 0x70, 0xae, + 0x48, 0x4b, 0xfc, 0x22, 0x01, 0xbd, 0xfe, 0xcb, 0x29, 0x74, 0x81, 0xd0, 0x2e, 0xdd, 0x31, 0x36, + 0xdb, 0x54, 0x12, 0x2c, 0xe6, 0x76, 0x36, 0xee, 0x2d, 0xb7, 0x63, 0x78, 0xad, 0xed, 0x43, 0xbd, + 0xe5, 0x8a, 0x7a, 0x23, 0xea, 0x01, 0x66, 0x27, 0x85, 0x4f, 0xff, 0xdd, 0x14, 0x9a, 0xba, 0xdb, + 0x7d, 0xd0, 0xb5, 0x77, 0x0e, 0x57, 0xe1, 0xf1, 0x1a, 0xca, 0x09, 0x31, 0x92, 0xc6, 0xf9, 0x15, + 0xb7, 0x1c, 0xdc, 0xe4, 0xf7, 0xe0, 0xca, 0x54, 0xf8, 0xdd, 0x80, 0x09, 0x32, 0x7b, 0xa4, 0x2b, + 0x57, 0x7d, 0xa6, 0xc8, 0xd5, 0xb7, 0x32, 0x39, 0x3e, 0x27, 0x2e, 0x4f, 0x92, 0x4e, 0x2c, 0xb3, + 0xa6, 0xf0, 0xbb, 0x93, 0xf4, 0xbf, 0x72, 0x03, 0x4d, 0xac, 0x77, 0xe9, 0xfa, 0x7d, 0x7c, 0x45, + 0xaa, 0x62, 0x29, 0xde, 0x6b, 0x41, 0xd6, 0x13, 0x20, 0xaa, 0x63, 0x44, 0xaa, 0x75, 0x79, 0x5d, + 0xae, 0xed, 0x27, 0x74, 0x8b, 0x65, 0x1e, 0x8e, 0xa9, 0x8e, 0x11, 0xb9, 0x06, 0xe0, 0x75, 0xb9, + 0xf8, 0x9d, 0x30, 0x1c, 0x85, 0x8b, 0x63, 0x7c, 0x2e, 0xe1, 0xbc, 0xac, 0x26, 0xd5, 0x9a, 0x8b, + 0x06, 0x46, 0xe2, 0x14, 0xd5, 0x31, 0x92, 0x5c, 0xa3, 0x4e, 0xb9, 0x53, 0x4f, 0x84, 0x46, 0x4e, + 0x47, 0x3e, 0x3d, 0x80, 0xab, 0x8e, 0x11, 0xf5, 0xfe, 0xbd, 0x1b, 0xca, 0x6d, 0x65, 0xd1, 0x8c, + 0x26, 0x09, 0x55, 0x1d, 0x23, 0x91, 0x7b, 0xcd, 0x94, 0xab, 0xb3, 0xc4, 0x4e, 0x51, 0xf4, 0xa1, + 0x80, 0x93, 0x1e, 0xca, 0xaf, 0xd9, 0x7a, 0x2f, 0x72, 0xa5, 0x8d, 0xc8, 0xda, 0x3c, 0x13, 0x61, + 0xe6, 0xc8, 0xea, 0x18, 0x89, 0x5c, 0x80, 0x73, 0xd1, 0xbf, 0xe5, 0x44, 0xcc, 0xe5, 0x73, 0x92, + 0xf3, 0x66, 0x7d, 0xca, 0xb4, 0xe4, 0xdf, 0x82, 0x72, 0x5d, 0xbe, 0xdd, 0x42, 0x4c, 0xce, 0x38, + 0xf2, 0x94, 0x4a, 0xd7, 0x64, 0xbd, 0x23, 0x79, 0x0e, 0x37, 0xa3, 0x75, 0xe0, 0xc5, 0xed, 0x02, + 0xcf, 0x45, 0x38, 0x05, 0xb6, 0x3a, 0x46, 0xa2, 0x75, 0xe3, 0x6f, 0x28, 0x35, 0xc8, 0xc5, 0x91, + 0x83, 0xa8, 0x56, 0x19, 0x4a, 0xd2, 0x2a, 0x54, 0x2b, 0xbf, 0x19, 0x2d, 0x8a, 0xad, 0xcd, 0x26, + 0x3e, 0x5a, 0x60, 0xa5, 0x47, 0xfb, 0x45, 0xb4, 0x6f, 0x28, 0xc5, 0x8b, 0xe1, 0x7e, 0x80, 0x84, + 0x47, 0x1b, 0x9e, 0x21, 0x3f, 0x9a, 0x97, 0x39, 0x56, 0xca, 0xe8, 0x6a, 0xf3, 0x89, 0x1d, 0x0a, + 0x38, 0xa9, 0x43, 0x79, 0xc9, 0xdd, 0x1b, 0x4a, 0x41, 0x32, 0x2d, 0xaf, 0x3e, 0x54, 0x42, 0xb1, + 0x87, 0xca, 0xa5, 0xcb, 0xae, 0xcb, 0x75, 0xba, 0xb4, 0x05, 0xb5, 0x83, 0x42, 0x0c, 0xeb, 0x20, + 0xa9, 0x9e, 0x57, 0x01, 0x6a, 0x00, 0x69, 0x18, 0xc8, 0x73, 0x41, 0x0b, 0x4b, 0xf5, 0xea, 0x18, + 0x81, 0xea, 0x40, 0x3a, 0xaf, 0x2e, 0xa5, 0x9d, 0x02, 0x8a, 0x99, 0xa0, 0x48, 0xf4, 0x23, 0xda, + 0xaa, 0x8e, 0x11, 0x5e, 0x79, 0xea, 0x8a, 0x54, 0xc7, 0x41, 0x3b, 0xad, 0x4e, 0x11, 0x01, 0x82, + 0x4d, 0x11, 0x61, 0xb5, 0x87, 0x95, 0x78, 0xad, 0x03, 0xed, 0x8c, 0xba, 0x7e, 0x88, 0xe2, 0xab, + 0x63, 0x24, 0x5e, 0x1f, 0xe1, 0x86, 0x72, 0xfc, 0x5f, 0x7b, 0x2e, 0x92, 0x46, 0x18, 0xa2, 0x98, + 0xba, 0xe4, 0x42, 0x01, 0xeb, 0x89, 0x85, 0x21, 0xb5, 0xe7, 0x41, 0xc0, 0x8b, 0x81, 0x80, 0x38, + 0x49, 0x75, 0x8c, 0x24, 0x96, 0x94, 0x2c, 0xc5, 0x0e, 0xe1, 0x6b, 0x9a, 0xea, 0xb8, 0x46, 0xd0, + 0xd5, 0x31, 0x12, 0x3b, 0xb6, 0x7f, 0x5d, 0x3e, 0xfd, 0xae, 0xbd, 0xa0, 0x76, 0x62, 0x88, 0x61, + 0x9d, 0x28, 0x9d, 0x92, 0xbf, 0x2e, 0x1f, 0x36, 0xd7, 0xce, 0xc6, 0xb9, 0xc2, 0x99, 0x53, 0x3a, + 0x94, 0x4e, 0x92, 0xcf, 0x76, 0x6b, 0x2f, 0x8a, 0x32, 0x3b, 0x82, 0x3f, 0x89, 0xa6, 0x3a, 0x46, + 0x92, 0xcf, 0x85, 0x93, 0xe4, 0xe3, 0xd5, 0xda, 0xb9, 0xbd, 0x64, 0x06, 0xad, 0x4b, 0x3e, 0x9a, + 0x6d, 0xec, 0x71, 0xc2, 0x59, 0x7b, 0x49, 0x3d, 0x82, 0x34, 0x92, 0xb0, 0x3a, 0x46, 0xf6, 0x38, + 0x27, 0x7d, 0x77, 0xc4, 0x71, 0x63, 0xed, 0xbc, 0x5a, 0x65, 0x2b, 0x91, 0xa8, 0x3a, 0x46, 0x46, + 0x1c, 0x56, 0xbe, 0x3b, 0xe2, 0xcc, 0xaf, 0x56, 0xd8, 0x53, 0x6c, 0xa0, 0x8f, 0x11, 0x27, 0x86, + 0xd7, 0x13, 0x0f, 0xde, 0x6a, 0x2f, 0xab, 0xa6, 0x9b, 0x40, 0xc2, 0x4c, 0x37, 0xe9, 0xc8, 0xee, + 0x7a, 0xe2, 0xc9, 0x57, 0xed, 0x95, 0x3d, 0x04, 0x06, 0x6d, 0x4c, 0x3c, 0x33, 0xbb, 0x9e, 0x78, + 0xf4, 0x54, 0xd3, 0x55, 0x81, 0x09, 0x24, 0x4c, 0x60, 0xd2, 0xa1, 0xd5, 0xf5, 0xc4, 0xb3, 0x9f, + 0xda, 0xab, 0x7b, 0x08, 0x0c, 0x5b, 0x98, 0x74, 0x6a, 0xf4, 0x86, 0x72, 0xf8, 0x52, 0xfb, 0x92, + 0x3a, 0x6f, 0x48, 0x28, 0x36, 0x6f, 0xc8, 0xc7, 0x34, 0x4b, 0xb1, 0xf3, 0x29, 0xda, 0x97, 0xd5, + 0x61, 0x1e, 0x41, 0xb3, 0x61, 0x1e, 0x3d, 0xd1, 0x52, 0x8a, 0xe5, 0xe9, 0x6b, 0x17, 0x46, 0x09, + 0x01, 0xb4, 0x2a, 0x84, 0x67, 0xf6, 0xd7, 0x12, 0x12, 0xc5, 0xb5, 0xaf, 0xa8, 0x81, 0xcb, 0x18, + 0x41, 0x75, 0x8c, 0x24, 0xa4, 0x97, 0x93, 0xe4, 0xbc, 0x30, 0xed, 0xa2, 0x3a, 0x6c, 0x93, 0x68, + 0xd8, 0xb0, 0x4d, 0xcc, 0x29, 0x5b, 0x4d, 0xda, 0x5a, 0xd0, 0x2e, 0xa9, 0x8e, 0x59, 0x9c, 0x82, + 0x39, 0x66, 0x09, 0x5b, 0x12, 0x24, 0x39, 0xd3, 0x49, 0x7b, 0x6d, 0xcf, 0x16, 0x02, 0x4d, 0x42, + 0x0b, 0x79, 0xe2, 0x4f, 0xe8, 0x3b, 0xdd, 0xed, 0xb5, 0x6d, 0xc3, 0xd4, 0x5e, 0x4f, 0xf4, 0x9d, + 0x38, 0x52, 0xf2, 0x9d, 0x38, 0x80, 0x7d, 0xe5, 0xe5, 0xd0, 0xbb, 0x76, 0x59, 0xfd, 0xca, 0xcb, + 0x38, 0xf6, 0x95, 0x57, 0xc2, 0xf4, 0xa5, 0x58, 0xc0, 0x5b, 0x7b, 0x43, 0x35, 0x80, 0x08, 0x9a, + 0x19, 0x40, 0x34, 0x44, 0xfe, 0xf1, 0xe8, 0x60, 0xb3, 0xb6, 0x08, 0xd2, 0x5e, 0x0e, 0xae, 0xc1, + 0x18, 0x41, 0x57, 0x1d, 0x23, 0xa3, 0x03, 0xd6, 0xb5, 0x84, 0xd8, 0xb1, 0xb6, 0xa4, 0x1a, 0x58, + 0x8c, 0x80, 0x19, 0x58, 0x3c, 0xe2, 0x5c, 0x4b, 0x08, 0xfe, 0x6a, 0x5f, 0x1d, 0x29, 0x2a, 0x78, + 0xe7, 0x84, 0x90, 0xf1, 0x75, 0x39, 0x7a, 0xab, 0x5d, 0x51, 0x3f, 0x76, 0x21, 0x86, 0x7d, 0xec, + 0xa4, 0x28, 0xef, 0x75, 0x39, 0xe2, 0xa9, 0x5d, 0x8d, 0x73, 0x85, 0x9f, 0x48, 0x29, 0x32, 0x4a, + 0x92, 0x03, 0x8c, 0xda, 0x35, 0xd5, 0xea, 0x92, 0x68, 0x98, 0xd5, 0x25, 0x06, 0x27, 0x57, 0xe2, + 0x71, 0x42, 0xed, 0x7a, 0x34, 0x72, 0xaa, 0xe2, 0x99, 0xe7, 0x13, 0x8b, 0x2d, 0xde, 0x8c, 0x26, + 0x2d, 0x6b, 0x6f, 0xaa, 0xfe, 0xad, 0x8a, 0x65, 0xfe, 0x6d, 0x24, 0xc9, 0xf9, 0x66, 0x34, 0xcf, + 0x57, 0x7b, 0x2b, 0x59, 0x42, 0x60, 0x2b, 0xd1, 0xbc, 0xe0, 0x9b, 0xd1, 0xd4, 0x58, 0xed, 0x46, + 0xb2, 0x84, 0x40, 0xbb, 0xd1, 0x54, 0xda, 0x2b, 0xd2, 0x51, 0x55, 0xed, 0x6b, 0xaa, 0xeb, 0x18, + 0x20, 0x98, 0xeb, 0x18, 0x1e, 0x68, 0xbd, 0x22, 0x1d, 0xf1, 0xd4, 0xde, 0x8e, 0xb1, 0x04, 0x8d, + 0x95, 0x0e, 0x82, 0x5e, 0x91, 0x8e, 0x46, 0x6a, 0xef, 0xc4, 0x58, 0x82, 0xd6, 0x49, 0x07, 0x28, + 0xcd, 0xbd, 0x72, 0x07, 0xb4, 0xaf, 0x83, 0x0c, 0x7d, 0xff, 0xed, 0xe0, 0xea, 0x18, 0xd9, 0x2b, + 0x07, 0xe1, 0xe3, 0xd1, 0x51, 0x57, 0xed, 0x5d, 0x75, 0x08, 0x8f, 0xa2, 0x63, 0x43, 0x78, 0x64, + 0xe4, 0xf6, 0xbd, 0x48, 0x1e, 0xa1, 0xf6, 0x9e, 0x3a, 0xc5, 0x29, 0x48, 0x36, 0xc5, 0x45, 0xb3, + 0x0e, 0x95, 0x04, 0x39, 0xed, 0x1b, 0xea, 0x14, 0x27, 0xe3, 0xd8, 0x14, 0xa7, 0x24, 0xd3, 0x95, + 0x62, 0x79, 0x5b, 0xda, 0xfb, 0xea, 0x14, 0x17, 0x41, 0xb3, 0x29, 0x2e, 0x9a, 0xe9, 0xf5, 0x5e, + 0x24, 0x7d, 0x49, 0xbb, 0x99, 0xdc, 0x7e, 0x40, 0xca, 0xed, 0xe7, 0xc9, 0x4e, 0x24, 0x39, 0x0f, + 0x47, 0x2b, 0xaa, 0xe3, 0x37, 0x89, 0x86, 0x8d, 0xdf, 0xc4, 0x1c, 0x9e, 0xf5, 0xc4, 0x1a, 0xd7, + 0xda, 0xf2, 0x1e, 0x0b, 0x87, 0xd0, 0x15, 0x49, 0xaa, 0x8e, 0x7d, 0x33, 0x7a, 0x81, 0xaa, 0x56, + 0x1a, 0xb1, 0x46, 0xf6, 0x97, 0x41, 0xd1, 0x0b, 0x57, 0x6b, 0x09, 0x41, 0x40, 0xad, 0xac, 0xce, + 0xae, 0x31, 0x02, 0x36, 0xbb, 0xc6, 0x43, 0x87, 0x2b, 0xf1, 0x7b, 0xab, 0xb5, 0x4a, 0x64, 0x37, + 0x3d, 0x82, 0x67, 0xb3, 0x53, 0xec, 0xae, 0x6b, 0x92, 0x7c, 0xb5, 0xb1, 0xb6, 0x12, 0xf9, 0x5e, + 0x27, 0xd0, 0xc0, 0xf7, 0x3a, 0xe9, 0x5a, 0xe4, 0x6f, 0x8f, 0xbc, 0xa1, 0x5a, 0xbb, 0x05, 0x62, + 0x0b, 0xa3, 0xc4, 0x0a, 0xb2, 0xea, 0x18, 0x19, 0x79, 0xc7, 0xf5, 0x5d, 0x74, 0xe6, 0xce, 0x6e, + 0xe3, 0x83, 0xd5, 0x20, 0xf5, 0xab, 0xee, 0xd0, 0x9e, 0xe1, 0x50, 0xad, 0xaa, 0xfa, 0xea, 0x89, + 0x44, 0xcc, 0x57, 0x4f, 0x44, 0xc4, 0xc5, 0xfa, 0x63, 0xa1, 0xb6, 0x97, 0xd8, 0x70, 0x44, 0x24, + 0x73, 0xb3, 0xd9, 0x49, 0x45, 0x30, 0x05, 0xad, 0xda, 0xdd, 0x2d, 0x88, 0x54, 0x7c, 0x53, 0x9d, + 0x9d, 0x46, 0x53, 0xb2, 0xd9, 0x69, 0x34, 0x96, 0x99, 0xba, 0x8a, 0xe5, 0x63, 0xf0, 0xb6, 0x6a, + 0xea, 0x09, 0x24, 0xcc, 0xd4, 0x13, 0xc0, 0x71, 0x81, 0x84, 0xba, 0xd4, 0xd3, 0x56, 0xf7, 0x12, + 0x08, 0x24, 0x71, 0x81, 0x00, 0x8e, 0x0b, 0x5c, 0xa1, 0x5e, 0x6b, 0x5b, 0xbb, 0xb3, 0x97, 0x40, + 0x20, 0x89, 0x0b, 0x04, 0x30, 0x5b, 0x6c, 0xaa, 0xe0, 0xe5, 0x7e, 0xfb, 0x81, 0xdf, 0x67, 0x6b, + 0xea, 0x62, 0x73, 0x24, 0x21, 0x5b, 0x6c, 0x8e, 0x44, 0xe2, 0xef, 0x3d, 0x76, 0x88, 0x5b, 0x5b, + 0x87, 0x07, 0x2e, 0x86, 0x7e, 0xc1, 0xe3, 0x70, 0x55, 0xc7, 0xc8, 0xe3, 0x86, 0xd0, 0x5f, 0x0f, + 0xa2, 0xd7, 0x5a, 0x1d, 0x1e, 0x35, 0x1f, 0xc4, 0x2a, 0x38, 0xb8, 0x3a, 0x46, 0x82, 0xf8, 0xf6, + 0x0d, 0x94, 0x83, 0x97, 0xaa, 0x75, 0x2d, 0xaf, 0xbc, 0xac, 0x7d, 0xa0, 0x2e, 0x99, 0x24, 0x14, + 0x5b, 0x32, 0x49, 0x3f, 0xd9, 0x24, 0x0e, 0x3f, 0xf9, 0x14, 0x53, 0x5e, 0xd6, 0x88, 0x3a, 0x89, + 0x2b, 0x48, 0x36, 0x89, 0x2b, 0x80, 0xe0, 0xb9, 0x65, 0xc7, 0xee, 0x95, 0x97, 0xb5, 0x46, 0xc2, + 0x73, 0x39, 0x2a, 0x78, 0x2e, 0xff, 0x19, 0x3c, 0xb7, 0xb1, 0xdd, 0xf7, 0xca, 0xec, 0x1d, 0x37, + 0x12, 0x9e, 0xeb, 0x23, 0x83, 0xe7, 0xfa, 0x00, 0x36, 0x15, 0x02, 0xa0, 0xee, 0xd8, 0x6c, 0xd2, + 0xbe, 0x6d, 0xb5, 0xdb, 0xda, 0x5d, 0x75, 0x2a, 0x8c, 0xe2, 0xd9, 0x54, 0x18, 0x85, 0x31, 0xd7, + 0x93, 0xb7, 0x8a, 0x6e, 0xf6, 0xb7, 0xb4, 0x0f, 0x55, 0xd7, 0x33, 0xc4, 0x30, 0xd7, 0x33, 0xfc, + 0x05, 0xab, 0x0b, 0xf6, 0x8b, 0xd0, 0xfb, 0x0e, 0x75, 0xb7, 0xb5, 0x7b, 0x91, 0xd5, 0x85, 0x84, + 0x83, 0xd5, 0x85, 0xf4, 0x1b, 0x6f, 0xa1, 0x17, 0x95, 0x0f, 0x8d, 0xbf, 0xd3, 0xde, 0xa0, 0x86, + 0xd3, 0xda, 0xd6, 0x3e, 0x02, 0x51, 0xaf, 0x26, 0x7e, 0xaa, 0x54, 0xd2, 0xea, 0x18, 0xd9, 0x4b, + 0x12, 0x2c, 0xcb, 0x3f, 0x58, 0xe5, 0x27, 0x6a, 0x48, 0xbd, 0xe4, 0x2f, 0x42, 0xbf, 0x15, 0x59, + 0x96, 0xc7, 0x49, 0x60, 0x59, 0x1e, 0x07, 0xe3, 0x1e, 0x3a, 0x1f, 0x59, 0xaa, 0xdd, 0x31, 0xda, + 0x6c, 0x5d, 0x42, 0xcd, 0xba, 0xd1, 0x7a, 0x40, 0x3d, 0xed, 0x67, 0x40, 0xf6, 0x85, 0x11, 0x0b, + 0xbe, 0x08, 0x75, 0x75, 0x8c, 0xec, 0x23, 0x0f, 0xeb, 0xbc, 0x8a, 0xb2, 0xf6, 0x6d, 0x35, 0xbe, + 0xc9, 0x60, 0xd5, 0x31, 0xc2, 0x2b, 0x2c, 0x7f, 0x8c, 0xb4, 0xbb, 0xbd, 0x2d, 0xc7, 0x30, 0x29, + 0x77, 0xb4, 0xc0, 0x77, 0x13, 0x0e, 0xe8, 0x1f, 0x53, 0xbd, 0xb4, 0x51, 0x74, 0xcc, 0x4b, 0x1b, + 0x85, 0x63, 0x86, 0xaa, 0x94, 0x4e, 0xd0, 0xbe, 0xa3, 0x1a, 0xaa, 0x82, 0x64, 0x86, 0xaa, 0x16, + 0x5a, 0xf8, 0x08, 0x3d, 0x17, 0xbd, 0x93, 0x96, 0x77, 0x9a, 0xf6, 0x31, 0xc8, 0x39, 0x1f, 0xdb, + 0x0c, 0x50, 0xa8, 0xaa, 0x63, 0x64, 0x04, 0x3f, 0xfb, 0xe2, 0xc6, 0x8a, 0xfa, 0x08, 0xf7, 0xe2, + 0x67, 0xd5, 0x2f, 0xee, 0x08, 0x32, 0xf6, 0xc5, 0x1d, 0x81, 0x4a, 0x14, 0x2e, 0x94, 0x6a, 0xec, + 0x23, 0x3c, 0xd0, 0xe9, 0x28, 0x09, 0x89, 0xc2, 0x85, 0xa7, 0xb6, 0xb9, 0x8f, 0xf0, 0xc0, 0x5b, + 0x1b, 0x25, 0x01, 0x5f, 0x44, 0x93, 0x8d, 0xc6, 0x1d, 0xd2, 0xef, 0x6a, 0xad, 0x48, 0x8a, 0x05, + 0x40, 0xab, 0x63, 0x44, 0xe0, 0x99, 0x1b, 0x54, 0x69, 0x1b, 0xae, 0x67, 0xb5, 0x5c, 0x18, 0x31, + 0xfe, 0x08, 0x31, 0x55, 0x37, 0x28, 0x89, 0x86, 0xb9, 0x41, 0x49, 0xf0, 0xe5, 0x29, 0x34, 0x01, + 0x57, 0x34, 0xea, 0xbf, 0x94, 0x42, 0x33, 0x0d, 0xcf, 0xa1, 0x46, 0x47, 0x24, 0xe7, 0x9e, 0x45, + 0x59, 0x1e, 0x9b, 0x10, 0xd7, 0x0f, 0x4f, 0x93, 0xe0, 0x37, 0xbe, 0x80, 0xe6, 0x56, 0x0d, 0xd7, + 0x03, 0xce, 0x5a, 0xd7, 0xa4, 0x8f, 0x60, 0x5f, 0x2e, 0x43, 0x22, 0x50, 0xbc, 0xca, 0xe9, 0x38, + 0x1f, 0x6c, 0xc4, 0x67, 0xf6, 0xdd, 0x88, 0xcf, 0x7e, 0x36, 0x28, 0x8c, 0xc1, 0x76, 0x7b, 0x84, + 0x57, 0x1f, 0xa6, 0x50, 0x2c, 0x6a, 0xf2, 0xe4, 0xbb, 0xa4, 0xeb, 0x68, 0x3e, 0x92, 0xfc, 0x21, + 0x36, 0x17, 0x1f, 0x33, 0x37, 0x24, 0xca, 0x8d, 0x5f, 0xe5, 0xa5, 0xed, 0xa5, 0xab, 0xca, 0xfa, + 0xca, 0x99, 0x63, 0x28, 0x61, 0xff, 0x95, 0x60, 0xe7, 0xeb, 0x2e, 0x59, 0x15, 0x49, 0x1f, 0x70, + 0xad, 0x73, 0xdf, 0x69, 0x13, 0x09, 0xa5, 0xff, 0x9d, 0x99, 0x70, 0xe3, 0x1b, 0x5f, 0x10, 0x79, + 0x2f, 0xd2, 0xd5, 0x6d, 0x91, 0x03, 0xea, 0x3c, 0xcf, 0xe5, 0x1b, 0x68, 0xa6, 0xd6, 0xe9, 0x51, + 0xc7, 0xb5, 0xbb, 0x70, 0xa9, 0x52, 0x3a, 0xdc, 0xc5, 0xb5, 0x24, 0xb8, 0x9c, 0xe4, 0x2e, 0xd3, + 0x87, 0x37, 0x42, 0x65, 0xf6, 0xbd, 0x11, 0xea, 0x12, 0x9a, 0xb8, 0x0b, 0x17, 0x39, 0x4b, 0x97, + 0x47, 0xf5, 0x23, 0xd7, 0x38, 0x73, 0x0a, 0x7c, 0x19, 0x4d, 0xc2, 0x56, 0xae, 0xab, 0x4d, 0x00, + 0x2d, 0x14, 0xbc, 0x68, 0x03, 0x44, 0xae, 0xc2, 0xc5, 0x69, 0xf0, 0x6d, 0x94, 0x0f, 0x87, 0x0a, + 0x54, 0x4c, 0xf3, 0xb3, 0xf5, 0xe1, 0xb0, 0xf8, 0x83, 0x00, 0xc7, 0x4b, 0xad, 0xc9, 0x22, 0x62, + 0x8c, 0xb8, 0x8a, 0xe6, 0x43, 0x18, 0x53, 0x91, 0x7f, 0x4a, 0xe8, 0xfc, 0x70, 0x50, 0x38, 0x2b, + 0xc9, 0x62, 0xea, 0x94, 0x45, 0x45, 0xd9, 0x70, 0x2d, 0xbc, 0x15, 0x2f, 0xbb, 0xaf, 0x0d, 0x9f, + 0x12, 0xc9, 0x24, 0x53, 0xe2, 0x56, 0x3c, 0xf5, 0x2e, 0xbc, 0x15, 0x34, 0x47, 0xec, 0xbe, 0x47, + 0x37, 0x6c, 0xff, 0x6a, 0x0f, 0x9e, 0x46, 0x0e, 0x6d, 0x72, 0x18, 0xa6, 0xe9, 0xd9, 0xfe, 0x59, + 0x7b, 0xb9, 0x26, 0x80, 0xca, 0x85, 0xd7, 0x92, 0x6e, 0x09, 0x91, 0x4e, 0xc0, 0x4b, 0xaf, 0x17, + 0x17, 0x96, 0x70, 0x2d, 0xc8, 0x9f, 0x4a, 0xa1, 0xc9, 0x0d, 0xc7, 0xb0, 0x3c, 0x57, 0x6c, 0xac, + 0x9e, 0x59, 0xdc, 0x71, 0x8c, 0x1e, 0xb3, 0x8f, 0x45, 0xc8, 0x29, 0x81, 0x5b, 0x11, 0xdc, 0xe5, + 0x7b, 0xec, 0xed, 0xfe, 0xed, 0xa0, 0xf0, 0xf5, 0x2d, 0xd8, 0x51, 0x58, 0x6c, 0xd9, 0x9d, 0xa5, + 0x2d, 0xc7, 0x78, 0x68, 0xf1, 0x3b, 0xb1, 0x8c, 0xf6, 0x92, 0x47, 0xdb, 0xb4, 0x67, 0x3b, 0xde, + 0x92, 0xd1, 0xb3, 0x96, 0x20, 0x93, 0x70, 0x29, 0x90, 0xc4, 0x9f, 0xc0, 0x4c, 0xc0, 0x83, 0xbf, + 0x64, 0x13, 0xe0, 0x38, 0xbc, 0x86, 0x90, 0x78, 0xd5, 0x62, 0xaf, 0x27, 0x76, 0x69, 0xa5, 0x2d, + 0x28, 0x1f, 0xc3, 0x0d, 0x3b, 0x50, 0x98, 0xd1, 0x93, 0xeb, 0xee, 0x49, 0x12, 0x98, 0x15, 0x6c, + 0x88, 0x16, 0xf9, 0x6a, 0x9a, 0x0d, 0x35, 0xee, 0x37, 0x36, 0x41, 0x49, 0x51, 0x36, 0xbc, 0x89, + 0xe6, 0x85, 0xdc, 0x20, 0x3d, 0x7c, 0x4e, 0x9d, 0x34, 0x22, 0x68, 0x6e, 0xb4, 0x41, 0x1b, 0x4d, + 0x01, 0x96, 0x9f, 0x11, 0xe1, 0xc0, 0xcb, 0xe1, 0xb1, 0x53, 0x28, 0xf2, 0xa7, 0xcd, 0x83, 0xc5, + 0xc2, 0xed, 0x60, 0x3e, 0x3f, 0xaf, 0x0d, 0x28, 0x57, 0xa1, 0x53, 0x58, 0x64, 0x19, 0xdc, 0xea, + 0xf3, 0x09, 0x32, 0xa2, 0x36, 0xaf, 0xb2, 0xe0, 0x12, 0x9a, 0x0d, 0x82, 0xc4, 0x77, 0xd9, 0xcc, + 0xb6, 0x10, 0x96, 0xc3, 0x8b, 0x64, 0x9e, 0xcb, 0x42, 0x14, 0x1e, 0x7c, 0x0d, 0x65, 0xf9, 0x36, + 0x6b, 0x8d, 0xef, 0x0b, 0xfb, 0xa9, 0x3f, 0x00, 0x6b, 0x5a, 0x72, 0x8f, 0x05, 0x84, 0xf8, 0x3d, + 0x94, 0x2b, 0xde, 0x6b, 0xb0, 0x79, 0xa6, 0x48, 0xd6, 0x5c, 0xed, 0x54, 0x78, 0x56, 0x07, 0xaa, + 0x51, 0xd8, 0x6d, 0xda, 0x34, 0x1c, 0x65, 0xf2, 0x90, 0xe9, 0x71, 0x05, 0xcd, 0x29, 0x7e, 0xa6, + 0xab, 0x9d, 0x0e, 0xaf, 0xf5, 0x17, 0x97, 0x6f, 0x88, 0x52, 0x90, 0x4a, 0xc9, 0x0d, 0x95, 0x89, + 0x59, 0x4d, 0xd9, 0x72, 0x8d, 0x76, 0xdb, 0xde, 0x21, 0xd4, 0x72, 0xdd, 0x3e, 0x85, 0x4d, 0xe5, + 0x2c, 0xb7, 0x1a, 0x53, 0xa0, 0x9a, 0x0e, 0xc7, 0x29, 0x05, 0x51, 0x54, 0x36, 0xfc, 0x09, 0xc2, + 0x45, 0xf6, 0x5b, 0xbd, 0xa9, 0xed, 0xb9, 0x91, 0x37, 0xb5, 0x5d, 0x10, 0xd3, 0xc7, 0x79, 0x83, + 0x73, 0x35, 0x47, 0xdc, 0xd8, 0x96, 0x20, 0x55, 0xff, 0x9f, 0x29, 0x79, 0xf0, 0x04, 0x57, 0x09, + 0xa4, 0x12, 0xaf, 0x12, 0xb8, 0x8c, 0xa6, 0xc5, 0x27, 0x27, 0x38, 0x58, 0x00, 0xc7, 0x27, 0xfd, + 0x1c, 0x38, 0xcb, 0x24, 0x21, 0x01, 0x1c, 0x5d, 0x0b, 0xab, 0x7f, 0x65, 0xa4, 0xa3, 0x6b, 0x61, + 0xf5, 0x2f, 0xa5, 0xf6, 0xd7, 0x55, 0xf5, 0xb6, 0xb8, 0xf1, 0x30, 0x4d, 0xce, 0x2f, 0x24, 0xc2, + 0xd3, 0xe4, 0xe4, 0x2b, 0xe3, 0xde, 0x81, 0x12, 0x38, 0xa2, 0x2f, 0xc5, 0x07, 0x12, 0xc6, 0xb9, + 0xdc, 0xf5, 0x91, 0x1a, 0x38, 0x82, 0x5a, 0xff, 0x37, 0xa9, 0xd8, 0xf0, 0x64, 0x6d, 0x10, 0x19, + 0x97, 0x92, 0x1e, 0xa0, 0x0d, 0x22, 0x3f, 0x53, 0xb4, 0x41, 0x22, 0xc2, 0x17, 0x51, 0x36, 0x52, + 0xb8, 0x06, 0x32, 0xcc, 0x82, 0xaa, 0x35, 0x01, 0x16, 0x5f, 0x45, 0x59, 0x36, 0x58, 0xba, 0xe1, + 0x35, 0x76, 0x50, 0x76, 0xa7, 0x2f, 0x60, 0xb2, 0x75, 0xfb, 0x74, 0x8c, 0x47, 0x39, 0x5b, 0x22, + 0x78, 0x12, 0xa6, 0x86, 0xf0, 0x2c, 0xc9, 0xff, 0x1e, 0xdf, 0x73, 0x15, 0xf6, 0x4c, 0x92, 0x6a, + 0xdf, 0x66, 0xde, 0x18, 0x7b, 0x7a, 0xd1, 0x8d, 0x39, 0x0d, 0xdc, 0xc9, 0x6c, 0x1a, 0xbc, 0xcb, + 0x5c, 0xa2, 0x52, 0xca, 0x15, 0x47, 0x21, 0x45, 0x6d, 0x3c, 0xa1, 0xe2, 0x68, 0x24, 0x31, 0x50, + 0x61, 0xc0, 0x6f, 0xa2, 0xe9, 0xb0, 0x76, 0xea, 0x44, 0x38, 0xaf, 0x24, 0x95, 0x4c, 0x0d, 0x29, + 0xf1, 0x77, 0xd0, 0xa4, 0x52, 0xb0, 0x67, 0xe9, 0x31, 0x96, 0xad, 0x8b, 0x72, 0x52, 0x2b, 0x77, + 0x5d, 0xa2, 0xc5, 0x7a, 0x84, 0x50, 0xbc, 0x81, 0x4e, 0xd5, 0x1d, 0x6a, 0x42, 0x80, 0xa4, 0xf2, + 0xa8, 0xe7, 0x88, 0x94, 0x63, 0x9e, 0x7a, 0xab, 0xb3, 0x01, 0xdd, 0xf3, 0xd1, 0x4d, 0x1a, 0xe0, + 0x25, 0x41, 0x49, 0xec, 0x6c, 0x3a, 0xe3, 0x2d, 0xb9, 0x4d, 0x77, 0x77, 0x6c, 0xc7, 0xe4, 0x59, + 0xb9, 0x62, 0x3a, 0x13, 0x8a, 0x7e, 0x20, 0x50, 0xf2, 0x74, 0xa6, 0x32, 0x9d, 0x7d, 0x1b, 0xe5, + 0x9e, 0x34, 0x31, 0xf4, 0x57, 0xd3, 0x23, 0xe2, 0x99, 0xc7, 0xf7, 0x0c, 0x6a, 0x50, 0x0f, 0x60, + 0x62, 0x44, 0x3d, 0x80, 0x3f, 0x48, 0x8f, 0x08, 0xd6, 0x1e, 0xeb, 0x73, 0xbb, 0x81, 0x32, 0xd4, + 0x73, 0xbb, 0xe1, 0x91, 0x69, 0xcb, 0x24, 0x32, 0x51, 0xe4, 0x84, 0xff, 0xe4, 0xbe, 0x27, 0xfc, + 0xff, 0x46, 0x66, 0xaf, 0x60, 0xf6, 0x89, 0xee, 0x0f, 0xa2, 0xfb, 0xab, 0x28, 0x17, 0x68, 0x56, + 0x54, 0x2b, 0x9c, 0x0d, 0xd2, 0xd0, 0x39, 0x18, 0x78, 0x24, 0x22, 0x7c, 0x89, 0xb7, 0x15, 0x2e, + 0x8b, 0x9b, 0x02, 0x06, 0x28, 0xe8, 0xc7, 0xda, 0x06, 0xd7, 0xc1, 0x91, 0x00, 0xad, 0xff, 0xe3, + 0x74, 0xe2, 0x8e, 0xc0, 0x49, 0x1f, 0x1d, 0xa0, 0x8f, 0x12, 0x94, 0xc8, 0xf7, 0x32, 0x4e, 0x94, + 0x78, 0x00, 0x25, 0xfe, 0x7e, 0x3a, 0x71, 0xe7, 0xe7, 0x44, 0x89, 0x07, 0x99, 0x2d, 0x2e, 0xa3, + 0x69, 0x62, 0xef, 0xb8, 0x25, 0xbb, 0xdf, 0xf5, 0xc4, 0x5c, 0x01, 0x13, 0xb5, 0x63, 0xef, 0xb8, + 0xcd, 0x16, 0x83, 0x92, 0x90, 0x40, 0xff, 0xc3, 0xf4, 0x1e, 0x7b, 0x63, 0x27, 0x8a, 0xff, 0x3c, + 0x3f, 0x91, 0xbf, 0x91, 0x56, 0xf6, 0xde, 0x8e, 0x75, 0x01, 0x9c, 0x46, 0x6b, 0x9b, 0x76, 0x8c, + 0x68, 0x01, 0x1c, 0x17, 0xa0, 0xe2, 0x18, 0x7e, 0x48, 0xa2, 0xff, 0x30, 0x1d, 0xd9, 0x7c, 0x3c, + 0xd1, 0xdd, 0x63, 0xeb, 0x2e, 0xb0, 0x3a, 0xb1, 0x9f, 0x7a, 0xa2, 0xb9, 0xc7, 0xd5, 0xdc, 0xf7, + 0xd2, 0x91, 0xad, 0xe7, 0xe3, 0x5b, 0x52, 0xe3, 0x87, 0xe9, 0xf8, 0x36, 0xfa, 0xf1, 0xb5, 0xa4, + 0xcb, 0x68, 0x5a, 0xe8, 0x21, 0xf8, 0x54, 0xf0, 0x79, 0x9f, 0x03, 0x21, 0x7a, 0x17, 0x10, 0xe8, + 0x7f, 0x32, 0x8d, 0xd4, 0x94, 0x80, 0x63, 0x6a, 0x43, 0xbf, 0x91, 0x56, 0x93, 0x21, 0x8e, 0xaf, + 0xfd, 0x2c, 0x22, 0xd4, 0xe8, 0x6f, 0xb6, 0xc4, 0x59, 0xba, 0x09, 0x29, 0xfc, 0x1b, 0x40, 0x89, + 0x44, 0xa1, 0xff, 0x9f, 0x74, 0x62, 0x86, 0xc6, 0xf1, 0x55, 0xe0, 0x35, 0x88, 0x13, 0xb7, 0xba, + 0xe1, 0x44, 0x0e, 0x41, 0x48, 0x36, 0xfe, 0xa2, 0xb5, 0xc7, 0x03, 0x42, 0xfc, 0xb5, 0x04, 0x77, + 0x0d, 0x8a, 0xab, 0x27, 0xd6, 0x02, 0x95, 0x1d, 0xb7, 0x7f, 0x9e, 0xde, 0x2f, 0xa1, 0xe5, 0x38, + 0x7f, 0x55, 0xa7, 0xea, 0xc6, 0x2e, 0x1c, 0xbc, 0x60, 0x3d, 0x31, 0xc3, 0x0b, 0xb9, 0xf7, 0x38, + 0x48, 0xae, 0x7e, 0x2f, 0xa8, 0xf4, 0x5f, 0x9b, 0x48, 0xce, 0xa6, 0x38, 0xbe, 0x2a, 0xf4, 0x6f, + 0x6a, 0x98, 0xd8, 0xf7, 0xa6, 0x86, 0xc9, 0xc7, 0xbd, 0xa9, 0x61, 0x6a, 0xe4, 0x4d, 0x0d, 0xe7, + 0xd0, 0xf8, 0xb2, 0x6d, 0xee, 0xc2, 0x5e, 0xfa, 0x0c, 0x7f, 0xd8, 0xa6, 0x6d, 0xee, 0x12, 0x80, + 0xe2, 0x3f, 0x93, 0x42, 0x53, 0x55, 0x6a, 0x98, 0x6c, 0x84, 0x4c, 0xef, 0xb5, 0x15, 0xfd, 0xd1, + 0xd3, 0xd9, 0x8a, 0x5e, 0xd8, 0xe6, 0x0f, 0x93, 0x0d, 0x45, 0x3c, 0x1f, 0xdf, 0x42, 0xd9, 0x92, + 0xe1, 0xd1, 0x2d, 0xdb, 0xd9, 0x85, 0xcd, 0xf5, 0xb9, 0x30, 0xcf, 0x56, 0xb1, 0x1f, 0x9f, 0x88, + 0xef, 0x15, 0xb5, 0xc4, 0x2f, 0x12, 0x30, 0x33, 0xb5, 0x88, 0x1a, 0x3b, 0xb9, 0x50, 0x2d, 0x6a, + 0x31, 0x9d, 0x30, 0xac, 0x3c, 0x33, 0x22, 0xac, 0xdc, 0x43, 0x67, 0xe3, 0x99, 0x5f, 0x81, 0xfd, + 0x11, 0x84, 0xe3, 0x58, 0xb1, 0xe7, 0x05, 0xfb, 0x0f, 0x7d, 0x8e, 0x6d, 0xf2, 0x12, 0x20, 0xd1, + 0x02, 0x1a, 0x24, 0x81, 0x5b, 0xff, 0xd5, 0xf4, 0xe8, 0x84, 0xb5, 0xa3, 0x39, 0x58, 0x7e, 0x36, + 0x51, 0x4b, 0xe3, 0x6a, 0x9e, 0xf3, 0x68, 0x2d, 0x47, 0xc4, 0x26, 0xe9, 0xec, 0x47, 0xa9, 0x51, + 0x59, 0x74, 0x87, 0xd2, 0xd8, 0x97, 0xe3, 0xdb, 0xb5, 0x90, 0x3b, 0xe4, 0xaa, 0xfb, 0xb4, 0xd1, + 0x7a, 0x14, 0x99, 0x27, 0xac, 0x47, 0xf1, 0x0f, 0x53, 0xe8, 0xd4, 0xed, 0xfe, 0x26, 0x8d, 0x5c, + 0xc0, 0x87, 0x3f, 0xe1, 0xf7, 0xf6, 0x89, 0x9d, 0xb4, 0x14, 0xec, 0xa4, 0xbd, 0x2e, 0x67, 0xc0, + 0x45, 0x18, 0x16, 0x43, 0x6a, 0xbe, 0x8b, 0xf6, 0x92, 0xd8, 0xdf, 0x3e, 0xf3, 0xa0, 0xbf, 0x49, + 0xe3, 0x77, 0x5f, 0x48, 0xd2, 0xcf, 0xbe, 0xc7, 0x13, 0x78, 0x9e, 0x74, 0xe7, 0xea, 0x57, 0xd2, + 0x23, 0x93, 0x0e, 0x8f, 0xec, 0x3d, 0x04, 0xdf, 0x4e, 0xec, 0x15, 0x61, 0xbf, 0x2f, 0xee, 0xd1, + 0x0f, 0x11, 0x89, 0x49, 0x52, 0x92, 0x15, 0x76, 0xc4, 0x2f, 0x6e, 0xf8, 0x5c, 0x15, 0xf6, 0xdb, + 0xa9, 0x91, 0xc9, 0xa1, 0x47, 0xf6, 0x6a, 0x87, 0x1f, 0xa7, 0xfd, 0x9c, 0xd4, 0x43, 0xbd, 0xc2, + 0x65, 0x34, 0x2d, 0x0a, 0x6f, 0xa8, 0xd9, 0x25, 0x62, 0x3d, 0x01, 0xeb, 0xd3, 0x80, 0x00, 0x2f, + 0x21, 0x24, 0x5d, 0xe4, 0x22, 0x65, 0x97, 0x48, 0x37, 0xb8, 0x10, 0x89, 0x84, 0x79, 0x24, 0x95, + 0x47, 0x96, 0x07, 0xe5, 0x6a, 0x58, 0x5f, 0x66, 0xb8, 0x47, 0x42, 0x1f, 0x59, 0x1e, 0xbf, 0x86, + 0x2a, 0x40, 0xb3, 0x4f, 0xaf, 0x54, 0x9e, 0x56, 0x7c, 0x7a, 0xf9, 0x8d, 0x55, 0x41, 0x31, 0xda, + 0xcb, 0x68, 0xba, 0xd8, 0x82, 0x38, 0x75, 0x70, 0x33, 0x17, 0xb4, 0xd6, 0xe0, 0x40, 0x68, 0x6d, + 0x40, 0xc0, 0x24, 0x2a, 0x97, 0xf0, 0x80, 0x44, 0x7e, 0xfb, 0x0e, 0x11, 0x98, 0xd7, 0xbe, 0x82, + 0x72, 0x90, 0x0b, 0x5b, 0xe4, 0x35, 0x72, 0x67, 0x50, 0x76, 0x7d, 0xb9, 0x51, 0x21, 0x1f, 0x56, + 0xca, 0xf9, 0x31, 0x8c, 0xd0, 0x64, 0xb9, 0xb2, 0x56, 0xab, 0x94, 0xf3, 0xa9, 0xd7, 0xfe, 0x6b, + 0x0a, 0xa1, 0xc6, 0xca, 0x46, 0x5d, 0x10, 0xe6, 0xd0, 0x54, 0x6d, 0xed, 0xc3, 0xe2, 0x6a, 0x8d, + 0xd1, 0x65, 0xd1, 0xf8, 0x7a, 0xbd, 0xb2, 0x96, 0x4f, 0xe1, 0x69, 0x34, 0x51, 0x5a, 0x5d, 0x6f, + 0x54, 0xf2, 0x69, 0x06, 0x24, 0x95, 0x62, 0x39, 0x9f, 0x61, 0xc0, 0x7b, 0xa4, 0xb6, 0x51, 0xc9, + 0x8f, 0xb3, 0x3f, 0x57, 0x1b, 0x1b, 0xc5, 0x8d, 0xfc, 0x04, 0xfb, 0x73, 0x05, 0xfe, 0x9c, 0x64, + 0xc2, 0x1a, 0x95, 0x0d, 0xf8, 0x31, 0xc5, 0x9a, 0xb0, 0xe2, 0xff, 0xca, 0x32, 0x14, 0x13, 0x5d, + 0xae, 0x91, 0xfc, 0x34, 0xfb, 0xc1, 0x44, 0xb2, 0x1f, 0x88, 0x35, 0x8e, 0x54, 0xee, 0xac, 0x7f, + 0x58, 0xc9, 0xe7, 0x98, 0xac, 0x3b, 0xb7, 0x19, 0x78, 0x86, 0xfd, 0x49, 0xee, 0xb0, 0x3f, 0x67, + 0x99, 0x24, 0x52, 0x29, 0xae, 0xd6, 0x8b, 0x1b, 0xd5, 0xfc, 0x1c, 0x6b, 0x0f, 0xc8, 0x9c, 0xe7, + 0x9c, 0x6b, 0xc5, 0x3b, 0x95, 0x7c, 0x5e, 0xd0, 0x94, 0x57, 0x6b, 0x6b, 0xb7, 0xf3, 0x0b, 0xd0, + 0x90, 0x6f, 0xdd, 0x81, 0x1f, 0xf8, 0xb5, 0x5b, 0xe8, 0x4c, 0xa2, 0xf3, 0xc4, 0xa8, 0x6e, 0x55, + 0xd6, 0x2a, 0xa4, 0xb8, 0x9a, 0x1f, 0x63, 0x02, 0x1a, 0x95, 0xd2, 0x5d, 0x52, 0xdb, 0xf8, 0x56, + 0x3e, 0xc5, 0x44, 0x37, 0x2a, 0x45, 0x52, 0xaa, 0xe6, 0xd3, 0x78, 0x0a, 0x65, 0x1a, 0x1f, 0xac, + 0xe6, 0x33, 0xcb, 0xe5, 0xcf, 0xfe, 0xfd, 0xf9, 0xb1, 0xcf, 0x7e, 0x7a, 0x3e, 0xf5, 0x5b, 0x3f, + 0x3d, 0x9f, 0xfa, 0x77, 0x3f, 0x3d, 0x9f, 0xfa, 0x99, 0xab, 0x07, 0x71, 0x05, 0xb9, 0x29, 0x6f, + 0x4e, 0x42, 0x6a, 0xcf, 0xb5, 0xff, 0x17, 0x00, 0x00, 0xff, 0xff, 0x5a, 0x6e, 0x2c, 0x9c, 0x58, + 0xc1, 0x00, 0x00, } func (m *Metadata) Marshal() (dAtA []byte, err error) { @@ -7735,6 +8726,13 @@ func (m *ServerMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ForwardedBy) > 0 { + i -= len(m.ForwardedBy) + copy(dAtA[i:], m.ForwardedBy) + i = encodeVarintEvents(dAtA, i, uint64(len(m.ForwardedBy))) + i-- + dAtA[i] = 0x32 + } if len(m.ServerLabels) > 0 { for k := range m.ServerLabels { v := m.ServerLabels[k] @@ -10417,7 +11415,7 @@ func (m *SCP) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *Subsystem) Marshal() (dAtA []byte, err error) { +func (m *SFTPAttributes) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10427,12 +11425,12 @@ func (m *Subsystem) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *Subsystem) MarshalTo(dAtA []byte) (int, error) { +func (m *SFTPAttributes) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *Subsystem) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SFTPAttributes) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10441,54 +11439,70 @@ func (m *Subsystem) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Error) > 0 { - i -= len(m.Error) - copy(dAtA[i:], m.Error) - i = encodeVarintEvents(dAtA, i, uint64(len(m.Error))) + if m.ModificationTime != nil { + n117, err117 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.ModificationTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.ModificationTime):]) + if err117 != nil { + return 0, err117 + } + i -= n117 + i = encodeVarintEvents(dAtA, i, uint64(n117)) + i-- + dAtA[i] = 0x32 + } + if m.AccessTime != nil { + n118, err118 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.AccessTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.AccessTime):]) + if err118 != nil { + return 0, err118 + } + i -= n118 + i = encodeVarintEvents(dAtA, i, uint64(n118)) i-- dAtA[i] = 0x2a } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintEvents(dAtA, i, uint64(len(m.Name))) + if m.Permissions != nil { + n119, err119 := github_com_gogo_protobuf_types.StdUInt32MarshalTo(*m.Permissions, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.Permissions):]) + if err119 != nil { + return 0, err119 + } + i -= n119 + i = encodeVarintEvents(dAtA, i, uint64(n119)) i-- dAtA[i] = 0x22 } - { - size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if m.GID != nil { + n120, err120 := github_com_gogo_protobuf_types.StdUInt32MarshalTo(*m.GID, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.GID):]) + if err120 != nil { + return 0, err120 } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) + i -= n120 + i = encodeVarintEvents(dAtA, i, uint64(n120)) + i-- + dAtA[i] = 0x1a } - i-- - dAtA[i] = 0x1a - { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if m.UID != nil { + n121, err121 := github_com_gogo_protobuf_types.StdUInt32MarshalTo(*m.UID, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.UID):]) + if err121 != nil { + return 0, err121 } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) + i -= n121 + i = encodeVarintEvents(dAtA, i, uint64(n121)) + i-- + dAtA[i] = 0x12 } - i-- - dAtA[i] = 0x12 - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err + if m.FileSize != nil { + n122, err122 := github_com_gogo_protobuf_types.StdUInt64MarshalTo(*m.FileSize, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdUInt64(*m.FileSize):]) + if err122 != nil { + return 0, err122 } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) + i -= n122 + i = encodeVarintEvents(dAtA, i, uint64(n122)) + i-- + dAtA[i] = 0xa } - i-- - dAtA[i] = 0xa return len(dAtA) - i, nil } -func (m *ClientDisconnect) Marshal() (dAtA []byte, err error) { +func (m *SFTP) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10498,12 +11512,12 @@ func (m *ClientDisconnect) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ClientDisconnect) MarshalTo(dAtA []byte) (int, error) { +func (m *SFTP) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ClientDisconnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *SFTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10512,12 +11526,55 @@ func (m *ClientDisconnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.Reason) > 0 { - i -= len(m.Reason) - copy(dAtA[i:], m.Reason) - i = encodeVarintEvents(dAtA, i, uint64(len(m.Reason))) + if len(m.Error) > 0 { + i -= len(m.Error) + copy(dAtA[i:], m.Error) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Error))) i-- - dAtA[i] = 0x2a + dAtA[i] = 0x62 + } + if m.Action != 0 { + i = encodeVarintEvents(dAtA, i, uint64(m.Action)) + i-- + dAtA[i] = 0x58 + } + if m.Attributes != nil { + { + size, err := m.Attributes.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } + if m.Flags != 0 { + i = encodeVarintEvents(dAtA, i, uint64(m.Flags)) + i-- + dAtA[i] = 0x48 + } + if len(m.TargetPath) > 0 { + i -= len(m.TargetPath) + copy(dAtA[i:], m.TargetPath) + i = encodeVarintEvents(dAtA, i, uint64(len(m.TargetPath))) + i-- + dAtA[i] = 0x42 + } + if len(m.Path) > 0 { + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0x3a + } + if len(m.WorkingDirectory) > 0 { + i -= len(m.WorkingDirectory) + copy(dAtA[i:], m.WorkingDirectory) + i = encodeVarintEvents(dAtA, i, uint64(len(m.WorkingDirectory))) + i-- + dAtA[i] = 0x32 } { size, err := m.ServerMetadata.MarshalToSizedBuffer(dAtA[:i]) @@ -10528,6 +11585,16 @@ func (m *ClientDisconnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintEvents(dAtA, i, uint64(size)) } i-- + dAtA[i] = 0x2a + { + size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- dAtA[i] = 0x22 { size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) @@ -10562,7 +11629,7 @@ func (m *ClientDisconnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AuthAttempt) Marshal() (dAtA []byte, err error) { +func (m *Subsystem) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10572,12 +11639,12 @@ func (m *AuthAttempt) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuthAttempt) MarshalTo(dAtA []byte) (int, error) { +func (m *Subsystem) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuthAttempt) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *Subsystem) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10586,16 +11653,20 @@ func (m *AuthAttempt) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - { - size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) + if len(m.Error) > 0 { + i -= len(m.Error) + copy(dAtA[i:], m.Error) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Error))) + i-- + dAtA[i] = 0x2a + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x22 } - i-- - dAtA[i] = 0x22 { size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -10629,7 +11700,7 @@ func (m *AuthAttempt) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *UserTokenCreate) Marshal() (dAtA []byte, err error) { +func (m *ClientDisconnect) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10639,12 +11710,12 @@ func (m *UserTokenCreate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *UserTokenCreate) MarshalTo(dAtA []byte) (int, error) { +func (m *ClientDisconnect) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *ClientDisconnect) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10653,28 +11724,15 @@ func (m *UserTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) + if len(m.Reason) > 0 { + i -= len(m.Reason) + copy(dAtA[i:], m.Reason) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Reason))) + i-- + dAtA[i] = 0x2a } - i-- - dAtA[i] = 0x12 { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.ServerMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -10682,36 +11740,9 @@ func (m *UserTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintEvents(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *RoleCreate) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *RoleCreate) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RoleCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } + dAtA[i] = 0x22 { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -10721,7 +11752,7 @@ func (m *RoleCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x1a { - size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -10743,7 +11774,7 @@ func (m *RoleCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *RoleDelete) Marshal() (dAtA []byte, err error) { +func (m *AuthAttempt) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10753,12 +11784,12 @@ func (m *RoleDelete) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RoleDelete) MarshalTo(dAtA []byte) (int, error) { +func (m *AuthAttempt) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RoleDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuthAttempt) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10768,7 +11799,17 @@ func (m *RoleDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + { + size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -10778,7 +11819,7 @@ func (m *RoleDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x1a { - size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -10800,7 +11841,7 @@ func (m *RoleDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *TrustedClusterCreate) Marshal() (dAtA []byte, err error) { +func (m *UserTokenCreate) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10810,12 +11851,12 @@ func (m *TrustedClusterCreate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TrustedClusterCreate) MarshalTo(dAtA []byte) (int, error) { +func (m *UserTokenCreate) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TrustedClusterCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *UserTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10857,7 +11898,7 @@ func (m *TrustedClusterCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *TrustedClusterDelete) Marshal() (dAtA []byte, err error) { +func (m *RoleCreate) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10867,12 +11908,12 @@ func (m *TrustedClusterDelete) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TrustedClusterDelete) MarshalTo(dAtA []byte) (int, error) { +func (m *RoleCreate) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TrustedClusterDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RoleCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10914,7 +11955,7 @@ func (m *TrustedClusterDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *TrustedClusterTokenCreate) Marshal() (dAtA []byte, err error) { +func (m *RoleDelete) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10924,12 +11965,12 @@ func (m *TrustedClusterTokenCreate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *TrustedClusterTokenCreate) MarshalTo(dAtA []byte) (int, error) { +func (m *RoleDelete) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *TrustedClusterTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RoleDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -10971,7 +12012,7 @@ func (m *TrustedClusterTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, erro return len(dAtA) - i, nil } -func (m *GithubConnectorCreate) Marshal() (dAtA []byte, err error) { +func (m *TrustedClusterCreate) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -10981,12 +12022,12 @@ func (m *GithubConnectorCreate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GithubConnectorCreate) MarshalTo(dAtA []byte) (int, error) { +func (m *TrustedClusterCreate) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GithubConnectorCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TrustedClusterCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -11028,7 +12069,7 @@ func (m *GithubConnectorCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *GithubConnectorDelete) Marshal() (dAtA []byte, err error) { +func (m *TrustedClusterDelete) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -11038,12 +12079,12 @@ func (m *GithubConnectorDelete) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *GithubConnectorDelete) MarshalTo(dAtA []byte) (int, error) { +func (m *TrustedClusterDelete) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *GithubConnectorDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TrustedClusterDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -11085,7 +12126,7 @@ func (m *GithubConnectorDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *OIDCConnectorCreate) Marshal() (dAtA []byte, err error) { +func (m *TrustedClusterTokenCreate) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -11095,12 +12136,183 @@ func (m *OIDCConnectorCreate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *OIDCConnectorCreate) MarshalTo(dAtA []byte) (int, error) { +func (m *TrustedClusterTokenCreate) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *OIDCConnectorCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *TrustedClusterTokenCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *GithubConnectorCreate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GithubConnectorCreate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GithubConnectorCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *GithubConnectorDelete) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GithubConnectorDelete) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GithubConnectorDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *OIDCConnectorCreate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *OIDCConnectorCreate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OIDCConnectorCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -11789,6 +13001,93 @@ func (m *AppSessionStart) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *AppSessionEnd) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AppSessionEnd) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AppSessionEnd) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.AppMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 + { + size, err := m.ConnectionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + { + size, err := m.ServerMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + { + size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *AppSessionChunk) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -11907,6 +13206,16 @@ func (m *AppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + { + size, err := m.AWSRequestMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a { size, err := m.AppMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -11956,6 +13265,54 @@ func (m *AppSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *AWSRequestMetadata) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AWSRequestMetadata) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AWSRequestMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.AWSHost) > 0 { + i -= len(m.AWSHost) + copy(dAtA[i:], m.AWSHost) + i = encodeVarintEvents(dAtA, i, uint64(len(m.AWSHost))) + i-- + dAtA[i] = 0x1a + } + if len(m.AWSService) > 0 { + i -= len(m.AWSService) + copy(dAtA[i:], m.AWSService) + i = encodeVarintEvents(dAtA, i, uint64(len(m.AWSService))) + i-- + dAtA[i] = 0x12 + } + if len(m.AWSRegion) > 0 { + i -= len(m.AWSRegion) + copy(dAtA[i:], m.AWSRegion) + i = encodeVarintEvents(dAtA, i, uint64(len(m.AWSRegion))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *DatabaseMetadata) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -13379,17 +14736,7 @@ func (m *LockCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Target.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -13397,44 +14744,7 @@ func (m *LockCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintEvents(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *LockDelete) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *LockDelete) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *LockDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } + dAtA[i] = 0x22 { size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -13468,7 +14778,7 @@ func (m *LockDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *RecoveryCodeGenerate) Marshal() (dAtA []byte, err error) { +func (m *LockDelete) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -13478,12 +14788,12 @@ func (m *RecoveryCodeGenerate) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RecoveryCodeGenerate) MarshalTo(dAtA []byte) (int, error) { +func (m *LockDelete) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RecoveryCodeGenerate) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *LockDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -13501,305 +14811,362 @@ func (m *RecoveryCodeGenerate) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintEvents(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x12 - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *RecoveryCodeUsed) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *RecoveryCodeUsed) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RecoveryCodeUsed) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - { - size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- dAtA[i] = 0x1a { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *WindowsDesktopSessionEnd) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *WindowsDesktopSessionEnd) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *WindowsDesktopSessionEnd) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.Participants) > 0 { - for iNdEx := len(m.Participants) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Participants[iNdEx]) - copy(dAtA[i:], m.Participants[iNdEx]) - i = encodeVarintEvents(dAtA, i, uint64(len(m.Participants[iNdEx]))) - i-- - dAtA[i] = 0x6a - } - } - if m.Recorded { - i-- - if m.Recorded { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x60 - } - if len(m.DesktopName) > 0 { - i -= len(m.DesktopName) - copy(dAtA[i:], m.DesktopName) - i = encodeVarintEvents(dAtA, i, uint64(len(m.DesktopName))) - i-- - dAtA[i] = 0x5a - } - n269, err269 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndTime):]) - if err269 != nil { - return 0, err269 - } - i -= n269 - i = encodeVarintEvents(dAtA, i, uint64(n269)) - i-- - dAtA[i] = 0x52 - n270, err270 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartTime):]) - if err270 != nil { - return 0, err270 - } - i -= n270 - i = encodeVarintEvents(dAtA, i, uint64(n270)) - i-- - dAtA[i] = 0x4a - if len(m.DesktopLabels) > 0 { - for k := range m.DesktopLabels { - v := m.DesktopLabels[k] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintEvents(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(k) - copy(dAtA[i:], k) - i = encodeVarintEvents(dAtA, i, uint64(len(k))) - i-- - dAtA[i] = 0xa - i = encodeVarintEvents(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x42 - } - } - if len(m.WindowsUser) > 0 { - i -= len(m.WindowsUser) - copy(dAtA[i:], m.WindowsUser) - i = encodeVarintEvents(dAtA, i, uint64(len(m.WindowsUser))) - i-- - dAtA[i] = 0x3a - } - if len(m.Domain) > 0 { - i -= len(m.Domain) - copy(dAtA[i:], m.Domain) - i = encodeVarintEvents(dAtA, i, uint64(len(m.Domain))) - i-- - dAtA[i] = 0x32 - } - if len(m.DesktopAddr) > 0 { - i -= len(m.DesktopAddr) - copy(dAtA[i:], m.DesktopAddr) - i = encodeVarintEvents(dAtA, i, uint64(len(m.DesktopAddr))) - i-- - dAtA[i] = 0x2a - } - if len(m.WindowsDesktopService) > 0 { - i -= len(m.WindowsDesktopService) - copy(dAtA[i:], m.WindowsDesktopService) - i = encodeVarintEvents(dAtA, i, uint64(len(m.WindowsDesktopService))) - i-- - dAtA[i] = 0x22 - } - { - size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *CertificateCreate) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CertificateCreate) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CertificateCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if m.Identity != nil { - { - size, err := m.Identity.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - if len(m.CertificateType) > 0 { - i -= len(m.CertificateType) - copy(dAtA[i:], m.CertificateType) - i = encodeVarintEvents(dAtA, i, uint64(len(m.CertificateType))) - i-- - dAtA[i] = 0x12 - } - { - size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintEvents(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *RenewableCertificateGenerationMismatch) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *RenewableCertificateGenerationMismatch) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *RenewableCertificateGenerationMismatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - { - size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RecoveryCodeGenerate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RecoveryCodeGenerate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RecoveryCodeGenerate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RecoveryCodeUsed) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RecoveryCodeUsed) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RecoveryCodeUsed) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *WindowsDesktopSessionEnd) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *WindowsDesktopSessionEnd) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WindowsDesktopSessionEnd) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Participants) > 0 { + for iNdEx := len(m.Participants) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Participants[iNdEx]) + copy(dAtA[i:], m.Participants[iNdEx]) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Participants[iNdEx]))) + i-- + dAtA[i] = 0x6a + } + } + if m.Recorded { + i-- + if m.Recorded { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x60 + } + if len(m.DesktopName) > 0 { + i -= len(m.DesktopName) + copy(dAtA[i:], m.DesktopName) + i = encodeVarintEvents(dAtA, i, uint64(len(m.DesktopName))) + i-- + dAtA[i] = 0x5a + } + n289, err289 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndTime):]) + if err289 != nil { + return 0, err289 + } + i -= n289 + i = encodeVarintEvents(dAtA, i, uint64(n289)) + i-- + dAtA[i] = 0x52 + n290, err290 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartTime):]) + if err290 != nil { + return 0, err290 + } + i -= n290 + i = encodeVarintEvents(dAtA, i, uint64(n290)) + i-- + dAtA[i] = 0x4a + if len(m.DesktopLabels) > 0 { + for k := range m.DesktopLabels { + v := m.DesktopLabels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintEvents(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintEvents(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintEvents(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x42 + } + } + if len(m.WindowsUser) > 0 { + i -= len(m.WindowsUser) + copy(dAtA[i:], m.WindowsUser) + i = encodeVarintEvents(dAtA, i, uint64(len(m.WindowsUser))) + i-- + dAtA[i] = 0x3a + } + if len(m.Domain) > 0 { + i -= len(m.Domain) + copy(dAtA[i:], m.Domain) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Domain))) + i-- + dAtA[i] = 0x32 + } + if len(m.DesktopAddr) > 0 { + i -= len(m.DesktopAddr) + copy(dAtA[i:], m.DesktopAddr) + i = encodeVarintEvents(dAtA, i, uint64(len(m.DesktopAddr))) + i-- + dAtA[i] = 0x2a + } + if len(m.WindowsDesktopService) > 0 { + i -= len(m.WindowsDesktopService) + copy(dAtA[i:], m.WindowsDesktopService) + i = encodeVarintEvents(dAtA, i, uint64(len(m.WindowsDesktopService))) + i-- + dAtA[i] = 0x22 + } + { + size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *CertificateCreate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CertificateCreate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CertificateCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Identity != nil { + { + size, err := m.Identity.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if len(m.CertificateType) > 0 { + i -= len(m.CertificateType) + copy(dAtA[i:], m.CertificateType) + i = encodeVarintEvents(dAtA, i, uint64(len(m.CertificateType))) + i-- + dAtA[i] = 0x12 + } + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RenewableCertificateGenerationMismatch) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RenewableCertificateGenerationMismatch) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RenewableCertificateGenerationMismatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -15955,6 +17322,213 @@ func (m *OneOf_DatabaseSessionMalformedPacket) MarshalToSizedBuffer(dAtA []byte) } return len(dAtA) - i, nil } +func (m *OneOf_SFTP) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_SFTP) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.SFTP != nil { + { + size, err := m.SFTP.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5 + i-- + dAtA[i] = 0xda + } + return len(dAtA) - i, nil +} +func (m *OneOf_UpgradeWindowStartUpdate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_UpgradeWindowStartUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.UpgradeWindowStartUpdate != nil { + { + size, err := m.UpgradeWindowStartUpdate.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5 + i-- + dAtA[i] = 0xe2 + } + return len(dAtA) - i, nil +} +func (m *OneOf_AppSessionEnd) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_AppSessionEnd) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.AppSessionEnd != nil { + { + size, err := m.AppSessionEnd.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5 + i-- + dAtA[i] = 0xea + } + return len(dAtA) - i, nil +} +func (m *OneOf_SessionRecordingAccess) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_SessionRecordingAccess) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.SessionRecordingAccess != nil { + { + size, err := m.SessionRecordingAccess.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5 + i-- + dAtA[i] = 0xf2 + } + return len(dAtA) - i, nil +} +func (m *OneOf_KubernetesClusterCreate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_KubernetesClusterCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.KubernetesClusterCreate != nil { + { + size, err := m.KubernetesClusterCreate.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6 + i-- + dAtA[i] = 0x82 + } + return len(dAtA) - i, nil +} +func (m *OneOf_KubernetesClusterUpdate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_KubernetesClusterUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.KubernetesClusterUpdate != nil { + { + size, err := m.KubernetesClusterUpdate.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6 + i-- + dAtA[i] = 0x8a + } + return len(dAtA) - i, nil +} +func (m *OneOf_KubernetesClusterDelete) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_KubernetesClusterDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.KubernetesClusterDelete != nil { + { + size, err := m.KubernetesClusterDelete.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6 + i-- + dAtA[i] = 0x92 + } + return len(dAtA) - i, nil +} +func (m *OneOf_SSMRun) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_SSMRun) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.SSMRun != nil { + { + size, err := m.SSMRun.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6 + i-- + dAtA[i] = 0x9a + } + return len(dAtA) - i, nil +} +func (m *OneOf_ElasticsearchRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *OneOf_ElasticsearchRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.ElasticsearchRequest != nil { + { + size, err := m.ElasticsearchRequest.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6 + i-- + dAtA[i] = 0xa2 + } + return len(dAtA) - i, nil +} func (m *StreamStatus) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -15979,12 +17553,12 @@ func (m *StreamStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n369, err369 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastUploadTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUploadTime):]) - if err369 != nil { - return 0, err369 + n398, err398 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastUploadTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUploadTime):]) + if err398 != nil { + return 0, err398 } - i -= n369 - i = encodeVarintEvents(dAtA, i, uint64(n369)) + i -= n398 + i = encodeVarintEvents(dAtA, i, uint64(n398)) i-- dAtA[i] = 0x1a if m.LastEventIndex != 0 { @@ -16230,12 +17804,12 @@ func (m *Identity) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x4a } - n375, err375 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err375 != nil { - return 0, err375 + n404, err404 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err404 != nil { + return 0, err404 } - i -= n375 - i = encodeVarintEvents(dAtA, i, uint64(n375)) + i -= n404 + i = encodeVarintEvents(dAtA, i, uint64(n404)) i-- dAtA[i] = 0x42 if len(m.KubernetesUsers) > 0 { @@ -17720,356 +19294,636 @@ func (m *DatabaseSessionMalformedPacket) MarshalToSizedBuffer(dAtA []byte) (int, return len(dAtA) - i, nil } -func encodeVarintEvents(dAtA []byte, offset int, v uint64) int { - offset -= sovEvents(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *Metadata) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Index != 0 { - n += 1 + sovEvents(uint64(m.Index)) - } - l = len(m.Type) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.ID) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.Code) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Time) - n += 1 + l + sovEvents(uint64(l)) - l = len(m.ClusterName) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) +func (m *ElasticsearchRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return n + return dAtA[:n], nil } -func (m *SessionMetadata) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.SessionID) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.WithMFA) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n +func (m *ElasticsearchRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *UserMetadata) Size() (n int) { - if m == nil { - return 0 - } +func (m *ElasticsearchRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = len(m.User) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - l = len(m.Login) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if len(m.Query) > 0 { + i -= len(m.Query) + copy(dAtA[i:], m.Query) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Query))) + i-- + dAtA[i] = 0x62 } - l = len(m.Impersonator) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if len(m.Target) > 0 { + i -= len(m.Target) + copy(dAtA[i:], m.Target) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Target))) + i-- + dAtA[i] = 0x5a } - l = len(m.AWSRoleARN) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if m.Category != 0 { + i = encodeVarintEvents(dAtA, i, uint64(m.Category)) + i-- + dAtA[i] = 0x50 } - if len(m.AccessRequests) > 0 { - for _, s := range m.AccessRequests { - l = len(s) - n += 1 + l + sovEvents(uint64(l)) + { + size := m.Headers.Size() + i -= size + if _, err := m.Headers.MarshalTo(dAtA[i:]); err != nil { + return 0, err } + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i-- + dAtA[i] = 0x4a + if len(m.Body) > 0 { + i -= len(m.Body) + copy(dAtA[i:], m.Body) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Body))) + i-- + dAtA[i] = 0x42 } - return n -} - -func (m *ServerMetadata) Size() (n int) { - if m == nil { - return 0 + if len(m.Method) > 0 { + i -= len(m.Method) + copy(dAtA[i:], m.Method) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Method))) + i-- + dAtA[i] = 0x3a } - var l int - _ = l - l = len(m.ServerNamespace) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if len(m.RawQuery) > 0 { + i -= len(m.RawQuery) + copy(dAtA[i:], m.RawQuery) + i = encodeVarintEvents(dAtA, i, uint64(len(m.RawQuery))) + i-- + dAtA[i] = 0x32 } - l = len(m.ServerID) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if len(m.Path) > 0 { + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0x2a } - l = len(m.ServerHostname) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.DatabaseMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - l = len(m.ServerAddr) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + i-- + dAtA[i] = 0x22 + { + size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if len(m.ServerLabels) > 0 { - for k, v := range m.ServerLabels { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovEvents(uint64(len(k))) + 1 + len(v) + sovEvents(uint64(len(v))) - n += mapEntrySize + 1 + sovEvents(uint64(mapEntrySize)) + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - return n + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } -func (m *ConnectionMetadata) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.LocalAddr) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.RemoteAddr) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.Protocol) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) +func (m *UpgradeWindowStartMetadata) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - return n + return dAtA[:n], nil } -func (m *ClientMetadata) Size() (n int) { - if m == nil { - return 0 - } +func (m *UpgradeWindowStartMetadata) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UpgradeWindowStartMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = len(m.UserAgent) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - return n + if len(m.UpgradeWindowStart) > 0 { + i -= len(m.UpgradeWindowStart) + copy(dAtA[i:], m.UpgradeWindowStart) + i = encodeVarintEvents(dAtA, i, uint64(len(m.UpgradeWindowStart))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil } -func (m *KubernetesClusterMetadata) Size() (n int) { - if m == nil { - return 0 +func (m *UpgradeWindowStartUpdate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *UpgradeWindowStartUpdate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UpgradeWindowStartUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = len(m.KubernetesCluster) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.KubernetesUsers) > 0 { - for _, s := range m.KubernetesUsers { - l = len(s) - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.UpgradeWindowStartMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if len(m.KubernetesGroups) > 0 { - for _, s := range m.KubernetesGroups { - l = len(s) - n += 1 + l + sovEvents(uint64(l)) + i-- + dAtA[i] = 0x22 + { + size, err := m.SessionMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if len(m.KubernetesLabels) > 0 { - for k, v := range m.KubernetesLabels { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovEvents(uint64(len(k))) + 1 + len(v) + sovEvents(uint64(len(v))) - n += mapEntrySize + 1 + sovEvents(uint64(mapEntrySize)) + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - return n + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } -func (m *KubernetesPodMetadata) Size() (n int) { - if m == nil { - return 0 +func (m *SessionRecordingAccess) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *SessionRecordingAccess) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SessionRecordingAccess) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = len(m.KubernetesPodName) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - l = len(m.KubernetesPodNamespace) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - l = len(m.KubernetesContainerName) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - l = len(m.KubernetesContainerImage) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + i-- + dAtA[i] = 0x1a + if len(m.SessionID) > 0 { + i -= len(m.SessionID) + copy(dAtA[i:], m.SessionID) + i = encodeVarintEvents(dAtA, i, uint64(len(m.SessionID))) + i-- + dAtA[i] = 0x12 } - l = len(m.KubernetesNodeName) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *KubeClusterMetadata) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *KubeClusterMetadata) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *KubeClusterMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - return n + if len(m.KubeLabels) > 0 { + for k := range m.KubeLabels { + v := m.KubeLabels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintEvents(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintEvents(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintEvents(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil } -func (m *SessionStart) Size() (n int) { - if m == nil { - return 0 +func (m *KubernetesClusterCreate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *KubernetesClusterCreate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *KubernetesClusterCreate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.TerminalSize) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - l = m.KubernetesClusterMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.KubernetesPodMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - if len(m.InitialCommand) > 0 { - for _, s := range m.InitialCommand { - l = len(s) - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.KubeClusterMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - l = len(m.SessionRecording) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + i-- + dAtA[i] = 0x22 + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - return n + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } -func (m *SessionJoin) Size() (n int) { - if m == nil { - return 0 +func (m *KubernetesClusterUpdate) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *KubernetesClusterUpdate) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *KubernetesClusterUpdate) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.KubernetesClusterMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - return n + { + size, err := m.KubeClusterMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } -func (m *SessionPrint) Size() (n int) { - if m == nil { - return 0 +func (m *KubernetesClusterDelete) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *KubernetesClusterDelete) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *KubernetesClusterDelete) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - if m.ChunkIndex != 0 { - n += 1 + sovEvents(uint64(m.ChunkIndex)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - l = len(m.Data) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) + { + size, err := m.ResourceMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.Bytes != 0 { - n += 1 + sovEvents(uint64(m.Bytes)) + i-- + dAtA[i] = 0x1a + { + size, err := m.UserMetadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.DelayMilliseconds != 0 { - n += 1 + sovEvents(uint64(m.DelayMilliseconds)) + i-- + dAtA[i] = 0x12 + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) } - if m.Offset != 0 { - n += 1 + sovEvents(uint64(m.Offset)) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *SSMRun) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } + return dAtA[:n], nil +} + +func (m *SSMRun) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SSMRun) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - return n + if len(m.Region) > 0 { + i -= len(m.Region) + copy(dAtA[i:], m.Region) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Region))) + i-- + dAtA[i] = 0x3a + } + if len(m.AccountID) > 0 { + i -= len(m.AccountID) + copy(dAtA[i:], m.AccountID) + i = encodeVarintEvents(dAtA, i, uint64(len(m.AccountID))) + i-- + dAtA[i] = 0x32 + } + if len(m.Status) > 0 { + i -= len(m.Status) + copy(dAtA[i:], m.Status) + i = encodeVarintEvents(dAtA, i, uint64(len(m.Status))) + i-- + dAtA[i] = 0x2a + } + if m.ExitCode != 0 { + i = encodeVarintEvents(dAtA, i, uint64(m.ExitCode)) + i-- + dAtA[i] = 0x20 + } + if len(m.InstanceID) > 0 { + i -= len(m.InstanceID) + copy(dAtA[i:], m.InstanceID) + i = encodeVarintEvents(dAtA, i, uint64(len(m.InstanceID))) + i-- + dAtA[i] = 0x1a + } + if len(m.CommandID) > 0 { + i -= len(m.CommandID) + copy(dAtA[i:], m.CommandID) + i = encodeVarintEvents(dAtA, i, uint64(len(m.CommandID))) + i-- + dAtA[i] = 0x12 + } + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEvents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } -func (m *DesktopRecording) Size() (n int) { +func encodeVarintEvents(dAtA []byte, offset int, v uint64) int { + offset -= sovEvents(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *Metadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.Message) + if m.Index != 0 { + n += 1 + sovEvents(uint64(m.Index)) + } + l = len(m.Type) if l > 0 { n += 1 + l + sovEvents(uint64(l)) } - if m.DelayMilliseconds != 0 { - n += 1 + sovEvents(uint64(m.DelayMilliseconds)) + l = len(m.ID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Code) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Time) + n += 1 + l + sovEvents(uint64(l)) + l = len(m.ClusterName) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -18077,26 +19931,19 @@ func (m *DesktopRecording) Size() (n int) { return n } -func (m *DesktopClipboardReceive) Size() (n int) { +func (m *SessionMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.DesktopAddr) + l = len(m.SessionID) if l > 0 { n += 1 + l + sovEvents(uint64(l)) } - if m.Length != 0 { - n += 1 + sovEvents(uint64(m.Length)) + l = len(m.WithMFA) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -18104,26 +19951,33 @@ func (m *DesktopClipboardReceive) Size() (n int) { return n } -func (m *DesktopClipboardSend) Size() (n int) { +func (m *UserMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.DesktopAddr) + l = len(m.User) if l > 0 { n += 1 + l + sovEvents(uint64(l)) } - if m.Length != 0 { - n += 1 + sovEvents(uint64(m.Length)) + l = len(m.Login) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Impersonator) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.AWSRoleARN) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if len(m.AccessRequests) > 0 { + for _, s := range m.AccessRequests { + l = len(s) + n += 1 + l + sovEvents(uint64(l)) + } } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -18131,26 +19985,39 @@ func (m *DesktopClipboardSend) Size() (n int) { return n } -func (m *SessionReject) Size() (n int) { +func (m *ServerMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.Reason) + l = len(m.ServerNamespace) if l > 0 { n += 1 + l + sovEvents(uint64(l)) } - if m.Maximum != 0 { - n += 1 + sovEvents(uint64(m.Maximum)) + l = len(m.ServerID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.ServerHostname) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.ServerAddr) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if len(m.ServerLabels) > 0 { + for k, v := range m.ServerLabels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovEvents(uint64(len(k))) + 1 + len(v) + sovEvents(uint64(len(v))) + n += mapEntrySize + 1 + sovEvents(uint64(mapEntrySize)) + } + } + l = len(m.ForwardedBy) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -18158,73 +20025,377 @@ func (m *SessionReject) Size() (n int) { return n } -func (m *SessionConnect) Size() (n int) { +func (m *ConnectionMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) + l = len(m.LocalAddr) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.RemoteAddr) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Protocol) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } return n } -func (m *Resize) Size() (n int) { +func (m *ClientMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.TerminalSize) + l = len(m.UserAgent) if l > 0 { n += 1 + l + sovEvents(uint64(l)) } - l = m.KubernetesClusterMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.KubernetesPodMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } return n } -func (m *SessionEnd) Size() (n int) { +func (m *KubernetesClusterMetadata) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ConnectionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.ServerMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - if m.EnhancedRecording { - n += 2 - } + l = len(m.KubernetesCluster) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if len(m.KubernetesUsers) > 0 { + for _, s := range m.KubernetesUsers { + l = len(s) + n += 1 + l + sovEvents(uint64(l)) + } + } + if len(m.KubernetesGroups) > 0 { + for _, s := range m.KubernetesGroups { + l = len(s) + n += 1 + l + sovEvents(uint64(l)) + } + } + if len(m.KubernetesLabels) > 0 { + for k, v := range m.KubernetesLabels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovEvents(uint64(len(k))) + 1 + len(v) + sovEvents(uint64(len(v))) + n += mapEntrySize + 1 + sovEvents(uint64(mapEntrySize)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *KubernetesPodMetadata) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.KubernetesPodName) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.KubernetesPodNamespace) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.KubernetesContainerName) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.KubernetesContainerImage) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.KubernetesNodeName) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionStart) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.TerminalSize) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = m.KubernetesClusterMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.KubernetesPodMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if len(m.InitialCommand) > 0 { + for _, s := range m.InitialCommand { + l = len(s) + n += 1 + l + sovEvents(uint64(l)) + } + } + l = len(m.SessionRecording) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionJoin) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.KubernetesClusterMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionPrint) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.ChunkIndex != 0 { + n += 1 + sovEvents(uint64(m.ChunkIndex)) + } + l = len(m.Data) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.Bytes != 0 { + n += 1 + sovEvents(uint64(m.Bytes)) + } + if m.DelayMilliseconds != 0 { + n += 1 + sovEvents(uint64(m.DelayMilliseconds)) + } + if m.Offset != 0 { + n += 1 + sovEvents(uint64(m.Offset)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DesktopRecording) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.Message) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.DelayMilliseconds != 0 { + n += 1 + sovEvents(uint64(m.DelayMilliseconds)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DesktopClipboardReceive) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.DesktopAddr) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.Length != 0 { + n += 1 + sovEvents(uint64(m.Length)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DesktopClipboardSend) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.DesktopAddr) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.Length != 0 { + n += 1 + sovEvents(uint64(m.Length)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionReject) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.Reason) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.Maximum != 0 { + n += 1 + sovEvents(uint64(m.Maximum)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionConnect) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *Resize) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.TerminalSize) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = m.KubernetesClusterMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.KubernetesPodMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionEnd) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.EnhancedRecording { + n += 2 + } if m.Interactive { n += 2 } @@ -18817,6 +20988,90 @@ func (m *SCP) Size() (n int) { return n } +func (m *SFTPAttributes) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.FileSize != nil { + l = github_com_gogo_protobuf_types.SizeOfStdUInt64(*m.FileSize) + n += 1 + l + sovEvents(uint64(l)) + } + if m.UID != nil { + l = github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.UID) + n += 1 + l + sovEvents(uint64(l)) + } + if m.GID != nil { + l = github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.GID) + n += 1 + l + sovEvents(uint64(l)) + } + if m.Permissions != nil { + l = github_com_gogo_protobuf_types.SizeOfStdUInt32(*m.Permissions) + n += 1 + l + sovEvents(uint64(l)) + } + if m.AccessTime != nil { + l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.AccessTime) + n += 1 + l + sovEvents(uint64(l)) + } + if m.ModificationTime != nil { + l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.ModificationTime) + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SFTP) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.WorkingDirectory) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Path) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.TargetPath) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.Flags != 0 { + n += 1 + sovEvents(uint64(m.Flags)) + } + if m.Attributes != nil { + l = m.Attributes.Size() + n += 1 + l + sovEvents(uint64(l)) + } + if m.Action != 0 { + n += 1 + sovEvents(uint64(m.Action)) + } + l = len(m.Error) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *Subsystem) Size() (n int) { if m == nil { return 0 @@ -19270,6 +21525,30 @@ func (m *AppSessionStart) Size() (n int) { return n } +func (m *AppSessionEnd) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ServerMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ConnectionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.AppMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *AppSessionChunk) Size() (n int) { if m == nil { return 0 @@ -19323,6 +21602,32 @@ func (m *AppSessionRequest) Size() (n int) { } l = m.AppMetadata.Size() n += 1 + l + sovEvents(uint64(l)) + l = m.AWSRequestMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AWSRequestMetadata) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.AWSRegion) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.AWSService) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.AWSHost) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -19834,6 +22139,8 @@ func (m *LockCreate) Size() (n int) { n += 1 + l + sovEvents(uint64(l)) l = m.UserMetadata.Size() n += 1 + l + sovEvents(uint64(l)) + l = m.Target.Size() + n += 1 + l + sovEvents(uint64(l)) if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -21110,6 +23417,114 @@ func (m *OneOf_DatabaseSessionMalformedPacket) Size() (n int) { } return n } +func (m *OneOf_SFTP) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.SFTP != nil { + l = m.SFTP.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_UpgradeWindowStartUpdate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.UpgradeWindowStartUpdate != nil { + l = m.UpgradeWindowStartUpdate.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_AppSessionEnd) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.AppSessionEnd != nil { + l = m.AppSessionEnd.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_SessionRecordingAccess) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.SessionRecordingAccess != nil { + l = m.SessionRecordingAccess.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_KubernetesClusterCreate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.KubernetesClusterCreate != nil { + l = m.KubernetesClusterCreate.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_KubernetesClusterUpdate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.KubernetesClusterUpdate != nil { + l = m.KubernetesClusterUpdate.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_KubernetesClusterDelete) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.KubernetesClusterDelete != nil { + l = m.KubernetesClusterDelete.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_SSMRun) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.SSMRun != nil { + l = m.SSMRun.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} +func (m *OneOf_ElasticsearchRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.ElasticsearchRequest != nil { + l = m.ElasticsearchRequest.Size() + n += 2 + l + sovEvents(uint64(l)) + } + return n +} func (m *StreamStatus) Size() (n int) { if m == nil { return 0 @@ -21744,43 +24159,3683 @@ func (m *SQLServerRPCRequest) Size() (n int) { n += 1 + l + sovEvents(uint64(l)) } } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DatabaseSessionMalformedPacket) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.DatabaseMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.Payload) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ElasticsearchRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.DatabaseMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.Path) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.RawQuery) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Method) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Body) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = m.Headers.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.Category != 0 { + n += 1 + sovEvents(uint64(m.Category)) + } + l = len(m.Target) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Query) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpgradeWindowStartMetadata) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.UpgradeWindowStart) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *UpgradeWindowStartUpdate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.SessionMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UpgradeWindowStartMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SessionRecordingAccess) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.SessionID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *KubeClusterMetadata) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.KubeLabels) > 0 { + for k, v := range m.KubeLabels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovEvents(uint64(len(k))) + 1 + len(v) + sovEvents(uint64(len(v))) + n += mapEntrySize + 1 + sovEvents(uint64(mapEntrySize)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *KubernetesClusterCreate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ResourceMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.KubeClusterMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *KubernetesClusterUpdate) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ResourceMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.KubeClusterMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *KubernetesClusterDelete) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.UserMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = m.ResourceMetadata.Size() + n += 1 + l + sovEvents(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SSMRun) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Metadata.Size() + n += 1 + l + sovEvents(uint64(l)) + l = len(m.CommandID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.InstanceID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.ExitCode != 0 { + n += 1 + sovEvents(uint64(m.ExitCode)) + } + l = len(m.Status) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.AccountID) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + l = len(m.Region) + if l > 0 { + n += 1 + l + sovEvents(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovEvents(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozEvents(x uint64) (n int) { + return sovEvents(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *Metadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Metadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Metadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) + } + m.Index = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Index |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Code = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Time", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Time, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SessionID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WithMFA", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.WithMFA = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UserMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.User = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Login = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Impersonator", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Impersonator = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ServerMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ServerMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ServerMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerHostname", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerHostname = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerLabels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ServerLabels == nil { + m.ServerLabels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.ServerLabels[mapkey] = mapvalue + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ForwardedBy", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ForwardedBy = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConnectionMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConnectionMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LocalAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.LocalAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RemoteAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RemoteAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Protocol = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ClientMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ClientMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ClientMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserAgent", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserAgent = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: KubernetesClusterMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: KubernetesClusterMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesUsers", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesUsers = append(m.KubernetesUsers, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesGroups", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesGroups = append(m.KubernetesGroups, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesLabels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.KubernetesLabels == nil { + m.KubernetesLabels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.KubernetesLabels[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: KubernetesPodMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: KubernetesPodMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesPodName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesPodNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesContainerName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesContainerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesContainerImage", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesContainerImage = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesNodeName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KubernetesNodeName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionStart) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionStart: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionStart: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TerminalSize", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TerminalSize = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field InitialCommand", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.InitialCommand = append(m.InitialCommand, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionRecording", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SessionRecording = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionJoin) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionJoin: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionJoin: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionPrint) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionPrint: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionPrint: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ChunkIndex", wireType) + } + m.ChunkIndex = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ChunkIndex |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) + if m.Data == nil { + m.Data = []byte{} + } + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Bytes", wireType) + } + m.Bytes = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Bytes |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DelayMilliseconds", wireType) + } + m.DelayMilliseconds = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DelayMilliseconds |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Offset", wireType) + } + m.Offset = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Offset |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DesktopRecording) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DesktopRecording: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DesktopRecording: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = append(m.Message[:0], dAtA[iNdEx:postIndex]...) + if m.Message == nil { + m.Message = []byte{} + } + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DelayMilliseconds", wireType) + } + m.DelayMilliseconds = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DelayMilliseconds |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DesktopClipboardReceive: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DesktopClipboardReceive: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DesktopAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType) + } + m.Length = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Length |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DesktopClipboardSend: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DesktopClipboardSend: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DesktopAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType) + } + m.Length = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Length |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionReject) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionReject: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionReject: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Reason = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Maximum", wireType) + } + m.Maximum = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Maximum |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionConnect) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionConnect: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionConnect: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } -func (m *DatabaseSessionMalformedPacket) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.Metadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.UserMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.SessionMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = m.DatabaseMetadata.Size() - n += 1 + l + sovEvents(uint64(l)) - l = len(m.Payload) - if l > 0 { - n += 1 + l + sovEvents(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + if iNdEx > l { + return io.ErrUnexpectedEOF } - return n -} - -func sovEvents(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozEvents(x uint64) (n int) { - return sovEvents(uint64((x << 1) ^ uint64((int64(x) >> 63)))) + return nil } -func (m *Metadata) Unmarshal(dAtA []byte) error { +func (m *Resize) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -21803,17 +27858,17 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Metadata: wiretype end group for non-group") + return fmt.Errorf("proto: Resize: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Metadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Resize: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - m.Index = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -21823,16 +27878,30 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Index |= int64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -21842,29 +27911,30 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Type = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -21874,29 +27944,30 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ID = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Code", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -21906,27 +27977,28 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Code = string(dAtA[iNdEx:postIndex]) + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Time", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -21953,13 +28025,13 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Time, dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TerminalSize", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -21987,64 +28059,13 @@ func (m *Metadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + m.TerminalSize = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SessionMetadata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SessionMetadata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionMetadata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22054,29 +28075,30 @@ func (m *SessionMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 2: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WithMFA", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22086,23 +28108,24 @@ func (m *SessionMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.WithMFA = string(dAtA[iNdEx:postIndex]) + if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -22126,7 +28149,7 @@ func (m *SessionMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserMetadata) Unmarshal(dAtA []byte) error { +func (m *SessionEnd) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -22149,17 +28172,17 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: SessionEnd: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22169,29 +28192,30 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.User = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Login", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22201,29 +28225,30 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Login = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Impersonator", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22233,29 +28258,30 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Impersonator = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22265,27 +28291,101 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field EnhancedRecording", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.EnhancedRecording = bool(v != 0) + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Interactive", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Interactive = bool(v != 0) + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Participants", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -22313,64 +28413,46 @@ func (m *UserMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) + m.Participants = append(m.Participants, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StartTime", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ServerMetadata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartTime, dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ServerMetadata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ServerMetadata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + iNdEx = postIndex + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerNamespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field EndTime", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22380,29 +28462,30 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerNamespace = string(dAtA[iNdEx:postIndex]) + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndTime, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 2: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22412,29 +28495,30 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerID = string(dAtA[iNdEx:postIndex]) + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 3: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerHostname", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22444,27 +28528,28 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerHostname = string(dAtA[iNdEx:postIndex]) + if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 4: + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field InitialCommand", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -22492,13 +28577,13 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ServerAddr = string(dAtA[iNdEx:postIndex]) + m.InitialCommand = append(m.InitialCommand, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 5: + case 14: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerLabels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionRecording", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22508,118 +28593,23 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if m.ServerLabels == nil { - m.ServerLabels = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.ServerLabels[mapkey] = mapvalue + m.SessionRecording = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -22643,7 +28633,7 @@ func (m *ServerMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { +func (m *BPFMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -22666,17 +28656,17 @@ func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ConnectionMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: BPFMetadata: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ConnectionMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BPFMetadata: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LocalAddr", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field PID", wireType) } - var stringLen uint64 + m.PID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22686,29 +28676,16 @@ func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.PID |= uint64(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.LocalAddr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RemoteAddr", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CgroupID", wireType) } - var stringLen uint64 + m.CgroupID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22718,27 +28695,14 @@ func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.CgroupID |= uint64(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RemoteAddr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Program", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -22766,7 +28730,7 @@ func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Protocol = string(dAtA[iNdEx:postIndex]) + m.Program = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -22790,7 +28754,7 @@ func (m *ConnectionMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *ClientMetadata) Unmarshal(dAtA []byte) error { +func (m *Status) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -22813,15 +28777,35 @@ func (m *ClientMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ClientMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: Status: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ClientMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Status: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Success", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Success = bool(v != 0) + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserAgent", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -22849,7 +28833,39 @@ func (m *ClientMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.UserAgent = string(dAtA[iNdEx:postIndex]) + m.Error = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMessage", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserMessage = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -22873,7 +28889,7 @@ func (m *ClientMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { +func (m *SessionCommand) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -22896,17 +28912,17 @@ func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: KubernetesClusterMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: SessionCommand: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: KubernetesClusterMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionCommand: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22916,29 +28932,30 @@ func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesUsers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22948,29 +28965,30 @@ func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesUsers = append(m.KubernetesUsers, string(dAtA[iNdEx:postIndex])) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesGroups", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -22980,27 +28998,28 @@ func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesGroups = append(m.KubernetesGroups, string(dAtA[iNdEx:postIndex])) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesLabels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -23027,192 +29046,15 @@ func (m *KubernetesClusterMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.KubernetesLabels == nil { - m.KubernetesLabels = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.KubernetesLabels[mapkey] = mapvalue - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: KubernetesPodMetadata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: KubernetesPodMetadata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.KubernetesPodName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodNamespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -23222,29 +29064,30 @@ func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesPodNamespace = string(dAtA[iNdEx:postIndex]) + if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesContainerName", wireType) + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field PPID", wireType) } - var stringLen uint64 + m.PPID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -23254,27 +29097,14 @@ func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.PPID |= uint64(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.KubernetesContainerName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesContainerImage", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -23302,11 +29132,11 @@ func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesContainerImage = string(dAtA[iNdEx:postIndex]) + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesNodeName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Argv", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -23334,8 +29164,27 @@ func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesNodeName = string(dAtA[iNdEx:postIndex]) + m.Argv = append(m.Argv, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ReturnCode", wireType) + } + m.ReturnCode = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ReturnCode |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -23358,7 +29207,7 @@ func (m *KubernetesPodMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionStart) Unmarshal(dAtA []byte) error { +func (m *SessionDisk) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -23381,10 +29230,10 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionStart: wiretype end group for non-group") + return fmt.Errorf("proto: SessionDisk: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionStart: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionDisk: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -23521,7 +29370,7 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -23548,13 +29397,13 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TerminalSize", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -23582,13 +29431,13 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.TerminalSize = string(dAtA[iNdEx:postIndex]) + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Flags", wireType) } - var msglen int + m.Flags = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -23598,95 +29447,16 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.Flags |= int32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field InitialCommand", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.InitialCommand = append(m.InitialCommand, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionRecording", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ReturnCode", wireType) } - var stringLen uint64 + m.ReturnCode = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -23696,24 +29466,11 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.ReturnCode |= int32(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SessionRecording = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -23736,7 +29493,7 @@ func (m *SessionStart) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionJoin) Unmarshal(dAtA []byte) error { +func (m *SessionNetwork) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -23759,10 +29516,10 @@ func (m *SessionJoin) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionJoin: wiretype end group for non-group") + return fmt.Errorf("proto: SessionNetwork: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionJoin: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionNetwork: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -23899,124 +29656,7 @@ func (m *SessionJoin) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SessionPrint) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SessionPrint: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionPrint: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -24043,34 +29683,15 @@ func (m *SessionPrint) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ChunkIndex", wireType) - } - m.ChunkIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ChunkIndex |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SrcAddr", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24080,31 +29701,29 @@ func (m *SessionPrint) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...) - if m.Data == nil { - m.Data = []byte{} - } + m.SrcAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Bytes", wireType) + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DstAddr", wireType) } - m.Bytes = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24114,35 +29733,29 @@ func (m *SessionPrint) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Bytes |= int64(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DelayMilliseconds", wireType) + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - m.DelayMilliseconds = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.DelayMilliseconds |= int64(b&0x7F) << shift - if b < 0x80 { - break - } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } - case 6: + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DstAddr = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Offset", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DstPort", wireType) } - m.Offset = 0 + m.DstPort = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24152,67 +29765,16 @@ func (m *SessionPrint) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Offset |= int64(b&0x7F) << shift + m.DstPort |= int32(b&0x7F) << shift if b < 0x80 { break } } - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *DesktopRecording) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: DesktopRecording: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: DesktopRecording: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TCPVersion", wireType) } - var msglen int + m.TCPVersion = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24222,30 +29784,16 @@ func (m *DesktopRecording) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.TCPVersion |= int32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Operation", wireType) } - var byteLen int + m.Operation = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24255,31 +29803,16 @@ func (m *DesktopRecording) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + m.Operation |= SessionNetwork_NetworkOperation(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Message = append(m.Message[:0], dAtA[iNdEx:postIndex]...) - if m.Message == nil { - m.Message = []byte{} - } - iNdEx = postIndex - case 3: + case 11: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DelayMilliseconds", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) } - m.DelayMilliseconds = 0 + m.Action = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24289,7 +29822,7 @@ func (m *DesktopRecording) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.DelayMilliseconds |= int64(b&0x7F) << shift + m.Action |= EventAction(b&0x7F) << shift if b < 0x80 { break } @@ -24316,7 +29849,7 @@ func (m *DesktopRecording) Unmarshal(dAtA []byte) error { } return nil } -func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { +func (m *SessionData) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -24339,10 +29872,10 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DesktopClipboardReceive: wiretype end group for non-group") + return fmt.Errorf("proto: SessionData: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DesktopClipboardReceive: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionData: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -24446,7 +29979,7 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -24473,15 +30006,15 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24491,29 +30024,30 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DesktopAddr = string(dAtA[iNdEx:postIndex]) + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 6: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BytesTransmitted", wireType) } - m.Length = 0 + m.BytesTransmitted = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24523,7 +30057,26 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Length |= int32(b&0x7F) << shift + m.BytesTransmitted |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field BytesReceived", wireType) + } + m.BytesReceived = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.BytesReceived |= uint64(b&0x7F) << shift if b < 0x80 { break } @@ -24550,7 +30103,7 @@ func (m *DesktopClipboardReceive) Unmarshal(dAtA []byte) error { } return nil } -func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { +func (m *SessionLeave) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -24573,10 +30126,10 @@ func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DesktopClipboardSend: wiretype end group for non-group") + return fmt.Errorf("proto: SessionLeave: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DesktopClipboardSend: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionLeave: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -24680,7 +30233,7 @@ func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -24707,15 +30260,15 @@ func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24725,43 +30278,25 @@ func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DesktopAddr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Length", wireType) - } - m.Length = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Length |= int32(b&0x7F) << shift - if b < 0x80 { - break - } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -24784,7 +30319,7 @@ func (m *DesktopClipboardSend) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionReject) Unmarshal(dAtA []byte) error { +func (m *UserLogin) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -24807,10 +30342,10 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionReject: wiretype end group for non-group") + return fmt.Errorf("proto: UserLogin: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionReject: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserLogin: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -24881,7 +30416,7 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -24908,13 +30443,45 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Method = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IdentityAttributes", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -24941,15 +30508,18 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.IdentityAttributes == nil { + m.IdentityAttributes = &Struct{} + } + if err := m.IdentityAttributes.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADevice", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24959,29 +30529,33 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Reason = string(dAtA[iNdEx:postIndex]) + if m.MFADevice == nil { + m.MFADevice = &MFADeviceMetadata{} + } + if err := m.MFADevice.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Maximum", wireType) + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClientMetadata", wireType) } - m.Maximum = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -24991,11 +30565,58 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.Maximum |= int64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ClientMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -25018,7 +30639,7 @@ func (m *SessionReject) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionConnect) Unmarshal(dAtA []byte) error { +func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -25041,17 +30662,17 @@ func (m *SessionConnect) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionConnect: wiretype end group for non-group") + return fmt.Errorf("proto: ResourceMetadata: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionConnect: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ResourceMetadata: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25061,28 +30682,27 @@ func (m *SessionConnect) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25109,15 +30729,15 @@ func (m *SessionConnect) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpdatedBy", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25127,24 +30747,55 @@ func (m *SessionConnect) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.UpdatedBy = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF } + m.TTL = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -25168,7 +30819,7 @@ func (m *SessionConnect) Unmarshal(dAtA []byte) error { } return nil } -func (m *Resize) Unmarshal(dAtA []byte) error { +func (m *UserCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -25191,10 +30842,10 @@ func (m *Resize) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Resize: wiretype end group for non-group") + return fmt.Errorf("proto: UserCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Resize: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -25265,7 +30916,7 @@ func (m *Resize) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25292,15 +30943,15 @@ func (m *Resize) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25310,30 +30961,29 @@ func (m *Resize) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Connector", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25343,30 +30993,80 @@ func (m *Resize) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Connector = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { return err } - iNdEx = postIndex - case 6: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UserDelete) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserDelete: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserDelete: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TerminalSize", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25376,27 +31076,28 @@ func (m *Resize) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.TerminalSize = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25423,13 +31124,13 @@ func (m *Resize) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25456,7 +31157,7 @@ func (m *Resize) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -25482,7 +31183,7 @@ func (m *Resize) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionEnd) Unmarshal(dAtA []byte) error { +func (m *UserPasswordChange) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -25505,10 +31206,10 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionEnd: wiretype end group for non-group") + return fmt.Errorf("proto: UserPasswordChange: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserPasswordChange: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -25577,9 +31278,60 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AccessRequestCreate: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AccessRequestCreate: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25606,13 +31358,13 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25639,13 +31391,13 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25672,15 +31424,15 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnhancedRecording", wireType) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } - var v int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25690,35 +31442,27 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - m.EnhancedRecording = bool(v != 0) - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Interactive", wireType) + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } - m.Interactive = bool(v != 0) - case 8: + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Participants", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RequestID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -25746,13 +31490,13 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Participants = append(m.Participants, string(dAtA[iNdEx:postIndex])) + m.RequestID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 9: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartTime", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RequestState", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25762,30 +31506,29 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartTime, dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.RequestState = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EndTime", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Delegator", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25795,30 +31538,29 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndTime, dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Delegator = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -25828,28 +31570,27 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Reason = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 12: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -25876,13 +31617,16 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Annotations == nil { + m.Annotations = &Struct{} + } + if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 13: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field InitialCommand", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Reviewer", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -25910,11 +31654,11 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.InitialCommand = append(m.InitialCommand, string(dAtA[iNdEx:postIndex])) + m.Reviewer = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 14: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionRecording", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ProposedState", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -25942,102 +31686,13 @@ func (m *SessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionRecording = string(dAtA[iNdEx:postIndex]) + m.ProposedState = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *BPFMetadata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: BPFMetadata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: BPFMetadata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field PID", wireType) - } - m.PID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.PID |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CgroupID", wireType) - } - m.CgroupID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.CgroupID |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Program", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RequestedResourceIDs", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -26047,23 +31702,25 @@ func (m *BPFMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Program = string(dAtA[iNdEx:postIndex]) + m.RequestedResourceIDs = append(m.RequestedResourceIDs, ResourceID{}) + if err := m.RequestedResourceIDs[len(m.RequestedResourceIDs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -26087,7 +31744,7 @@ func (m *BPFMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *Status) Unmarshal(dAtA []byte) error { +func (m *ResourceID) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26110,17 +31767,17 @@ func (m *Status) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Status: wiretype end group for non-group") + return fmt.Errorf("proto: ResourceID: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Status: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ResourceID: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Success", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } - var v int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -26130,15 +31787,27 @@ func (m *Status) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - m.Success = bool(v != 0) + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClusterName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26166,11 +31835,11 @@ func (m *Status) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Error = string(dAtA[iNdEx:postIndex]) + m.Kind = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMessage", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26198,7 +31867,7 @@ func (m *Status) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.UserMessage = string(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -26222,7 +31891,7 @@ func (m *Status) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionCommand) Unmarshal(dAtA []byte) error { +func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26245,147 +31914,15 @@ func (m *SessionCommand) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionCommand: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionCommand: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 5: + return fmt.Errorf("proto: AccessRequestDelete: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AccessRequestDelete: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -26412,34 +31949,15 @@ func (m *SessionCommand) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field PPID", wireType) - } - m.PPID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.PPID |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -26449,27 +31967,28 @@ func (m *SessionCommand) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Path = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Argv", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RequestID", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26497,27 +32016,8 @@ func (m *SessionCommand) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Argv = append(m.Argv, string(dAtA[iNdEx:postIndex])) + m.RequestID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ReturnCode", wireType) - } - m.ReturnCode = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ReturnCode |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -26540,7 +32040,7 @@ func (m *SessionCommand) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionDisk) Unmarshal(dAtA []byte) error { +func (m *PortForward) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26563,10 +32063,10 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionDisk: wiretype end group for non-group") + return fmt.Errorf("proto: PortForward: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionDisk: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PortForward: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -26637,7 +32137,7 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -26664,13 +32164,13 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -26697,46 +32197,13 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Addr", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -26764,46 +32231,8 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Path = string(dAtA[iNdEx:postIndex]) + m.Addr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Flags", wireType) - } - m.Flags = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Flags |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 8: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ReturnCode", wireType) - } - m.ReturnCode = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ReturnCode |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -26826,7 +32255,7 @@ func (m *SessionDisk) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionNetwork) Unmarshal(dAtA []byte) error { +func (m *X11Forward) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -26849,10 +32278,10 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionNetwork: wiretype end group for non-group") + return fmt.Errorf("proto: X11Forward: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionNetwork: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: X11Forward: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -26923,7 +32352,7 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -26950,13 +32379,13 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -26983,46 +32412,64 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BPFMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - if msglen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CommandMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - if err := m.BPFMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - iNdEx = postIndex - case 6: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CommandMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CommandMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SrcAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Command", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -27050,11 +32497,11 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SrcAddr = string(dAtA[iNdEx:postIndex]) + m.Command = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DstAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ExitCode", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -27082,32 +32529,13 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DstAddr = string(dAtA[iNdEx:postIndex]) + m.ExitCode = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DstPort", wireType) - } - m.DstPort = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.DstPort |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field TCPVersion", wireType) + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) } - m.TCPVersion = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -27117,49 +32545,24 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.TCPVersion |= int32(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - case 10: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Operation", wireType) - } - m.Operation = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Operation |= SessionNetwork_NetworkOperation(b&0x7F) << shift - if b < 0x80 { - break - } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } - m.Action = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Action |= EventAction(b&0x7F) << shift - if b < 0x80 { - break - } + if postIndex > l { + return io.ErrUnexpectedEOF } + m.Error = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -27182,7 +32585,7 @@ func (m *SessionNetwork) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionData) Unmarshal(dAtA []byte) error { +func (m *Exec) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -27205,10 +32608,10 @@ func (m *SessionData) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionData: wiretype end group for non-group") + return fmt.Errorf("proto: Exec: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionData: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Exec: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -27279,7 +32682,7 @@ func (m *SessionData) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27306,13 +32709,13 @@ func (m *SessionData) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27339,13 +32742,13 @@ func (m *SessionData) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27372,168 +32775,13 @@ func (m *SessionData) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field BytesTransmitted", wireType) - } - m.BytesTransmitted = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.BytesTransmitted |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field BytesReceived", wireType) - } - m.BytesReceived = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.BytesReceived |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SessionLeave) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SessionLeave: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionLeave: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CommandMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27560,13 +32808,13 @@ func (m *SessionLeave) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.CommandMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27593,13 +32841,13 @@ func (m *SessionLeave) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27626,7 +32874,7 @@ func (m *SessionLeave) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -27652,7 +32900,7 @@ func (m *SessionLeave) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserLogin) Unmarshal(dAtA []byte) error { +func (m *SCP) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -27675,10 +32923,10 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserLogin: wiretype end group for non-group") + return fmt.Errorf("proto: SCP: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserLogin: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SCP: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -27749,7 +32997,7 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27776,15 +33024,15 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -27794,27 +33042,28 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Method = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field IdentityAttributes", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27841,16 +33090,13 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.IdentityAttributes == nil { - m.IdentityAttributes = &Struct{} - } - if err := m.IdentityAttributes.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADevice", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CommandMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -27877,18 +33123,15 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.MFADevice == nil { - m.MFADevice = &MFADeviceMetadata{} - } - if err := m.MFADevice.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.CommandMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClientMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -27898,30 +33141,29 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ClientMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -27931,24 +33173,23 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Action = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -27972,7 +33213,7 @@ func (m *UserLogin) Unmarshal(dAtA []byte) error { } return nil } -func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { +func (m *SFTPAttributes) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -27995,17 +33236,17 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ResourceMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: SFTPAttributes: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ResourceMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SFTPAttributes: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field FileSize", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28015,27 +33256,31 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if m.FileSize == nil { + m.FileSize = new(uint64) + } + if err := github_com_gogo_protobuf_types.StdUInt64Unmarshal(m.FileSize, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28062,15 +33307,18 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + if m.UID == nil { + m.UID = new(uint32) + } + if err := github_com_gogo_protobuf_types.StdUInt32Unmarshal(m.UID, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UpdatedBy", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field GID", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28080,29 +33328,33 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.UpdatedBy = string(dAtA[iNdEx:postIndex]) + if m.GID == nil { + m.GID = new(uint32) + } + if err := github_com_gogo_protobuf_types.StdUInt32Unmarshal(m.GID, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TTL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Permissions", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28112,23 +33364,99 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.TTL = string(dAtA[iNdEx:postIndex]) + if m.Permissions == nil { + m.Permissions = new(uint32) + } + if err := github_com_gogo_protobuf_types.StdUInt32Unmarshal(m.Permissions, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AccessTime == nil { + m.AccessTime = new(time.Time) + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.AccessTime, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ModificationTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ModificationTime == nil { + m.ModificationTime = new(time.Time) + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.ModificationTime, dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -28152,7 +33480,7 @@ func (m *ResourceMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *UserCreate) Unmarshal(dAtA []byte) error { +func (m *SFTP) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -28175,10 +33503,10 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: UserCreate: wiretype end group for non-group") + return fmt.Errorf("proto: SFTP: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: UserCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SFTP: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -28210,13 +33538,79 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28243,13 +33637,13 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28276,13 +33670,13 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WorkingDirectory", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -28310,11 +33704,11 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) + m.WorkingDirectory = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Connector", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -28342,64 +33736,13 @@ func (m *UserCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Connector = string(dAtA[iNdEx:postIndex]) + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *UserDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: UserDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: UserDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TargetPath", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28409,30 +33752,29 @@ func (m *UserDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.TargetPath = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Flags", wireType) } - var msglen int + m.Flags = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28442,28 +33784,14 @@ func (m *UserDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.Flags |= uint32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Attributes", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28490,66 +33818,18 @@ func (m *UserDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.Attributes == nil { + m.Attributes = &SFTPAttributes{} } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { + if err := m.Attributes.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *UserPasswordChange) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: UserPasswordChange: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: UserPasswordChange: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + iNdEx = postIndex + case 11: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) } - var msglen int + m.Action = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28559,30 +33839,16 @@ func (m *UserPasswordChange) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.Action |= SFTPAction(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28592,24 +33858,23 @@ func (m *UserPasswordChange) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Error = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -28633,7 +33898,7 @@ func (m *UserPasswordChange) Unmarshal(dAtA []byte) error { } return nil } -func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { +func (m *Subsystem) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -28656,10 +33921,10 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AccessRequestCreate: wiretype end group for non-group") + return fmt.Errorf("proto: Subsystem: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AccessRequestCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Subsystem: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -28730,7 +33995,7 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28757,13 +34022,13 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -28791,11 +34056,11 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -28823,13 +34088,64 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RequestID = string(dAtA[iNdEx:postIndex]) + m.Error = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ClientDisconnect: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ClientDisconnect: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestState", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28839,29 +34155,30 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.RequestState = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Delegator", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28871,29 +34188,30 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Delegator = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -28903,27 +34221,28 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Reason = string(dAtA[iNdEx:postIndex]) + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 9: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -28950,16 +34269,13 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Annotations == nil { - m.Annotations = &Struct{} - } - if err := m.Annotations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 10: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reviewer", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -28987,13 +34303,64 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Reviewer = string(dAtA[iNdEx:postIndex]) + m.Reason = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AuthAttempt) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthAttempt: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthAttempt: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProposedState", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29003,27 +34370,28 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ProposedState = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 12: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestedResourceIDs", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29050,8 +34418,73 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RequestedResourceIDs = append(m.RequestedResourceIDs, ResourceID{}) - if err := m.RequestedResourceIDs[len(m.RequestedResourceIDs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -29077,7 +34510,7 @@ func (m *AccessRequestCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *ResourceID) Unmarshal(dAtA []byte) error { +func (m *UserTokenCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29100,17 +34533,17 @@ func (m *ResourceID) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ResourceID: wiretype end group for non-group") + return fmt.Errorf("proto: UserTokenCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ResourceID: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UserTokenCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29120,29 +34553,30 @@ func (m *ResourceID) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29152,29 +34586,30 @@ func (m *ResourceID) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Kind = string(dAtA[iNdEx:postIndex]) + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29184,23 +34619,24 @@ func (m *ResourceID) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -29224,7 +34660,7 @@ func (m *ResourceID) Unmarshal(dAtA []byte) error { } return nil } -func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { +func (m *RoleCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29247,10 +34683,10 @@ func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AccessRequestDelete: wiretype end group for non-group") + return fmt.Errorf("proto: RoleCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AccessRequestDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RoleCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -29288,7 +34724,7 @@ func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29315,15 +34751,15 @@ func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29333,23 +34769,24 @@ func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.RequestID = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -29373,7 +34810,7 @@ func (m *AccessRequestDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *PortForward) Unmarshal(dAtA []byte) error { +func (m *RoleDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29396,10 +34833,10 @@ func (m *PortForward) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PortForward: wiretype end group for non-group") + return fmt.Errorf("proto: RoleDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PortForward: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RoleDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -29437,7 +34874,7 @@ func (m *PortForward) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29464,46 +34901,13 @@ func (m *PortForward) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29530,42 +34934,10 @@ func (m *PortForward) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Addr", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Addr = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -29588,7 +34960,7 @@ func (m *PortForward) Unmarshal(dAtA []byte) error { } return nil } -func (m *X11Forward) Unmarshal(dAtA []byte) error { +func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29611,10 +34983,10 @@ func (m *X11Forward) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: X11Forward: wiretype end group for non-group") + return fmt.Errorf("proto: TrustedClusterCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: X11Forward: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TrustedClusterCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -29652,7 +35024,7 @@ func (m *X11Forward) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29679,46 +35051,13 @@ func (m *X11Forward) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -29745,7 +35084,7 @@ func (m *X11Forward) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -29771,7 +35110,7 @@ func (m *X11Forward) Unmarshal(dAtA []byte) error { } return nil } -func (m *CommandMetadata) Unmarshal(dAtA []byte) error { +func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29794,17 +35133,17 @@ func (m *CommandMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: CommandMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: TrustedClusterDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: CommandMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TrustedClusterDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Command", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29814,29 +35153,30 @@ func (m *CommandMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Command = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExitCode", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29846,29 +35186,30 @@ func (m *CommandMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ExitCode = string(dAtA[iNdEx:postIndex]) + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -29878,23 +35219,24 @@ func (m *CommandMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Error = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -29918,7 +35260,7 @@ func (m *CommandMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *Exec) Unmarshal(dAtA []byte) error { +func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29941,10 +35283,10 @@ func (m *Exec) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Exec: wiretype end group for non-group") + return fmt.Errorf("proto: TrustedClusterTokenCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Exec: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: TrustedClusterTokenCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -29982,7 +35324,7 @@ func (m *Exec) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30009,13 +35351,13 @@ func (m *Exec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30042,79 +35384,64 @@ func (m *Exec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - iNdEx = postIndex - case 6: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GithubConnectorCreate: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GithubConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CommandMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30141,13 +35468,13 @@ func (m *Exec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.CommandMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30174,13 +35501,13 @@ func (m *Exec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesPodMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30207,7 +35534,7 @@ func (m *Exec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesPodMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -30233,7 +35560,7 @@ func (m *Exec) Unmarshal(dAtA []byte) error { } return nil } -func (m *SCP) Unmarshal(dAtA []byte) error { +func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -30256,10 +35583,10 @@ func (m *SCP) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SCP: wiretype end group for non-group") + return fmt.Errorf("proto: GithubConnectorDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SCP: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: GithubConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -30297,7 +35624,7 @@ func (m *SCP) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30324,13 +35651,13 @@ func (m *SCP) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30357,46 +35684,64 @@ func (m *SCP) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - if msglen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - iNdEx = postIndex - case 5: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: OIDCConnectorCreate: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: OIDCConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30423,13 +35768,13 @@ func (m *SCP) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 6: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CommandMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30456,15 +35801,15 @@ func (m *SCP) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.CommandMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 7: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -30474,55 +35819,24 @@ func (m *SCP) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Path = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Action = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -30546,7 +35860,7 @@ func (m *SCP) Unmarshal(dAtA []byte) error { } return nil } -func (m *Subsystem) Unmarshal(dAtA []byte) error { +func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -30569,10 +35883,10 @@ func (m *Subsystem) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Subsystem: wiretype end group for non-group") + return fmt.Errorf("proto: OIDCConnectorDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Subsystem: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: OIDCConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -30610,7 +35924,7 @@ func (m *Subsystem) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30637,13 +35951,13 @@ func (m *Subsystem) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30670,74 +35984,10 @@ func (m *Subsystem) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Error = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -30760,7 +36010,7 @@ func (m *Subsystem) Unmarshal(dAtA []byte) error { } return nil } -func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { +func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -30783,10 +36033,10 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ClientDisconnect: wiretype end group for non-group") + return fmt.Errorf("proto: SAMLConnectorCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ClientDisconnect: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SAMLConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -30823,6 +36073,39 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } @@ -30855,9 +36138,60 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SAMLConnectorDelete: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SAMLConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30884,13 +36218,13 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -30917,15 +36251,15 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -30935,23 +36269,24 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Reason = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -30975,7 +36310,7 @@ func (m *ClientDisconnect) Unmarshal(dAtA []byte) error { } return nil } -func (m *AuthAttempt) Unmarshal(dAtA []byte) error { +func (m *KubeRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -30998,10 +36333,10 @@ func (m *AuthAttempt) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AuthAttempt: wiretype end group for non-group") + return fmt.Errorf("proto: KubeRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AuthAttempt: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: KubeRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -31105,7 +36440,7 @@ func (m *AuthAttempt) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31132,66 +36467,15 @@ func (m *AuthAttempt) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *UserTokenCreate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: UserTokenCreate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: UserTokenCreate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RequestPath", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31201,30 +36485,29 @@ func (m *UserTokenCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.RequestPath = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Verb", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31234,30 +36517,29 @@ func (m *UserTokenCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Verb = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceAPIGroup", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31267,81 +36549,61 @@ func (m *UserTokenCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.ResourceAPIGroup = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceNamespace", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RoleCreate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RoleCreate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RoleCreate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.ResourceNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceKind", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31351,30 +36613,29 @@ func (m *RoleCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.ResourceKind = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31384,28 +36645,46 @@ func (m *RoleCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.ResourceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 11: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ResponseCode", wireType) + } + m.ResponseCode = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ResponseCode |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31432,7 +36711,7 @@ func (m *RoleCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -31458,7 +36737,7 @@ func (m *RoleCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *RoleDelete) Unmarshal(dAtA []byte) error { +func (m *AppMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -31481,17 +36760,17 @@ func (m *RoleDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RoleDelete: wiretype end group for non-group") + return fmt.Errorf("proto: AppMetadata: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RoleDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppMetadata: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppURI", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31501,30 +36780,29 @@ func (m *RoleDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.AppURI = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppPublicAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -31534,28 +36812,27 @@ func (m *RoleDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.AppPublicAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppLabels", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31582,9 +36859,135 @@ func (m *RoleDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.AppLabels == nil { + m.AppLabels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.AppLabels[mapkey] = mapvalue + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AppName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -31608,7 +37011,7 @@ func (m *RoleDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { +func (m *AppCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -31631,10 +37034,10 @@ func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TrustedClusterCreate: wiretype end group for non-group") + return fmt.Errorf("proto: AppCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TrustedClusterCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -31671,6 +37074,39 @@ func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } @@ -31703,9 +37139,9 @@ func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31732,7 +37168,7 @@ func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -31758,7 +37194,7 @@ func (m *TrustedClusterCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { +func (m *AppUpdate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -31781,10 +37217,10 @@ func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TrustedClusterDelete: wiretype end group for non-group") + return fmt.Errorf("proto: AppUpdate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TrustedClusterDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppUpdate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -31821,6 +37257,39 @@ func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } @@ -31853,9 +37322,9 @@ func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31882,7 +37351,7 @@ func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -31908,7 +37377,7 @@ func (m *TrustedClusterDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { +func (m *AppDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -31931,10 +37400,10 @@ func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: TrustedClusterTokenCreate: wiretype end group for non-group") + return fmt.Errorf("proto: AppDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: TrustedClusterTokenCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -31972,7 +37441,7 @@ func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -31999,13 +37468,13 @@ func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32032,7 +37501,7 @@ func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -32058,7 +37527,7 @@ func (m *TrustedClusterTokenCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { +func (m *AppSessionStart) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -32081,10 +37550,10 @@ func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: GithubConnectorCreate: wiretype end group for non-group") + return fmt.Errorf("proto: AppSessionStart: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: GithubConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -32122,7 +37591,7 @@ func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32149,13 +37618,13 @@ func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32182,64 +37651,46 @@ func (m *GithubConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GithubConnectorDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GithubConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + iNdEx = postIndex + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32266,15 +37717,15 @@ func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -32284,28 +37735,27 @@ func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.PublicAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32332,7 +37782,7 @@ func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -32358,7 +37808,7 @@ func (m *GithubConnectorDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { +func (m *AppSessionEnd) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -32381,10 +37831,10 @@ func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: OIDCConnectorCreate: wiretype end group for non-group") + return fmt.Errorf("proto: AppSessionEnd: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: OIDCConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppSessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -32422,7 +37872,7 @@ func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32449,13 +37899,13 @@ func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32482,64 +37932,13 @@ func (m *OIDCConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: OIDCConnectorDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: OIDCConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32566,13 +37965,13 @@ func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32599,13 +37998,13 @@ func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32632,7 +38031,7 @@ func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -32658,7 +38057,7 @@ func (m *OIDCConnectorDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { +func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -32681,10 +38080,10 @@ func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SAMLConnectorCreate: wiretype end group for non-group") + return fmt.Errorf("proto: AppSessionChunk: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SAMLConnectorCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppSessionChunk: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -32722,7 +38121,7 @@ func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32749,13 +38148,13 @@ func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32782,64 +38181,13 @@ func (m *SAMLConnectorCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SAMLConnectorDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SAMLConnectorDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32866,13 +38214,13 @@ func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32899,13 +38247,45 @@ func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionChunkID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SessionChunkID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -32932,7 +38312,7 @@ func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -32958,7 +38338,7 @@ func (m *SAMLConnectorDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *KubeRequest) Unmarshal(dAtA []byte) error { +func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -32981,10 +38361,10 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: KubeRequest: wiretype end group for non-group") + return fmt.Errorf("proto: AppSessionRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: KubeRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -33021,10 +38401,10 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatusCode", wireType) } - var msglen int + m.StatusCode = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33034,30 +38414,16 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.StatusCode |= uint32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33067,30 +38433,29 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RawQuery", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33100,28 +38465,27 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.RawQuery = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestPath", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33149,13 +38513,13 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.RequestPath = string(dAtA[iNdEx:postIndex]) + m.Method = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Verb", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33165,29 +38529,30 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Verb = string(dAtA[iNdEx:postIndex]) + if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceAPIGroup", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRequestMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33197,59 +38562,79 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourceAPIGroup = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceNamespace", wireType) + if err := m.AWSRequestMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AWSRequestMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.ResourceNamespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 9: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AWSRequestMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AWSRequestMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceKind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRegion", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33277,11 +38662,11 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourceKind = string(dAtA[iNdEx:postIndex]) + m.AWSRegion = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSService", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33309,32 +38694,13 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourceName = string(dAtA[iNdEx:postIndex]) + m.AWSService = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ResponseCode", wireType) - } - m.ResponseCode = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.ResponseCode |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 12: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSHost", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -33344,24 +38710,23 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.KubernetesClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.AWSHost = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -33385,7 +38750,7 @@ func (m *KubeRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppMetadata) Unmarshal(dAtA []byte) error { +func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33408,15 +38773,15 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseMetadata: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseMetadata: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppURI", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseService", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33444,11 +38809,11 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AppURI = string(dAtA[iNdEx:postIndex]) + m.DatabaseService = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppPublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseProtocol", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33476,11 +38841,107 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AppPublicAddr = string(dAtA[iNdEx:postIndex]) + m.DatabaseProtocol = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppLabels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseURI", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseURI = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUser", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseUser = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseLabels", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -33507,8 +38968,8 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.AppLabels == nil { - m.AppLabels = make(map[string]string) + if m.DatabaseLabels == nil { + m.DatabaseLabels = make(map[string]string) } var mapkey string var mapvalue string @@ -33603,11 +39064,11 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { iNdEx += skippy } } - m.AppLabels[mapkey] = mapvalue + m.DatabaseLabels[mapkey] = mapvalue iNdEx = postIndex - case 4: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseAWSRegion", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -33635,7 +39096,103 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AppName = string(dAtA[iNdEx:postIndex]) + m.DatabaseAWSRegion = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseAWSRedshiftClusterID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseAWSRedshiftClusterID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseGCPProjectID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseGCPProjectID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseGCPInstanceID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DatabaseGCPInstanceID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -33659,7 +39216,7 @@ func (m *AppMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppCreate) Unmarshal(dAtA []byte) error { +func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33682,10 +39239,10 @@ func (m *AppCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppCreate: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -33789,7 +39346,7 @@ func (m *AppCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -33816,7 +39373,7 @@ func (m *AppCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -33842,7 +39399,7 @@ func (m *AppCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppUpdate) Unmarshal(dAtA []byte) error { +func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -33865,10 +39422,10 @@ func (m *AppUpdate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppUpdate: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseUpdate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppUpdate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseUpdate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -33972,7 +39529,7 @@ func (m *AppUpdate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -33999,7 +39556,7 @@ func (m *AppUpdate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -34025,7 +39582,7 @@ func (m *AppUpdate) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppDelete) Unmarshal(dAtA []byte) error { +func (m *DatabaseDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34048,10 +39605,10 @@ func (m *AppDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppDelete: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -34175,7 +39732,7 @@ func (m *AppDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppSessionStart) Unmarshal(dAtA []byte) error { +func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34198,10 +39755,10 @@ func (m *AppSessionStart) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppSessionStart: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseSessionStart: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -34369,11 +39926,11 @@ func (m *AppSessionStart) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 7: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34383,27 +39940,28 @@ func (m *AppSessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicAddr = string(dAtA[iNdEx:postIndex]) + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 8: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34430,7 +39988,7 @@ func (m *AppSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -34456,7 +40014,7 @@ func (m *AppSessionStart) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { +func (m *DatabaseSessionQuery) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34479,10 +40037,10 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppSessionChunk: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseSessionQuery: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppSessionChunk: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseSessionQuery: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -34586,7 +40144,7 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34613,15 +40171,15 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseQuery", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34631,28 +40189,27 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.DatabaseQuery = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionChunkID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseQueryParameters", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34680,11 +40237,11 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionChunkID = string(dAtA[iNdEx:postIndex]) + m.DatabaseQueryParameters = append(m.DatabaseQueryParameters, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -34711,7 +40268,7 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -34737,7 +40294,7 @@ func (m *AppSessionChunk) Unmarshal(dAtA []byte) error { } return nil } -func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { +func (m *PostgresParse) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34760,10 +40317,10 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AppSessionRequest: wiretype end group for non-group") + return fmt.Errorf("proto: PostgresParse: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AppSessionRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PostgresParse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -34800,10 +40357,10 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatusCode", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - m.StatusCode = 0 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34813,16 +40370,30 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.StatusCode |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34832,29 +40403,30 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Path = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RawQuery", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34864,27 +40436,28 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.RawQuery = string(dAtA[iNdEx:postIndex]) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -34912,13 +40485,13 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Method = string(dAtA[iNdEx:postIndex]) + m.StatementName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -34928,24 +40501,23 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.AppMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Query = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -34969,7 +40541,7 @@ func (m *AppSessionRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { +func (m *PostgresBind) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -34992,17 +40564,17 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseMetadata: wiretype end group for non-group") + return fmt.Errorf("proto: PostgresBind: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PostgresBind: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseService", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -35012,29 +40584,30 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseService = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseProtocol", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -35044,27 +40617,94 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseProtocol = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseURI", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35092,11 +40732,11 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseURI = string(dAtA[iNdEx:postIndex]) + m.StatementName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35124,11 +40764,11 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseName = string(dAtA[iNdEx:postIndex]) + m.PortalName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUser", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35156,11 +40796,62 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseUser = string(dAtA[iNdEx:postIndex]) + m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 6: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PostgresExecute) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PostgresExecute: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PostgresExecute: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseLabels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -35187,109 +40878,15 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.DatabaseLabels == nil { - m.DatabaseLabels = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.DatabaseLabels[mapkey] = mapvalue iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseAWSRegion", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -35299,29 +40896,30 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseAWSRegion = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseAWSRedshiftClusterID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -35331,29 +40929,30 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseAWSRedshiftClusterID = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 9: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseGCPProjectID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -35363,27 +40962,28 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseGCPProjectID = string(dAtA[iNdEx:postIndex]) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 10: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseGCPInstanceID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35411,7 +41011,7 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseGCPInstanceID = string(dAtA[iNdEx:postIndex]) + m.PortalName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -35435,7 +41035,7 @@ func (m *DatabaseMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { +func (m *PostgresClose) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35458,10 +41058,10 @@ func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseCreate: wiretype end group for non-group") + return fmt.Errorf("proto: PostgresClose: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PostgresClose: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -35532,7 +41132,7 @@ func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -35559,7 +41159,7 @@ func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -35596,6 +41196,70 @@ func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.StatementName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PortalName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -35618,7 +41282,7 @@ func (m *DatabaseCreate) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { +func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35641,10 +41305,10 @@ func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseUpdate: wiretype end group for non-group") + return fmt.Errorf("proto: PostgresFunctionCall: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseUpdate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PostgresFunctionCall: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -35715,7 +41379,7 @@ func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -35742,7 +41406,7 @@ func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -35779,6 +41443,57 @@ func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field FunctionOID", wireType) + } + m.FunctionOID = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.FunctionOID |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field FunctionArgs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.FunctionArgs = append(m.FunctionArgs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -35801,7 +41516,7 @@ func (m *DatabaseUpdate) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseDelete) Unmarshal(dAtA []byte) error { +func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35824,10 +41539,10 @@ func (m *DatabaseDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseDelete: wiretype end group for non-group") + return fmt.Errorf("proto: WindowsDesktopSessionStart: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: WindowsDesktopSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -35898,7 +41613,7 @@ func (m *DatabaseDelete) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -35925,64 +41640,13 @@ func (m *DatabaseDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: DatabaseSessionStart: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -36009,13 +41673,13 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -36042,15 +41706,15 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36060,30 +41724,29 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.WindowsDesktopService = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36093,30 +41756,29 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ServerMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.DesktopAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Domain", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36126,28 +41788,59 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Domain = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field WindowsUser", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.WindowsUser = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopLabels", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -36174,15 +41867,109 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + if m.DesktopLabels == nil { + m.DesktopLabels = make(map[string]string) } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.DesktopLabels[mapkey] = mapvalue iNdEx = postIndex - case 7: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36192,24 +41979,23 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.DesktopName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -36233,7 +42019,7 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseSessionQuery) Unmarshal(dAtA []byte) error { +func (m *DatabaseSessionEnd) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36256,10 +42042,10 @@ func (m *DatabaseSessionQuery) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseSessionQuery: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseSessionEnd: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseSessionQuery: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseSessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -36394,103 +42180,6 @@ func (m *DatabaseSessionQuery) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseQuery", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DatabaseQuery = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseQueryParameters", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DatabaseQueryParameters = append(m.DatabaseQueryParameters, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -36513,7 +42202,7 @@ func (m *DatabaseSessionQuery) Unmarshal(dAtA []byte) error { } return nil } -func (m *PostgresParse) Unmarshal(dAtA []byte) error { +func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36536,17 +42225,17 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PostgresParse: wiretype end group for non-group") + return fmt.Errorf("proto: MFADeviceMetadata: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PostgresParse: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFADeviceMetadata: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36556,30 +42245,29 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.DeviceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36589,30 +42277,29 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.DeviceID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36622,28 +42309,78 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.DeviceType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { return err } - iNdEx = postIndex - case 4: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MFADeviceAdd: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MFADeviceAdd: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -36670,15 +42407,15 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36688,29 +42425,30 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.StatementName = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 6: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36720,23 +42458,24 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Query = string(dAtA[iNdEx:postIndex]) + if err := m.MFADeviceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -36760,7 +42499,7 @@ func (m *PostgresParse) Unmarshal(dAtA []byte) error { } return nil } -func (m *PostgresBind) Unmarshal(dAtA []byte) error { +func (m *MFADeviceDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -36783,10 +42522,10 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PostgresBind: wiretype end group for non-group") + return fmt.Errorf("proto: MFADeviceDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PostgresBind: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MFADeviceDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -36857,7 +42596,7 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -36884,80 +42623,66 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.MFADeviceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + msglen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.StatementName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BillingInformationUpdate: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BillingInformationUpdate: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36967,29 +42692,30 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.PortalName = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -36999,23 +42725,24 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -37039,7 +42766,7 @@ func (m *PostgresBind) Unmarshal(dAtA []byte) error { } return nil } -func (m *PostgresExecute) Unmarshal(dAtA []byte) error { +func (m *BillingCardCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37062,10 +42789,10 @@ func (m *PostgresExecute) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PostgresExecute: wiretype end group for non-group") + return fmt.Errorf("proto: BillingCardCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PostgresExecute: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BillingCardCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -37130,46 +42857,64 @@ func (m *PostgresExecute) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BillingCardDelete) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BillingCardDelete: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BillingCardDelete: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37196,15 +42941,15 @@ func (m *PostgresExecute) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -37214,23 +42959,24 @@ func (m *PostgresExecute) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.PortalName = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -37254,7 +43000,7 @@ func (m *PostgresExecute) Unmarshal(dAtA []byte) error { } return nil } -func (m *PostgresClose) Unmarshal(dAtA []byte) error { +func (m *LockCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37277,10 +43023,10 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PostgresClose: wiretype end group for non-group") + return fmt.Errorf("proto: LockCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PostgresClose: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: LockCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -37318,7 +43064,7 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37345,13 +43091,13 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37378,13 +43124,13 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Target", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37411,74 +43157,10 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Target.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.StatementName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PortalName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PortalName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -37501,7 +43183,7 @@ func (m *PostgresClose) Unmarshal(dAtA []byte) error { } return nil } -func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { +func (m *LockDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37524,10 +43206,10 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PostgresFunctionCall: wiretype end group for non-group") + return fmt.Errorf("proto: LockDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PostgresFunctionCall: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: LockDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -37565,7 +43247,7 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37592,13 +43274,13 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37625,13 +43307,64 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RecoveryCodeGenerate) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RecoveryCodeGenerate: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RecoveryCodeGenerate: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37658,34 +43391,15 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field FunctionOID", wireType) - } - m.FunctionOID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.FunctionOID |= uint32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 6: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field FunctionArgs", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -37695,23 +43409,24 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.FunctionArgs = append(m.FunctionArgs, string(dAtA[iNdEx:postIndex])) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -37735,7 +43450,7 @@ func (m *PostgresFunctionCall) Unmarshal(dAtA []byte) error { } return nil } -func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { +func (m *RecoveryCodeUsed) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -37758,10 +43473,10 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: WindowsDesktopSessionStart: wiretype end group for non-group") + return fmt.Errorf("proto: RecoveryCodeUsed: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: WindowsDesktopSessionStart: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RecoveryCodeUsed: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -37832,7 +43547,7 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37859,13 +43574,64 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: WindowsDesktopSessionEnd: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: WindowsDesktopSessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37892,13 +43658,13 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ConnectionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -37925,11 +43691,44 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 6: + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) } @@ -37961,7 +43760,7 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { } m.WindowsDesktopService = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 7: + case 5: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) } @@ -37993,7 +43792,7 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { } m.DesktopAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 8: + case 6: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Domain", wireType) } @@ -38025,7 +43824,7 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { } m.Domain = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 9: + case 7: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field WindowsUser", wireType) } @@ -38057,7 +43856,7 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { } m.WindowsUser = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: + case 8: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field DesktopLabels", wireType) } @@ -38184,158 +43983,9 @@ func (m *WindowsDesktopSessionStart) Unmarshal(dAtA []byte) error { } m.DesktopLabels[mapkey] = mapvalue iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DesktopName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *DatabaseSessionEnd) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: DatabaseSessionEnd: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseSessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartTime", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38362,13 +44012,13 @@ func (m *DatabaseSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartTime, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field EndTime", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38395,64 +44045,13 @@ func (m *DatabaseSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndTime, dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: MFADeviceMetadata: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: MFADeviceMetadata: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38480,13 +44079,13 @@ func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DeviceName = string(dAtA[iNdEx:postIndex]) + m.DesktopName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceID", wireType) + case 12: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Recorded", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -38496,27 +44095,15 @@ func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DeviceID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + m.Recorded = bool(v != 0) + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DeviceType", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Participants", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -38544,7 +44131,7 @@ func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DeviceType = string(dAtA[iNdEx:postIndex]) + m.Participants = append(m.Participants, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -38568,7 +44155,7 @@ func (m *MFADeviceMetadata) Unmarshal(dAtA []byte) error { } return nil } -func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { +func (m *CertificateCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38591,10 +44178,10 @@ func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MFADeviceAdd: wiretype end group for non-group") + return fmt.Errorf("proto: CertificateCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MFADeviceAdd: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: CertificateCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -38632,9 +44219,9 @@ func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CertificateType", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -38644,28 +44231,27 @@ func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.CertificateType = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -38692,7 +44278,10 @@ func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.MFADeviceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.Identity == nil { + m.Identity = &Identity{} + } + if err := m.Identity.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -38718,7 +44307,7 @@ func (m *MFADeviceAdd) Unmarshal(dAtA []byte) error { } return nil } -func (m *MFADeviceDelete) Unmarshal(dAtA []byte) error { +func (m *RenewableCertificateGenerationMismatch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38741,10 +44330,10 @@ func (m *MFADeviceDelete) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MFADeviceDelete: wiretype end group for non-group") + return fmt.Errorf("proto: RenewableCertificateGenerationMismatch: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MFADeviceDelete: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RenewableCertificateGenerationMismatch: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -38813,39 +44402,6 @@ func (m *MFADeviceDelete) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.MFADeviceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -38868,7 +44424,7 @@ func (m *MFADeviceDelete) Unmarshal(dAtA []byte) error { } return nil } -func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { +func (m *Unknown) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -38891,10 +44447,10 @@ func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: BillingInformationUpdate: wiretype end group for non-group") + return fmt.Errorf("proto: Unknown: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: BillingInformationUpdate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: Unknown: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -38932,9 +44488,9 @@ func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UnknownType", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -38944,24 +44500,87 @@ func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.UnknownType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UnknownCode", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UnknownCode = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Data = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -38985,7 +44604,7 @@ func (m *BillingInformationUpdate) Unmarshal(dAtA []byte) error { } return nil } -func (m *BillingCardCreate) Unmarshal(dAtA []byte) error { +func (m *OneOf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39008,15 +44627,15 @@ func (m *BillingCardCreate) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: BillingCardCreate: wiretype end group for non-group") + return fmt.Errorf("proto: OneOf: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: BillingCardCreate: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: OneOf: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserLogin", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39043,13 +44662,15 @@ func (m *BillingCardCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &UserLogin{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_UserLogin{v} iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39076,64 +44697,50 @@ func (m *BillingCardCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &UserCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_UserCreate{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserDelete", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *BillingCardDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &UserDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: BillingCardDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: BillingCardDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Event = &OneOf_UserDelete{v} + iNdEx = postIndex + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserPasswordChange", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39160,13 +44767,15 @@ func (m *BillingCardDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &UserPasswordChange{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_UserPasswordChange{v} iNdEx = postIndex - case 2: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionStart", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39193,64 +44802,50 @@ func (m *BillingCardDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionStart{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionStart{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionJoin", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *LockCreate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: LockCreate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: LockCreate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + v := &SessionJoin{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_SessionJoin{v} + iNdEx = postIndex + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionPrint", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39277,13 +44872,15 @@ func (m *LockCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionPrint{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionPrint{v} iNdEx = postIndex - case 2: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionReject", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39310,13 +44907,15 @@ func (m *LockCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionReject{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionReject{v} iNdEx = postIndex - case 3: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Resize", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39343,64 +44942,15 @@ func (m *LockCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &Resize{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_Resize{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *LockDelete) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: LockDelete: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: LockDelete: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionEnd", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39427,13 +44977,15 @@ func (m *LockDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionEnd{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionEnd{v} iNdEx = postIndex - case 2: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionCommand", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39460,13 +45012,15 @@ func (m *LockDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionCommand{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionCommand{v} iNdEx = postIndex - case 3: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionDisk", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39493,64 +45047,15 @@ func (m *LockDelete) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionDisk{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionDisk{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RecoveryCodeGenerate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RecoveryCodeGenerate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RecoveryCodeGenerate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionNetwork", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39577,13 +45082,15 @@ func (m *RecoveryCodeGenerate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionNetwork{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionNetwork{v} iNdEx = postIndex - case 2: + case 14: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionData", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39610,64 +45117,15 @@ func (m *RecoveryCodeGenerate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionData{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionData{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RecoveryCodeUsed) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RecoveryCodeUsed: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RecoveryCodeUsed: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 15: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionLeave", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39694,13 +45152,15 @@ func (m *RecoveryCodeUsed) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SessionLeave{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SessionLeave{v} iNdEx = postIndex - case 2: + case 16: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PortForward", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39727,13 +45187,15 @@ func (m *RecoveryCodeUsed) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &PortForward{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_PortForward{v} iNdEx = postIndex - case 3: + case 17: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field X11Forward", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39760,64 +45222,15 @@ func (m *RecoveryCodeUsed) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &X11Forward{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_X11Forward{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: WindowsDesktopSessionEnd: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: WindowsDesktopSessionEnd: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 18: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SCP", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39844,13 +45257,15 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SCP{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SCP{v} iNdEx = postIndex - case 2: + case 19: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Exec", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39877,13 +45292,15 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &Exec{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_Exec{v} iNdEx = postIndex - case 3: + case 20: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Subsystem", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39910,15 +45327,17 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &Subsystem{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_Subsystem{v} iNdEx = postIndex - case 4: + case 21: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopService", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClientDisconnect", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -39928,29 +45347,32 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.WindowsDesktopService = string(dAtA[iNdEx:postIndex]) + v := &ClientDisconnect{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_ClientDisconnect{v} iNdEx = postIndex - case 5: + case 22: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AuthAttempt", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -39960,29 +45382,32 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DesktopAddr = string(dAtA[iNdEx:postIndex]) + v := &AuthAttempt{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_AuthAttempt{v} iNdEx = postIndex - case 6: + case 23: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Domain", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestCreate", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -39992,29 +45417,32 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Domain = string(dAtA[iNdEx:postIndex]) + v := &AccessRequestCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_AccessRequestCreate{v} iNdEx = postIndex - case 7: + case 24: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsUser", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserTokenCreate", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40024,27 +45452,30 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.WindowsUser = string(dAtA[iNdEx:postIndex]) + v := &UserTokenCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_UserTokenCreate{v} iNdEx = postIndex - case 8: + case 25: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopLabels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RoleCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40071,107 +45502,50 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.DesktopLabels == nil { - m.DesktopLabels = make(map[string]string) + v := &RoleCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + m.Event = &OneOf_RoleCreate{v} + iNdEx = postIndex + case 26: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RoleDelete", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break } } - m.DesktopLabels[mapkey] = mapvalue + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &RoleDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_RoleDelete{v} iNdEx = postIndex - case 9: + case 27: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StartTime", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40198,13 +45572,15 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.StartTime, dAtA[iNdEx:postIndex]); err != nil { + v := &TrustedClusterCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_TrustedClusterCreate{v} iNdEx = postIndex - case 10: + case 28: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EndTime", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40231,15 +45607,17 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.EndTime, dAtA[iNdEx:postIndex]); err != nil { + v := &TrustedClusterDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_TrustedClusterDelete{v} iNdEx = postIndex - case 11: + case 29: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterTokenCreate", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40249,29 +45627,32 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.DesktopName = string(dAtA[iNdEx:postIndex]) + v := &TrustedClusterTokenCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_TrustedClusterTokenCreate{v} iNdEx = postIndex - case 12: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Recorded", wireType) + case 30: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field GithubConnectorCreate", wireType) } - var v int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40281,17 +45662,32 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - m.Recorded = bool(v != 0) - case 13: + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &GithubConnectorCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_GithubConnectorCreate{v} + iNdEx = postIndex + case 31: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Participants", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field GithubConnectorDelete", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40301,78 +45697,30 @@ func (m *WindowsDesktopSessionEnd) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Participants = append(m.Participants, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { + v := &GithubConnectorDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CertificateCreate) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CertificateCreate: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CertificateCreate: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Event = &OneOf_GithubConnectorDelete{v} + iNdEx = postIndex + case 32: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field OIDCConnectorCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40399,15 +45747,17 @@ func (m *CertificateCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &OIDCConnectorCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_OIDCConnectorCreate{v} iNdEx = postIndex - case 2: + case 33: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CertificateType", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field OIDCConnectorDelete", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40417,27 +45767,30 @@ func (m *CertificateCreate) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.CertificateType = string(dAtA[iNdEx:postIndex]) + v := &OIDCConnectorDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_OIDCConnectorDelete{v} iNdEx = postIndex - case 3: + case 34: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SAMLConnectorCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40464,67 +45817,50 @@ func (m *CertificateCreate) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Identity == nil { - m.Identity = &Identity{} - } - if err := m.Identity.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &SAMLConnectorCreate{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_SAMLConnectorCreate{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 35: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SAMLConnectorDelete", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *RenewableCertificateGenerationMismatch) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &SAMLConnectorDelete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: RenewableCertificateGenerationMismatch: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: RenewableCertificateGenerationMismatch: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Event = &OneOf_SAMLConnectorDelete{v} + iNdEx = postIndex + case 36: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeRequest", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40551,13 +45887,15 @@ func (m *RenewableCertificateGenerationMismatch) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &KubeRequest{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_KubeRequest{v} iNdEx = postIndex - case 2: + case 37: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppSessionStart", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40584,64 +45922,50 @@ func (m *RenewableCertificateGenerationMismatch) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &AppSessionStart{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_AppSessionStart{v} iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 38: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppSessionChunk", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF + if msglen < 0 { + return ErrInvalidLengthEvents } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Unknown) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + v := &AppSessionChunk{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Unknown: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Unknown: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Event = &OneOf_AppSessionChunk{v} + iNdEx = postIndex + case 39: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppSessionRequest", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40668,15 +45992,17 @@ func (m *Unknown) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + v := &AppSessionRequest{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } + m.Event = &OneOf_AppSessionRequest{v} iNdEx = postIndex - case 2: + case 40: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UnknownType", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionStart", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40686,29 +46012,32 @@ func (m *Unknown) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.UnknownType = string(dAtA[iNdEx:postIndex]) + v := &DatabaseSessionStart{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_DatabaseSessionStart{v} iNdEx = postIndex - case 3: + case 41: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UnknownCode", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionEnd", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40718,29 +46047,32 @@ func (m *Unknown) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.UnknownCode = string(dAtA[iNdEx:postIndex]) + v := &DatabaseSessionEnd{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &OneOf_DatabaseSessionEnd{v} iNdEx = postIndex - case 4: + case 42: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionQuery", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -40750,78 +46082,30 @@ func (m *Unknown) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Data = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { + v := &DatabaseSessionQuery{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *OneOf) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: OneOf: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: OneOf: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Event = &OneOf_DatabaseSessionQuery{v} + iNdEx = postIndex + case 43: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserLogin", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionUpload", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40848,15 +46132,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserLogin{} + v := &SessionUpload{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_UserLogin{v} + m.Event = &OneOf_SessionUpload{v} iNdEx = postIndex - case 2: + case 44: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceAdd", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40883,15 +46167,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserCreate{} + v := &MFADeviceAdd{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_UserCreate{v} + m.Event = &OneOf_MFADeviceAdd{v} iNdEx = postIndex - case 3: + case 45: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40918,15 +46202,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserDelete{} + v := &MFADeviceDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_UserDelete{v} + m.Event = &OneOf_MFADeviceDelete{v} iNdEx = postIndex - case 4: + case 46: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserPasswordChange", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BillingInformationUpdate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40953,15 +46237,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserPasswordChange{} + v := &BillingInformationUpdate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_UserPasswordChange{v} + m.Event = &OneOf_BillingInformationUpdate{v} iNdEx = postIndex - case 5: + case 47: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionStart", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BillingCardCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40988,15 +46272,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionStart{} + v := &BillingCardCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionStart{v} + m.Event = &OneOf_BillingCardCreate{v} iNdEx = postIndex - case 6: + case 48: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionJoin", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BillingCardDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41023,15 +46307,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionJoin{} + v := &BillingCardDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionJoin{v} + m.Event = &OneOf_BillingCardDelete{v} iNdEx = postIndex - case 7: + case 49: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionPrint", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field LockCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41058,15 +46342,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionPrint{} + v := &LockCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionPrint{v} + m.Event = &OneOf_LockCreate{v} iNdEx = postIndex - case 8: + case 50: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionReject", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field LockDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41093,15 +46377,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionReject{} + v := &LockDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionReject{v} + m.Event = &OneOf_LockDelete{v} iNdEx = postIndex - case 9: + case 51: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resize", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCodeGenerate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41128,15 +46412,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &Resize{} + v := &RecoveryCodeGenerate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_Resize{v} + m.Event = &OneOf_RecoveryCodeGenerate{v} iNdEx = postIndex - case 10: + case 52: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionEnd", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCodeUsed", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41163,15 +46447,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionEnd{} + v := &RecoveryCodeUsed{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionEnd{v} + m.Event = &OneOf_RecoveryCodeUsed{v} iNdEx = postIndex - case 11: + case 53: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionCommand", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41198,15 +46482,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionCommand{} + v := &DatabaseCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionCommand{v} + m.Event = &OneOf_DatabaseCreate{v} iNdEx = postIndex - case 12: + case 54: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionDisk", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUpdate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41233,15 +46517,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionDisk{} + v := &DatabaseUpdate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionDisk{v} + m.Event = &OneOf_DatabaseUpdate{v} iNdEx = postIndex - case 13: + case 55: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionNetwork", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41268,15 +46552,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionNetwork{} + v := &DatabaseDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionNetwork{v} + m.Event = &OneOf_DatabaseDelete{v} iNdEx = postIndex - case 14: + case 56: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionData", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41303,15 +46587,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionData{} + v := &AppCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionData{v} + m.Event = &OneOf_AppCreate{v} iNdEx = postIndex - case 15: + case 57: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionLeave", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppUpdate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41338,15 +46622,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionLeave{} + v := &AppUpdate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionLeave{v} + m.Event = &OneOf_AppUpdate{v} iNdEx = postIndex - case 16: + case 58: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PortForward", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41373,15 +46657,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &PortForward{} + v := &AppDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_PortForward{v} + m.Event = &OneOf_AppDelete{v} iNdEx = postIndex - case 17: + case 59: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field X11Forward", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopSessionStart", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41408,15 +46692,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &X11Forward{} + v := &WindowsDesktopSessionStart{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_X11Forward{v} + m.Event = &OneOf_WindowsDesktopSessionStart{v} iNdEx = postIndex - case 18: + case 60: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SCP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopSessionEnd", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41443,15 +46727,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SCP{} + v := &WindowsDesktopSessionEnd{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SCP{v} + m.Event = &OneOf_WindowsDesktopSessionEnd{v} iNdEx = postIndex - case 19: + case 61: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Exec", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PostgresParse", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41478,15 +46762,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &Exec{} + v := &PostgresParse{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_Exec{v} + m.Event = &OneOf_PostgresParse{v} iNdEx = postIndex - case 20: + case 62: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Subsystem", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PostgresBind", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41513,15 +46797,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &Subsystem{} + v := &PostgresBind{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_Subsystem{v} + m.Event = &OneOf_PostgresBind{v} iNdEx = postIndex - case 21: + case 63: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClientDisconnect", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PostgresExecute", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41548,15 +46832,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &ClientDisconnect{} + v := &PostgresExecute{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_ClientDisconnect{v} + m.Event = &OneOf_PostgresExecute{v} iNdEx = postIndex - case 22: + case 64: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuthAttempt", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PostgresClose", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41583,15 +46867,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AuthAttempt{} + v := &PostgresClose{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AuthAttempt{v} + m.Event = &OneOf_PostgresClose{v} iNdEx = postIndex - case 23: + case 65: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PostgresFunctionCall", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41618,15 +46902,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AccessRequestCreate{} + v := &PostgresFunctionCall{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AccessRequestCreate{v} + m.Event = &OneOf_PostgresFunctionCall{v} iNdEx = postIndex - case 24: + case 66: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserTokenCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41653,15 +46937,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &UserTokenCreate{} + v := &AccessRequestDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_UserTokenCreate{v} + m.Event = &OneOf_AccessRequestDelete{v} iNdEx = postIndex - case 25: + case 67: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RoleCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionConnect", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41688,15 +46972,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &RoleCreate{} + v := &SessionConnect{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_RoleCreate{v} + m.Event = &OneOf_SessionConnect{v} iNdEx = postIndex - case 26: + case 68: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RoleDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CertificateCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41723,15 +47007,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &RoleDelete{} + v := &CertificateCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_RoleDelete{v} + m.Event = &OneOf_CertificateCreate{v} iNdEx = postIndex - case 27: + case 69: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopRecording", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41758,15 +47042,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TrustedClusterCreate{} + v := &DesktopRecording{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_TrustedClusterCreate{v} + m.Event = &OneOf_DesktopRecording{v} iNdEx = postIndex - case 28: + case 70: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopClipboardSend", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41793,15 +47077,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TrustedClusterDelete{} + v := &DesktopClipboardSend{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_TrustedClusterDelete{v} + m.Event = &OneOf_DesktopClipboardSend{v} iNdEx = postIndex - case 29: + case 71: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TrustedClusterTokenCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DesktopClipboardReceive", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41828,15 +47112,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &TrustedClusterTokenCreate{} + v := &DesktopClipboardReceive{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_TrustedClusterTokenCreate{v} + m.Event = &OneOf_DesktopClipboardReceive{v} iNdEx = postIndex - case 30: + case 72: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GithubConnectorCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementPrepare", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41863,15 +47147,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &GithubConnectorCreate{} + v := &MySQLStatementPrepare{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_GithubConnectorCreate{v} + m.Event = &OneOf_MySQLStatementPrepare{v} iNdEx = postIndex - case 31: + case 73: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GithubConnectorDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementExecute", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41898,15 +47182,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &GithubConnectorDelete{} + v := &MySQLStatementExecute{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_GithubConnectorDelete{v} + m.Event = &OneOf_MySQLStatementExecute{v} iNdEx = postIndex - case 32: + case 74: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OIDCConnectorCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementSendLongData", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41933,15 +47217,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &OIDCConnectorCreate{} + v := &MySQLStatementSendLongData{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_OIDCConnectorCreate{v} + m.Event = &OneOf_MySQLStatementSendLongData{v} iNdEx = postIndex - case 33: + case 75: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OIDCConnectorDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementClose", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -41968,15 +47252,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &OIDCConnectorDelete{} + v := &MySQLStatementClose{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_OIDCConnectorDelete{v} + m.Event = &OneOf_MySQLStatementClose{v} iNdEx = postIndex - case 34: + case 76: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SAMLConnectorCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementReset", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42003,15 +47287,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SAMLConnectorCreate{} + v := &MySQLStatementReset{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SAMLConnectorCreate{v} + m.Event = &OneOf_MySQLStatementReset{v} iNdEx = postIndex - case 35: + case 77: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SAMLConnectorDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementFetch", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42038,15 +47322,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SAMLConnectorDelete{} + v := &MySQLStatementFetch{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SAMLConnectorDelete{v} + m.Event = &OneOf_MySQLStatementFetch{v} iNdEx = postIndex - case 36: + case 78: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubeRequest", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementBulkExecute", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42073,15 +47357,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &KubeRequest{} + v := &MySQLStatementBulkExecute{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_KubeRequest{v} + m.Event = &OneOf_MySQLStatementBulkExecute{v} iNdEx = postIndex - case 37: + case 79: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppSessionStart", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RenewableCertificateGenerationMismatch", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42108,15 +47392,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppSessionStart{} + v := &RenewableCertificateGenerationMismatch{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AppSessionStart{v} + m.Event = &OneOf_RenewableCertificateGenerationMismatch{v} iNdEx = postIndex - case 38: + case 80: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppSessionChunk", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Unknown", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42143,15 +47427,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppSessionChunk{} + v := &Unknown{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AppSessionChunk{v} + m.Event = &OneOf_Unknown{v} iNdEx = postIndex - case 39: + case 81: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppSessionRequest", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLInitDB", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42178,15 +47462,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppSessionRequest{} + v := &MySQLInitDB{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AppSessionRequest{v} + m.Event = &OneOf_MySQLInitDB{v} iNdEx = postIndex - case 40: + case 82: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionStart", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLCreateDB", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42213,15 +47497,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseSessionStart{} + v := &MySQLCreateDB{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseSessionStart{v} + m.Event = &OneOf_MySQLCreateDB{v} iNdEx = postIndex - case 41: + case 83: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionEnd", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLDropDB", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42248,15 +47532,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseSessionEnd{} + v := &MySQLDropDB{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseSessionEnd{v} + m.Event = &OneOf_MySQLDropDB{v} iNdEx = postIndex - case 42: + case 84: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionQuery", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLShutDown", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42283,15 +47567,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseSessionQuery{} + v := &MySQLShutDown{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseSessionQuery{v} + m.Event = &OneOf_MySQLShutDown{v} iNdEx = postIndex - case 43: + case 85: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionUpload", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLProcessKill", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42318,15 +47602,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionUpload{} + v := &MySQLProcessKill{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_SessionUpload{v} + m.Event = &OneOf_MySQLProcessKill{v} iNdEx = postIndex - case 44: + case 86: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceAdd", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLDebug", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42353,15 +47637,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFADeviceAdd{} + v := &MySQLDebug{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MFADeviceAdd{v} + m.Event = &OneOf_MySQLDebug{v} iNdEx = postIndex - case 45: + case 87: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MySQLRefresh", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42388,15 +47672,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MFADeviceDelete{} + v := &MySQLRefresh{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MFADeviceDelete{v} + m.Event = &OneOf_MySQLRefresh{v} iNdEx = postIndex - case 46: + case 88: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BillingInformationUpdate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestResourceSearch", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42423,15 +47707,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &BillingInformationUpdate{} + v := &AccessRequestResourceSearch{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_BillingInformationUpdate{v} + m.Event = &OneOf_AccessRequestResourceSearch{v} iNdEx = postIndex - case 47: + case 89: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BillingCardCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SQLServerRPCRequest", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42458,15 +47742,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &BillingCardCreate{} + v := &SQLServerRPCRequest{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_BillingCardCreate{v} + m.Event = &OneOf_SQLServerRPCRequest{v} iNdEx = postIndex - case 48: + case 90: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BillingCardDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionMalformedPacket", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42493,15 +47777,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &BillingCardDelete{} + v := &DatabaseSessionMalformedPacket{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_BillingCardDelete{v} + m.Event = &OneOf_DatabaseSessionMalformedPacket{v} iNdEx = postIndex - case 49: + case 91: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LockCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SFTP", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42528,15 +47812,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &LockCreate{} + v := &SFTP{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_LockCreate{v} + m.Event = &OneOf_SFTP{v} iNdEx = postIndex - case 50: + case 92: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LockDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpgradeWindowStartUpdate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42563,15 +47847,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &LockDelete{} + v := &UpgradeWindowStartUpdate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_LockDelete{v} + m.Event = &OneOf_UpgradeWindowStartUpdate{v} iNdEx = postIndex - case 51: + case 93: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCodeGenerate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AppSessionEnd", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42598,15 +47882,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &RecoveryCodeGenerate{} + v := &AppSessionEnd{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_RecoveryCodeGenerate{v} + m.Event = &OneOf_AppSessionEnd{v} iNdEx = postIndex - case 52: + case 94: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RecoveryCodeUsed", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionRecordingAccess", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42633,15 +47917,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &RecoveryCodeUsed{} + v := &SessionRecordingAccess{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_RecoveryCodeUsed{v} + m.Event = &OneOf_SessionRecordingAccess{v} iNdEx = postIndex - case 53: + case 96: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterCreate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42668,15 +47952,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseCreate{} + v := &KubernetesClusterCreate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseCreate{v} + m.Event = &OneOf_KubernetesClusterCreate{v} iNdEx = postIndex - case 54: + case 97: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUpdate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterUpdate", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42703,15 +47987,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseUpdate{} + v := &KubernetesClusterUpdate{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseUpdate{v} + m.Event = &OneOf_KubernetesClusterUpdate{v} iNdEx = postIndex - case 55: + case 98: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesClusterDelete", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42738,15 +48022,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseDelete{} + v := &KubernetesClusterDelete{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_DatabaseDelete{v} + m.Event = &OneOf_KubernetesClusterDelete{v} iNdEx = postIndex - case 56: + case 99: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SSMRun", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42773,15 +48057,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppCreate{} + v := &SSMRun{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AppCreate{v} + m.Event = &OneOf_SSMRun{v} iNdEx = postIndex - case 57: + case 100: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppUpdate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ElasticsearchRequest", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42808,17 +48092,68 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppUpdate{} + v := &ElasticsearchRequest{} if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_AppUpdate{v} + m.Event = &OneOf_ElasticsearchRequest{v} iNdEx = postIndex - case 58: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *StreamStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: StreamStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: StreamStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -42828,32 +48163,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &AppDelete{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_AppDelete{v} + m.UploadID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 59: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopSessionStart", wireType) + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field LastEventIndex", wireType) } - var msglen int + m.LastEventIndex = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -42863,30 +48195,14 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.LastEventIndex |= int64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &WindowsDesktopSessionStart{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_WindowsDesktopSessionStart{v} - iNdEx = postIndex - case 60: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field WindowsDesktopSessionEnd", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field LastUploadTime", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42913,15 +48229,64 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &WindowsDesktopSessionEnd{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.LastUploadTime, dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_WindowsDesktopSessionEnd{v} iNdEx = postIndex - case 61: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SessionUpload) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SessionUpload: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SessionUpload: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PostgresParse", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42948,15 +48313,13 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &PostgresParse{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_PostgresParse{v} iNdEx = postIndex - case 62: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PostgresBind", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -42983,17 +48346,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &PostgresBind{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_PostgresBind{v} iNdEx = postIndex - case 63: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PostgresExecute", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43003,32 +48364,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &PostgresExecute{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_PostgresExecute{v} + m.UID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 64: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PostgresClose", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionURL", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43038,32 +48396,80 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &PostgresClose{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.SessionURL = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { return err } - m.Event = &OneOf_PostgresClose{v} - iNdEx = postIndex - case 65: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Identity) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Identity: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Identity: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PostgresFunctionCall", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43073,32 +48479,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &PostgresFunctionCall{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_PostgresFunctionCall{v} + m.User = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 66: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestDelete", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Impersonator", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43108,32 +48511,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &AccessRequestDelete{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_AccessRequestDelete{v} + m.Impersonator = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 67: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionConnect", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43143,32 +48543,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &SessionConnect{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_SessionConnect{v} + m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 68: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CertificateCreate", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43178,32 +48575,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &CertificateCreate{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_CertificateCreate{v} + m.Usage = append(m.Usage, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 69: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopRecording", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Logins", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43213,32 +48607,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &DesktopRecording{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_DesktopRecording{v} + m.Logins = append(m.Logins, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 70: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopClipboardSend", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesGroups", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43248,32 +48639,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &DesktopClipboardSend{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_DesktopClipboardSend{v} + m.KubernetesGroups = append(m.KubernetesGroups, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 71: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DesktopClipboardReceive", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesUsers", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43283,30 +48671,27 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &DesktopClipboardReceive{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_DesktopClipboardReceive{v} + m.KubernetesUsers = append(m.KubernetesUsers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 72: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementPrepare", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43333,17 +48718,15 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementPrepare{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MySQLStatementPrepare{v} iNdEx = postIndex - case 73: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementExecute", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RouteToCluster", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43353,32 +48736,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementExecute{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLStatementExecute{v} + m.RouteToCluster = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 74: + case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementSendLongData", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43388,30 +48768,27 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementSendLongData{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLStatementSendLongData{v} + m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 75: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementClose", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Traits", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43438,15 +48815,13 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementClose{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Traits.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MySQLStatementClose{v} iNdEx = postIndex - case 76: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementReset", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RouteToApp", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43473,17 +48848,18 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementReset{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.RouteToApp == nil { + m.RouteToApp = &RouteToApp{} + } + if err := m.RouteToApp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MySQLStatementReset{v} iNdEx = postIndex - case 77: + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementFetch", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TeleportCluster", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43493,30 +48869,27 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementFetch{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLStatementFetch{v} + m.TeleportCluster = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 78: + case 14: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLStatementBulkExecute", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field RouteToDatabase", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43543,17 +48916,18 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLStatementBulkExecute{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if m.RouteToDatabase == nil { + m.RouteToDatabase = &RouteToDatabase{} + } + if err := m.RouteToDatabase.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } - m.Event = &OneOf_MySQLStatementBulkExecute{v} iNdEx = postIndex - case 79: + case 15: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RenewableCertificateGenerationMismatch", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseNames", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43563,32 +48937,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &RenewableCertificateGenerationMismatch{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_RenewableCertificateGenerationMismatch{v} + m.DatabaseNames = append(m.DatabaseNames, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 80: + case 16: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Unknown", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUsers", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43598,32 +48969,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &Unknown{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_Unknown{v} + m.DatabaseUsers = append(m.DatabaseUsers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 81: + case 17: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLInitDB", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceUUID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43633,32 +49001,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLInitDB{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLInitDB{v} + m.MFADeviceUUID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 82: + case 18: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLCreateDB", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClientIP", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43668,32 +49033,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLCreateDB{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLCreateDB{v} + m.ClientIP = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 83: + case 19: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLDropDB", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARNs", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43703,32 +49065,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLDropDB{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLDropDB{v} + m.AWSRoleARNs = append(m.AWSRoleARNs, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 84: + case 20: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLShutDown", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43738,30 +49097,47 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLShutDown{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLShutDown{v} + m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 85: + case 21: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DisallowReissue", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.DisallowReissue = bool(v != 0) + case 22: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLProcessKill", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AllowedResourceIDs", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -43788,17 +49164,67 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLProcessKill{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.AllowedResourceIDs = append(m.AllowedResourceIDs, ResourceID{}) + if err := m.AllowedResourceIDs[len(m.AllowedResourceIDs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { return err } - m.Event = &OneOf_MySQLProcessKill{v} - iNdEx = postIndex - case 86: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteToApp) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteToApp: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteToApp: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLDebug", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43808,32 +49234,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLDebug{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLDebug{v} + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 87: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MySQLRefresh", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43843,32 +49266,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &MySQLRefresh{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_MySQLRefresh{v} + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 88: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequestResourceSearch", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43878,32 +49298,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &AccessRequestResourceSearch{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_AccessRequestResourceSearch{v} + m.PublicAddr = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 89: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SQLServerRPCRequest", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43913,32 +49330,29 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &SQLServerRPCRequest{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_SQLServerRPCRequest{v} + m.ClusterName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 90: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseSessionMalformedPacket", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -43948,26 +49362,23 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - v := &DatabaseSessionMalformedPacket{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.Event = &OneOf_DatabaseSessionMalformedPacket{v} + m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -43991,7 +49402,7 @@ func (m *OneOf) Unmarshal(dAtA []byte) error { } return nil } -func (m *StreamStatus) Unmarshal(dAtA []byte) error { +func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44014,15 +49425,15 @@ func (m *StreamStatus) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: StreamStatus: wiretype end group for non-group") + return fmt.Errorf("proto: RouteToDatabase: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: StreamStatus: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RouteToDatabase: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UploadID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ServiceName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44050,13 +49461,13 @@ func (m *StreamStatus) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.UploadID = string(dAtA[iNdEx:postIndex]) + m.ServiceName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field LastEventIndex", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) } - m.LastEventIndex = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44066,16 +49477,29 @@ func (m *StreamStatus) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.LastEventIndex |= int64(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Protocol = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field LastUploadTime", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44085,24 +49509,55 @@ func (m *StreamStatus) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.LastUploadTime, dAtA[iNdEx:postIndex]); err != nil { - return err + m.Username = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Database = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -44126,7 +49581,7 @@ func (m *StreamStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *SessionUpload) Unmarshal(dAtA []byte) error { +func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -44149,10 +49604,10 @@ func (m *SessionUpload) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SessionUpload: wiretype end group for non-group") + return fmt.Errorf("proto: AccessRequestResourceSearch: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SessionUpload: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AccessRequestResourceSearch: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -44190,7 +49645,7 @@ func (m *SessionUpload) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44217,13 +49672,13 @@ func (m *SessionUpload) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SearchAsRoles", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44251,11 +49706,11 @@ func (m *SessionUpload) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.UID = string(dAtA[iNdEx:postIndex]) + m.SearchAsRoles = append(m.SearchAsRoles, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 5: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionURL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceType", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44283,62 +49738,11 @@ func (m *SessionUpload) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionURL = string(dAtA[iNdEx:postIndex]) + m.ResourceType = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Identity) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Identity: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Identity: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44366,13 +49770,13 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.User = string(dAtA[iNdEx:postIndex]) + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Impersonator", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44382,27 +49786,122 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Impersonator = string(dAtA[iNdEx:postIndex]) + if m.Labels == nil { + m.Labels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Labels[mapkey] = mapvalue iNdEx = postIndex - case 3: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PredicateExpression", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44430,11 +49929,11 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Roles = append(m.Roles, string(dAtA[iNdEx:postIndex])) + m.PredicateExpression = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Usage", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SearchKeywords", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44462,45 +49961,64 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Usage = append(m.Usage, string(dAtA[iNdEx:postIndex])) + m.SearchKeywords = append(m.SearchKeywords, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Logins", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - intStringLen := int(stringLen) - if intStringLen < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF } - if postIndex > l { + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.Logins = append(m.Logins, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 6: + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MySQLStatementPrepare: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MySQLStatementPrepare: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesGroups", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44510,29 +50028,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesGroups = append(m.KubernetesGroups, string(dAtA[iNdEx:postIndex])) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 7: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesUsers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44542,27 +50061,28 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesUsers = append(m.KubernetesUsers, string(dAtA[iNdEx:postIndex])) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 8: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44589,15 +50109,15 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expires, dAtA[iNdEx:postIndex]); err != nil { + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 9: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44607,27 +50127,28 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.RouteToCluster = string(dAtA[iNdEx:postIndex]) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 10: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KubernetesCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44655,11 +50176,62 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.KubernetesCluster = string(dAtA[iNdEx:postIndex]) + m.Query = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MySQLStatementExecute: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MySQLStatementExecute: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Traits", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44686,13 +50258,13 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Traits.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 12: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToApp", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44719,18 +50291,15 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.RouteToApp == nil { - m.RouteToApp = &RouteToApp{} - } - if err := m.RouteToApp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 13: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TeleportCluster", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44740,27 +50309,28 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.TeleportCluster = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 14: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RouteToDatabase", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -44787,18 +50357,15 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.RouteToDatabase == nil { - m.RouteToDatabase = &RouteToDatabase{} - } - if err := m.RouteToDatabase.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseNames", wireType) + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) } - var stringLen uint64 + m.StatementID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44808,27 +50375,14 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.StatementID |= uint32(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DatabaseNames = append(m.DatabaseNames, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 16: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseUsers", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -44856,13 +50410,64 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DatabaseUsers = append(m.DatabaseUsers, string(dAtA[iNdEx:postIndex])) + m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 17: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MySQLStatementSendLongData: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MySQLStatementSendLongData: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field MFADeviceUUID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44872,29 +50477,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.MFADeviceUUID = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 18: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClientIP", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44904,29 +50510,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ClientIP = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 19: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARNs", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44936,29 +50543,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.AWSRoleARNs = append(m.AWSRoleARNs, string(dAtA[iNdEx:postIndex])) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 20: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessRequests", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -44968,29 +50576,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.AccessRequests = append(m.AccessRequests, string(dAtA[iNdEx:postIndex])) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 21: + case 5: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DisallowReissue", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) } - var v int + m.StatementID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45000,17 +50609,16 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + m.StatementID |= uint32(b&0x7F) << shift if b < 0x80 { break } } - m.DisallowReissue = bool(v != 0) - case 22: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AllowedResourceIDs", wireType) + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ParameterID", wireType) } - var msglen int + m.ParameterID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45020,26 +50628,30 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.ParameterID |= uint32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DataSize", wireType) } - m.AllowedResourceIDs = append(m.AllowedResourceIDs, ResourceID{}) - if err := m.AllowedResourceIDs[len(m.AllowedResourceIDs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.DataSize = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.DataSize |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -45062,7 +50674,7 @@ func (m *Identity) Unmarshal(dAtA []byte) error { } return nil } -func (m *RouteToApp) Unmarshal(dAtA []byte) error { +func (m *MySQLStatementClose) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45085,17 +50697,17 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RouteToApp: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLStatementClose: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RouteToApp: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLStatementClose: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45105,29 +50717,30 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45137,29 +50750,30 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.SessionID = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicAddr", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45169,29 +50783,30 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.PublicAddr = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45201,29 +50816,30 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ClusterName = string(dAtA[iNdEx:postIndex]) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AWSRoleARN", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) } - var stringLen uint64 + m.StatementID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45233,24 +50849,11 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.StatementID |= uint32(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AWSRoleARN = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -45273,7 +50876,7 @@ func (m *RouteToApp) Unmarshal(dAtA []byte) error { } return nil } -func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { +func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45296,17 +50899,17 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: RouteToDatabase: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLStatementReset: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: RouteToDatabase: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLStatementReset: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServiceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45316,29 +50919,30 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.ServiceName = string(dAtA[iNdEx:postIndex]) + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45348,29 +50952,30 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Protocol = string(dAtA[iNdEx:postIndex]) + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45380,29 +50985,30 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Username = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Database", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45412,24 +51018,44 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Database = string(dAtA[iNdEx:postIndex]) + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + } + m.StatementID = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.StatementID |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -45452,7 +51078,7 @@ func (m *RouteToDatabase) Unmarshal(dAtA []byte) error { } return nil } -func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { +func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45475,10 +51101,10 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AccessRequestResourceSearch: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLStatementFetch: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AccessRequestResourceSearch: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLStatementFetch: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -45510,48 +51136,15 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SearchAsRoles", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45561,61 +51154,30 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.SearchAsRoles = append(m.SearchAsRoles, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.ResourceType = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45625,27 +51187,28 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Namespace = string(dAtA[iNdEx:postIndex]) + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex - case 6: + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -45672,109 +51235,15 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.Labels == nil { - m.Labels = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthEvents - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthEvents - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Labels[mapkey] = mapvalue iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PredicateExpression", wireType) + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) } - var stringLen uint64 + m.StatementID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45784,29 +51253,16 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.StatementID |= uint32(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PredicateExpression = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SearchKeywords", wireType) + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RowsCount", wireType) } - var stringLen uint64 + m.RowsCount = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -45816,24 +51272,11 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + m.RowsCount |= uint32(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SearchKeywords = append(m.SearchKeywords, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -45856,7 +51299,7 @@ func (m *AccessRequestResourceSearch) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { +func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -45879,10 +51322,10 @@ func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementPrepare: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLStatementBulkExecute: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementPrepare: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLStatementBulkExecute: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -46018,8 +51461,27 @@ func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + } + m.StatementID = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.StatementID |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -46047,7 +51509,7 @@ func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Query = string(dAtA[iNdEx:postIndex]) + m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -46071,7 +51533,7 @@ func (m *MySQLStatementPrepare) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { +func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46094,10 +51556,10 @@ func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementExecute: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLInitDB: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementExecute: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLInitDB: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -46233,27 +51695,8 @@ func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) - } - m.StatementID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -46281,7 +51724,7 @@ func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) + m.SchemaName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -46305,7 +51748,7 @@ func (m *MySQLStatementExecute) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { +func (m *MySQLCreateDB) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46328,10 +51771,10 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementSendLongData: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLCreateDB: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementSendLongData: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLCreateDB: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -46467,10 +51910,10 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) } - m.StatementID = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -46480,16 +51923,80 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ParameterID", wireType) + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - m.ParameterID = 0 + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SchemaName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MySQLDropDB: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MySQLDropDB: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -46499,16 +52006,30 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ParameterID |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DataSize", wireType) + if msglen < 0 { + return ErrInvalidLengthEvents } - m.DataSize = 0 + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -46518,11 +52039,123 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.DataSize |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SchemaName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -46545,7 +52178,7 @@ func (m *MySQLStatementSendLongData) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementClose) Unmarshal(dAtA []byte) error { +func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46568,10 +52201,10 @@ func (m *MySQLStatementClose) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementClose: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLShutDown: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementClose: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLShutDown: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -46706,25 +52339,6 @@ func (m *MySQLStatementClose) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) - } - m.StatementID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -46747,7 +52361,7 @@ func (m *MySQLStatementClose) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { +func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46770,10 +52384,10 @@ func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementReset: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLProcessKill: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementReset: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLProcessKill: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -46910,9 +52524,9 @@ func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 5: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ProcessID", wireType) } - m.StatementID = 0 + m.ProcessID = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -46922,7 +52536,7 @@ func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift + m.ProcessID |= uint32(b&0x7F) << shift if b < 0x80 { break } @@ -46949,7 +52563,7 @@ func (m *MySQLStatementReset) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { +func (m *MySQLDebug) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -46972,10 +52586,10 @@ func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementFetch: wiretype end group for non-group") + return fmt.Errorf("proto: MySQLDebug: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementFetch: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: MySQLDebug: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -47110,11 +52724,62 @@ func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err } - m.StatementID = 0 + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MySQLRefresh: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MySQLRefresh: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47124,16 +52789,30 @@ func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RowsCount", wireType) + if msglen < 0 { + return ErrInvalidLengthEvents } - m.RowsCount = 0 + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + } + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47143,11 +52822,123 @@ func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.RowsCount |= uint32(b&0x7F) << shift + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subcommand", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subcommand = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -47170,7 +52961,7 @@ func (m *MySQLStatementFetch) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { +func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47193,10 +52984,10 @@ func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLStatementBulkExecute: wiretype end group for non-group") + return fmt.Errorf("proto: SQLServerRPCRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLStatementBulkExecute: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SQLServerRPCRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -47332,10 +53123,10 @@ func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field StatementID", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Procname", wireType) } - m.StatementID = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47345,11 +53136,24 @@ func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.StatementID |= uint32(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Procname = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex case 6: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) @@ -47404,7 +53208,7 @@ func (m *MySQLStatementBulkExecute) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { +func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47427,10 +53231,10 @@ func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLInitDB: wiretype end group for non-group") + return fmt.Errorf("proto: DatabaseSessionMalformedPacket: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLInitDB: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: DatabaseSessionMalformedPacket: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -47567,9 +53371,9 @@ func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47579,23 +53383,25 @@ func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.SchemaName = string(dAtA[iNdEx:postIndex]) + m.Payload = append(m.Payload[:0], dAtA[iNdEx:postIndex]...) + if m.Payload == nil { + m.Payload = []byte{} + } iNdEx = postIndex default: iNdEx = preIndex @@ -47619,7 +53425,7 @@ func (m *MySQLInitDB) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLCreateDB) Unmarshal(dAtA []byte) error { +func (m *ElasticsearchRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -47642,10 +53448,10 @@ func (m *MySQLCreateDB) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLCreateDB: wiretype end group for non-group") + return fmt.Errorf("proto: ElasticsearchRequest: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLCreateDB: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ElasticsearchRequest: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -47782,7 +53588,7 @@ func (m *MySQLCreateDB) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -47810,64 +53616,77 @@ func (m *MySQLCreateDB) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SchemaName = string(dAtA[iNdEx:postIndex]) + m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipEvents(dAtA[iNdEx:]) - if err != nil { - return err + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RawQuery", wireType) } - if (skippy < 0) || (iNdEx+skippy) < 0 { + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - if (iNdEx + skippy) > l { + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { return io.ErrUnexpectedEOF } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents + m.RawQuery = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) } - if iNdEx >= l { - return io.ErrUnexpectedEOF + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: MySQLDropDB: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLDropDB: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Method = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Body", wireType) } - var msglen int + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47877,28 +53696,29 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + if byteLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err + m.Body = append(m.Body[:0], dAtA[iNdEx:postIndex]...) + if m.Body == nil { + m.Body = []byte{} } iNdEx = postIndex - case 2: + case 9: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Headers", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -47925,15 +53745,34 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Headers.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Category", wireType) + } + m.Category = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Category |= ElasticsearchCategory(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Target", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47943,30 +53782,29 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Target = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Query", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -47976,28 +53814,78 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Query = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { return err } - iNdEx = postIndex - case 5: + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UpgradeWindowStartMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UpgradeWindowStartMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UpgradeWindowStartMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SchemaName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpgradeWindowStart", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -48025,7 +53913,7 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.SchemaName = string(dAtA[iNdEx:postIndex]) + m.UpgradeWindowStart = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -48049,7 +53937,7 @@ func (m *MySQLDropDB) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { +func (m *UpgradeWindowStartUpdate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48072,10 +53960,10 @@ func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLShutDown: wiretype end group for non-group") + return fmt.Errorf("proto: UpgradeWindowStartUpdate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLShutDown: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: UpgradeWindowStartUpdate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -48179,7 +54067,7 @@ func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UpgradeWindowStartMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48206,7 +54094,7 @@ func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UpgradeWindowStartMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -48232,7 +54120,7 @@ func (m *MySQLShutDown) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { +func (m *SessionRecordingAccess) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48255,10 +54143,10 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLProcessKill: wiretype end group for non-group") + return fmt.Errorf("proto: SessionRecordingAccess: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLProcessKill: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SessionRecordingAccess: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -48296,9 +54184,9 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SessionID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -48308,28 +54196,27 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.SessionID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48356,13 +54243,64 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: + default: + iNdEx = preIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *KubeClusterMetadata) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: KubeClusterMetadata: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: KubeClusterMetadata: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeLabels", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48389,29 +54327,104 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ProcessID", wireType) + if m.KubeLabels == nil { + m.KubeLabels = make(map[string]string) } - m.ProcessID = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - b := dAtA[iNdEx] - iNdEx++ - m.ProcessID |= uint32(b&0x7F) << shift - if b < 0x80 { - break + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthEvents + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthEvents + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipEvents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEvents + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy } } + m.KubeLabels[mapkey] = mapvalue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -48434,7 +54447,7 @@ func (m *MySQLProcessKill) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLDebug) Unmarshal(dAtA []byte) error { +func (m *KubernetesClusterCreate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48457,10 +54470,10 @@ func (m *MySQLDebug) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLDebug: wiretype end group for non-group") + return fmt.Errorf("proto: KubernetesClusterCreate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLDebug: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: KubernetesClusterCreate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -48531,7 +54544,7 @@ func (m *MySQLDebug) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48558,13 +54571,13 @@ func (m *MySQLDebug) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeClusterMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48591,7 +54604,7 @@ func (m *MySQLDebug) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.KubeClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -48617,7 +54630,7 @@ func (m *MySQLDebug) Unmarshal(dAtA []byte) error { } return nil } -func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { +func (m *KubernetesClusterUpdate) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48640,10 +54653,10 @@ func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: MySQLRefresh: wiretype end group for non-group") + return fmt.Errorf("proto: KubernetesClusterUpdate: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: MySQLRefresh: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: KubernetesClusterUpdate: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -48714,7 +54727,7 @@ func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48741,13 +54754,13 @@ func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeClusterMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48774,42 +54787,10 @@ func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.KubeClusterMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Subcommand", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Subcommand = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -48832,7 +54813,7 @@ func (m *MySQLRefresh) Unmarshal(dAtA []byte) error { } return nil } -func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { +func (m *KubernetesClusterDelete) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -48855,10 +54836,10 @@ func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SQLServerRPCRequest: wiretype end group for non-group") + return fmt.Errorf("proto: KubernetesClusterDelete: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SQLServerRPCRequest: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: KubernetesClusterDelete: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -48929,40 +54910,7 @@ func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceMetadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -48989,74 +54937,10 @@ func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.ResourceMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Procname", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Procname = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowEvents - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthEvents - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthEvents - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Parameters = append(m.Parameters, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) @@ -49079,7 +54963,7 @@ func (m *SQLServerRPCRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { +func (m *SSMRun) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -49102,10 +54986,10 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: DatabaseSessionMalformedPacket: wiretype end group for non-group") + return fmt.Errorf("proto: SSMRun: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: DatabaseSessionMalformedPacket: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SSMRun: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -49143,9 +55027,9 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CommandID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -49155,30 +55039,29 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.UserMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.CommandID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SessionMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field InstanceID", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -49188,30 +55071,48 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SessionMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.InstanceID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExitCode", wireType) + } + m.ExitCode = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ExitCode |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatabaseMetadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -49221,30 +55122,29 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.DatabaseMetadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Status = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccountID", wireType) } - var byteLen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowEvents @@ -49254,25 +55154,55 @@ func (m *DatabaseSessionMalformedPacket) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthEvents } - postIndex := iNdEx + byteLen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthEvents } if postIndex > l { return io.ErrUnexpectedEOF } - m.Payload = append(m.Payload[:0], dAtA[iNdEx:postIndex]...) - if m.Payload == nil { - m.Payload = []byte{} + m.AccountID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Region", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEvents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEvents + } + if postIndex > l { + return io.ErrUnexpectedEOF } + m.Region = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex diff --git a/api/types/events/events.proto b/api/types/events/events.proto deleted file mode 100644 index e828ca3b1aaf3..0000000000000 --- a/api/types/events/events.proto +++ /dev/null @@ -1,2387 +0,0 @@ -// Copyright 2021 Gravitational, Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; -package events; - -import "gogoproto/gogo.proto"; -import "google/protobuf/timestamp.proto"; -import "google/protobuf/struct.proto"; - -import "github.com/gravitational/teleport/api/types/wrappers/wrappers.proto"; - -option (gogoproto.marshaler_all) = true; -option (gogoproto.unmarshaler_all) = true; -option (gogoproto.goproto_getters_all) = false; - -// Metadata is a common event metadata -message Metadata { - // Index is a monotonicaly incremented index in the event sequence - int64 Index = 1 [ (gogoproto.jsontag) = "ei" ]; - - // Type is the event type - string Type = 2 [ (gogoproto.jsontag) = "event" ]; - - // ID is a unique event identifier - string ID = 3 [ (gogoproto.jsontag) = "uid,omitempty" ]; - - // Code is a unique event code - string Code = 4 [ (gogoproto.jsontag) = "code,omitempty" ]; - - // Time is event time - google.protobuf.Timestamp Time = 5 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "time" ]; - - // ClusterName identifies the originating teleport cluster - string ClusterName = 6 [ (gogoproto.jsontag) = "cluster_name,omitempty" ]; -} - -// SesssionMetadata is a common session event metadata -message SessionMetadata { - // SessionID is a unique UUID of the session. - string SessionID = 1 [ (gogoproto.jsontag) = "sid" ]; - // WithMFA is a UUID of an MFA device used to start this session. - string WithMFA = 2 [ (gogoproto.jsontag) = "with_mfa,omitempty" ]; -} - -// UserMetadata is a common user event metadata -message UserMetadata { - // User is teleport user name - string User = 1 [ (gogoproto.jsontag) = "user,omitempty" ]; - - // Login is OS login - string Login = 2 [ (gogoproto.jsontag) = "login,omitempty" ]; - - // Impersonator is a user acting on behalf of another user - string Impersonator = 3 [ (gogoproto.jsontag) = "impersonator,omitempty" ]; - - // AWSRoleARN is AWS IAM role user assumes when accessing AWS console. - string AWSRoleARN = 4 [ (gogoproto.jsontag) = "aws_role_arn,omitempty" ]; - - // AccessRequests are the IDs of access requests created by the user - repeated string AccessRequests = 5 [ (gogoproto.jsontag) = "access_requests,omitempty" ]; -} - -// Server is a server metadata -message ServerMetadata { - // ServerNamespace is a namespace of the server event - string ServerNamespace = 1 [ (gogoproto.jsontag) = "namespace,omitempty" ]; - - // ServerID is the UUID of the server the session occurred on. - string ServerID = 2 [ (gogoproto.jsontag) = "server_id" ]; - - // ServerHostname is the hostname of the server the session occurred on. - string ServerHostname = 3 [ (gogoproto.jsontag) = "server_hostname,omitempty" ]; - - // ServerAddr is the address of the server the session occurred on. - string ServerAddr = 4 [ (gogoproto.jsontag) = "server_addr,omitempty" ]; - - // ServerLabels are the labels (static and dynamic) of the server the - // session occurred on. - map ServerLabels = 5 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "server_labels,omitempty" ]; -} - -// Connection contains connection info -message ConnectionMetadata { - // LocalAddr is a target address on the host - string LocalAddr = 1 [ (gogoproto.jsontag) = "addr.local,omitempty" ]; - - // RemoteAddr is a client (user's) address - string RemoteAddr = 2 [ (gogoproto.jsontag) = "addr.remote,omitempty" ]; - - // Protocol specifies protocol that was captured - string Protocol = 3 [ (gogoproto.jsontag) = "proto,omitempty" ]; -} - -// ClientMetadata identifies the originating client for an event. -message ClientMetadata { - // UserAgent identifies the type of client that attempted the event. - string UserAgent = 1 [ (gogoproto.jsontag) = "user_agent,omitempty" ]; -} - -// KubernetesClusterMetadata contains common metadata for kubernetes-related -// events. -message KubernetesClusterMetadata { - // KubernetesCluster is a kubernetes cluster name. - string KubernetesCluster = 1 [ (gogoproto.jsontag) = "kubernetes_cluster,omitempty" ]; - // KubernetesUsers is a list of kubernetes usernames for the user. - repeated string KubernetesUsers = 2 [ (gogoproto.jsontag) = "kubernetes_users,omitempty" ]; - // KubernetesGroups is a list of kubernetes groups for the user. - repeated string KubernetesGroups = 3 [ (gogoproto.jsontag) = "kubernetes_groups,omitempty" ]; - // KubernetesLabels are the labels (static and dynamic) of the kubernetes cluster the - // session occurred on. - map KubernetesLabels = 4 - [ (gogoproto.jsontag) = "kubernetes_labels,omitempty" ]; -} - -// KubernetesPodMetadata contains common metadata for kubernetes pod-related -// events. -message KubernetesPodMetadata { - // KubernetesPodName is the name of the pod. - string KubernetesPodName = 1 [ (gogoproto.jsontag) = "kubernetes_pod_name,omitempty" ]; - // KubernetesPodNamespace is the namespace of the pod. - string KubernetesPodNamespace = 2 - [ (gogoproto.jsontag) = "kubernetes_pod_namespace,omitempty" ]; - // KubernetesContainerName is the name of the container within the pod. - string KubernetesContainerName = 3 - [ (gogoproto.jsontag) = "kubernetes_container_name,omitempty" ]; - // KubernetesContainerImage is the image of the container within the pod. - string KubernetesContainerImage = 4 - [ (gogoproto.jsontag) = "kubernetes_container_image,omitempty" ]; - // KubernetesNodeName is the node that runs the pod. - string KubernetesNodeName = 5 [ (gogoproto.jsontag) = "kubernetes_node_name,omitempty" ]; -} - -// SessionStart is a session start event -message SessionStart { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // TerminalSize is expressed as 'W:H' - string TerminalSize = 6 [ (gogoproto.jsontag) = "size,omitempty" ]; - - // KubernetesCluster has information about a kubernetes cluster, if - // applicable. - KubernetesClusterMetadata KubernetesCluster = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesPod has information about a kubernetes pod, if applicable. - KubernetesPodMetadata KubernetesPod = 8 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // InitialCommand is the command used to start this session. - repeated string InitialCommand = 9 [ (gogoproto.jsontag) = "initial_command,omitempty" ]; - - // SessionRecording is the type of session recording. - string SessionRecording = 10 [ (gogoproto.jsontag) = "session_recording,omitempty" ]; - - // AccessRequests used to be here, it is now part of UserMetadata - reserved "AccessRequests"; - reserved 11; - // reserved jsontag "access_requests" -} - -// SessionJoin emitted when another user joins a session -message SessionJoin { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesCluster has information about a kubernetes cluster, if - // applicable. - KubernetesClusterMetadata KubernetesCluster = 6 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// SessionPrint event happens every time a write occurs to -// temirnal I/O during a session -message SessionPrint { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ChunkIndex is a monotonicaly incremented index for ordering print events - int64 ChunkIndex = 2 [ (gogoproto.jsontag) = "ci" ]; - - // Data is data transferred, it is not marshaled to JSON format - bytes Data = 3 [ (gogoproto.nullable) = true, (gogoproto.jsontag) = "-" ]; - - // Bytes says how many bytes have been written into the session - // during "print" event - int64 Bytes = 4 [ (gogoproto.jsontag) = "bytes" ]; - - // DelayMilliseconds is the delay in milliseconds from the start of the session - int64 DelayMilliseconds = 5 [ (gogoproto.jsontag) = "ms" ]; - - // Offset is the offset in bytes in the session file - int64 Offset = 6 [ (gogoproto.jsontag) = "offset" ]; -} - -// DesktopRecording happens when a Teleport Desktop Protocol message -// is captured during a Desktop Access Session. -message DesktopRecording { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Message is the encoded TDP message. - bytes Message = 2 [ (gogoproto.nullable) = true, (gogoproto.jsontag) = "message" ]; - - // DelayMilliseconds is the delay in milliseconds from the start of the session - int64 DelayMilliseconds = 3 - [ (gogoproto.jsontag) = "ms" ]; // JSON tag intentionally matches SessionPrintEvent -} - -// DesktopClipboardReceive is emitted when Teleport receives -// clipboard data from a remote desktop. -message DesktopClipboardReceive { - // Metadata is common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Connection holds information about the connection. - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // DesktopAddr is the address of the desktop being accessed. - string DesktopAddr = 5 [ (gogoproto.jsontag) = "desktop_addr" ]; - // Length is the number of bytes of data received from the remote clipboard. - int32 Length = 6 [ (gogoproto.jsontag) = "length" ]; -} - -// DesktopClipboardSend is emitted when clipboard data is -// sent from a user's workstation to Teleport. -message DesktopClipboardSend { - // Metadata is common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Connection holds information about the connection. - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // DesktopAddr is the address of the desktop being accessed. - string DesktopAddr = 5 [ (gogoproto.jsontag) = "desktop_addr" ]; - // Length is the number of bytes of data sent. - int32 Length = 6 [ (gogoproto.jsontag) = "length" ]; -} - -// SessionReject event happens when a user hits a session control restriction. -message SessionReject { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Reason is a field that specifies reason for event, e.g. in disconnect - // event it explains why server disconnected the client - string Reason = 5 [ (gogoproto.jsontag) = "reason" ]; - - // Maximum is an event field specifying a maximal value (e.g. the value - // of `max_connections` for a `session.rejected` event). - int64 Maximum = 6 [ (gogoproto.jsontag) = "max" ]; -} - -// SessionConnect is emitted when a non-Teleport connection is made over net.Dial. -message SessionConnect { - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - ServerMetadata Server = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// Resize means that some user resized PTY on the client -message Resize { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // TerminalSize is expressed as 'W:H' - string TerminalSize = 6 [ (gogoproto.jsontag) = "size,omitempty" ]; - - // KubernetesCluster has information about a kubernetes cluster, if - // applicable. - KubernetesClusterMetadata KubernetesCluster = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesPod has information about a kubernetes pod, if applicable. - KubernetesPodMetadata KubernetesPod = 8 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// SessionEnd is a session end event -message SessionEnd { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // EnhancedRecording is used to indicate if the recording was an - // enhanced recording or not. - bool EnhancedRecording = 6 [ (gogoproto.jsontag) = "enhanced_recording" ]; - - // Interactive is used to indicate if the session was interactive - // (has PTY attached) or not (exec session). - bool Interactive = 7 [ (gogoproto.jsontag) = "interactive" ]; - - // Participants is a list of participants in the session. - repeated string Participants = 8 [ (gogoproto.jsontag) = "participants" ]; - - // StartTime is the timestamp at which the session began. - google.protobuf.Timestamp StartTime = 9 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "session_start,omitempty" - ]; - - // EndTime is the timestamp at which the session ended. - google.protobuf.Timestamp EndTime = 10 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "session_stop,omitempty" - ]; - - // KubernetesCluster has information about a kubernetes cluster, if - // applicable. - KubernetesClusterMetadata KubernetesCluster = 11 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesPod has information about a kubernetes pod, if applicable. - KubernetesPodMetadata KubernetesPod = 12 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // InitialCommand is the command used to start this session. - repeated string InitialCommand = 13 [ (gogoproto.jsontag) = "initial_command,omitempty" ]; - - // SessionRecording is the type of session recording. - string SessionRecording = 14 [ (gogoproto.jsontag) = "session_recording,omitempty" ]; -} - -// BPFMetadata is a common BPF process metadata -message BPFMetadata { - // PID is the ID of the process. - uint64 PID = 1 [ (gogoproto.jsontag) = "pid" ]; - - // CgroupID is the internal cgroupv2 ID of the event. - uint64 CgroupID = 2 [ (gogoproto.jsontag) = "cgroup_id" ]; - - // Program is name of the executable. - string Program = 3 [ (gogoproto.jsontag) = "program" ]; -} - -// Status contains common command or operation status fields -message Status { - // Success indicates the success or failure of the operation - bool Success = 1 [ (gogoproto.jsontag) = "success" ]; - - // Error includes system error message for the failed attempt - string Error = 2 [ (gogoproto.jsontag) = "error,omitempty" ]; - - // UserMessage is a user-friendly message for successfull or unsuccessfull auth attempt - string UserMessage = 3 [ (gogoproto.jsontag) = "message,omitempty" ]; -} - -// SessionCommand is a session command event -message SessionCommand { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // BPFMetadata is a common BPF subsystem metadata - BPFMetadata BPF = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // PPID is the PID of the parent process. - uint64 PPID = 6 [ (gogoproto.jsontag) = "ppid" ]; - - // Path is the full path to the executable. - string Path = 7 [ (gogoproto.jsontag) = "path" ]; - - // Argv is the list of arguments to the program. Note, the first element does - // not contain the name of the process. - repeated string Argv = 8 [ (gogoproto.jsontag) = "argv" ]; - - // ReturnCode is the return code of execve. - int32 ReturnCode = 9 [ (gogoproto.jsontag) = "return_code" ]; -} - -// SessionDisk is a session disk access event -message SessionDisk { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // BPFMetadata is a common BPF subsystem metadata - BPFMetadata BPF = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Path is the full path to the executable. - string Path = 6 [ (gogoproto.jsontag) = "path" ]; - - // Flags are the flags passed to open. - int32 Flags = 7 [ (gogoproto.jsontag) = "flags" ]; - - // ReturnCode is the return code of disk open - int32 ReturnCode = 8 [ (gogoproto.jsontag) = "return_code" ]; -} - -// Action communicates what was done in response to the event -enum EventAction { - OBSERVED = 0; - DENIED = 1; -} - -// SessionNetwork is a network event -message SessionNetwork { - // Operation is the network operation that was performed or attempted - enum NetworkOperation { - // TCP connection establishment or binding a UDP socket to a remote address - CONNECT = 0; - // Transmission of data to a remote endpoint - SEND = 1; - } - - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // BPFMetadata is a common BPF subsystem metadata - BPFMetadata BPF = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SrcAddr is the source IP address of the connection. - string SrcAddr = 6 [ (gogoproto.jsontag) = "src_addr" ]; - - // DstAddr is the destination IP address of the connection. - string DstAddr = 7 [ (gogoproto.jsontag) = "dst_addr" ]; - - // DstPort is the destination port of the connection. - int32 DstPort = 8 [ (gogoproto.jsontag) = "dst_port" ]; - - // TCPVersion is the version of TCP (4 or 6). - int32 TCPVersion = 9 [ (gogoproto.jsontag) = "version" ]; - - // Operation denotes what network operation was performed (e.g. connect) - NetworkOperation Operation = 10 [ (gogoproto.jsontag) = "operation" ]; - - // Action denotes what happened in response to the event - EventAction Action = 11 [ (gogoproto.jsontag) = "action" ]; -} - -// SessionData is emitted to report session data usage. -message SessionData { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // BytesTransmitted is the amount of bytes transmitted - uint64 BytesTransmitted = 6 [ (gogoproto.jsontag) = "tx" ]; - - // BytesReceived is the amount of bytes received - uint64 BytesReceived = 7 [ (gogoproto.jsontag) = "rx" ]; -} - -// SessionLeave is emitted to report that a user left the session -message SessionLeave { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// UserLogin records a successfull or failed user login event -message UserLogin { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Status contains common command or operation status fields - Status Status = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Method is the event field indicating how the login was performed - string Method = 4 [ (gogoproto.jsontag) = "method,omitempty" ]; - - // IdentityAttributes is a map of user attributes received from identity provider - google.protobuf.Struct IdentityAttributes = 5 - [ (gogoproto.jsontag) = "attributes,omitempty", (gogoproto.casttype) = "Struct" ]; - - // MFA is the MFA device used during the login. - MFADeviceMetadata MFADevice = 6 [ (gogoproto.jsontag) = "mfa_device,omitempty" ]; - - // Client is the common client event metadata - ClientMetadata Client = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 8 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// ResourceMetadata is a common resource metadata -message ResourceMetadata { - // ResourceName is a resource name - string Name = 1 [ (gogoproto.jsontag) = "name,omitempty" ]; - - // Expires is set if resource expires - google.protobuf.Timestamp Expires = 2 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "expires,omitempty" - ]; - - // UpdatedBy if set indicates the user who modified the resource - string UpdatedBy = 3 [ (gogoproto.jsontag) = "updated_by,omitempty" ]; - - // TTL is a TTL of reset password token represented as duration, e.g. "10m" - // used for compatibility purposes for some events, Expires should be used instead - // as it's more useful (contains exact expiration date/time) - string TTL = 4 [ (gogoproto.jsontag) = "ttl,omitempty" ]; -} - -// UserCreate is emitted when the user is created or updated (upsert). -message UserCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Roles is a list of roles for the user. - repeated string Roles = 4 [ (gogoproto.jsontag) = "roles" ]; - - // Connector is the connector used to create the user. - string Connector = 5 [ (gogoproto.jsontag) = "connector" ]; -} - -// UserDelete is emitted when a user gets deleted -message UserDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// UserPasswordChange is emitted when the user changes their own password. -message UserPasswordChange { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AccessRequestCreate is emitted when access request has been created or updated -message AccessRequestCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Roles is a list of roles for the user. - repeated string Roles = 4 [ (gogoproto.jsontag) = "roles,omitempty" ]; - - // RequestID is access request ID - string RequestID = 5 [ (gogoproto.jsontag) = "id" ]; - - // RequestState is access request state (in the access_request.review variant of - // the event this represents the post-review state of the request). - string RequestState = 6 [ (gogoproto.jsontag) = "state" ]; - - // Delegator is used by teleport plugins to indicate the identity - // which caused them to update state. - string Delegator = 7 [ (gogoproto.jsontag) = "delegator,omitempty" ]; - - // Reason is an optional description of why the request is being - // created or updated. - string Reason = 8 [ (gogoproto.jsontag) = "reason,omitempty" ]; - - // Annotations is an optional set of attributes supplied by a plugin during - // approval/denail of the request. - google.protobuf.Struct Annotations = 9 - [ (gogoproto.jsontag) = "annotations,omitempty", (gogoproto.casttype) = "Struct" ]; - - // Reviewer is the author of the review (only used in the access_request.review event variant). - string Reviewer = 10 [ (gogoproto.jsontag) = "reviewer,omitempty" ]; - - // ProposedState is the state proposed by a review (only used in the access_request.review event - // variant). - string ProposedState = 11 [ (gogoproto.jsontag) = "proposed_state,omitempty" ]; - - // RequestedResourceIDs is the set of resources to which access is being requested. - repeated ResourceID RequestedResourceIDs = 12 - [ (gogoproto.jsontag) = "resource_ids,omitempty", (gogoproto.nullable) = false ]; -} - -// ResourceID is a unique identifier for a teleport resource. This is duplicated -// from api/types/types.proto to decouple the api and events types and because -// neither file currently imports the other. -message ResourceID { - // ClusterName is the name of the cluster the resource is in. - string ClusterName = 1 [ (gogoproto.jsontag) = "cluster" ]; - // Kind is the resource kind. - string Kind = 2 [ (gogoproto.jsontag) = "kind" ]; - // Name is the name of the specific resource. - string Name = 3 [ (gogoproto.jsontag) = "name" ]; -} - -// AccessRequestDelete is emitted when an access request has been deleted. -message AccessRequestDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // RequestID is access request ID - string RequestID = 3 [ (gogoproto.jsontag) = "id" ]; -} - -// PortForward is emitted when a user requests port forwarding. -message PortForward { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Status contains operation success or failure status - Status Status = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Addr is a target port forwarding address - string Addr = 5 [ (gogoproto.jsontag) = "addr" ]; -} - -// X11Forward is emitted when a user requests X11 protocol forwarding -message X11Forward { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Status contains operation success or failure status - Status Status = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// CommandMetadata specifies common command fields -message CommandMetadata { - // Command is the executed command name - string Command = 1 [ (gogoproto.jsontag) = "command" ]; - // ExitCode specifies command exit code - string ExitCode = 2 [ (gogoproto.jsontag) = "exitCode,omitempty" ]; - // Error is an optional exit error, set if command has failed - string Error = 3 [ (gogoproto.jsontag) = "exitError,omitempty" ]; -} - -// Exec specifies command exec event -message Exec { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // CommandMetadata is a common command metadata - CommandMetadata Command = 6 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesCluster has information about a kubernetes cluster, if - // applicable. - KubernetesClusterMetadata KubernetesCluster = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // KubernetesPod has information about a kubernetes pod, if applicable. - KubernetesPodMetadata KubernetesPod = 8 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// SCP is emitted when data transfer has occurred between server and client -message SCP { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // CommandMetadata is a common command metadata - CommandMetadata Command = 6 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Path is a copy path - string Path = 7 [ (gogoproto.jsontag) = "path" ]; - - // Action is upload or download - string Action = 8 [ (gogoproto.jsontag) = "action" ]; -} - -// Subsystem is emitted when a user requests a new subsystem. -message Subsystem { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Name is a subsystem name - string Name = 4 [ (gogoproto.jsontag) = "name" ]; - - // Error contains error in case of unsucessfull attempt - string Error = 5 [ (gogoproto.jsontag) = "exitError" ]; -} - -// ClientDisconnect is emitted when client is disconnected -// by the server due to inactivity or any other reason -message ClientDisconnect { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Reason is a field that specifies reason for event, e.g. in disconnect - // event it explains why server disconnected the client - string Reason = 5 [ (gogoproto.jsontag) = "reason" ]; -} - -// AuthAttempt is emitted upon a failed or successfull authentication attempt. -message AuthAttempt { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // Status contains common command or operation status fields - Status Status = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// UserTokenCreate is emitted when a user token is created. -message UserTokenCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// RoleCreate is emitted when a role is created/updated. -message RoleCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// RoleDelete is emitted when a role is deleted -message RoleDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// TrustedClusterCreate is the event for creating a trusted cluster. -message TrustedClusterCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// TrustedClusterDelete is the event for removing a trusted cluster. -message TrustedClusterDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// TrustedClusterTokenCreate is the event for -// creating new join token for a trusted cluster. -message TrustedClusterTokenCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// GithubConnectorCreate fires when a Github connector is created/updated. -message GithubConnectorCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// GithubConnectorDelete fires when a Github connector is deleted. -message GithubConnectorDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// OIDCConnectorCreate fires when OIDC connector is created/updated. -message OIDCConnectorCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// OIDCConnectorDelete fires when OIDC connector is deleted. -message OIDCConnectorDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// SAMLConnectorCreate fires when SAML connector is created/updated. -message SAMLConnectorCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// SAMLConnectorDelete fires when SAML connector is deleted. -message SAMLConnectorDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// KubeRequest specifies a Kubernetes API request event. -message KubeRequest { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // RequestPath is the raw request URL path. - string RequestPath = 5 [ (gogoproto.jsontag) = "request_path" ]; - // Verb is the HTTP verb used for this request (e.g. GET, POST, etc) - string Verb = 6 [ (gogoproto.jsontag) = "verb" ]; - // ResourceAPIGroup is the resource API group. - string ResourceAPIGroup = 7 [ (gogoproto.jsontag) = "resource_api_group,omitempty" ]; - // ResourceNamespace is the resource namespace. - string ResourceNamespace = 8 [ (gogoproto.jsontag) = "resource_namespace,omitempty" ]; - // ResourceKind is the API resource kind (e.g. "pod", "service", etc). - string ResourceKind = 9 [ (gogoproto.jsontag) = "resource_kind,omitempty" ]; - // ResourceName is the API resource name. - string ResourceName = 10 [ (gogoproto.jsontag) = "resource_name,omitempty" ]; - // ResponseCode is the HTTP response code for this request. - int32 ResponseCode = 11 [ (gogoproto.jsontag) = "response_code" ]; - - // Kubernetes has information about a kubernetes cluster, if applicable. - KubernetesClusterMetadata Kubernetes = 12 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppMetadata contains common application information. -message AppMetadata { - // AppURI is the application endpoint. - string AppURI = 1 [ (gogoproto.jsontag) = "app_uri,omitempty" ]; - // AppPublicAddr is the configured application public address. - string AppPublicAddr = 2 [ (gogoproto.jsontag) = "app_public_addr,omitempty" ]; - // AppLabels are the configured application labels. - map AppLabels = 3 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "app_labels,omitempty" ]; - // AppName is the configured application name. - string AppName = 4 [ (gogoproto.jsontag) = "app_name,omitempty" ]; -} - -// AppCreate is emitted when a new application resource is created. -message AppCreate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // AppMetadata is a common application resource metadata. - AppMetadata App = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppUpdate is emitted when an existing application resource is updated. -message AppUpdate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // AppMetadata is a common application resource metadata. - AppMetadata App = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppDelete is emitted when an application resource is deleted. -message AppDelete { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppSessionStart is emitted when a user is issued an application certificate. -message AppSessionStart { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // PublicAddr is the public address of the application being requested. - // DELETE IN 10.0: this information is also present on the AppMetadata. - string PublicAddr = 7 [ (gogoproto.jsontag) = "public_addr", deprecated = true ]; - - // App is a common application resource metadata. - AppMetadata App = 8 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppSessionChunk is emitted at the start of a 5 minute chunk on each -// proxy. This chunk is used to buffer 5 minutes of audit events at a time -// for applications. -message AppSessionChunk { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ServerMetadata is a common server metadata - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ConnectionMetadata holds information about the connection - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionChunkID is the ID of the session that was created for this 5 minute - // application log chunk. - string SessionChunkID = 6 [ (gogoproto.jsontag) = "session_chunk_id" ]; - - // App is a common application resource metadata. - AppMetadata App = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// AppSessionRequest is an HTTP request and response. -message AppSessionRequest { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // StatusCode the HTTP response code for the request. - uint32 StatusCode = 2 [ (gogoproto.jsontag) = "status_code" ]; - // Path is relative path in the URL. - string Path = 3 [ (gogoproto.jsontag) = "path" ]; - // RawQuery are the encoded query values. - string RawQuery = 4 [ (gogoproto.jsontag) = "raw_query" ]; - // Method is the request HTTP method, like GET/POST/DELETE/etc. - string Method = 5 [ (gogoproto.jsontag) = "method" ]; - // App is a common application resource metadata. - AppMetadata App = 6 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// DatabaseMetadata contains common database information. -message DatabaseMetadata { - // DatabaseService is the name of the database service proxying the database. - string DatabaseService = 1 [ (gogoproto.jsontag) = "db_service,omitempty" ]; - // DatabaseProtocol is the database type, e.g. postgres or mysql. - string DatabaseProtocol = 2 [ (gogoproto.jsontag) = "db_protocol" ]; - // DatabaseURI is the database URI to connect to. - string DatabaseURI = 3 [ (gogoproto.jsontag) = "db_uri" ]; - // DatabaseName is the name of the database a user is connecting to. - string DatabaseName = 4 [ (gogoproto.jsontag) = "db_name,omitempty" ]; - // DatabaseUser is the database username used to connect. - string DatabaseUser = 5 [ (gogoproto.jsontag) = "db_user,omitempty" ]; - // DatabaseLabels is the database resource labels. - map DatabaseLabels = 6 - [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "db_labels,omitempty" ]; - // DatabaseAWSRegion is AWS regions for AWS hosted databases. - string DatabaseAWSRegion = 7 [ (gogoproto.jsontag) = "db_aws_region,omitempty" ]; - // DatabaseAWSRegion is cluster ID for Redshift databases. - string DatabaseAWSRedshiftClusterID = 8 - [ (gogoproto.jsontag) = "db_aws_redshift_cluster_id,omitempty" ]; - // DatabaseGCPProjectID is project ID for GCP hosted databases. - string DatabaseGCPProjectID = 9 [ (gogoproto.jsontag) = "db_gcp_project_id,omitempty" ]; - // DatabaseGCPInstanceID is instance ID for GCP hosted databases. - string DatabaseGCPInstanceID = 10 [ (gogoproto.jsontag) = "db_gcp_instance_id,omitempty" ]; -} - -// DatabaseCreate is emitted when a new database resource is created. -message DatabaseCreate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // DatabaseMetadata is a common database resource metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// DatabaseUpdate is emitted when an existing database resource is updated. -message DatabaseUpdate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // DatabaseMetadata is a common database resource metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// DatabaseDelete is emitted when a database resource is deleted. -message DatabaseDelete { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ResourceMetadata is a common resource event metadata. - ResourceMetadata Resource = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// DatabaseSessionStart is emitted when a user connects to a database. -message DatabaseSessionStart { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Server is a common server metadata. - ServerMetadata Server = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Connection holds information about the connection. - ConnectionMetadata Connection = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Status indicates whether the connection was successful or denied. - Status Status = 6 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// DatabaseSessionQuery is emitted when a user executes a database query. -message DatabaseSessionQuery { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // DatabaseQuery is the executed query string. - string DatabaseQuery = 5 [ (gogoproto.jsontag) = "db_query" ]; - // DatabaseQueryParameters are the query parameters for prepared statements. - repeated string DatabaseQueryParameters = 6 - [ (gogoproto.jsontag) = "db_query_parameters,omitempty" ]; - // Status indicates whether the query was successfully sent to the database. - Status Status = 7 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// PostgresParse is emitted when a Postgres client creates a prepared statement -// using extended query protocol. -message PostgresParse { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementName is the prepared statement name. - string StatementName = 5 [ (gogoproto.jsontag) = "statement_name" ]; - // Query is the prepared statement query. - string Query = 6 [ (gogoproto.jsontag) = "query" ]; -} - -// PostgresBind is emitted when a Postgres client readies a prepared statement -// for execution and binds it to parameters. -message PostgresBind { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementName is the name of prepared statement that's being bound to parameters. - string StatementName = 5 [ (gogoproto.jsontag) = "statement_name" ]; - // PortalName is the destination portal name that binds statement to parameters. - string PortalName = 6 [ (gogoproto.jsontag) = "portal_name" ]; - // Parameters are the query bind parameters. - repeated string Parameters = 7 [ (gogoproto.jsontag) = "parameters" ]; -} - -// PostgresExecute is emitted when a Postgres client executes a previously -// bound prepared statement. -message PostgresExecute { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // PortalName is the name of destination portal that's being executed. - string PortalName = 5 [ (gogoproto.jsontag) = "portal_name" ]; -} - -// PostgresClose is emitted when a Postgres client closes an existing prepared -// statement. -message PostgresClose { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementName is the name of prepared statement that's being closed. - string StatementName = 5 [ (gogoproto.jsontag) = "statement_name" ]; - // PortalName is the name of destination portal that's being closed. - string PortalName = 6 [ (gogoproto.jsontag) = "portal_name" ]; -} - -// PostgresFunctionCall is emitted when a Postgres client calls internal -// database function. -message PostgresFunctionCall { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // FunctionOID is the Postgres object ID of the called function. - uint32 FunctionOID = 5 [ (gogoproto.jsontag) = "function_oid" ]; - // FunctionArgs contains formatted function arguments. - repeated string FunctionArgs = 6 [ (gogoproto.jsontag) = "function_args,omitempty" ]; -} - -// WindowsDesktopSessionStart is emitted when a user connects to a desktop. -message WindowsDesktopSessionStart { - // Metadata is common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Connection holds information about the connection. - ConnectionMetadata Connection = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Status indicates whether the connection was successful or denied. - Status Status = 5 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // WindowsDesktopService is the name of the service proxying the RDP session. - string WindowsDesktopService = 6 [ (gogoproto.jsontag) = "windows_desktop_service" ]; - // DesktopAddr is the address of the desktop being accessed. - string DesktopAddr = 7 [ (gogoproto.jsontag) = "desktop_addr" ]; - // Domain is the Active Directory domain of the desktop being accessed. - string Domain = 8 [ (gogoproto.jsontag) = "windows_domain" ]; - // WindowsUser is the Windows username used to connect. - string WindowsUser = 9 [ (gogoproto.jsontag) = "windows_user" ]; - // DesktopLabels are the labels on the desktop resource. - map DesktopLabels = 10 [ (gogoproto.jsontag) = "desktop_labels" ]; - // DesktopName is the name of the desktop resource. - string DesktopName = 11 [ (gogoproto.jsontag) = "desktop_name" ]; -} - -// DatabaseSessionEnd is emitted when a user ends the database session. -message DatabaseSessionEnd { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// MFADeviceMetadata is a common MFA device metadata. -message MFADeviceMetadata { - // Name is the user-specified name of the MFA device. - string DeviceName = 1 [ (gogoproto.jsontag) = "mfa_device_name" ]; - // ID is the UUID of the MFA device generated by Teleport. - string DeviceID = 2 [ (gogoproto.jsontag) = "mfa_device_uuid" ]; - // Type is the type of this MFA device. - string DeviceType = 3 [ (gogoproto.jsontag) = "mfa_device_type" ]; -} - -// MFADeviceAdd is emitted when a user adds an MFA device. -message MFADeviceAdd { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Device is the new MFA device added by the user. - MFADeviceMetadata Device = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// MFADeviceDelete is emitted when a user deletes an MFA device. -message MFADeviceDelete { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Device is the MFA device deleted by the user. - MFADeviceMetadata Device = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// BillingInformationUpdate is emitted when a user updates the billing information. -message BillingInformationUpdate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// BillingCardCreate is emitted when a user creates or updates a credit card. -message BillingCardCreate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// BillingCardDelete is emitted when a user deletes a credit card. -message BillingCardDelete { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// LockCreate is emitted when a lock is created/updated. -// Locks are used to restrict access to a Teleport environment by disabling -// interactions involving a user, an RBAC role, a node, etc. -// See rfd/0009-locking.md for more details. -message LockCreate { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// LockDelete is emitted when a lock is deleted -message LockDelete { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ResourceMetadata is a common resource event metadata - ResourceMetadata Resource = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // User is a common user event metadata - UserMetadata User = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// RecoveryCodeGenerate is emitted when a user's new recovery codes are generated and updated. -message RecoveryCodeGenerate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// RecoveryCodeUsed is emitted when a user's recovery code was used successfully or -// unsuccessfully. -message RecoveryCodeUsed { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Status contains fields to indicate whether attempt was successful or not. - Status Status = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// WindowsDesktopSessionEnd is emitted when a user ends a Windows desktop session. -message WindowsDesktopSessionEnd { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Session is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // WindowsDesktopService is the name of the service proxying the RDP session. - string WindowsDesktopService = 4 [ (gogoproto.jsontag) = "windows_desktop_service" ]; - // DesktopAddr is the address of the desktop being accessed. - string DesktopAddr = 5 [ (gogoproto.jsontag) = "desktop_addr" ]; - // Domain is the Active Directory domain of the desktop being accessed. - string Domain = 6 [ (gogoproto.jsontag) = "windows_domain" ]; - // WindowsUser is the Windows username used to connect. - string WindowsUser = 7 [ (gogoproto.jsontag) = "windows_user" ]; - // DesktopLabels are the labels on the desktop resource. - map DesktopLabels = 8 [ (gogoproto.jsontag) = "desktop_labels" ]; - // StartTime is the timestamp at which the session began. - google.protobuf.Timestamp StartTime = 9 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = - "session_start,omitempty" // JSON tag intentionally matches SessionEnd event - ]; - // EndTime is the timestamp at which the session ended. - google.protobuf.Timestamp EndTime = 10 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "session_stop,omitempty" - ]; - // DesktopName is the name of the desktop resource. - string DesktopName = 11 [ (gogoproto.jsontag) = "desktop_name" ]; - // Recorded is true if the session was recorded, false otherwise. - bool Recorded = 12 [ (gogoproto.jsontag) = "recorded" ]; - // Participants is a list of participants in the session. - repeated string Participants = 13 [ (gogoproto.jsontag) = "participants" ]; -} - -// CertificateCreate is emitted when a certificate is issued. -message CertificateCreate { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // CertificateType is the type of certificate that was just issued. - string CertificateType = 2 [ (gogoproto.jsontag) = "cert_type,omitempty" ]; - - // Identity is the identity associated with the certificate, as interpreted by Teleport. - Identity Identity = 3 [ (gogoproto.jsontag) = "identity" ]; -} - -// RenewableCertificateGenerationMismatch is emitted when a renewable -// certificiate's generation counter fails to validate, possibly indicating a -// stolen certificate and an invalid renewal attempt. -message RenewableCertificateGenerationMismatch { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // UserMetadata is a common user event metadata. - UserMetadata UserMetadata = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// Unknown is a fallback event used when we don't recognize an event from the backend. -message Unknown { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // UnknownType is the event type extracted from the unknown event. - string UnknownType = 2 [ (gogoproto.jsontag) = "unknown_event" ]; - - // UnknownCode is the event code extracted from the unknown event. - string UnknownCode = 3 [ (gogoproto.jsontag) = "unknown_code,omitempty" ]; - - // Data is the serialized JSON data of the unknown event. - string Data = 4 [ (gogoproto.jsontag) = "data" ]; -} - -// OneOf is a union of one of audit events submitted to the auth service -message OneOf { - // Event is one of the audit events - oneof Event { - events.UserLogin UserLogin = 1; - events.UserCreate UserCreate = 2; - events.UserDelete UserDelete = 3; - events.UserPasswordChange UserPasswordChange = 4; - events.SessionStart SessionStart = 5; - events.SessionJoin SessionJoin = 6; - events.SessionPrint SessionPrint = 7; - events.SessionReject SessionReject = 8; - events.Resize Resize = 9; - events.SessionEnd SessionEnd = 10; - events.SessionCommand SessionCommand = 11; - events.SessionDisk SessionDisk = 12; - events.SessionNetwork SessionNetwork = 13; - events.SessionData SessionData = 14; - events.SessionLeave SessionLeave = 15; - events.PortForward PortForward = 16; - events.X11Forward X11Forward = 17; - events.SCP SCP = 18; - events.Exec Exec = 19; - events.Subsystem Subsystem = 20; - events.ClientDisconnect ClientDisconnect = 21; - events.AuthAttempt AuthAttempt = 22; - events.AccessRequestCreate AccessRequestCreate = 23; - events.UserTokenCreate UserTokenCreate = 24; - events.RoleCreate RoleCreate = 25; - events.RoleDelete RoleDelete = 26; - events.TrustedClusterCreate TrustedClusterCreate = 27; - events.TrustedClusterDelete TrustedClusterDelete = 28; - events.TrustedClusterTokenCreate TrustedClusterTokenCreate = 29; - events.GithubConnectorCreate GithubConnectorCreate = 30; - events.GithubConnectorDelete GithubConnectorDelete = 31; - events.OIDCConnectorCreate OIDCConnectorCreate = 32; - events.OIDCConnectorDelete OIDCConnectorDelete = 33; - events.SAMLConnectorCreate SAMLConnectorCreate = 34; - events.SAMLConnectorDelete SAMLConnectorDelete = 35; - events.KubeRequest KubeRequest = 36; - events.AppSessionStart AppSessionStart = 37; - events.AppSessionChunk AppSessionChunk = 38; - events.AppSessionRequest AppSessionRequest = 39; - events.DatabaseSessionStart DatabaseSessionStart = 40; - events.DatabaseSessionEnd DatabaseSessionEnd = 41; - events.DatabaseSessionQuery DatabaseSessionQuery = 42; - events.SessionUpload SessionUpload = 43; - events.MFADeviceAdd MFADeviceAdd = 44; - events.MFADeviceDelete MFADeviceDelete = 45; - events.BillingInformationUpdate BillingInformationUpdate = 46; - events.BillingCardCreate BillingCardCreate = 47; - events.BillingCardDelete BillingCardDelete = 48; - events.LockCreate LockCreate = 49; - events.LockDelete LockDelete = 50; - events.RecoveryCodeGenerate RecoveryCodeGenerate = 51; - events.RecoveryCodeUsed RecoveryCodeUsed = 52; - events.DatabaseCreate DatabaseCreate = 53; - events.DatabaseUpdate DatabaseUpdate = 54; - events.DatabaseDelete DatabaseDelete = 55; - events.AppCreate AppCreate = 56; - events.AppUpdate AppUpdate = 57; - events.AppDelete AppDelete = 58; - events.WindowsDesktopSessionStart WindowsDesktopSessionStart = 59; - events.WindowsDesktopSessionEnd WindowsDesktopSessionEnd = 60; - events.PostgresParse PostgresParse = 61; - events.PostgresBind PostgresBind = 62; - events.PostgresExecute PostgresExecute = 63; - events.PostgresClose PostgresClose = 64; - events.PostgresFunctionCall PostgresFunctionCall = 65; - events.AccessRequestDelete AccessRequestDelete = 66; - events.SessionConnect SessionConnect = 67; - events.CertificateCreate CertificateCreate = 68; - events.DesktopRecording DesktopRecording = 69; - events.DesktopClipboardSend DesktopClipboardSend = 70; - events.DesktopClipboardReceive DesktopClipboardReceive = 71; - events.MySQLStatementPrepare MySQLStatementPrepare = 72; - events.MySQLStatementExecute MySQLStatementExecute = 73; - events.MySQLStatementSendLongData MySQLStatementSendLongData = 74; - events.MySQLStatementClose MySQLStatementClose = 75; - events.MySQLStatementReset MySQLStatementReset = 76; - events.MySQLStatementFetch MySQLStatementFetch = 77; - events.MySQLStatementBulkExecute MySQLStatementBulkExecute = 78; - events.RenewableCertificateGenerationMismatch RenewableCertificateGenerationMismatch = 79; - events.Unknown Unknown = 80; - events.MySQLInitDB MySQLInitDB = 81; - events.MySQLCreateDB MySQLCreateDB = 82; - events.MySQLDropDB MySQLDropDB = 83; - events.MySQLShutDown MySQLShutDown = 84; - events.MySQLProcessKill MySQLProcessKill = 85; - events.MySQLDebug MySQLDebug = 86; - events.MySQLRefresh MySQLRefresh = 87; - events.AccessRequestResourceSearch AccessRequestResourceSearch = 88; - events.SQLServerRPCRequest SQLServerRPCRequest = 89; - events.DatabaseSessionMalformedPacket DatabaseSessionMalformedPacket = 90; - } -} - -// StreamStatus reflects stream status -message StreamStatus { - // UploadID represents upload ID - string UploadID = 1; - // LastEventIndex updates last event index - int64 LastEventIndex = 2; - // LastUploadTime is the time of the last upload - google.protobuf.Timestamp LastUploadTime = 3 - [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false ]; -} - -// SessionUpload is a session upload -message SessionUpload { - // Metadata is a common event metadata - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // SessionMetadata is a common event session metadata - SessionMetadata SessionMetadata = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - - // ID is a unique event identifier - string UID = 4 [ (gogoproto.jsontag) = "uid,omitempty" ]; - - // URL is where the url the session event data upload is at - string SessionURL = 5 [ (gogoproto.jsontag) = "url" ]; -} - -// Identity matches github.com/gravitational/teleport/lib/tlsca.Identity except -// for RouteToApp and RouteToDatabase which are nullable and Traits which is -// represented as a google.protobuf.Struct (still containing a map from string -// to strings). Field names match other names already used in other events -// rather than the field names in tlsca.Identity. -message Identity { - // User is a username or name of the node connection - string User = 1 [ (gogoproto.jsontag) = "user,omitempty" ]; - // Impersonator is a username of a user impersonating this user - string Impersonator = 2 [ (gogoproto.jsontag) = "impersonator,omitempty" ]; - // Roles is a list of groups (Teleport roles) encoded in the identity - repeated string Roles = 3 [ (gogoproto.jsontag) = "roles,omitempty" ]; - // Usage is a list of usage restrictions encoded in the identity - repeated string Usage = 4 [ (gogoproto.jsontag) = "usage,omitempty" ]; - // Logins is a list of Unix logins allowed. - repeated string Logins = 5 [ (gogoproto.jsontag) = "logins,omitempty" ]; - // KubernetesGroups is a list of Kubernetes groups allowed - repeated string KubernetesGroups = 6 [ (gogoproto.jsontag) = "kubernetes_groups,omitempty" ]; - // KubernetesUsers is a list of Kubernetes users allowed - repeated string KubernetesUsers = 7 [ (gogoproto.jsontag) = "kubernetes_users,omitempty" ]; - // Expires specifies whenever the session will expire - google.protobuf.Timestamp Expires = 8 [ - (gogoproto.stdtime) = true, - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "expires" - ]; - // RouteToCluster specifies the target cluster - // if present in the session - string RouteToCluster = 9 [ (gogoproto.jsontag) = "route_to_cluster,omitempty" ]; - // KubernetesCluster specifies the target kubernetes cluster for TLS - // identities. This can be empty on older Teleport clients. - string KubernetesCluster = 10 [ (gogoproto.jsontag) = "kubernetes_cluster,omitempty" ]; - // Traits hold claim data used to populate a role at runtime. - wrappers.LabelValues Traits = 11 [ - (gogoproto.nullable) = false, - (gogoproto.jsontag) = "traits,omitempty", - (gogoproto.customtype) = "github.com/gravitational/teleport/api/types/wrappers.Traits" - ]; - // RouteToApp holds routing information for applications. Routing metadata - // allows Teleport web proxy to route HTTP requests to the appropriate - // cluster and Teleport application proxy within the cluster. - RouteToApp RouteToApp = 12 [ (gogoproto.jsontag) = "route_to_app,omitempty" ]; - // TeleportCluster is the name of the teleport cluster that this identity - // originated from. For TLS certs this may not be the same as cert issuer, - // in case of multi-hop requests that originate from a remote cluster. - string TeleportCluster = 13 [ (gogoproto.jsontag) = "teleport_cluster,omitempty" ]; - // RouteToDatabase contains routing information for databases. - RouteToDatabase RouteToDatabase = 14 [ (gogoproto.jsontag) = "route_to_database,omitempty" ]; - // DatabaseNames is a list of allowed database names. - repeated string DatabaseNames = 15 [ (gogoproto.jsontag) = "database_names,omitempty" ]; - // DatabaseUsers is a list of allowed database users. - repeated string DatabaseUsers = 16 [ (gogoproto.jsontag) = "database_users,omitempty" ]; - // MFADeviceUUID is the UUID of an MFA device when this Identity was - // confirmed immediately after an MFA check. - string MFADeviceUUID = 17 [ (gogoproto.jsontag) = "mfa_device_uuid,omitempty" ]; - // ClientIP is an observed IP of the client that this Identity represents. - string ClientIP = 18 [ (gogoproto.jsontag) = "client_ip,omitempty" ]; - // AWSRoleARNs is a list of allowed AWS role ARNs user can assume. - repeated string AWSRoleARNs = 19 [ (gogoproto.jsontag) = "aws_role_arns,omitempty" ]; - // AccessRequests is a list of UUIDs of active requests for this Identity. - repeated string AccessRequests = 20 [ (gogoproto.jsontag) = "access_requests,omitempty" ]; - // DisallowReissue is a flag that, if set, instructs the auth server to - // deny any attempts to reissue new certificates while authenticated with - // this certificate. - bool DisallowReissue = 21 [ (gogoproto.jsontag) = "disallow_reissue,omitempty" ]; - // AllowedResourceIds is the list of resources which the identity will be - // allowed to access. An empty list indicates that no resource-specific - // restrictions will be applied. - repeated ResourceID AllowedResourceIDs = 22 - [ (gogoproto.jsontag) = "allowed_resource_ids,omitempty", (gogoproto.nullable) = false ]; -} - -// RouteToApp contains parameters for application access certificate requests. -message RouteToApp { - // Name is the application name certificate is being requested for. - string Name = 1 [ (gogoproto.jsontag) = "name" ]; - // SessionID is the ID of the application session. - string SessionID = 2 [ (gogoproto.jsontag) = "session_id" ]; - // PublicAddr is the application public address. - string PublicAddr = 3 [ (gogoproto.jsontag) = "public_addr" ]; - // ClusterName is the cluster where the application resides. - string ClusterName = 4 [ (gogoproto.jsontag) = "cluster_name" ]; - // AWSRoleARN is the AWS role to assume when accessing AWS API. - string AWSRoleARN = 5 [ (gogoproto.jsontag) = "aws_role_arn,omitempty" ]; -} - -// RouteToDatabase combines parameters for database service routing information. -message RouteToDatabase { - // ServiceName is the Teleport database proxy service name the cert is for. - string ServiceName = 1 [ (gogoproto.jsontag) = "service_name" ]; - // Protocol is the type of the database the cert is for. - string Protocol = 2 [ (gogoproto.jsontag) = "protocol" ]; - // Username is an optional database username to embed. - string Username = 3 [ (gogoproto.jsontag) = "username,omitempty" ]; - // Database is an optional database name to embed. - string Database = 4 [ (gogoproto.jsontag) = "database,omitempty" ]; -} - -// AccessRequestResourceSearch is emitted when a user searches for resources as -// part of a search-based access request -message AccessRequestResourceSearch { - // Metadata is common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is common user metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SearchAsRoles is the list of roles the search was performed as. - repeated string SearchAsRoles = 3 [ (gogoproto.jsontag) = "search_as_roles" ]; - // ResourceType is the type of resource being searched for. - string ResourceType = 4 [ (gogoproto.jsontag) = "resource_type,omitempty" ]; - // Namespace is the namespace of resources. - string Namespace = 5 [ (gogoproto.jsontag) = "namespace,omitempty" ]; - // Labels is the label-based matcher used for the search. - map Labels = 6 [ (gogoproto.jsontag) = "labels,omitempty" ]; - // PredicateExpression is the list of boolean conditions that were used for the search. - string PredicateExpression = 7 [ (gogoproto.jsontag) = "predicate_expression,omitempty" ]; - // SearchKeywords is the list of search keywords used to match against resource field values. - repeated string SearchKeywords = 8 [ (gogoproto.jsontag) = "search_keywords,omitempty" ]; -} - -// MySQLStatementPrepare is emitted when a MySQL client creates a prepared -// statement using the prepared statement protocol. -message MySQLStatementPrepare { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Query is the prepared statement query. - string Query = 5 [ (gogoproto.jsontag) = "query" ]; -} - -// MySQLStatementExecute is emitted when a MySQL client executes a prepared -// statement using the prepared statement protocol. -message MySQLStatementExecute { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; - // Parameters are the parameters used to execute the prepared statement. - repeated string Parameters = 6 [ (gogoproto.jsontag) = "parameters" ]; -} - -// MySQLStatementSendLongData is emitted when a MySQL client sends long bytes -// stream using the prepared statement protocol. -message MySQLStatementSendLongData { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; - // ParameterID is the identifier of the parameter. - uint32 ParameterID = 6 [ (gogoproto.jsontag) = "parameter_id" ]; - // DataSize is the size of the data. - uint32 DataSize = 7 [ (gogoproto.jsontag) = "data_size" ]; -} - -// MySQLStatementClose is emitted when a MySQL client deallocates a prepared -// statement using the prepared statement protocol. -message MySQLStatementClose { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; -} - -// MySQLStatementReset is emitted when a MySQL client resets the data of a -// prepared statement using the prepared statement protocol. -message MySQLStatementReset { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; -} - -// MySQLStatementFetch is emitted when a MySQL client fetches rows from a -// prepared statement using the prepared statement protocol. -message MySQLStatementFetch { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; - // RowsCount is the number of rows to fetch. - uint32 RowsCount = 6 [ (gogoproto.jsontag) = "rows_count" ]; -} - -// MySQLStatementBulkExecute is emitted when a MySQL client executes a bulk -// insert of a prepared statement using the prepared statement protocol. -message MySQLStatementBulkExecute { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // StatementID is the identifier of the prepared statement. - uint32 StatementID = 5 [ (gogoproto.jsontag) = "statement_id" ]; - // Parameters are the parameters used to execute the prepared statement. - repeated string Parameters = 6 [ (gogoproto.jsontag) = "parameters" ]; -} - -// MySQLInitDB is emitted when a MySQL client changes the default schema for -// the connection. -message MySQLInitDB { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SchemaName is the name of the schema to use. - string SchemaName = 5 [ (gogoproto.jsontag) = "schema_name" ]; -} - -// MySQLCreateDB is emitted when a MySQL client creates a schema. -message MySQLCreateDB { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SchemaName is the name of the schema to create. - string SchemaName = 5 [ (gogoproto.jsontag) = "schema_name" ]; -} - -// MySQLDropDB is emitted when a MySQL client drops a schema. -message MySQLDropDB { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SchemaName is the name of the schema to drop. - string SchemaName = 5 [ (gogoproto.jsontag) = "schema_name" ]; -} - -// MySQLShutDown is emitted when a MySQL client asks the server to shut down. -message MySQLShutDown { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// MySQLProcessKill is emitted when a MySQL client asks the server to terminate -// a connection. -message MySQLProcessKill { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // ProcessID is the process ID of a connection. - uint32 ProcessID = 5 [ (gogoproto.jsontag) = "process_id" ]; -} - -// MySQLDebug is emitted when a MySQL client asks the server to dump internal -// debug info to stdout. -message MySQLDebug { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; -} - -// MySQLRefresh is emitted when a MySQL client sends refresh commands. -message MySQLRefresh { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Subcommand is the string representation of the subcommand. - string Subcommand = 5 [ (gogoproto.jsontag) = "subcommand" ]; -} - -// SQLServerRPCRequest is emitted when a user executes a MSSQL Server RPC command. -message SQLServerRPCRequest { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Procname is the RPC SQL Server procedure name. - string Procname = 5 [ (gogoproto.jsontag) = "procname,omitempty" ]; - // Parameters are the RPC parameters used to execute RPC Procedure.. - repeated string Parameters = 6 [ (gogoproto.jsontag) = "parameters,omitempty" ]; -} - -// DatabaseSessionMalformedPacket is emitted when a database sends a malformed packet. -message DatabaseSessionMalformedPacket { - // Metadata is a common event metadata. - Metadata Metadata = 1 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // User is a common user event metadata. - UserMetadata User = 2 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // SessionMetadata is a common event session metadata. - SessionMetadata Session = 3 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Database contains database related metadata. - DatabaseMetadata Database = 4 - [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; - // Payload is the malformed packet payload. - bytes Payload = 5 [ (gogoproto.jsontag) = "payload,omitempty" ]; -} diff --git a/api/types/events/oneof.go b/api/types/events/oneof.go index 5468c626b9b72..2e1dae098a3a8 100644 --- a/api/types/events/oneof.go +++ b/api/types/events/oneof.go @@ -191,6 +191,10 @@ func ToOneOf(in AuditEvent) (*OneOf, error) { out.Event = &OneOf_AppSessionStart{ AppSessionStart: e, } + case *AppSessionEnd: + out.Event = &OneOf_AppSessionEnd{ + AppSessionEnd: e, + } case *AppSessionChunk: out.Event = &OneOf_AppSessionChunk{ AppSessionChunk: e, @@ -387,6 +391,10 @@ func ToOneOf(in AuditEvent) (*OneOf, error) { out.Event = &OneOf_SQLServerRPCRequest{ SQLServerRPCRequest: e, } + case *ElasticsearchRequest: + out.Event = &OneOf_ElasticsearchRequest{ + ElasticsearchRequest: e, + } case *DatabaseSessionMalformedPacket: out.Event = &OneOf_DatabaseSessionMalformedPacket{ DatabaseSessionMalformedPacket: e, @@ -395,6 +403,22 @@ func ToOneOf(in AuditEvent) (*OneOf, error) { out.Event = &OneOf_RenewableCertificateGenerationMismatch{ RenewableCertificateGenerationMismatch: e, } + case *SFTP: + out.Event = &OneOf_SFTP{ + SFTP: e, + } + case *UpgradeWindowStartUpdate: + out.Event = &OneOf_UpgradeWindowStartUpdate{ + UpgradeWindowStartUpdate: e, + } + case *SessionRecordingAccess: + out.Event = &OneOf_SessionRecordingAccess{ + SessionRecordingAccess: e, + } + case *SSMRun: + out.Event = &OneOf_SSMRun{ + SSMRun: e, + } case *Unknown: out.Event = &OneOf_Unknown{ Unknown: e, diff --git a/api/types/events/resource_ids.go b/api/types/events/resource_ids.go new file mode 100644 index 0000000000000..e827e7c320a91 --- /dev/null +++ b/api/types/events/resource_ids.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package events + +import "github.com/gravitational/teleport/api/types" + +// EventResourceIDs converts a []ResourceID to a []events.ResourceID +func ResourceIDs(resourceIDs []types.ResourceID) []ResourceID { + if resourceIDs == nil { + return nil + } + out := make([]ResourceID, len(resourceIDs)) + for i := range resourceIDs { + out[i].ClusterName = resourceIDs[i].ClusterName + out[i].Kind = resourceIDs[i].Kind + out[i].Name = resourceIDs[i].Name + } + return out +} diff --git a/api/types/github.go b/api/types/github.go index b4c954c68b04a..47f18a7a4ac4b 100644 --- a/api/types/github.go +++ b/api/types/github.go @@ -308,7 +308,7 @@ func (r *GithubAuthRequest) Check() error { if err != nil { return trace.BadParameter("bad PublicKey: %v", err) } - if (r.CertTTL.Duration() > defaults.MaxCertDuration) || (r.CertTTL.Duration() < defaults.MinCertDuration) { + if (r.CertTTL > defaults.MaxCertDuration) || (r.CertTTL < defaults.MinCertDuration) { return trace.BadParameter("wrong CertTTL") } } diff --git a/api/types/installer.go b/api/types/installer.go new file mode 100644 index 0000000000000..f4f54636fb4c0 --- /dev/null +++ b/api/types/installer.go @@ -0,0 +1,137 @@ +/** + * Copyright 2022 Gravitational, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package types + +import ( + "time" + + "github.com/gravitational/trace" +) + +// Installer is an installer script rseource +type Installer interface { + Resource + + // GetScript returns the contents of the installer script + GetScript() string + // SetScript sets the installer script + SetScript(string) + + String() string +} + +// NewInstallerV1 returns a new installer resource +func NewInstallerV1(name, script string) (*InstallerV1, error) { + installer := &InstallerV1{ + Metadata: Metadata{ + Name: name, + }, + Spec: InstallerSpecV1{ + Script: script, + }, + } + if err := installer.CheckAndSetDefaults(); err != nil { + return nil, trace.Wrap(err) + } + return installer, nil +} + +// MustNewInstallerV1 creates a new installer resource from the provided script. +// +// Panics in case of any error when creating the resource. +func MustNewInstallerV1(name, script string) *InstallerV1 { + inst, err := NewInstallerV1(name, script) + if err != nil { + panic(err) + } + return inst +} + +// CheckAndSetDefaults implements Installer +func (c *InstallerV1) CheckAndSetDefaults() error { + c.setStaticFields() + return trace.Wrap(c.Metadata.CheckAndSetDefaults()) +} + +// GetVersion returns resource version. +func (c *InstallerV1) GetVersion() string { + return c.Version +} + +// GetName returns the name of the resource. +func (c *InstallerV1) GetName() string { + return c.Metadata.Name +} + +// SetName sets the name of the resource. +func (c *InstallerV1) SetName(e string) { + c.Metadata.Name = e +} + +// SetExpiry sets expiry time for the object. +func (c *InstallerV1) SetExpiry(expires time.Time) { + c.Metadata.SetExpiry(expires) +} + +// Expiry returns object expiry setting. +func (c *InstallerV1) Expiry() time.Time { + return c.Metadata.Expiry() +} + +// GetMetadata returns object metadata. +func (c *InstallerV1) GetMetadata() Metadata { + return c.Metadata +} + +// GetResourceID returns resource ID. +func (c *InstallerV1) GetResourceID() int64 { + return c.Metadata.ID +} + +// SetResourceID sets resource ID. +func (c *InstallerV1) SetResourceID(id int64) { + c.Metadata.ID = id +} + +// GetKind returns resource kind. +func (c *InstallerV1) GetKind() string { + return c.Kind +} + +// GetSubKind returns resource subkind. +func (c *InstallerV1) GetSubKind() string { + return c.SubKind +} + +// SetSubKind sets resource subkind. +func (c *InstallerV1) SetSubKind(sk string) { + c.SubKind = sk +} + +func (c *InstallerV1) GetScript() string { + return c.Spec.Script +} + +func (c *InstallerV1) SetScript(s string) { + c.Spec.Script = s +} + +// setStaticFields sets static resource header and metadata fields. +func (c *InstallerV1) setStaticFields() { + c.Kind = KindInstaller + c.Version = V1 +} diff --git a/api/types/installers/installer.sh.tmpl b/api/types/installers/installer.sh.tmpl new file mode 100644 index 0000000000000..81654fbdb00d3 --- /dev/null +++ b/api/types/installers/installer.sh.tmpl @@ -0,0 +1,46 @@ +#!/bin/sh +( + flock -n 9 || exit 1 + if test -f /usr/local/bin/teleport; then + exit 0 + fi + + distro_id="$(awk -F= '$1 == "ID" { print tolower($2) }' /etc/os-release | xargs echo)" + if [ "$distro_id" = "debian" ] || [ "$distro_id" = "ubuntu" ]; then + sudo curl https://deb.releases.teleport.dev/teleport-pubkey.asc \ + -o /usr/share/keyrings/teleport-archive-keyring.asc + . /etc/os-release + echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/{{ .MajorVersion }}" | + sudo tee /etc/apt/sources.list.d/teleport.list >/dev/null + sudo apt-get update + sudo apt-get install teleport jq + elif [ "$distro_id" = "amzn" ] || [ "$distro_id" = "rhel" ]; then + . /etc/os-release + sudo yum-config-manager --add-repo \ + "$(rpm --eval "https://yum.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/stable/{{ .MajorVersion }}/teleport.repo")" + sudo yum install -y teleport jq + else + echo "Unsupported distro: $distro_id" + exit 1 + fi + + IMDS_TOKEN=$(curl -m5 -sS -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 300") + INSTANCE_INFO=$(curl -m5 -sS -H "X-aws-ec2-metadata-token: ${IMDS_TOKEN}" http://169.254.169.254/latest/dynamic/instance-identity/document) + + ACCOUNT_ID="$(echo "$INSTANCE_INFO" | jq -r .accountId)" + INSTANCE_ID="$(echo "$INSTANCE_INFO" | jq -r .instanceId)" + + # generate teleport ssh config + # token is read as a parameter from the AWS ssm script run and + # passed as the first argument to the script + sudo /usr/local/bin/teleport node configure \ + --auth-server="{{ .PublicProxyAddr }}" \ + --join-method=iam \ + --token="$1" \ + --output=file \ + --labels="teleport.dev/instance-id=${INSTANCE_ID},teleport.dev/account-id=${ACCOUNT_ID}" + + # enable and start teleport service + sudo systemctl enable --now teleport + +) 9>/var/lock/teleport_install.lock diff --git a/api/types/installers/installers.go b/api/types/installers/installers.go new file mode 100644 index 0000000000000..bf07be57afe7b --- /dev/null +++ b/api/types/installers/installers.go @@ -0,0 +1,43 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package installers + +import ( + _ "embed" + + "github.com/gravitational/teleport/api/types" +) + +//go:embed installer.sh.tmpl +var defaultInstallScript string + +// InstallerScriptName is the name of the by default populated, EC2 +// installer script +const InstallerScriptName = "default-installer" + +// DefaultInstaller represents a the default installer script provided +// by teleport +var DefaultInstaller = types.MustNewInstallerV1(InstallerScriptName, defaultInstallScript) + +// Template is used to fill proxy address and version information into +// the installer script +type Template struct { + // PublicProxyAddr is public address of the proxy + PublicProxyAddr string + // MajorVersion is the major version of the Teleport auth node + MajorVersion string +} diff --git a/api/types/license.go b/api/types/license.go index 59ccbdfb2807a..630c094850568 100644 --- a/api/types/license.go +++ b/api/types/license.go @@ -76,6 +76,16 @@ type License interface { // SetSupportsModeratedSessions sets moderated sessions support flag SetSupportsModeratedSessions(Bool) + // GetSupportsMachineID returns MachineID support flag + GetSupportsMachineID() Bool + // SetSupportsMachineID sets MachineID support flag + SetSupportsMachineID(Bool) + + // GetSupportsResourceAccessRequests returns resource access requests support flag + GetSupportsResourceAccessRequests() Bool + // SetSupportsResourceAccessRequests sets resource access requests support flag + SetSupportsResourceAccessRequests(Bool) + // SetLabels sets metadata labels SetLabels(labels map[string]string) @@ -299,6 +309,26 @@ func (c *LicenseV3) SetSupportsModeratedSessions(value Bool) { c.Spec.SupportsModeratedSessions = value } +// GetSupportsMachineID returns MachineID support flag +func (c *LicenseV3) GetSupportsMachineID() Bool { + return c.Spec.SupportsMachineID +} + +// SetSupportsMachineID sets MachineID support flag +func (c *LicenseV3) SetSupportsMachineID(value Bool) { + c.Spec.SupportsMachineID = value +} + +// GetSupportsResourceAccessRequests returns resource access requests support flag +func (c *LicenseV3) GetSupportsResourceAccessRequests() Bool { + return c.Spec.SupportsResourceAccessRequests +} + +// SetSupportsResourceAccessRequests sets resource access requests support flag +func (c *LicenseV3) SetSupportsResourceAccessRequests(value Bool) { + c.Spec.SupportsResourceAccessRequests = value +} + // String represents a human readable version of license enabled features func (c *LicenseV3) String() string { var features []string @@ -323,6 +353,12 @@ func (c *LicenseV3) String() string { if c.GetSupportsModeratedSessions() { features = append(features, "supports moderated sessions") } + if c.GetSupportsMachineID() { + features = append(features, "supports Machine ID") + } + if c.GetSupportsResourceAccessRequests() { + features = append(features, "supports resource access requests") + } if c.GetCloud() { features = append(features, "is hosted by Gravitational") } @@ -361,4 +397,8 @@ type LicenseSpecV3 struct { Cloud Bool `json:"cloud,omitempty"` // SupportsModeratedSessions turns on moderated sessions SupportsModeratedSessions Bool `json:"moderated_sessions,omitempty"` + // SupportsMachineID turns MachineID support on or off + SupportsMachineID Bool `json:"machine_id,omitempty"` + // SupportsResourceAccessRequests turns resource access request support on or off + SupportsResourceAccessRequests Bool `json:"resource_access_requests,omitempty"` } diff --git a/build.assets/tooling/cmd/get-webapps-version/main_test.go b/api/types/mfa.go similarity index 51% rename from build.assets/tooling/cmd/get-webapps-version/main_test.go rename to api/types/mfa.go index 2d7d399f08765..23a8dbcd3d696 100644 --- a/build.assets/tooling/cmd/get-webapps-version/main_test.go +++ b/api/types/mfa.go @@ -12,28 +12,29 @@ // See the License for the specific language governing permissions and // limitations under the License. -package main +package types import ( - "testing" - - "github.com/stretchr/testify/require" + proto "github.com/gogo/protobuf/proto" + "github.com/gravitational/trace" ) -func TestWebappsVersion(t *testing.T) { - for _, test := range []struct { - desc string - droneTag string - targetBranch string - want string - }{ - {desc: "prefer tag", droneTag: "v9.2.0", want: "v9.2.0"}, - {desc: "maps branches", targetBranch: "branch/v9", want: "teleport-v9"}, - {desc: "fallback master", targetBranch: "foobar", want: "master"}, - } { - t.Run(test.desc, func(t *testing.T) { - require.Equal(t, test.want, - webappsVersion(test.droneTag, test.targetBranch)) - }) +func (d *MFADevice) WithoutSensitiveData() (*MFADevice, error) { + if d == nil { + return nil, trace.BadParameter("cannot hide sensitive data on empty object") + } + out := proto.Clone(d).(*MFADevice) + + switch mfad := out.Device.(type) { + case *MFADevice_Totp: + mfad.Totp.Key = "" + case *MFADevice_U2F: + // OK, no sensitive secrets. + case *MFADevice_Webauthn: + // OK, no sensitive secrets. + default: + return nil, trace.BadParameter("unsupported MFADevice type %T", d.Device) } + + return out, nil } diff --git a/api/types/networking.go b/api/types/networking.go index fda432aa6f040..912e8edf918f7 100644 --- a/api/types/networking.go +++ b/api/types/networking.go @@ -100,6 +100,12 @@ type ClusterNetworkingConfig interface { // SetTunnelStrategy sets the tunnel strategy. SetTunnelStrategy(*TunnelStrategyV1) + + // GetProxyPingInterval gets the proxy ping interval. + GetProxyPingInterval() time.Duration + + // SetProxyPingInterval sets the proxy ping interval. + SetProxyPingInterval(time.Duration) } // NewClusterNetworkingConfigFromConfigFile is a convenience method to create @@ -353,6 +359,16 @@ func (c *ClusterNetworkingConfigV2) CheckAndSetDefaults() error { return nil } +// GetProxyPingInterval gets the proxy ping interval. +func (c *ClusterNetworkingConfigV2) GetProxyPingInterval() time.Duration { + return c.Spec.ProxyPingInterval.Duration() +} + +// SetProxyPingInterval sets the proxy ping interval. +func (c *ClusterNetworkingConfigV2) SetProxyPingInterval(interval time.Duration) { + c.Spec.ProxyPingInterval = Duration(interval) +} + // MarshalYAML defines how a proxy listener mode should be marshalled to a string func (p ProxyListenerMode) MarshalYAML() (interface{}, error) { return strings.ToLower(p.String()), nil diff --git a/api/types/oidc.go b/api/types/oidc.go index 4e5ec93a76a75..5d28b7b11da5b 100644 --- a/api/types/oidc.go +++ b/api/types/oidc.go @@ -77,6 +77,8 @@ type OIDCConnector interface { SetScope([]string) // SetClaimsToRoles sets dynamic mapping from claims to roles SetClaimsToRoles([]ClaimMapping) + // GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username. + GetUsernameClaim() string // SetDisplay sets friendly name for this provider. SetDisplay(string) // GetGoogleServiceAccountURI returns path to google service account URI @@ -89,6 +91,8 @@ type OIDCConnector interface { // https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority // "Note: Although you can use service accounts in applications that run from a Google Workspace (formerly G Suite) domain, service accounts are not members of your Google Workspace account and aren’t subject to domain policies set by administrators. For example, a policy set in the Google Workspace admin console to restrict the ability of end users to share documents outside of the domain would not apply to service accounts." GetGoogleAdminEmail() string + // GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users. + GetAllowUnverifiedEmail() bool } // NewOIDCConnector returns a new OIDCConnector based off a name and OIDCConnectorSpecV3. @@ -306,6 +310,11 @@ func (o *OIDCConnectorV3) GetScope() []string { return o.Spec.Scope } +// GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username. +func (o *OIDCConnectorV3) GetUsernameClaim() string { + return o.Spec.UsernameClaim +} + // GetClaimsToRoles specifies dynamic mapping from claims to roles func (o *OIDCConnectorV3) GetClaimsToRoles() []ClaimMapping { return o.Spec.ClaimsToRoles @@ -424,6 +433,11 @@ func (o *OIDCConnectorV3) CheckSetRedirectURL() { } } +// GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users. +func (o *OIDCConnectorV3) GetAllowUnverifiedEmail() bool { + return o.Spec.AllowUnverifiedEmail +} + // Check returns nil if all parameters are great, err otherwise func (i *OIDCAuthRequest) Check() error { if i.ConnectorID == "" { @@ -437,7 +451,7 @@ func (i *OIDCAuthRequest) Check() error { if err != nil { return trace.BadParameter("PublicKey: bad key: %v", err) } - if (i.CertTTL.Duration() > defaults.MaxCertDuration) || (i.CertTTL.Duration() < defaults.MinCertDuration) { + if (i.CertTTL > defaults.MaxCertDuration) || (i.CertTTL < defaults.MinCertDuration) { return trace.BadParameter("CertTTL: wrong certificate TTL") } } diff --git a/api/types/provisioning.go b/api/types/provisioning.go index 5f6549bf22900..375cce5aaa3a1 100644 --- a/api/types/provisioning.go +++ b/api/types/provisioning.go @@ -58,6 +58,10 @@ type ProvisionToken interface { GetJoinMethod() JoinMethod // GetBotName returns the BotName field which must be set for joining bots. GetBotName() string + + // GetSuggestedLabels returns the set of labels that the resource should add when adding itself to the cluster + GetSuggestedLabels() Labels + // V1 returns V1 version of the resource V1() *ProvisionTokenV1 // String returns user friendly representation of the resource @@ -250,6 +254,11 @@ func (p *ProvisionTokenV2) SetMetadata(meta Metadata) { p.Metadata = meta } +// GetSuggestedLabels returns the labels the resource should set when using this token +func (p *ProvisionTokenV2) GetSuggestedLabels() Labels { + return p.Spec.SuggestedLabels +} + // V1 returns V1 version of the resource func (p *ProvisionTokenV2) V1() *ProvisionTokenV1 { return &ProvisionTokenV1{ diff --git a/api/types/resource.go b/api/types/resource.go index 7f9be4eb9511a..0fe23e1956f38 100644 --- a/api/types/resource.go +++ b/api/types/resource.go @@ -172,6 +172,19 @@ func (r ResourcesWithLabels) AsWindowsDesktops() ([]WindowsDesktop, error) { return desktops, nil } +// AsWindowsDesktopServices converts each resource into type WindowsDesktop. +func (r ResourcesWithLabels) AsWindowsDesktopServices() ([]WindowsDesktopService, error) { + desktopServices := make([]WindowsDesktopService, 0, len(r)) + for _, resource := range r { + desktopService, ok := resource.(WindowsDesktopService) + if !ok { + return nil, trace.BadParameter("expected types.WindowsDesktopService, got: %T", resource) + } + desktopServices = append(desktopServices, desktopService) + } + return desktopServices, nil +} + // AsKubeClusters converts each resource into type KubeCluster. func (r ResourcesWithLabels) AsKubeClusters() ([]KubeCluster, error) { clusters := make([]KubeCluster, 0, len(r)) diff --git a/api/types/resource_ids.go b/api/types/resource_ids.go index 07fa6df51d40f..aca9b45c45fec 100644 --- a/api/types/resource_ids.go +++ b/api/types/resource_ids.go @@ -21,7 +21,6 @@ import ( "fmt" "strings" - "github.com/gravitational/teleport/api/types/events" "github.com/gravitational/teleport/api/utils" "github.com/gravitational/trace" ) @@ -109,17 +108,3 @@ func ResourceIDsFromString(raw string) ([]ResourceID, error) { } return resourceIDs, nil } - -// EventResourceIDs converts a []ResourceID to a []events.ResourceID -func EventResourceIDs(resourceIDs []ResourceID) []events.ResourceID { - if resourceIDs == nil { - return nil - } - out := make([]events.ResourceID, len(resourceIDs)) - for i := range resourceIDs { - out[i].ClusterName = resourceIDs[i].ClusterName - out[i].Kind = resourceIDs[i].Kind - out[i].Name = resourceIDs[i].Name - } - return out -} diff --git a/api/types/resource_test.go b/api/types/resource_test.go index 87fd5f775b7bf..889308752915e 100644 --- a/api/types/resource_test.go +++ b/api/types/resource_test.go @@ -282,7 +282,9 @@ func TestMatchSearch_ResourceSpecific(t *testing.T) { name: "desktop service", searchNotDefined: true, newResource: func() ResourceWithLabels { - desktopService, err := NewWindowsDesktopServiceV3("_", WindowsDesktopServiceSpecV3{ + desktopService, err := NewWindowsDesktopServiceV3(Metadata{ + Name: "foo", + }, WindowsDesktopServiceSpecV3{ Addr: "_", TeleportVersion: "_", }) diff --git a/api/types/role.go b/api/types/role.go index 90e3632c5d76b..a24dac52f6b11 100644 --- a/api/types/role.go +++ b/api/types/role.go @@ -704,6 +704,9 @@ func (r *RoleV5) CheckAndSetDefaults() error { if r.Spec.Options.CreateHostUser == nil { r.Spec.Options.CreateHostUser = NewBoolOption(false) } + if r.Spec.Options.SSHFileCopy == nil { + r.Spec.Options.SSHFileCopy = NewBoolOption(true) + } switch r.Version { case V3: diff --git a/api/types/saml.go b/api/types/saml.go index bd9532854f9d3..50f2a14a3f1c9 100644 --- a/api/types/saml.go +++ b/api/types/saml.go @@ -88,6 +88,10 @@ type SAMLConnector interface { GetEncryptionKeyPair() *AsymmetricKeyPair // SetEncryptionKeyPair sets the key pair for SAML assertions. SetEncryptionKeyPair(k *AsymmetricKeyPair) + // GetAllowIDPInitiated returns whether the identity provider can initiate a login or not. + GetAllowIDPInitiated() bool + // SetAllowIDPInitiated sets whether the identity provider can initiate a login or not. + SetAllowIDPInitiated(bool) } // NewSAMLConnector returns a new SAMLConnector based off a name and SAMLConnectorSpecV2. @@ -332,6 +336,16 @@ func (o *SAMLConnectorV2) SetEncryptionKeyPair(k *AsymmetricKeyPair) { o.Spec.EncryptionKeyPair = k } +// GetAllowIDPInitiated returns whether the identity provider can initiate a login or not. +func (o *SAMLConnectorV2) GetAllowIDPInitiated() bool { + return o.Spec.AllowIDPInitiated +} + +// SetAllowIDPInitiated sets whether the identity provider can initiate a login or not. +func (o *SAMLConnectorV2) SetAllowIDPInitiated(allow bool) { + o.Spec.AllowIDPInitiated = allow +} + // setStaticFields sets static resource header and metadata fields. func (o *SAMLConnectorV2) setStaticFields() { o.Kind = KindSAMLConnector @@ -380,7 +394,7 @@ func (i *SAMLAuthRequest) Check() error { if err != nil { return trace.BadParameter("PublicKey: bad key: %v", err) } - if (i.CertTTL.Duration() > defaults.MaxCertDuration) || (i.CertTTL.Duration() < defaults.MinCertDuration) { + if (i.CertTTL > defaults.MaxCertDuration) || (i.CertTTL < defaults.MinCertDuration) { return trace.BadParameter("CertTTL: wrong certificate TTL") } } diff --git a/api/types/session.go b/api/types/session.go index 336d40a425631..7ed84931ffada 100644 --- a/api/types/session.go +++ b/api/types/session.go @@ -88,6 +88,10 @@ type WebSession interface { WithoutSecrets() WebSession // String returns string representation of the session. String() string + // SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained. + SetConsumedAccessRequestID(string) + // GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained. + GetConsumedAccessRequestID() string } // NewWebSession returns new instance of the web session based on the V2 spec @@ -172,6 +176,16 @@ func (ws *WebSessionV2) WithoutSecrets() WebSession { return ws } +// SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained. +func (ws *WebSessionV2) SetConsumedAccessRequestID(requestID string) { + ws.Spec.ConsumedAccessRequestID = requestID +} + +// GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained. +func (ws *WebSessionV2) GetConsumedAccessRequestID() string { + return ws.Spec.ConsumedAccessRequestID +} + // setStaticFields sets static resource header and metadata fields. func (ws *WebSessionV2) setStaticFields() { ws.Version = V2 diff --git a/api/types/session_tracker.go b/api/types/session_tracker.go index 37ad0984b2722..b4736d5e56519 100644 --- a/api/types/session_tracker.go +++ b/api/types/session_tracker.go @@ -106,6 +106,9 @@ type SessionTracker interface { // GetHostPolicySets returns a list of policy sets held by the host user at the time of session creation. // This a subset of a role that contains some versioning and naming information in addition to the require policies GetHostPolicySets() []*SessionTrackerPolicySet + + // GetLastActive returns the time at which the session was last active (i.e used by any participant). + GetLastActive() time.Time } func NewSessionTracker(spec SessionTrackerSpecV1) (SessionTracker, error) { @@ -333,3 +336,16 @@ func (s *SessionTrackerV1) UpdatePresence(user string) error { func (s *SessionTrackerV1) GetHostPolicySets() []*SessionTrackerPolicySet { return s.Spec.HostPolicies } + +// GetLastActive returns the time at which the session was last active (i.e used by any participant). +func (s *SessionTrackerV1) GetLastActive() time.Time { + var last time.Time + + for _, participant := range s.Spec.Participants { + if participant.LastActive.After(last) { + last = participant.LastActive + } + } + + return last +} diff --git a/api/types/system_role.go b/api/types/system_role.go index 4d53c8f2717bd..8f14402ac8658 100644 --- a/api/types/system_role.go +++ b/api/types/system_role.go @@ -60,6 +60,16 @@ const ( RoleWindowsDesktop SystemRole = "WindowsDesktop" // RoleBot is a role for a bot. RoleBot SystemRole = "Bot" + // RoleInstance is a role implicitly held by teleport servers (i.e. any teleport + // auth token which grants a server role such as proxy/node/etc also implicitly + // grants the instance role, and any valid cert that proves that the caller holds + // a server role also implies that the caller holds the instance role). This role + // doesn't grant meaningful privileges on its own, but is a useful placeholder in + // contexts such as multi-role certs where there is no particular system role that + // is "primary". + RoleInstance SystemRole = "Instance" + // RoleDiscovery is a role for discovery nodes in the cluster + RoleDiscovery SystemRole = "Discovery" ) // roleMappings maps a set of allowed lowercase system role names @@ -82,6 +92,22 @@ var roleMappings = map[string]SystemRole{ "windowsdesktop": RoleWindowsDesktop, "windows_desktop": RoleWindowsDesktop, "bot": RoleBot, + "instance": RoleInstance, + "discovery": RoleDiscovery, +} + +// localServiceMappings is the subset of role mappings which happen to be true +// teleport services (e.g. db, kube, etc), excluding those which represent remote +// services (i.e. remoteproxy). +var localServiceMappings = map[SystemRole]struct{}{ + RoleAuth: {}, + RoleNode: {}, + RoleProxy: {}, + RoleKube: {}, + RoleApp: {}, + RoleDatabase: {}, + RoleWindowsDesktop: {}, + RoleDiscovery: {}, } // NewTeleportRoles return a list of teleport roles from slice of strings @@ -222,3 +248,11 @@ func (r *SystemRole) Check() error { return trace.BadParameter("role %v is not registered", *r) } + +// IsLocalService checks if the given system role is a teleport service (e.g. auth), +// as opposed to some non-service role (e.g. admin). Excludes remote services such +// as remoteproxy. +func (r *SystemRole) IsLocalService() bool { + _, ok := localServiceMappings[*r] + return ok +} diff --git a/api/types/trust.go b/api/types/trust.go index a2be4627b6e85..6f4fac3f90972 100644 --- a/api/types/trust.go +++ b/api/types/trust.go @@ -60,8 +60,8 @@ type CertAuthID struct { DomainName string `json:"domain_name"` } -func (c *CertAuthID) String() string { - return fmt.Sprintf("CA(type=%v, domain=%v)", c.Type, c.DomainName) +func (c CertAuthID) String() string { + return fmt.Sprintf("CA(type=%q, domain=%q)", c.Type, c.DomainName) } // Check returns error if any of the id parameters are bad, nil otherwise diff --git a/api/types/types.pb.go b/api/types/types.pb.go index 74a2ee171cc69..a7a9877c3111c 100644 --- a/api/types/types.pb.go +++ b/api/types/types.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: types.proto +// source: teleport/legacy/types/types.proto package types @@ -9,10 +9,10 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/timestamp" github_com_gravitational_teleport_api_constants "github.com/gravitational/teleport/api/constants" _ "github.com/gravitational/teleport/api/types/wrappers" github_com_gravitational_teleport_api_types_wrappers "github.com/gravitational/teleport/api/types/wrappers" + _ "google.golang.org/protobuf/types/known/timestamppb" io "io" math "math" math_bits "math/bits" @@ -61,7 +61,7 @@ func (x DatabaseTLSMode) String() string { } func (DatabaseTLSMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{0} + return fileDescriptor_9198ee693835762e, []int{0} } // PrivateKeyType is the storage type of a private key. @@ -89,7 +89,7 @@ func (x PrivateKeyType) String() string { } func (PrivateKeyType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{1} + return fileDescriptor_9198ee693835762e, []int{1} } // ProxyListenerMode represents the cluster proxy listener mode. @@ -119,7 +119,7 @@ func (x ProxyListenerMode) String() string { } func (ProxyListenerMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{2} + return fileDescriptor_9198ee693835762e, []int{2} } // RoutingStrategy determines the strategy used to route to nodes. @@ -147,7 +147,7 @@ func (x RoutingStrategy) String() string { } func (RoutingStrategy) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{3} + return fileDescriptor_9198ee693835762e, []int{3} } // UserTokenUsage contains additional information about the intended usage of a user token. @@ -184,7 +184,7 @@ func (x UserTokenUsage) String() string { } func (UserTokenUsage) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{4} + return fileDescriptor_9198ee693835762e, []int{4} } // RequestState represents the state of a request for escalated privilege. @@ -223,7 +223,7 @@ func (x RequestState) String() string { } func (RequestState) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{5} + return fileDescriptor_9198ee693835762e, []int{5} } // CertExtensionMode specifies the type of extension to use in the cert. @@ -248,7 +248,7 @@ func (x CertExtensionMode) String() string { } func (CertExtensionMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{6} + return fileDescriptor_9198ee693835762e, []int{6} } // CertExtensionType represents the certificate type the extension is for. @@ -273,7 +273,7 @@ func (x CertExtensionType) String() string { } func (CertExtensionType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{7} + return fileDescriptor_9198ee693835762e, []int{7} } // SessionState represents the state of a session. @@ -307,7 +307,37 @@ func (x SessionState) String() string { } func (SessionState) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{8} + return fileDescriptor_9198ee693835762e, []int{8} +} + +// AlertSeverity represents how problematic/urgent an alert is, and is used to assist +// in sorting alerts for display. +type AlertSeverity int32 + +const ( + AlertSeverity_LOW AlertSeverity = 0 + AlertSeverity_MEDIUM AlertSeverity = 5 + AlertSeverity_HIGH AlertSeverity = 10 +) + +var AlertSeverity_name = map[int32]string{ + 0: "LOW", + 5: "MEDIUM", + 10: "HIGH", +} + +var AlertSeverity_value = map[string]int32{ + "LOW": 0, + "MEDIUM": 5, + "HIGH": 10, +} + +func (x AlertSeverity) String() string { + return proto.EnumName(AlertSeverity_name, int32(x)) +} + +func (AlertSeverity) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{9} } // Type is the type of keep alive, used by servers. At the moment only @@ -346,7 +376,7 @@ func (x KeepAlive_KeepAliveType) String() string { } func (KeepAlive_KeepAliveType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{0, 0} + return fileDescriptor_9198ee693835762e, []int{0, 0} } // SigningAlg is the algorithm used for signing new SSH certificates using @@ -379,7 +409,115 @@ func (x CertAuthoritySpecV2_SigningAlgType) String() string { } func (CertAuthoritySpecV2_SigningAlgType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{38, 0} + return fileDescriptor_9198ee693835762e, []int{39, 0} +} + +// FIPSEndpointState represents an AWS FIPS endpoint state. +type ClusterAuditConfigSpecV2_FIPSEndpointState int32 + +const ( + // FIPS_UNSET allows setting FIPS state for AWS S3/Dynamo using configuration files or + // environment variables + ClusterAuditConfigSpecV2_FIPS_UNSET ClusterAuditConfigSpecV2_FIPSEndpointState = 0 + // FIPS_ENABLED explicitly enables FIPS support for AWS S3/Dynamo + ClusterAuditConfigSpecV2_FIPS_ENABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 1 + // FIPS_DISABLED explicitly disables FIPS support for AWS S3/Dynamo + ClusterAuditConfigSpecV2_FIPS_DISABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 2 +) + +var ClusterAuditConfigSpecV2_FIPSEndpointState_name = map[int32]string{ + 0: "FIPS_UNSET", + 1: "FIPS_ENABLED", + 2: "FIPS_DISABLED", +} + +var ClusterAuditConfigSpecV2_FIPSEndpointState_value = map[string]int32{ + "FIPS_UNSET": 0, + "FIPS_ENABLED": 1, + "FIPS_DISABLED": 2, +} + +func (x ClusterAuditConfigSpecV2_FIPSEndpointState) String() string { + return proto.EnumName(ClusterAuditConfigSpecV2_FIPSEndpointState_name, int32(x)) +} + +func (ClusterAuditConfigSpecV2_FIPSEndpointState) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{52, 0} +} + +// TraceType is an identification of the checkpoint. +type ConnectionDiagnosticTrace_TraceType int32 + +const ( + ConnectionDiagnosticTrace_TRACE_TYPE_UNSPECIFIED ConnectionDiagnosticTrace_TraceType = 0 + // UNKNOWN_ERROR is used when we don't know the error. + // It's not always possible to offer guidance based on the received error. + // This trace type should be used when the error is too generic given the context we + // have. + ConnectionDiagnosticTrace_UNKNOWN_ERROR ConnectionDiagnosticTrace_TraceType = 1 + // RBAC_NODE is for RBAC checks for the node. + ConnectionDiagnosticTrace_RBAC_NODE ConnectionDiagnosticTrace_TraceType = 2 + // CONNECTIVITY is for network connectivity checks. + ConnectionDiagnosticTrace_CONNECTIVITY ConnectionDiagnosticTrace_TraceType = 3 + // RBAC_PRINCIPAL is used when checking if the principal is allowed per RBAC rules. + ConnectionDiagnosticTrace_RBAC_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 4 + // NODE_PRINCIPAL is used when checking if the Node has the requested principal. + ConnectionDiagnosticTrace_NODE_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 5 +) + +var ConnectionDiagnosticTrace_TraceType_name = map[int32]string{ + 0: "TRACE_TYPE_UNSPECIFIED", + 1: "UNKNOWN_ERROR", + 2: "RBAC_NODE", + 3: "CONNECTIVITY", + 4: "RBAC_PRINCIPAL", + 5: "NODE_PRINCIPAL", +} + +var ConnectionDiagnosticTrace_TraceType_value = map[string]int32{ + "TRACE_TYPE_UNSPECIFIED": 0, + "UNKNOWN_ERROR": 1, + "RBAC_NODE": 2, + "CONNECTIVITY": 3, + "RBAC_PRINCIPAL": 4, + "NODE_PRINCIPAL": 5, +} + +func (x ConnectionDiagnosticTrace_TraceType) String() string { + return proto.EnumName(ConnectionDiagnosticTrace_TraceType_name, int32(x)) +} + +func (ConnectionDiagnosticTrace_TraceType) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{192, 0} +} + +// StatusType describes whether this was a success or a failure. +type ConnectionDiagnosticTrace_StatusType int32 + +const ( + ConnectionDiagnosticTrace_STATUS_UNSPECIFIED ConnectionDiagnosticTrace_StatusType = 0 + ConnectionDiagnosticTrace_SUCCESS ConnectionDiagnosticTrace_StatusType = 1 + ConnectionDiagnosticTrace_FAILED ConnectionDiagnosticTrace_StatusType = 2 +) + +var ConnectionDiagnosticTrace_StatusType_name = map[int32]string{ + 0: "STATUS_UNSPECIFIED", + 1: "SUCCESS", + 2: "FAILED", +} + +var ConnectionDiagnosticTrace_StatusType_value = map[string]int32{ + "STATUS_UNSPECIFIED": 0, + "SUCCESS": 1, + "FAILED": 2, +} + +func (x ConnectionDiagnosticTrace_StatusType) String() string { + return proto.EnumName(ConnectionDiagnosticTrace_StatusType_name, int32(x)) +} + +func (ConnectionDiagnosticTrace_StatusType) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{192, 1} } type KeepAlive struct { @@ -403,7 +541,7 @@ func (m *KeepAlive) Reset() { *m = KeepAlive{} } func (m *KeepAlive) String() string { return proto.CompactTextString(m) } func (*KeepAlive) ProtoMessage() {} func (*KeepAlive) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{0} + return fileDescriptor_9198ee693835762e, []int{0} } func (m *KeepAlive) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -457,7 +595,7 @@ func (m *Metadata) Reset() { *m = Metadata{} } func (m *Metadata) String() string { return proto.CompactTextString(m) } func (*Metadata) ProtoMessage() {} func (*Metadata) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{1} + return fileDescriptor_9198ee693835762e, []int{1} } func (m *Metadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -516,7 +654,7 @@ type Rotation struct { func (m *Rotation) Reset() { *m = Rotation{} } func (*Rotation) ProtoMessage() {} func (*Rotation) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{2} + return fileDescriptor_9198ee693835762e, []int{2} } func (m *Rotation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -563,7 +701,7 @@ func (m *RotationSchedule) Reset() { *m = RotationSchedule{} } func (m *RotationSchedule) String() string { return proto.CompactTextString(m) } func (*RotationSchedule) ProtoMessage() {} func (*RotationSchedule) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{3} + return fileDescriptor_9198ee693835762e, []int{3} } func (m *RotationSchedule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -612,7 +750,7 @@ func (m *ResourceHeader) Reset() { *m = ResourceHeader{} } func (m *ResourceHeader) String() string { return proto.CompactTextString(m) } func (*ResourceHeader) ProtoMessage() {} func (*ResourceHeader) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{4} + return fileDescriptor_9198ee693835762e, []int{4} } func (m *ResourceHeader) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -661,7 +799,7 @@ type DatabaseServerV3 struct { func (m *DatabaseServerV3) Reset() { *m = DatabaseServerV3{} } func (*DatabaseServerV3) ProtoMessage() {} func (*DatabaseServerV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{5} + return fileDescriptor_9198ee693835762e, []int{5} } func (m *DatabaseServerV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -741,7 +879,7 @@ func (m *DatabaseServerSpecV3) Reset() { *m = DatabaseServerSpecV3{} } func (m *DatabaseServerSpecV3) String() string { return proto.CompactTextString(m) } func (*DatabaseServerSpecV3) ProtoMessage() {} func (*DatabaseServerSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{6} + return fileDescriptor_9198ee693835762e, []int{6} } func (m *DatabaseServerSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -783,7 +921,7 @@ func (m *DatabaseV3List) Reset() { *m = DatabaseV3List{} } func (m *DatabaseV3List) String() string { return proto.CompactTextString(m) } func (*DatabaseV3List) ProtoMessage() {} func (*DatabaseV3List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{7} + return fileDescriptor_9198ee693835762e, []int{7} } func (m *DatabaseV3List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -834,7 +972,7 @@ type DatabaseV3 struct { func (m *DatabaseV3) Reset() { *m = DatabaseV3{} } func (*DatabaseV3) ProtoMessage() {} func (*DatabaseV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{8} + return fileDescriptor_9198ee693835762e, []int{8} } func (m *DatabaseV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -897,7 +1035,7 @@ func (m *DatabaseSpecV3) Reset() { *m = DatabaseSpecV3{} } func (m *DatabaseSpecV3) String() string { return proto.CompactTextString(m) } func (*DatabaseSpecV3) ProtoMessage() {} func (*DatabaseSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{9} + return fileDescriptor_9198ee693835762e, []int{9} } func (m *DatabaseSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -935,7 +1073,9 @@ type DatabaseStatusV3 struct { // MySQL is an additional section with MySQL runtime database information. MySQL MySQLOptions `protobuf:"bytes,3,opt,name=MySQL,proto3" json:"mysql,omitempty"` // ManagedUsers is a list of database users that are managed by Teleport. - ManagedUsers []string `protobuf:"bytes,4,rep,name=ManagedUsers,proto3" json:"managed_users,omitempty"` + ManagedUsers []string `protobuf:"bytes,4,rep,name=ManagedUsers,proto3" json:"managed_users,omitempty"` + // Azure is the auto-discovered Azure cloud database metadata. + Azure Azure `protobuf:"bytes,5,opt,name=Azure,proto3" json:"azure"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -945,7 +1085,7 @@ func (m *DatabaseStatusV3) Reset() { *m = DatabaseStatusV3{} } func (m *DatabaseStatusV3) String() string { return proto.CompactTextString(m) } func (*DatabaseStatusV3) ProtoMessage() {} func (*DatabaseStatusV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{10} + return fileDescriptor_9198ee693835762e, []int{10} } func (m *DatabaseStatusV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -999,7 +1139,7 @@ func (m *AWS) Reset() { *m = AWS{} } func (m *AWS) String() string { return proto.CompactTextString(m) } func (*AWS) ProtoMessage() {} func (*AWS) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{11} + return fileDescriptor_9198ee693835762e, []int{11} } func (m *AWS) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1043,7 +1183,7 @@ func (m *SecretStore) Reset() { *m = SecretStore{} } func (m *SecretStore) String() string { return proto.CompactTextString(m) } func (*SecretStore) ProtoMessage() {} func (*SecretStore) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{12} + return fileDescriptor_9198ee693835762e, []int{12} } func (m *SecretStore) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1085,7 +1225,7 @@ func (m *Redshift) Reset() { *m = Redshift{} } func (m *Redshift) String() string { return proto.CompactTextString(m) } func (*Redshift) ProtoMessage() {} func (*Redshift) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{13} + return fileDescriptor_9198ee693835762e, []int{13} } func (m *Redshift) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1133,7 +1273,7 @@ func (m *RDS) Reset() { *m = RDS{} } func (m *RDS) String() string { return proto.CompactTextString(m) } func (*RDS) ProtoMessage() {} func (*RDS) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{14} + return fileDescriptor_9198ee693835762e, []int{14} } func (m *RDS) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1181,7 +1321,7 @@ func (m *ElastiCache) Reset() { *m = ElastiCache{} } func (m *ElastiCache) String() string { return proto.CompactTextString(m) } func (*ElastiCache) ProtoMessage() {} func (*ElastiCache) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{15} + return fileDescriptor_9198ee693835762e, []int{15} } func (m *ElastiCache) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1229,7 +1369,7 @@ func (m *MemoryDB) Reset() { *m = MemoryDB{} } func (m *MemoryDB) String() string { return proto.CompactTextString(m) } func (*MemoryDB) ProtoMessage() {} func (*MemoryDB) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{16} + return fileDescriptor_9198ee693835762e, []int{16} } func (m *MemoryDB) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1273,7 +1413,7 @@ func (m *GCPCloudSQL) Reset() { *m = GCPCloudSQL{} } func (m *GCPCloudSQL) String() string { return proto.CompactTextString(m) } func (*GCPCloudSQL) ProtoMessage() {} func (*GCPCloudSQL) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{17} + return fileDescriptor_9198ee693835762e, []int{17} } func (m *GCPCloudSQL) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1305,7 +1445,9 @@ var xxx_messageInfo_GCPCloudSQL proto.InternalMessageInfo // Azure contains Azure specific database metadata. type Azure struct { // Name is the Azure database server name. - Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"` + // ResourceID is the Azure fully qualified ID for the resource. + ResourceID string `protobuf:"bytes,2,opt,name=ResourceID,proto3" json:"resource_id,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1315,7 +1457,7 @@ func (m *Azure) Reset() { *m = Azure{} } func (m *Azure) String() string { return proto.CompactTextString(m) } func (*Azure) ProtoMessage() {} func (*Azure) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{18} + return fileDescriptor_9198ee693835762e, []int{18} } func (m *Azure) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1363,7 +1505,7 @@ func (m *AD) Reset() { *m = AD{} } func (m *AD) String() string { return proto.CompactTextString(m) } func (*AD) ProtoMessage() {} func (*AD) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{19} + return fileDescriptor_9198ee693835762e, []int{19} } func (m *AD) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1411,7 +1553,7 @@ func (m *DatabaseTLS) Reset() { *m = DatabaseTLS{} } func (m *DatabaseTLS) String() string { return proto.CompactTextString(m) } func (*DatabaseTLS) ProtoMessage() {} func (*DatabaseTLS) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{20} + return fileDescriptor_9198ee693835762e, []int{20} } func (m *DatabaseTLS) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1454,7 +1596,7 @@ func (m *MySQLOptions) Reset() { *m = MySQLOptions{} } func (m *MySQLOptions) String() string { return proto.CompactTextString(m) } func (*MySQLOptions) ProtoMessage() {} func (*MySQLOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{21} + return fileDescriptor_9198ee693835762e, []int{21} } func (m *MySQLOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1503,7 +1645,7 @@ type ServerV2 struct { func (m *ServerV2) Reset() { *m = ServerV2{} } func (*ServerV2) ProtoMessage() {} func (*ServerV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{22} + return fileDescriptor_9198ee693835762e, []int{22} } func (m *ServerV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1546,7 +1688,7 @@ func (m *ServerV2List) Reset() { *m = ServerV2List{} } func (m *ServerV2List) String() string { return proto.CompactTextString(m) } func (*ServerV2List) ProtoMessage() {} func (*ServerV2List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{23} + return fileDescriptor_9198ee693835762e, []int{23} } func (m *ServerV2List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1616,7 +1758,7 @@ func (m *ServerSpecV2) Reset() { *m = ServerSpecV2{} } func (m *ServerSpecV2) String() string { return proto.CompactTextString(m) } func (*ServerSpecV2) ProtoMessage() {} func (*ServerSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{24} + return fileDescriptor_9198ee693835762e, []int{24} } func (m *ServerSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1665,7 +1807,7 @@ type AppServerV3 struct { func (m *AppServerV3) Reset() { *m = AppServerV3{} } func (*AppServerV3) ProtoMessage() {} func (*AppServerV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{25} + return fileDescriptor_9198ee693835762e, []int{25} } func (m *AppServerV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1717,7 +1859,7 @@ func (m *AppServerSpecV3) Reset() { *m = AppServerSpecV3{} } func (m *AppServerSpecV3) String() string { return proto.CompactTextString(m) } func (*AppServerSpecV3) ProtoMessage() {} func (*AppServerSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{26} + return fileDescriptor_9198ee693835762e, []int{26} } func (m *AppServerSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1759,7 +1901,7 @@ func (m *AppV3List) Reset() { *m = AppV3List{} } func (m *AppV3List) String() string { return proto.CompactTextString(m) } func (*AppV3List) ProtoMessage() {} func (*AppV3List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{27} + return fileDescriptor_9198ee693835762e, []int{27} } func (m *AppV3List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1950,7 @@ type AppV3 struct { func (m *AppV3) Reset() { *m = AppV3{} } func (*AppV3) ProtoMessage() {} func (*AppV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{28} + return fileDescriptor_9198ee693835762e, []int{28} } func (m *AppV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1848,7 +1990,9 @@ type AppSpecV3 struct { // InsecureSkipVerify disables app's TLS certificate verification. InsecureSkipVerify bool `protobuf:"varint,4,opt,name=InsecureSkipVerify,proto3" json:"insecure_skip_verify"` // Rewrite is a list of rewriting rules to apply to requests and responses. - Rewrite *Rewrite `protobuf:"bytes,5,opt,name=Rewrite,proto3" json:"rewrite,omitempty"` + Rewrite *Rewrite `protobuf:"bytes,5,opt,name=Rewrite,proto3" json:"rewrite,omitempty"` + // AWS contains additional options for AWS applications. + AWS *AppAWS `protobuf:"bytes,6,opt,name=AWS,proto3" json:"aws,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1858,7 +2002,7 @@ func (m *AppSpecV3) Reset() { *m = AppSpecV3{} } func (m *AppSpecV3) String() string { return proto.CompactTextString(m) } func (*AppSpecV3) ProtoMessage() {} func (*AppSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{29} + return fileDescriptor_9198ee693835762e, []int{29} } func (m *AppSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1918,7 +2062,7 @@ func (m *App) Reset() { *m = App{} } func (m *App) String() string { return proto.CompactTextString(m) } func (*App) ProtoMessage() {} func (*App) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{30} + return fileDescriptor_9198ee693835762e, []int{30} } func (m *App) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1964,7 +2108,7 @@ func (m *Rewrite) Reset() { *m = Rewrite{} } func (m *Rewrite) String() string { return proto.CompactTextString(m) } func (*Rewrite) ProtoMessage() {} func (*Rewrite) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{31} + return fileDescriptor_9198ee693835762e, []int{31} } func (m *Rewrite) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2008,7 +2152,7 @@ func (m *Header) Reset() { *m = Header{} } func (m *Header) String() string { return proto.CompactTextString(m) } func (*Header) ProtoMessage() {} func (*Header) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{32} + return fileDescriptor_9198ee693835762e, []int{32} } func (m *Header) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2055,7 +2199,7 @@ func (m *CommandLabelV2) Reset() { *m = CommandLabelV2{} } func (m *CommandLabelV2) String() string { return proto.CompactTextString(m) } func (*CommandLabelV2) ProtoMessage() {} func (*CommandLabelV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{33} + return fileDescriptor_9198ee693835762e, []int{33} } func (m *CommandLabelV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2084,6 +2228,48 @@ func (m *CommandLabelV2) XXX_DiscardUnknown() { var xxx_messageInfo_CommandLabelV2 proto.InternalMessageInfo +// AppAWS contains additional options for AWS applications. +type AppAWS struct { + // ExternalID is the AWS External ID used when assuming roles in this app. + ExternalID string `protobuf:"bytes,1,opt,name=ExternalID,proto3" json:"external_id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AppAWS) Reset() { *m = AppAWS{} } +func (m *AppAWS) String() string { return proto.CompactTextString(m) } +func (*AppAWS) ProtoMessage() {} +func (*AppAWS) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{34} +} +func (m *AppAWS) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AppAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AppAWS.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AppAWS) XXX_Merge(src proto.Message) { + xxx_messageInfo_AppAWS.Merge(m, src) +} +func (m *AppAWS) XXX_Size() int { + return m.Size() +} +func (m *AppAWS) XXX_DiscardUnknown() { + xxx_messageInfo_AppAWS.DiscardUnknown(m) +} + +var xxx_messageInfo_AppAWS proto.InternalMessageInfo + // SSHKeyPair is an SSH CA key pair. type SSHKeyPair struct { // PublicKey is the SSH public key. @@ -2101,7 +2287,7 @@ func (m *SSHKeyPair) Reset() { *m = SSHKeyPair{} } func (m *SSHKeyPair) String() string { return proto.CompactTextString(m) } func (*SSHKeyPair) ProtoMessage() {} func (*SSHKeyPair) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{34} + return fileDescriptor_9198ee693835762e, []int{35} } func (m *SSHKeyPair) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2147,7 +2333,7 @@ func (m *TLSKeyPair) Reset() { *m = TLSKeyPair{} } func (m *TLSKeyPair) String() string { return proto.CompactTextString(m) } func (*TLSKeyPair) ProtoMessage() {} func (*TLSKeyPair) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{35} + return fileDescriptor_9198ee693835762e, []int{36} } func (m *TLSKeyPair) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2193,7 +2379,7 @@ func (m *JWTKeyPair) Reset() { *m = JWTKeyPair{} } func (m *JWTKeyPair) String() string { return proto.CompactTextString(m) } func (*JWTKeyPair) ProtoMessage() {} func (*JWTKeyPair) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{36} + return fileDescriptor_9198ee693835762e, []int{37} } func (m *JWTKeyPair) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2242,7 +2428,7 @@ type CertAuthorityV2 struct { func (m *CertAuthorityV2) Reset() { *m = CertAuthorityV2{} } func (*CertAuthorityV2) ProtoMessage() {} func (*CertAuthorityV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{37} + return fileDescriptor_9198ee693835762e, []int{38} } func (m *CertAuthorityV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2322,7 +2508,7 @@ func (m *CertAuthoritySpecV2) Reset() { *m = CertAuthoritySpecV2{} } func (m *CertAuthoritySpecV2) String() string { return proto.CompactTextString(m) } func (*CertAuthoritySpecV2) ProtoMessage() {} func (*CertAuthoritySpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{38} + return fileDescriptor_9198ee693835762e, []int{39} } func (m *CertAuthoritySpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2554,7 @@ func (m *CAKeySet) Reset() { *m = CAKeySet{} } func (m *CAKeySet) String() string { return proto.CompactTextString(m) } func (*CAKeySet) ProtoMessage() {} func (*CAKeySet) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{39} + return fileDescriptor_9198ee693835762e, []int{40} } func (m *CAKeySet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2413,7 +2599,7 @@ func (m *RoleMapping) Reset() { *m = RoleMapping{} } func (m *RoleMapping) String() string { return proto.CompactTextString(m) } func (*RoleMapping) ProtoMessage() {} func (*RoleMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{40} + return fileDescriptor_9198ee693835762e, []int{41} } func (m *RoleMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2461,7 +2647,7 @@ type ProvisionTokenV1 struct { func (m *ProvisionTokenV1) Reset() { *m = ProvisionTokenV1{} } func (*ProvisionTokenV1) ProtoMessage() {} func (*ProvisionTokenV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{41} + return fileDescriptor_9198ee693835762e, []int{42} } func (m *ProvisionTokenV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2510,7 +2696,7 @@ type ProvisionTokenV2 struct { func (m *ProvisionTokenV2) Reset() { *m = ProvisionTokenV2{} } func (*ProvisionTokenV2) ProtoMessage() {} func (*ProvisionTokenV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{42} + return fileDescriptor_9198ee693835762e, []int{43} } func (m *ProvisionTokenV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2552,7 +2738,7 @@ func (m *ProvisionTokenV2List) Reset() { *m = ProvisionTokenV2List{} } func (m *ProvisionTokenV2List) String() string { return proto.CompactTextString(m) } func (*ProvisionTokenV2List) ProtoMessage() {} func (*ProvisionTokenV2List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{43} + return fileDescriptor_9198ee693835762e, []int{44} } func (m *ProvisionTokenV2List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2604,7 +2790,7 @@ func (m *TokenRule) Reset() { *m = TokenRule{} } func (m *TokenRule) String() string { return proto.CompactTextString(m) } func (*TokenRule) ProtoMessage() {} func (*TokenRule) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{44} + return fileDescriptor_9198ee693835762e, []int{45} } func (m *TokenRule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2649,7 +2835,10 @@ type ProvisionTokenSpecV2 struct { // Supported joining methods include "token", "ec2", and "iam". JoinMethod JoinMethod `protobuf:"bytes,4,opt,name=JoinMethod,proto3,casttype=JoinMethod" json:"join_method"` // BotName is the name of the bot this token grants access to, if any - BotName string `protobuf:"bytes,5,opt,name=BotName,proto3" json:"bot_name,omitempty"` + BotName string `protobuf:"bytes,5,opt,name=BotName,proto3" json:"bot_name,omitempty"` + // SuggestedLabels is a set of labels that resources should set when using this token to enroll + // themselves in the cluster + SuggestedLabels Labels `protobuf:"bytes,6,opt,name=SuggestedLabels,proto3,customtype=Labels" json:"suggested_labels,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2659,7 +2848,7 @@ func (m *ProvisionTokenSpecV2) Reset() { *m = ProvisionTokenSpecV2{} } func (m *ProvisionTokenSpecV2) String() string { return proto.CompactTextString(m) } func (*ProvisionTokenSpecV2) ProtoMessage() {} func (*ProvisionTokenSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{45} + return fileDescriptor_9198ee693835762e, []int{46} } func (m *ProvisionTokenSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2708,7 +2897,7 @@ type StaticTokensV2 struct { func (m *StaticTokensV2) Reset() { *m = StaticTokensV2{} } func (*StaticTokensV2) ProtoMessage() {} func (*StaticTokensV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{46} + return fileDescriptor_9198ee693835762e, []int{47} } func (m *StaticTokensV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2751,7 +2940,7 @@ func (m *StaticTokensSpecV2) Reset() { *m = StaticTokensSpecV2{} } func (m *StaticTokensSpecV2) String() string { return proto.CompactTextString(m) } func (*StaticTokensSpecV2) ProtoMessage() {} func (*StaticTokensSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{47} + return fileDescriptor_9198ee693835762e, []int{48} } func (m *StaticTokensSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2800,7 +2989,7 @@ type ClusterNameV2 struct { func (m *ClusterNameV2) Reset() { *m = ClusterNameV2{} } func (*ClusterNameV2) ProtoMessage() {} func (*ClusterNameV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{48} + return fileDescriptor_9198ee693835762e, []int{49} } func (m *ClusterNameV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2846,7 +3035,7 @@ func (m *ClusterNameSpecV2) Reset() { *m = ClusterNameSpecV2{} } func (m *ClusterNameSpecV2) String() string { return proto.CompactTextString(m) } func (*ClusterNameSpecV2) ProtoMessage() {} func (*ClusterNameSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{49} + return fileDescriptor_9198ee693835762e, []int{50} } func (m *ClusterNameSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2896,7 +3085,7 @@ func (m *ClusterAuditConfigV2) Reset() { *m = ClusterAuditConfigV2{} } func (m *ClusterAuditConfigV2) String() string { return proto.CompactTextString(m) } func (*ClusterAuditConfigV2) ProtoMessage() {} func (*ClusterAuditConfigV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{50} + return fileDescriptor_9198ee693835762e, []int{51} } func (m *ClusterAuditConfigV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2954,17 +3143,19 @@ type ClusterAuditConfigSpecV2 struct { // WriteTargetValue is the ratio of consumed write to provisioned capacity. WriteTargetValue float64 `protobuf:"fixed64,13,opt,name=WriteTargetValue,proto3" json:"write_target_value,omitempty"` // RetentionPeriod is the retention period for audit events. - RetentionPeriod Duration `protobuf:"varint,14,opt,name=RetentionPeriod,proto3,casttype=Duration" json:"retention_period"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RetentionPeriod Duration `protobuf:"varint,14,opt,name=RetentionPeriod,proto3,casttype=Duration" json:"retention_period"` + // UseFIPSEndpoint configures AWS endpoints to use FIPS. + UseFIPSEndpoint ClusterAuditConfigSpecV2_FIPSEndpointState `protobuf:"varint,15,opt,name=UseFIPSEndpoint,proto3,enum=types.ClusterAuditConfigSpecV2_FIPSEndpointState" json:"use_fips_endpoint,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ClusterAuditConfigSpecV2) Reset() { *m = ClusterAuditConfigSpecV2{} } func (m *ClusterAuditConfigSpecV2) String() string { return proto.CompactTextString(m) } func (*ClusterAuditConfigSpecV2) ProtoMessage() {} func (*ClusterAuditConfigSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{51} + return fileDescriptor_9198ee693835762e, []int{52} } func (m *ClusterAuditConfigSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3014,7 +3205,7 @@ func (m *ClusterNetworkingConfigV2) Reset() { *m = ClusterNetworkingConf func (m *ClusterNetworkingConfigV2) String() string { return proto.CompactTextString(m) } func (*ClusterNetworkingConfigV2) ProtoMessage() {} func (*ClusterNetworkingConfigV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{52} + return fileDescriptor_9198ee693835762e, []int{53} } func (m *ClusterNetworkingConfigV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3069,17 +3260,21 @@ type ClusterNetworkingConfigSpecV2 struct { // RoutingStrategy determines the strategy used to route to nodes. RoutingStrategy RoutingStrategy `protobuf:"varint,8,opt,name=RoutingStrategy,proto3,enum=types.RoutingStrategy" json:"routing_strategy,omitempty"` // TunnelStrategyV1 determines the tunnel strategy used in the cluster. - TunnelStrategy *TunnelStrategyV1 `protobuf:"bytes,9,opt,name=TunnelStrategy,proto3" json:"tunnel_strategy,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + TunnelStrategy *TunnelStrategyV1 `protobuf:"bytes,9,opt,name=TunnelStrategy,proto3" json:"tunnel_strategy,omitempty"` + // ProxyPingInterval defines in which interval the TLS routing ping message + // should be sent. This is applicable only when using ping-wrapped + // connections, regular TLS routing connections are not affected. + ProxyPingInterval Duration `protobuf:"varint,10,opt,name=ProxyPingInterval,proto3,casttype=Duration" json:"proxy_ping_interval,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ClusterNetworkingConfigSpecV2) Reset() { *m = ClusterNetworkingConfigSpecV2{} } func (m *ClusterNetworkingConfigSpecV2) String() string { return proto.CompactTextString(m) } func (*ClusterNetworkingConfigSpecV2) ProtoMessage() {} func (*ClusterNetworkingConfigSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{53} + return fileDescriptor_9198ee693835762e, []int{54} } func (m *ClusterNetworkingConfigSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3123,7 +3318,7 @@ func (m *TunnelStrategyV1) Reset() { *m = TunnelStrategyV1{} } func (m *TunnelStrategyV1) String() string { return proto.CompactTextString(m) } func (*TunnelStrategyV1) ProtoMessage() {} func (*TunnelStrategyV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{54} + return fileDescriptor_9198ee693835762e, []int{55} } func (m *TunnelStrategyV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3403,7 @@ func (m *AgentMeshTunnelStrategy) Reset() { *m = AgentMeshTunnelStrategy func (m *AgentMeshTunnelStrategy) String() string { return proto.CompactTextString(m) } func (*AgentMeshTunnelStrategy) ProtoMessage() {} func (*AgentMeshTunnelStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{55} + return fileDescriptor_9198ee693835762e, []int{56} } func (m *AgentMeshTunnelStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3249,7 +3444,7 @@ func (m *ProxyPeeringTunnelStrategy) Reset() { *m = ProxyPeeringTunnelSt func (m *ProxyPeeringTunnelStrategy) String() string { return proto.CompactTextString(m) } func (*ProxyPeeringTunnelStrategy) ProtoMessage() {} func (*ProxyPeeringTunnelStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{56} + return fileDescriptor_9198ee693835762e, []int{57} } func (m *ProxyPeeringTunnelStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3299,7 +3494,7 @@ func (m *SessionRecordingConfigV2) Reset() { *m = SessionRecordingConfig func (m *SessionRecordingConfigV2) String() string { return proto.CompactTextString(m) } func (*SessionRecordingConfigV2) ProtoMessage() {} func (*SessionRecordingConfigV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{57} + return fileDescriptor_9198ee693835762e, []int{58} } func (m *SessionRecordingConfigV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3345,7 +3540,7 @@ func (m *SessionRecordingConfigSpecV2) Reset() { *m = SessionRecordingCo func (m *SessionRecordingConfigSpecV2) String() string { return proto.CompactTextString(m) } func (*SessionRecordingConfigSpecV2) ProtoMessage() {} func (*SessionRecordingConfigSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{58} + return fileDescriptor_9198ee693835762e, []int{59} } func (m *SessionRecordingConfigSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3394,7 +3589,7 @@ type AuthPreferenceV2 struct { func (m *AuthPreferenceV2) Reset() { *m = AuthPreferenceV2{} } func (*AuthPreferenceV2) ProtoMessage() {} func (*AuthPreferenceV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{59} + return fileDescriptor_9198ee693835762e, []int{60} } func (m *AuthPreferenceV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3461,7 +3656,7 @@ func (m *AuthPreferenceSpecV2) Reset() { *m = AuthPreferenceSpecV2{} } func (m *AuthPreferenceSpecV2) String() string { return proto.CompactTextString(m) } func (*AuthPreferenceSpecV2) ProtoMessage() {} func (*AuthPreferenceSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{60} + return fileDescriptor_9198ee693835762e, []int{61} } func (m *AuthPreferenceSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3511,7 +3706,7 @@ func (m *U2F) Reset() { *m = U2F{} } func (m *U2F) String() string { return proto.CompactTextString(m) } func (*U2F) ProtoMessage() {} func (*U2F) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{61} + return fileDescriptor_9198ee693835762e, []int{62} } func (m *U2F) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3579,7 +3774,7 @@ func (m *Webauthn) Reset() { *m = Webauthn{} } func (m *Webauthn) String() string { return proto.CompactTextString(m) } func (*Webauthn) ProtoMessage() {} func (*Webauthn) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{62} + return fileDescriptor_9198ee693835762e, []int{63} } func (m *Webauthn) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3629,7 +3824,7 @@ func (m *Namespace) Reset() { *m = Namespace{} } func (m *Namespace) String() string { return proto.CompactTextString(m) } func (*Namespace) ProtoMessage() {} func (*Namespace) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{63} + return fileDescriptor_9198ee693835762e, []int{64} } func (m *Namespace) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3669,7 +3864,7 @@ func (m *NamespaceSpec) Reset() { *m = NamespaceSpec{} } func (m *NamespaceSpec) String() string { return proto.CompactTextString(m) } func (*NamespaceSpec) ProtoMessage() {} func (*NamespaceSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{64} + return fileDescriptor_9198ee693835762e, []int{65} } func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3717,7 +3912,7 @@ type UserTokenV3 struct { func (m *UserTokenV3) Reset() { *m = UserTokenV3{} } func (*UserTokenV3) ProtoMessage() {} func (*UserTokenV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{65} + return fileDescriptor_9198ee693835762e, []int{66} } func (m *UserTokenV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3764,7 +3959,7 @@ func (m *UserTokenSpecV3) Reset() { *m = UserTokenSpecV3{} } func (m *UserTokenSpecV3) String() string { return proto.CompactTextString(m) } func (*UserTokenSpecV3) ProtoMessage() {} func (*UserTokenSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{66} + return fileDescriptor_9198ee693835762e, []int{67} } func (m *UserTokenSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3812,7 +4007,7 @@ type UserTokenSecretsV3 struct { func (m *UserTokenSecretsV3) Reset() { *m = UserTokenSecretsV3{} } func (*UserTokenSecretsV3) ProtoMessage() {} func (*UserTokenSecretsV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{67} + return fileDescriptor_9198ee693835762e, []int{68} } func (m *UserTokenSecretsV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3857,7 +4052,7 @@ func (m *UserTokenSecretsSpecV3) Reset() { *m = UserTokenSecretsSpecV3{} func (m *UserTokenSecretsSpecV3) String() string { return proto.CompactTextString(m) } func (*UserTokenSecretsSpecV3) ProtoMessage() {} func (*UserTokenSecretsSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{68} + return fileDescriptor_9198ee693835762e, []int{69} } func (m *UserTokenSecretsSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3906,7 +4101,7 @@ type AccessRequestV3 struct { func (m *AccessRequestV3) Reset() { *m = AccessRequestV3{} } func (*AccessRequestV3) ProtoMessage() {} func (*AccessRequestV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{69} + return fileDescriptor_9198ee693835762e, []int{70} } func (m *AccessRequestV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3958,7 +4153,7 @@ func (m *AccessReviewThreshold) Reset() { *m = AccessReviewThreshold{} } func (m *AccessReviewThreshold) String() string { return proto.CompactTextString(m) } func (*AccessReviewThreshold) ProtoMessage() {} func (*AccessReviewThreshold) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{70} + return fileDescriptor_9198ee693835762e, []int{71} } func (m *AccessReviewThreshold) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4014,7 +4209,7 @@ func (m *AccessReview) Reset() { *m = AccessReview{} } func (m *AccessReview) String() string { return proto.CompactTextString(m) } func (*AccessReview) ProtoMessage() {} func (*AccessReview) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{71} + return fileDescriptor_9198ee693835762e, []int{72} } func (m *AccessReview) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4059,7 +4254,7 @@ func (m *AccessReviewSubmission) Reset() { *m = AccessReviewSubmission{} func (m *AccessReviewSubmission) String() string { return proto.CompactTextString(m) } func (*AccessReviewSubmission) ProtoMessage() {} func (*AccessReviewSubmission) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{72} + return fileDescriptor_9198ee693835762e, []int{73} } func (m *AccessReviewSubmission) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4102,7 +4297,7 @@ func (m *ThresholdIndexSet) Reset() { *m = ThresholdIndexSet{} } func (m *ThresholdIndexSet) String() string { return proto.CompactTextString(m) } func (*ThresholdIndexSet) ProtoMessage() {} func (*ThresholdIndexSet) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{73} + return fileDescriptor_9198ee693835762e, []int{74} } func (m *ThresholdIndexSet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4145,7 +4340,7 @@ func (m *ThresholdIndexSets) Reset() { *m = ThresholdIndexSets{} } func (m *ThresholdIndexSets) String() string { return proto.CompactTextString(m) } func (*ThresholdIndexSets) ProtoMessage() {} func (*ThresholdIndexSets) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{74} + return fileDescriptor_9198ee693835762e, []int{75} } func (m *ThresholdIndexSets) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4225,7 +4420,10 @@ type AccessRequestSpecV3 struct { RequestedResourceIDs []ResourceID `protobuf:"bytes,14,rep,name=RequestedResourceIDs,proto3" json:"resource_ids,omitempty"` // LoginHint is used as a hint for search-based access requests to select // roles based on the login the user is attempting. - LoginHint string `protobuf:"bytes,15,opt,name=LoginHint,proto3" json:"login_hint,omitempty"` + LoginHint string `protobuf:"bytes,15,opt,name=LoginHint,proto3" json:"login_hint,omitempty"` + // DryRun indicates that the request should not actually be created, the + // auth server should only validate the access request. + DryRun bool `protobuf:"varint,16,opt,name=DryRun,proto3" json:"dry_run,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -4235,7 +4433,7 @@ func (m *AccessRequestSpecV3) Reset() { *m = AccessRequestSpecV3{} } func (m *AccessRequestSpecV3) String() string { return proto.CompactTextString(m) } func (*AccessRequestSpecV3) ProtoMessage() {} func (*AccessRequestSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{75} + return fileDescriptor_9198ee693835762e, []int{76} } func (m *AccessRequestSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4281,7 +4479,7 @@ func (m *AccessRequestFilter) Reset() { *m = AccessRequestFilter{} } func (m *AccessRequestFilter) String() string { return proto.CompactTextString(m) } func (*AccessRequestFilter) ProtoMessage() {} func (*AccessRequestFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{76} + return fileDescriptor_9198ee693835762e, []int{77} } func (m *AccessRequestFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4327,7 +4525,7 @@ func (m *AccessCapabilities) Reset() { *m = AccessCapabilities{} } func (m *AccessCapabilities) String() string { return proto.CompactTextString(m) } func (*AccessCapabilities) ProtoMessage() {} func (*AccessCapabilities) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{77} + return fileDescriptor_9198ee693835762e, []int{78} } func (m *AccessCapabilities) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4376,7 +4574,7 @@ func (m *AccessCapabilitiesRequest) Reset() { *m = AccessCapabilitiesReq func (m *AccessCapabilitiesRequest) String() string { return proto.CompactTextString(m) } func (*AccessCapabilitiesRequest) ProtoMessage() {} func (*AccessCapabilitiesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{78} + return fileDescriptor_9198ee693835762e, []int{79} } func (m *AccessCapabilitiesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4422,7 +4620,7 @@ func (m *ResourceID) Reset() { *m = ResourceID{} } func (m *ResourceID) String() string { return proto.CompactTextString(m) } func (*ResourceID) ProtoMessage() {} func (*ResourceID) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{79} + return fileDescriptor_9198ee693835762e, []int{80} } func (m *ResourceID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4471,7 +4669,7 @@ type PluginDataV3 struct { func (m *PluginDataV3) Reset() { *m = PluginDataV3{} } func (*PluginDataV3) ProtoMessage() {} func (*PluginDataV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{80} + return fileDescriptor_9198ee693835762e, []int{81} } func (m *PluginDataV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4514,7 +4712,7 @@ func (m *PluginDataEntry) Reset() { *m = PluginDataEntry{} } func (m *PluginDataEntry) String() string { return proto.CompactTextString(m) } func (*PluginDataEntry) ProtoMessage() {} func (*PluginDataEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{81} + return fileDescriptor_9198ee693835762e, []int{82} } func (m *PluginDataEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4556,7 +4754,7 @@ func (m *PluginDataSpecV3) Reset() { *m = PluginDataSpecV3{} } func (m *PluginDataSpecV3) String() string { return proto.CompactTextString(m) } func (*PluginDataSpecV3) ProtoMessage() {} func (*PluginDataSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{82} + return fileDescriptor_9198ee693835762e, []int{83} } func (m *PluginDataSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4603,7 +4801,7 @@ func (m *PluginDataFilter) Reset() { *m = PluginDataFilter{} } func (m *PluginDataFilter) String() string { return proto.CompactTextString(m) } func (*PluginDataFilter) ProtoMessage() {} func (*PluginDataFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{83} + return fileDescriptor_9198ee693835762e, []int{84} } func (m *PluginDataFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4654,7 +4852,7 @@ func (m *PluginDataUpdateParams) Reset() { *m = PluginDataUpdateParams{} func (m *PluginDataUpdateParams) String() string { return proto.CompactTextString(m) } func (*PluginDataUpdateParams) ProtoMessage() {} func (*PluginDataUpdateParams) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{84} + return fileDescriptor_9198ee693835762e, []int{85} } func (m *PluginDataUpdateParams) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4703,7 +4901,7 @@ type RoleV5 struct { func (m *RoleV5) Reset() { *m = RoleV5{} } func (*RoleV5) ProtoMessage() {} func (*RoleV5) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{85} + return fileDescriptor_9198ee693835762e, []int{86} } func (m *RoleV5) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4750,7 +4948,7 @@ func (m *RoleSpecV5) Reset() { *m = RoleSpecV5{} } func (m *RoleSpecV5) String() string { return proto.CompactTextString(m) } func (*RoleSpecV5) ProtoMessage() {} func (*RoleSpecV5) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{86} + return fileDescriptor_9198ee693835762e, []int{87} } func (m *RoleSpecV5) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4839,17 +5037,20 @@ type RoleOptions struct { // CreateHostUser allows users to be automatically created on a host CreateHostUser *BoolOption `protobuf:"bytes,20,opt,name=CreateHostUser,proto3,customtype=BoolOption" json:"create_host_user"` // PinSourceIP forces the same client IP for certificate generation and usage - PinSourceIP Bool `protobuf:"varint,21,opt,name=PinSourceIP,proto3,casttype=Bool" json:"pin_source_ip"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + PinSourceIP Bool `protobuf:"varint,21,opt,name=PinSourceIP,proto3,casttype=Bool" json:"pin_source_ip"` + // SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed + // over an SSH session. It defaults to true unless explicitly set to false. + SSHFileCopy *BoolOption `protobuf:"bytes,22,opt,name=SSHFileCopy,proto3,customtype=BoolOption" json:"ssh_file_copy"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *RoleOptions) Reset() { *m = RoleOptions{} } func (m *RoleOptions) String() string { return proto.CompactTextString(m) } func (*RoleOptions) ProtoMessage() {} func (*RoleOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{87} + return fileDescriptor_9198ee693835762e, []int{88} } func (m *RoleOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4895,7 +5096,7 @@ func (m *RecordSession) Reset() { *m = RecordSession{} } func (m *RecordSession) String() string { return proto.CompactTextString(m) } func (*RecordSession) ProtoMessage() {} func (*RecordSession) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{88} + return fileDescriptor_9198ee693835762e, []int{89} } func (m *RecordSession) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4945,7 +5146,7 @@ func (m *CertExtension) Reset() { *m = CertExtension{} } func (m *CertExtension) String() string { return proto.CompactTextString(m) } func (*CertExtension) ProtoMessage() {} func (*CertExtension) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{89} + return fileDescriptor_9198ee693835762e, []int{90} } func (m *CertExtension) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5034,7 +5235,7 @@ func (m *RoleConditions) Reset() { *m = RoleConditions{} } func (m *RoleConditions) String() string { return proto.CompactTextString(m) } func (*RoleConditions) ProtoMessage() {} func (*RoleConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{90} + return fileDescriptor_9198ee693835762e, []int{91} } func (m *RoleConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5087,7 +5288,7 @@ func (m *SessionRequirePolicy) Reset() { *m = SessionRequirePolicy{} } func (m *SessionRequirePolicy) String() string { return proto.CompactTextString(m) } func (*SessionRequirePolicy) ProtoMessage() {} func (*SessionRequirePolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{91} + return fileDescriptor_9198ee693835762e, []int{92} } func (m *SessionRequirePolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5135,7 +5336,7 @@ func (m *SessionJoinPolicy) Reset() { *m = SessionJoinPolicy{} } func (m *SessionJoinPolicy) String() string { return proto.CompactTextString(m) } func (*SessionJoinPolicy) ProtoMessage() {} func (*SessionJoinPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{92} + return fileDescriptor_9198ee693835762e, []int{93} } func (m *SessionJoinPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5199,7 +5400,7 @@ func (m *AccessRequestConditions) Reset() { *m = AccessRequestConditions func (m *AccessRequestConditions) String() string { return proto.CompactTextString(m) } func (*AccessRequestConditions) ProtoMessage() {} func (*AccessRequestConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{93} + return fileDescriptor_9198ee693835762e, []int{94} } func (m *AccessRequestConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5247,7 +5448,7 @@ func (m *AccessReviewConditions) Reset() { *m = AccessReviewConditions{} func (m *AccessReviewConditions) String() string { return proto.CompactTextString(m) } func (*AccessReviewConditions) ProtoMessage() {} func (*AccessReviewConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{94} + return fileDescriptor_9198ee693835762e, []int{95} } func (m *AccessReviewConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5293,7 +5494,7 @@ func (m *ClaimMapping) Reset() { *m = ClaimMapping{} } func (m *ClaimMapping) String() string { return proto.CompactTextString(m) } func (*ClaimMapping) ProtoMessage() {} func (*ClaimMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{95} + return fileDescriptor_9198ee693835762e, []int{96} } func (m *ClaimMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5339,7 +5540,7 @@ func (m *TraitMapping) Reset() { *m = TraitMapping{} } func (m *TraitMapping) String() string { return proto.CompactTextString(m) } func (*TraitMapping) ProtoMessage() {} func (*TraitMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{96} + return fileDescriptor_9198ee693835762e, []int{97} } func (m *TraitMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5388,7 +5589,7 @@ func (m *Rule) Reset() { *m = Rule{} } func (m *Rule) String() string { return proto.CompactTextString(m) } func (*Rule) ProtoMessage() {} func (*Rule) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{97} + return fileDescriptor_9198ee693835762e, []int{98} } func (m *Rule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5436,7 +5637,7 @@ func (m *ImpersonateConditions) Reset() { *m = ImpersonateConditions{} } func (m *ImpersonateConditions) String() string { return proto.CompactTextString(m) } func (*ImpersonateConditions) ProtoMessage() {} func (*ImpersonateConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{98} + return fileDescriptor_9198ee693835762e, []int{99} } func (m *ImpersonateConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5478,7 +5679,7 @@ func (m *BoolValue) Reset() { *m = BoolValue{} } func (m *BoolValue) String() string { return proto.CompactTextString(m) } func (*BoolValue) ProtoMessage() {} func (*BoolValue) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{99} + return fileDescriptor_9198ee693835762e, []int{100} } func (m *BoolValue) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5527,7 +5728,7 @@ type UserV2 struct { func (m *UserV2) Reset() { *m = UserV2{} } func (*UserV2) ProtoMessage() {} func (*UserV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{100} + return fileDescriptor_9198ee693835762e, []int{101} } func (m *UserV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5591,7 +5792,7 @@ func (m *UserSpecV2) Reset() { *m = UserSpecV2{} } func (m *UserSpecV2) String() string { return proto.CompactTextString(m) } func (*UserSpecV2) ProtoMessage() {} func (*UserSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{101} + return fileDescriptor_9198ee693835762e, []int{102} } func (m *UserSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5636,7 +5837,7 @@ type ExternalIdentity struct { func (m *ExternalIdentity) Reset() { *m = ExternalIdentity{} } func (*ExternalIdentity) ProtoMessage() {} func (*ExternalIdentity) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{102} + return fileDescriptor_9198ee693835762e, []int{103} } func (m *ExternalIdentity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5688,7 +5889,7 @@ func (m *LoginStatus) Reset() { *m = LoginStatus{} } func (m *LoginStatus) String() string { return proto.CompactTextString(m) } func (*LoginStatus) ProtoMessage() {} func (*LoginStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{103} + return fileDescriptor_9198ee693835762e, []int{104} } func (m *LoginStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5733,7 +5934,7 @@ type CreatedBy struct { func (m *CreatedBy) Reset() { *m = CreatedBy{} } func (*CreatedBy) ProtoMessage() {} func (*CreatedBy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{104} + return fileDescriptor_9198ee693835762e, []int{105} } func (m *CreatedBy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5782,7 +5983,7 @@ func (m *LocalAuthSecrets) Reset() { *m = LocalAuthSecrets{} } func (m *LocalAuthSecrets) String() string { return proto.CompactTextString(m) } func (*LocalAuthSecrets) ProtoMessage() {} func (*LocalAuthSecrets) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{105} + return fileDescriptor_9198ee693835762e, []int{106} } func (m *LocalAuthSecrets) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5837,7 +6038,7 @@ func (m *MFADevice) Reset() { *m = MFADevice{} } func (m *MFADevice) String() string { return proto.CompactTextString(m) } func (*MFADevice) ProtoMessage() {} func (*MFADevice) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{106} + return fileDescriptor_9198ee693835762e, []int{107} } func (m *MFADevice) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5935,7 +6136,7 @@ func (m *TOTPDevice) Reset() { *m = TOTPDevice{} } func (m *TOTPDevice) String() string { return proto.CompactTextString(m) } func (*TOTPDevice) ProtoMessage() {} func (*TOTPDevice) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{107} + return fileDescriptor_9198ee693835762e, []int{108} } func (m *TOTPDevice) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -5981,7 +6182,7 @@ func (m *U2FDevice) Reset() { *m = U2FDevice{} } func (m *U2FDevice) String() string { return proto.CompactTextString(m) } func (*U2FDevice) ProtoMessage() {} func (*U2FDevice) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{108} + return fileDescriptor_9198ee693835762e, []int{109} } func (m *U2FDevice) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6048,7 +6249,7 @@ func (m *WebauthnDevice) Reset() { *m = WebauthnDevice{} } func (m *WebauthnDevice) String() string { return proto.CompactTextString(m) } func (*WebauthnDevice) ProtoMessage() {} func (*WebauthnDevice) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{109} + return fileDescriptor_9198ee693835762e, []int{110} } func (m *WebauthnDevice) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6091,7 +6292,7 @@ func (m *WebauthnLocalAuth) Reset() { *m = WebauthnLocalAuth{} } func (m *WebauthnLocalAuth) String() string { return proto.CompactTextString(m) } func (*WebauthnLocalAuth) ProtoMessage() {} func (*WebauthnLocalAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{110} + return fileDescriptor_9198ee693835762e, []int{111} } func (m *WebauthnLocalAuth) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6137,7 +6338,7 @@ func (m *ConnectorRef) Reset() { *m = ConnectorRef{} } func (m *ConnectorRef) String() string { return proto.CompactTextString(m) } func (*ConnectorRef) ProtoMessage() {} func (*ConnectorRef) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{111} + return fileDescriptor_9198ee693835762e, []int{112} } func (m *ConnectorRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6179,7 +6380,7 @@ func (m *UserRef) Reset() { *m = UserRef{} } func (m *UserRef) String() string { return proto.CompactTextString(m) } func (*UserRef) ProtoMessage() {} func (*UserRef) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{112} + return fileDescriptor_9198ee693835762e, []int{113} } func (m *UserRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6229,7 +6430,7 @@ func (m *ReverseTunnelV2) Reset() { *m = ReverseTunnelV2{} } func (m *ReverseTunnelV2) String() string { return proto.CompactTextString(m) } func (*ReverseTunnelV2) ProtoMessage() {} func (*ReverseTunnelV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{113} + return fileDescriptor_9198ee693835762e, []int{114} } func (m *ReverseTunnelV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6276,7 +6477,7 @@ func (m *ReverseTunnelSpecV2) Reset() { *m = ReverseTunnelSpecV2{} } func (m *ReverseTunnelSpecV2) String() string { return proto.CompactTextString(m) } func (*ReverseTunnelSpecV2) ProtoMessage() {} func (*ReverseTunnelSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{114} + return fileDescriptor_9198ee693835762e, []int{115} } func (m *ReverseTunnelSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6325,7 +6526,7 @@ type TunnelConnectionV2 struct { func (m *TunnelConnectionV2) Reset() { *m = TunnelConnectionV2{} } func (*TunnelConnectionV2) ProtoMessage() {} func (*TunnelConnectionV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{115} + return fileDescriptor_9198ee693835762e, []int{116} } func (m *TunnelConnectionV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6373,7 +6574,7 @@ func (m *TunnelConnectionSpecV2) Reset() { *m = TunnelConnectionSpecV2{} func (m *TunnelConnectionSpecV2) String() string { return proto.CompactTextString(m) } func (*TunnelConnectionSpecV2) ProtoMessage() {} func (*TunnelConnectionSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{116} + return fileDescriptor_9198ee693835762e, []int{117} } func (m *TunnelConnectionSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6421,7 +6622,7 @@ func (m *SemaphoreFilter) Reset() { *m = SemaphoreFilter{} } func (m *SemaphoreFilter) String() string { return proto.CompactTextString(m) } func (*SemaphoreFilter) ProtoMessage() {} func (*SemaphoreFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{117} + return fileDescriptor_9198ee693835762e, []int{118} } func (m *SemaphoreFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6472,7 +6673,7 @@ func (m *AcquireSemaphoreRequest) Reset() { *m = AcquireSemaphoreRequest func (m *AcquireSemaphoreRequest) String() string { return proto.CompactTextString(m) } func (*AcquireSemaphoreRequest) ProtoMessage() {} func (*AcquireSemaphoreRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{118} + return fileDescriptor_9198ee693835762e, []int{119} } func (m *AcquireSemaphoreRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6520,7 +6721,7 @@ func (m *SemaphoreLease) Reset() { *m = SemaphoreLease{} } func (m *SemaphoreLease) String() string { return proto.CompactTextString(m) } func (*SemaphoreLease) ProtoMessage() {} func (*SemaphoreLease) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{119} + return fileDescriptor_9198ee693835762e, []int{120} } func (m *SemaphoreLease) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6566,7 +6767,7 @@ func (m *SemaphoreLeaseRef) Reset() { *m = SemaphoreLeaseRef{} } func (m *SemaphoreLeaseRef) String() string { return proto.CompactTextString(m) } func (*SemaphoreLeaseRef) ProtoMessage() {} func (*SemaphoreLeaseRef) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{120} + return fileDescriptor_9198ee693835762e, []int{121} } func (m *SemaphoreLeaseRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6615,7 +6816,7 @@ type SemaphoreV3 struct { func (m *SemaphoreV3) Reset() { *m = SemaphoreV3{} } func (*SemaphoreV3) ProtoMessage() {} func (*SemaphoreV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{121} + return fileDescriptor_9198ee693835762e, []int{122} } func (m *SemaphoreV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6657,7 +6858,7 @@ func (m *SemaphoreSpecV3) Reset() { *m = SemaphoreSpecV3{} } func (m *SemaphoreSpecV3) String() string { return proto.CompactTextString(m) } func (*SemaphoreSpecV3) ProtoMessage() {} func (*SemaphoreSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{122} + return fileDescriptor_9198ee693835762e, []int{123} } func (m *SemaphoreSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6706,7 +6907,7 @@ type WebSessionV2 struct { func (m *WebSessionV2) Reset() { *m = WebSessionV2{} } func (*WebSessionV2) ProtoMessage() {} func (*WebSessionV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{123} + return fileDescriptor_9198ee693835762e, []int{124} } func (m *WebSessionV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6757,17 +6958,20 @@ type WebSessionSpecV2 struct { // LoginTime is the time this user recently logged in. LoginTime time.Time `protobuf:"bytes,8,opt,name=LoginTime,proto3,stdtime" json:"login_time"` // IdleTimeout is the max time a user can be inactive in a session. - IdleTimeout Duration `protobuf:"varint,9,opt,name=IdleTimeout,proto3,casttype=Duration" json:"idle_timeout"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + IdleTimeout Duration `protobuf:"varint,9,opt,name=IdleTimeout,proto3,casttype=Duration" json:"idle_timeout"` + // ConsumedAccessRequestID is the ID of the access request from which additional roles to assume + // were obtained. + ConsumedAccessRequestID string `protobuf:"bytes,10,opt,name=ConsumedAccessRequestID,proto3" json:"consumed_access_request_id,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *WebSessionSpecV2) Reset() { *m = WebSessionSpecV2{} } func (m *WebSessionSpecV2) String() string { return proto.CompactTextString(m) } func (*WebSessionSpecV2) ProtoMessage() {} func (*WebSessionSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{124} + return fileDescriptor_9198ee693835762e, []int{125} } func (m *WebSessionSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6809,7 +7013,7 @@ func (m *WebSessionFilter) Reset() { *m = WebSessionFilter{} } func (m *WebSessionFilter) String() string { return proto.CompactTextString(m) } func (*WebSessionFilter) ProtoMessage() {} func (*WebSessionFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{125} + return fileDescriptor_9198ee693835762e, []int{126} } func (m *WebSessionFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6858,7 +7062,7 @@ type RemoteClusterV3 struct { func (m *RemoteClusterV3) Reset() { *m = RemoteClusterV3{} } func (*RemoteClusterV3) ProtoMessage() {} func (*RemoteClusterV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{126} + return fileDescriptor_9198ee693835762e, []int{127} } func (m *RemoteClusterV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6902,7 +7106,7 @@ func (m *RemoteClusterStatusV3) Reset() { *m = RemoteClusterStatusV3{} } func (m *RemoteClusterStatusV3) String() string { return proto.CompactTextString(m) } func (*RemoteClusterStatusV3) ProtoMessage() {} func (*RemoteClusterStatusV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{127} + return fileDescriptor_9198ee693835762e, []int{128} } func (m *RemoteClusterStatusV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -6952,7 +7156,7 @@ func (m *KubernetesCluster) Reset() { *m = KubernetesCluster{} } func (m *KubernetesCluster) String() string { return proto.CompactTextString(m) } func (*KubernetesCluster) ProtoMessage() {} func (*KubernetesCluster) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{128} + return fileDescriptor_9198ee693835762e, []int{129} } func (m *KubernetesCluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7001,7 +7205,7 @@ type KubernetesClusterV3 struct { func (m *KubernetesClusterV3) Reset() { *m = KubernetesClusterV3{} } func (*KubernetesClusterV3) ProtoMessage() {} func (*KubernetesClusterV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{129} + return fileDescriptor_9198ee693835762e, []int{130} } func (m *KubernetesClusterV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7043,7 +7247,7 @@ func (m *KubernetesClusterSpecV3) Reset() { *m = KubernetesClusterSpecV3 func (m *KubernetesClusterSpecV3) String() string { return proto.CompactTextString(m) } func (*KubernetesClusterSpecV3) ProtoMessage() {} func (*KubernetesClusterSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{130} + return fileDescriptor_9198ee693835762e, []int{131} } func (m *KubernetesClusterSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7095,7 +7299,7 @@ type WebTokenV3 struct { func (m *WebTokenV3) Reset() { *m = WebTokenV3{} } func (*WebTokenV3) ProtoMessage() {} func (*WebTokenV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{131} + return fileDescriptor_9198ee693835762e, []int{132} } func (m *WebTokenV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7139,7 +7343,7 @@ func (m *WebTokenSpecV3) Reset() { *m = WebTokenSpecV3{} } func (m *WebTokenSpecV3) String() string { return proto.CompactTextString(m) } func (*WebTokenSpecV3) ProtoMessage() {} func (*WebTokenSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{132} + return fileDescriptor_9198ee693835762e, []int{133} } func (m *WebTokenSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7183,7 +7387,7 @@ func (m *GetWebSessionRequest) Reset() { *m = GetWebSessionRequest{} } func (m *GetWebSessionRequest) String() string { return proto.CompactTextString(m) } func (*GetWebSessionRequest) ProtoMessage() {} func (*GetWebSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{133} + return fileDescriptor_9198ee693835762e, []int{134} } func (m *GetWebSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7227,7 +7431,7 @@ func (m *DeleteWebSessionRequest) Reset() { *m = DeleteWebSessionRequest func (m *DeleteWebSessionRequest) String() string { return proto.CompactTextString(m) } func (*DeleteWebSessionRequest) ProtoMessage() {} func (*DeleteWebSessionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{134} + return fileDescriptor_9198ee693835762e, []int{135} } func (m *DeleteWebSessionRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7271,7 +7475,7 @@ func (m *GetWebTokenRequest) Reset() { *m = GetWebTokenRequest{} } func (m *GetWebTokenRequest) String() string { return proto.CompactTextString(m) } func (*GetWebTokenRequest) ProtoMessage() {} func (*GetWebTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{135} + return fileDescriptor_9198ee693835762e, []int{136} } func (m *GetWebTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7315,7 +7519,7 @@ func (m *DeleteWebTokenRequest) Reset() { *m = DeleteWebTokenRequest{} } func (m *DeleteWebTokenRequest) String() string { return proto.CompactTextString(m) } func (*DeleteWebTokenRequest) ProtoMessage() {} func (*DeleteWebTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{136} + return fileDescriptor_9198ee693835762e, []int{137} } func (m *DeleteWebTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7357,7 +7561,7 @@ func (m *ResourceRequest) Reset() { *m = ResourceRequest{} } func (m *ResourceRequest) String() string { return proto.CompactTextString(m) } func (*ResourceRequest) ProtoMessage() {} func (*ResourceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{137} + return fileDescriptor_9198ee693835762e, []int{138} } func (m *ResourceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7401,7 +7605,7 @@ func (m *ResourceWithSecretsRequest) Reset() { *m = ResourceWithSecretsR func (m *ResourceWithSecretsRequest) String() string { return proto.CompactTextString(m) } func (*ResourceWithSecretsRequest) ProtoMessage() {} func (*ResourceWithSecretsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{138} + return fileDescriptor_9198ee693835762e, []int{139} } func (m *ResourceWithSecretsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7443,7 +7647,7 @@ func (m *ResourcesWithSecretsRequest) Reset() { *m = ResourcesWithSecret func (m *ResourcesWithSecretsRequest) String() string { return proto.CompactTextString(m) } func (*ResourcesWithSecretsRequest) ProtoMessage() {} func (*ResourcesWithSecretsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{139} + return fileDescriptor_9198ee693835762e, []int{140} } func (m *ResourcesWithSecretsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7487,7 +7691,7 @@ func (m *ResourceInNamespaceRequest) Reset() { *m = ResourceInNamespaceR func (m *ResourceInNamespaceRequest) String() string { return proto.CompactTextString(m) } func (*ResourceInNamespaceRequest) ProtoMessage() {} func (*ResourceInNamespaceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{140} + return fileDescriptor_9198ee693835762e, []int{141} } func (m *ResourceInNamespaceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7529,7 +7733,7 @@ func (m *ResourcesInNamespaceRequest) Reset() { *m = ResourcesInNamespac func (m *ResourcesInNamespaceRequest) String() string { return proto.CompactTextString(m) } func (*ResourcesInNamespaceRequest) ProtoMessage() {} func (*ResourcesInNamespaceRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{141} + return fileDescriptor_9198ee693835762e, []int{142} } func (m *ResourcesInNamespaceRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7579,7 +7783,7 @@ func (m *OIDCConnectorV3) Reset() { *m = OIDCConnectorV3{} } func (m *OIDCConnectorV3) String() string { return proto.CompactTextString(m) } func (*OIDCConnectorV3) ProtoMessage() {} func (*OIDCConnectorV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{142} + return fileDescriptor_9198ee693835762e, []int{143} } func (m *OIDCConnectorV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7621,7 +7825,7 @@ func (m *OIDCConnectorV3List) Reset() { *m = OIDCConnectorV3List{} } func (m *OIDCConnectorV3List) String() string { return proto.CompactTextString(m) } func (*OIDCConnectorV3List) ProtoMessage() {} func (*OIDCConnectorV3List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{143} + return fileDescriptor_9198ee693835762e, []int{144} } func (m *OIDCConnectorV3List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7692,17 +7896,21 @@ type OIDCConnectorSpecV3 struct { // This list should match the URLs on the provider's side. The URL used for a // given auth request will be chosen to match the requesting Proxy's public // address. If there is no match, the first url in the list will be used. - RedirectURLs github_com_gravitational_teleport_api_types_wrappers.Strings `protobuf:"bytes,14,opt,name=RedirectURLs,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Strings" json:"redirect_url"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RedirectURLs github_com_gravitational_teleport_api_types_wrappers.Strings `protobuf:"bytes,14,opt,name=RedirectURLs,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Strings" json:"redirect_url"` + // AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails. + AllowUnverifiedEmail bool `protobuf:"varint,15,opt,name=AllowUnverifiedEmail,proto3" json:"allow_unverified_email,omitempty"` + // UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username. + UsernameClaim string `protobuf:"bytes,16,opt,name=UsernameClaim,proto3" json:"username_claim,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *OIDCConnectorSpecV3) Reset() { *m = OIDCConnectorSpecV3{} } func (m *OIDCConnectorSpecV3) String() string { return proto.CompactTextString(m) } func (*OIDCConnectorSpecV3) ProtoMessage() {} func (*OIDCConnectorSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{144} + return fileDescriptor_9198ee693835762e, []int{145} } func (m *OIDCConnectorSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7753,7 +7961,7 @@ type OIDCAuthRequest struct { // of successful auth PublicKey []byte `protobuf:"bytes,7,opt,name=PublicKey,proto3" json:"public_key"` // CertTTL is the TTL of the certificate user wants to get - CertTTL Duration `protobuf:"varint,8,opt,name=CertTTL,proto3,casttype=Duration" json:"cert_ttl"` + CertTTL time.Duration `protobuf:"varint,8,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"` // CreateWebSession indicates if user wants to generate a web // session after successful authentication CreateWebSession bool `protobuf:"varint,9,opt,name=CreateWebSession,proto3" json:"create_web_session"` @@ -7784,7 +7992,7 @@ func (m *OIDCAuthRequest) Reset() { *m = OIDCAuthRequest{} } func (m *OIDCAuthRequest) String() string { return proto.CompactTextString(m) } func (*OIDCAuthRequest) ProtoMessage() {} func (*OIDCAuthRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{145} + return fileDescriptor_9198ee693835762e, []int{146} } func (m *OIDCAuthRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7834,7 +8042,7 @@ func (m *SAMLConnectorV2) Reset() { *m = SAMLConnectorV2{} } func (m *SAMLConnectorV2) String() string { return proto.CompactTextString(m) } func (*SAMLConnectorV2) ProtoMessage() {} func (*SAMLConnectorV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{146} + return fileDescriptor_9198ee693835762e, []int{147} } func (m *SAMLConnectorV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7876,7 +8084,7 @@ func (m *SAMLConnectorV2List) Reset() { *m = SAMLConnectorV2List{} } func (m *SAMLConnectorV2List) String() string { return proto.CompactTextString(m) } func (*SAMLConnectorV2List) ProtoMessage() {} func (*SAMLConnectorV2List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{147} + return fileDescriptor_9198ee693835762e, []int{148} } func (m *SAMLConnectorV2List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7935,17 +8143,20 @@ type SAMLConnectorSpecV2 struct { // Provider is the external identity provider. Provider string `protobuf:"bytes,12,opt,name=Provider,proto3" json:"provider,omitempty"` // EncryptionKeyPair is a key pair used for decrypting SAML assertions. - EncryptionKeyPair *AsymmetricKeyPair `protobuf:"bytes,13,opt,name=EncryptionKeyPair,proto3" json:"assertion_key_pair,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + EncryptionKeyPair *AsymmetricKeyPair `protobuf:"bytes,13,opt,name=EncryptionKeyPair,proto3" json:"assertion_key_pair,omitempty"` + // AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated + // logins. + AllowIDPInitiated bool `protobuf:"varint,14,opt,name=AllowIDPInitiated,proto3" json:"allow_idp_initiated,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *SAMLConnectorSpecV2) Reset() { *m = SAMLConnectorSpecV2{} } func (m *SAMLConnectorSpecV2) String() string { return proto.CompactTextString(m) } func (*SAMLConnectorSpecV2) ProtoMessage() {} func (*SAMLConnectorSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{148} + return fileDescriptor_9198ee693835762e, []int{149} } func (m *SAMLConnectorSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -7992,7 +8203,7 @@ type SAMLAuthRequest struct { // of successful auth. PublicKey []byte `protobuf:"bytes,6,opt,name=PublicKey,proto3" json:"public_key"` // CertTTL is the TTL of the certificate user wants to get. - CertTTL Duration `protobuf:"varint,7,opt,name=CertTTL,proto3,casttype=Duration" json:"cert_ttl"` + CertTTL time.Duration `protobuf:"varint,7,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"` // CSRFToken is associated with user web session token. CSRFToken string `protobuf:"bytes,8,opt,name=CSRFToken,proto3" json:"csrf_token"` // CreateWebSession indicates if user wants to generate a web @@ -8020,7 +8231,7 @@ func (m *SAMLAuthRequest) Reset() { *m = SAMLAuthRequest{} } func (m *SAMLAuthRequest) String() string { return proto.CompactTextString(m) } func (*SAMLAuthRequest) ProtoMessage() {} func (*SAMLAuthRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{149} + return fileDescriptor_9198ee693835762e, []int{150} } func (m *SAMLAuthRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8066,7 +8277,7 @@ func (m *AttributeMapping) Reset() { *m = AttributeMapping{} } func (m *AttributeMapping) String() string { return proto.CompactTextString(m) } func (*AttributeMapping) ProtoMessage() {} func (*AttributeMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{150} + return fileDescriptor_9198ee693835762e, []int{151} } func (m *AttributeMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8111,7 +8322,7 @@ func (m *AsymmetricKeyPair) Reset() { *m = AsymmetricKeyPair{} } func (m *AsymmetricKeyPair) String() string { return proto.CompactTextString(m) } func (*AsymmetricKeyPair) ProtoMessage() {} func (*AsymmetricKeyPair) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{151} + return fileDescriptor_9198ee693835762e, []int{152} } func (m *AsymmetricKeyPair) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8161,7 +8372,7 @@ func (m *GithubConnectorV3) Reset() { *m = GithubConnectorV3{} } func (m *GithubConnectorV3) String() string { return proto.CompactTextString(m) } func (*GithubConnectorV3) ProtoMessage() {} func (*GithubConnectorV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{152} + return fileDescriptor_9198ee693835762e, []int{153} } func (m *GithubConnectorV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8203,7 +8414,7 @@ func (m *GithubConnectorV3List) Reset() { *m = GithubConnectorV3List{} } func (m *GithubConnectorV3List) String() string { return proto.CompactTextString(m) } func (*GithubConnectorV3List) ProtoMessage() {} func (*GithubConnectorV3List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{153} + return fileDescriptor_9198ee693835762e, []int{154} } func (m *GithubConnectorV3List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8244,11 +8455,11 @@ type GithubConnectorSpecV3 struct { // // DELETE IN 11.0.0 // Deprecated: use GithubTeamsToRoles instead. - TeamsToLogins []TeamMapping `protobuf:"bytes,4,rep,name=TeamsToLogins,proto3" json:"teams_to_logins"` + TeamsToLogins []TeamMapping `protobuf:"bytes,4,rep,name=TeamsToLogins,proto3" json:"teams_to_logins,omitempty"` // Display is the connector display name. Display string `protobuf:"bytes,5,opt,name=Display,proto3" json:"display"` // TeamsToRoles maps Github team memberships onto allowed roles. - TeamsToRoles []TeamRolesMapping `protobuf:"bytes,6,rep,name=TeamsToRoles,proto3" json:"teams_to_roles"` + TeamsToRoles []TeamRolesMapping `protobuf:"bytes,6,rep,name=TeamsToRoles,proto3" json:"teams_to_roles,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -8258,7 +8469,7 @@ func (m *GithubConnectorSpecV3) Reset() { *m = GithubConnectorSpecV3{} } func (m *GithubConnectorSpecV3) String() string { return proto.CompactTextString(m) } func (*GithubConnectorSpecV3) ProtoMessage() {} func (*GithubConnectorSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{154} + return fileDescriptor_9198ee693835762e, []int{155} } func (m *GithubConnectorSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8300,7 +8511,7 @@ type GithubAuthRequest struct { // PublicKey is an optional public key to sign in case of successful auth. PublicKey []byte `protobuf:"bytes,5,opt,name=PublicKey,proto3" json:"public_key"` // CertTTL is TTL of the cert that's generated in case of successful auth. - CertTTL Duration `protobuf:"varint,6,opt,name=CertTTL,proto3,casttype=Duration" json:"cert_ttl"` + CertTTL time.Duration `protobuf:"varint,6,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"` // CreateWebSession indicates that a user wants to generate a web session // after successful authentication. CreateWebSession bool `protobuf:"varint,7,opt,name=CreateWebSession,proto3" json:"create_web_session"` @@ -8330,7 +8541,7 @@ func (m *GithubAuthRequest) Reset() { *m = GithubAuthRequest{} } func (m *GithubAuthRequest) String() string { return proto.CompactTextString(m) } func (*GithubAuthRequest) ProtoMessage() {} func (*GithubAuthRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{155} + return fileDescriptor_9198ee693835762e, []int{156} } func (m *GithubAuthRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8374,7 +8585,7 @@ func (m *SSOWarnings) Reset() { *m = SSOWarnings{} } func (m *SSOWarnings) String() string { return proto.CompactTextString(m) } func (*SSOWarnings) ProtoMessage() {} func (*SSOWarnings) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{156} + return fileDescriptor_9198ee693835762e, []int{157} } func (m *SSOWarnings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8430,7 +8641,7 @@ func (m *CreateUserParams) Reset() { *m = CreateUserParams{} } func (m *CreateUserParams) String() string { return proto.CompactTextString(m) } func (*CreateUserParams) ProtoMessage() {} func (*CreateUserParams) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{157} + return fileDescriptor_9198ee693835762e, []int{158} } func (m *CreateUserParams) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8513,7 +8724,7 @@ func (m *SSODiagnosticInfo) Reset() { *m = SSODiagnosticInfo{} } func (m *SSODiagnosticInfo) String() string { return proto.CompactTextString(m) } func (*SSODiagnosticInfo) ProtoMessage() {} func (*SSODiagnosticInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{158} + return fileDescriptor_9198ee693835762e, []int{159} } func (m *SSODiagnosticInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8557,7 +8768,7 @@ func (m *GithubTokenInfo) Reset() { *m = GithubTokenInfo{} } func (m *GithubTokenInfo) String() string { return proto.CompactTextString(m) } func (*GithubTokenInfo) ProtoMessage() {} func (*GithubTokenInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{159} + return fileDescriptor_9198ee693835762e, []int{160} } func (m *GithubTokenInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8603,7 +8814,7 @@ func (m *GithubClaims) Reset() { *m = GithubClaims{} } func (m *GithubClaims) String() string { return proto.CompactTextString(m) } func (*GithubClaims) ProtoMessage() {} func (*GithubClaims) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{160} + return fileDescriptor_9198ee693835762e, []int{161} } func (m *GithubClaims) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8655,7 +8866,7 @@ func (m *TeamMapping) Reset() { *m = TeamMapping{} } func (m *TeamMapping) String() string { return proto.CompactTextString(m) } func (*TeamMapping) ProtoMessage() {} func (*TeamMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{161} + return fileDescriptor_9198ee693835762e, []int{162} } func (m *TeamMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8701,7 +8912,7 @@ func (m *TeamRolesMapping) Reset() { *m = TeamRolesMapping{} } func (m *TeamRolesMapping) String() string { return proto.CompactTextString(m) } func (*TeamRolesMapping) ProtoMessage() {} func (*TeamRolesMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{162} + return fileDescriptor_9198ee693835762e, []int{163} } func (m *TeamRolesMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8750,7 +8961,7 @@ type TrustedClusterV2 struct { func (m *TrustedClusterV2) Reset() { *m = TrustedClusterV2{} } func (*TrustedClusterV2) ProtoMessage() {} func (*TrustedClusterV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{163} + return fileDescriptor_9198ee693835762e, []int{164} } func (m *TrustedClusterV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8792,7 +9003,7 @@ func (m *TrustedClusterV2List) Reset() { *m = TrustedClusterV2List{} } func (m *TrustedClusterV2List) String() string { return proto.CompactTextString(m) } func (*TrustedClusterV2List) ProtoMessage() {} func (*TrustedClusterV2List) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{164} + return fileDescriptor_9198ee693835762e, []int{165} } func (m *TrustedClusterV2List) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8848,7 +9059,7 @@ func (m *TrustedClusterSpecV2) Reset() { *m = TrustedClusterSpecV2{} } func (m *TrustedClusterSpecV2) String() string { return proto.CompactTextString(m) } func (*TrustedClusterSpecV2) ProtoMessage() {} func (*TrustedClusterSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{165} + return fileDescriptor_9198ee693835762e, []int{166} } func (m *TrustedClusterSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8901,7 +9112,7 @@ func (m *LockV2) Reset() { *m = LockV2{} } func (m *LockV2) String() string { return proto.CompactTextString(m) } func (*LockV2) ProtoMessage() {} func (*LockV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{166} + return fileDescriptor_9198ee693835762e, []int{167} } func (m *LockV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -8947,7 +9158,7 @@ func (m *LockSpecV2) Reset() { *m = LockSpecV2{} } func (m *LockSpecV2) String() string { return proto.CompactTextString(m) } func (*LockSpecV2) ProtoMessage() {} func (*LockSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{167} + return fileDescriptor_9198ee693835762e, []int{168} } func (m *LockSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9002,7 +9213,7 @@ type LockTarget struct { func (m *LockTarget) Reset() { *m = LockTarget{} } func (*LockTarget) ProtoMessage() {} func (*LockTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{168} + return fileDescriptor_9198ee693835762e, []int{169} } func (m *LockTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9046,7 +9257,7 @@ func (m *AddressCondition) Reset() { *m = AddressCondition{} } func (m *AddressCondition) String() string { return proto.CompactTextString(m) } func (*AddressCondition) ProtoMessage() {} func (*AddressCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{169} + return fileDescriptor_9198ee693835762e, []int{170} } func (m *AddressCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9089,7 +9300,7 @@ func (m *NetworkRestrictionsSpecV4) Reset() { *m = NetworkRestrictionsSp func (m *NetworkRestrictionsSpecV4) String() string { return proto.CompactTextString(m) } func (*NetworkRestrictionsSpecV4) ProtoMessage() {} func (*NetworkRestrictionsSpecV4) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{170} + return fileDescriptor_9198ee693835762e, []int{171} } func (m *NetworkRestrictionsSpecV4) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9142,7 +9353,7 @@ func (m *NetworkRestrictionsV4) Reset() { *m = NetworkRestrictionsV4{} } func (m *NetworkRestrictionsV4) String() string { return proto.CompactTextString(m) } func (*NetworkRestrictionsV4) ProtoMessage() {} func (*NetworkRestrictionsV4) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{171} + return fileDescriptor_9198ee693835762e, []int{172} } func (m *NetworkRestrictionsV4) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9186,7 +9397,7 @@ func (m *WindowsDesktopServiceV3) Reset() { *m = WindowsDesktopServiceV3 func (m *WindowsDesktopServiceV3) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopServiceV3) ProtoMessage() {} func (*WindowsDesktopServiceV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{172} + return fileDescriptor_9198ee693835762e, []int{173} } func (m *WindowsDesktopServiceV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9234,7 +9445,7 @@ func (m *WindowsDesktopServiceSpecV3) Reset() { *m = WindowsDesktopServi func (m *WindowsDesktopServiceSpecV3) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopServiceSpecV3) ProtoMessage() {} func (*WindowsDesktopServiceSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{173} + return fileDescriptor_9198ee693835762e, []int{174} } func (m *WindowsDesktopServiceSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9278,7 +9489,7 @@ func (m *WindowsDesktopFilter) Reset() { *m = WindowsDesktopFilter{} } func (m *WindowsDesktopFilter) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopFilter) ProtoMessage() {} func (*WindowsDesktopFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{174} + return fileDescriptor_9198ee693835762e, []int{175} } func (m *WindowsDesktopFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9322,7 +9533,7 @@ func (m *WindowsDesktopV3) Reset() { *m = WindowsDesktopV3{} } func (m *WindowsDesktopV3) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopV3) ProtoMessage() {} func (*WindowsDesktopV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{175} + return fileDescriptor_9198ee693835762e, []int{176} } func (m *WindowsDesktopV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9368,7 +9579,7 @@ func (m *WindowsDesktopSpecV3) Reset() { *m = WindowsDesktopSpecV3{} } func (m *WindowsDesktopSpecV3) String() string { return proto.CompactTextString(m) } func (*WindowsDesktopSpecV3) ProtoMessage() {} func (*WindowsDesktopSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{176} + return fileDescriptor_9198ee693835762e, []int{177} } func (m *WindowsDesktopSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9434,7 +9645,7 @@ func (m *RegisterUsingTokenRequest) Reset() { *m = RegisterUsingTokenReq func (m *RegisterUsingTokenRequest) String() string { return proto.CompactTextString(m) } func (*RegisterUsingTokenRequest) ProtoMessage() {} func (*RegisterUsingTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{177} + return fileDescriptor_9198ee693835762e, []int{178} } func (m *RegisterUsingTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9488,7 +9699,7 @@ func (m *RecoveryCodesV1) Reset() { *m = RecoveryCodesV1{} } func (m *RecoveryCodesV1) String() string { return proto.CompactTextString(m) } func (*RecoveryCodesV1) ProtoMessage() {} func (*RecoveryCodesV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{178} + return fileDescriptor_9198ee693835762e, []int{179} } func (m *RecoveryCodesV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9533,7 +9744,7 @@ func (m *RecoveryCodesSpecV1) Reset() { *m = RecoveryCodesSpecV1{} } func (m *RecoveryCodesSpecV1) String() string { return proto.CompactTextString(m) } func (*RecoveryCodesSpecV1) ProtoMessage() {} func (*RecoveryCodesSpecV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{179} + return fileDescriptor_9198ee693835762e, []int{180} } func (m *RecoveryCodesSpecV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9577,7 +9788,7 @@ func (m *RecoveryCode) Reset() { *m = RecoveryCode{} } func (m *RecoveryCode) String() string { return proto.CompactTextString(m) } func (*RecoveryCode) ProtoMessage() {} func (*RecoveryCode) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{180} + return fileDescriptor_9198ee693835762e, []int{181} } func (m *RecoveryCode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9621,7 +9832,7 @@ func (m *SessionTrackerV1) Reset() { *m = SessionTrackerV1{} } func (m *SessionTrackerV1) String() string { return proto.CompactTextString(m) } func (*SessionTrackerV1) ProtoMessage() {} func (*SessionTrackerV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{181} + return fileDescriptor_9198ee693835762e, []int{182} } func (m *SessionTrackerV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9711,7 +9922,7 @@ func (m *SessionTrackerSpecV1) Reset() { *m = SessionTrackerSpecV1{} } func (m *SessionTrackerSpecV1) String() string { return proto.CompactTextString(m) } func (*SessionTrackerSpecV1) ProtoMessage() {} func (*SessionTrackerSpecV1) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{182} + return fileDescriptor_9198ee693835762e, []int{183} } func (m *SessionTrackerSpecV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9758,7 +9969,7 @@ func (m *SessionTrackerPolicySet) Reset() { *m = SessionTrackerPolicySet func (m *SessionTrackerPolicySet) String() string { return proto.CompactTextString(m) } func (*SessionTrackerPolicySet) ProtoMessage() {} func (*SessionTrackerPolicySet) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{183} + return fileDescriptor_9198ee693835762e, []int{184} } func (m *SessionTrackerPolicySet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9806,7 +10017,7 @@ func (m *Participant) Reset() { *m = Participant{} } func (m *Participant) String() string { return proto.CompactTextString(m) } func (*Participant) ProtoMessage() {} func (*Participant) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{184} + return fileDescriptor_9198ee693835762e, []int{185} } func (m *Participant) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9835,6 +10046,141 @@ func (m *Participant) XXX_DiscardUnknown() { var xxx_messageInfo_Participant proto.InternalMessageInfo +// InstallerV1 represents an installer script resource. Used to +// provide a script to install teleport on discovered nodes. +type InstallerV1 struct { + // Kind is the resource kind. + Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"` + // SubKind is an optional resource subkind. Currently unused for this resource. + SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"` + // Version is the resource version. + Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"` + // Metadata is the resource metadata. + Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"` + // Spec is the resource spec. + Spec InstallerSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *InstallerV1) Reset() { *m = InstallerV1{} } +func (m *InstallerV1) String() string { return proto.CompactTextString(m) } +func (*InstallerV1) ProtoMessage() {} +func (*InstallerV1) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{186} +} +func (m *InstallerV1) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *InstallerV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InstallerV1.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *InstallerV1) XXX_Merge(src proto.Message) { + xxx_messageInfo_InstallerV1.Merge(m, src) +} +func (m *InstallerV1) XXX_Size() int { + return m.Size() +} +func (m *InstallerV1) XXX_DiscardUnknown() { + xxx_messageInfo_InstallerV1.DiscardUnknown(m) +} + +var xxx_messageInfo_InstallerV1 proto.InternalMessageInfo + +// InstallerSpecV1 is the specification for an Installer +type InstallerSpecV1 struct { + // Script represents the contents of a installer shell script + Script string `protobuf:"bytes,1,opt,name=Script,proto3" json:"script"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *InstallerSpecV1) Reset() { *m = InstallerSpecV1{} } +func (m *InstallerSpecV1) String() string { return proto.CompactTextString(m) } +func (*InstallerSpecV1) ProtoMessage() {} +func (*InstallerSpecV1) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{187} +} +func (m *InstallerSpecV1) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *InstallerSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InstallerSpecV1.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *InstallerSpecV1) XXX_Merge(src proto.Message) { + xxx_messageInfo_InstallerSpecV1.Merge(m, src) +} +func (m *InstallerSpecV1) XXX_Size() int { + return m.Size() +} +func (m *InstallerSpecV1) XXX_DiscardUnknown() { + xxx_messageInfo_InstallerSpecV1.DiscardUnknown(m) +} + +var xxx_messageInfo_InstallerSpecV1 proto.InternalMessageInfo + +// InstallerV1List represents a list of installer resources. +type InstallerV1List struct { + // Installers is a list of installer resources. + Installers []*InstallerV1 `protobuf:"bytes,1,rep,name=installers,proto3" json:"installers,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *InstallerV1List) Reset() { *m = InstallerV1List{} } +func (m *InstallerV1List) String() string { return proto.CompactTextString(m) } +func (*InstallerV1List) ProtoMessage() {} +func (*InstallerV1List) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{188} +} +func (m *InstallerV1List) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *InstallerV1List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_InstallerV1List.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *InstallerV1List) XXX_Merge(src proto.Message) { + xxx_messageInfo_InstallerV1List.Merge(m, src) +} +func (m *InstallerV1List) XXX_Size() int { + return m.Size() +} +func (m *InstallerV1List) XXX_DiscardUnknown() { + xxx_messageInfo_InstallerV1List.DiscardUnknown(m) +} + +var xxx_messageInfo_InstallerV1List proto.InternalMessageInfo + // SortBy defines a sort criteria. type SortBy struct { // IsDesc is a sort direction flag where if true the direction is descending, else ascending. @@ -9850,7 +10196,7 @@ func (m *SortBy) Reset() { *m = SortBy{} } func (m *SortBy) String() string { return proto.CompactTextString(m) } func (*SortBy) ProtoMessage() {} func (*SortBy) Descriptor() ([]byte, []int) { - return fileDescriptor_d938547f84707355, []int{185} + return fileDescriptor_9198ee693835762e, []int{189} } func (m *SortBy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -9879,6 +10225,282 @@ func (m *SortBy) XXX_DiscardUnknown() { var xxx_messageInfo_SortBy proto.InternalMessageInfo +// ConnectionDiagnosticV1 is the result of testing a connection. +// When setting up a new resource in Teleport, it's useful to know if we can connect to it. +// This can be done using the test connection feature. +// The user can then receive the result as feedback using the UI +type ConnectionDiagnosticV1 struct { + ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""` + // Spec is the resource spec. + Spec ConnectionDiagnosticSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConnectionDiagnosticV1) Reset() { *m = ConnectionDiagnosticV1{} } +func (m *ConnectionDiagnosticV1) String() string { return proto.CompactTextString(m) } +func (*ConnectionDiagnosticV1) ProtoMessage() {} +func (*ConnectionDiagnosticV1) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{190} +} +func (m *ConnectionDiagnosticV1) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConnectionDiagnosticV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConnectionDiagnosticV1.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ConnectionDiagnosticV1) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConnectionDiagnosticV1.Merge(m, src) +} +func (m *ConnectionDiagnosticV1) XXX_Size() int { + return m.Size() +} +func (m *ConnectionDiagnosticV1) XXX_DiscardUnknown() { + xxx_messageInfo_ConnectionDiagnosticV1.DiscardUnknown(m) +} + +var xxx_messageInfo_ConnectionDiagnosticV1 proto.InternalMessageInfo + +// ConnectionDiagnosticSpecV1 is the ConnectionDiagnostic Spec. +// It contains the result of testing a connection. +// It has the overall result of the connection and then a list of traces. +// Each trace contains checkpoints of the connection attempt and its result. +type ConnectionDiagnosticSpecV1 struct { + // Success describes whether the connection was a success or a failure. + Success bool `protobuf:"varint,1,opt,name=Success,proto3" json:"success"` + // Message may contain some user friendly message to let the user know whether it was + // successfull or a failure. + Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"` + // Traces contain a list of checkpoints defined by + Traces []*ConnectionDiagnosticTrace `protobuf:"bytes,3,rep,name=Traces,proto3" json:"traces"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConnectionDiagnosticSpecV1) Reset() { *m = ConnectionDiagnosticSpecV1{} } +func (m *ConnectionDiagnosticSpecV1) String() string { return proto.CompactTextString(m) } +func (*ConnectionDiagnosticSpecV1) ProtoMessage() {} +func (*ConnectionDiagnosticSpecV1) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{191} +} +func (m *ConnectionDiagnosticSpecV1) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConnectionDiagnosticSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConnectionDiagnosticSpecV1.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ConnectionDiagnosticSpecV1) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConnectionDiagnosticSpecV1.Merge(m, src) +} +func (m *ConnectionDiagnosticSpecV1) XXX_Size() int { + return m.Size() +} +func (m *ConnectionDiagnosticSpecV1) XXX_DiscardUnknown() { + xxx_messageInfo_ConnectionDiagnosticSpecV1.DiscardUnknown(m) +} + +var xxx_messageInfo_ConnectionDiagnosticSpecV1 proto.InternalMessageInfo + +// ConnectionDiagnosticTrace describes a trace of a connection diagnostic +type ConnectionDiagnosticTrace struct { + Type ConnectionDiagnosticTrace_TraceType `protobuf:"varint,1,opt,name=Type,proto3,enum=types.ConnectionDiagnosticTrace_TraceType" json:"type"` + Status ConnectionDiagnosticTrace_StatusType `protobuf:"varint,2,opt,name=Status,proto3,enum=types.ConnectionDiagnosticTrace_StatusType" json:"status"` + // Details contains a User friendly message of the check's result. + Details string `protobuf:"bytes,3,opt,name=Details,proto3" json:"details"` + // Error contains the low level error message in case of a failure. + Error string `protobuf:"bytes,4,opt,name=Error,proto3" json:"error"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConnectionDiagnosticTrace) Reset() { *m = ConnectionDiagnosticTrace{} } +func (m *ConnectionDiagnosticTrace) String() string { return proto.CompactTextString(m) } +func (*ConnectionDiagnosticTrace) ProtoMessage() {} +func (*ConnectionDiagnosticTrace) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{192} +} +func (m *ConnectionDiagnosticTrace) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConnectionDiagnosticTrace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConnectionDiagnosticTrace.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ConnectionDiagnosticTrace) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConnectionDiagnosticTrace.Merge(m, src) +} +func (m *ConnectionDiagnosticTrace) XXX_Size() int { + return m.Size() +} +func (m *ConnectionDiagnosticTrace) XXX_DiscardUnknown() { + xxx_messageInfo_ConnectionDiagnosticTrace.DiscardUnknown(m) +} + +var xxx_messageInfo_ConnectionDiagnosticTrace proto.InternalMessageInfo + +// ClusterAlert is a cluster-level alert message. +type ClusterAlert struct { + ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""` + Spec ClusterAlertSpec `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ClusterAlert) Reset() { *m = ClusterAlert{} } +func (m *ClusterAlert) String() string { return proto.CompactTextString(m) } +func (*ClusterAlert) ProtoMessage() {} +func (*ClusterAlert) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{193} +} +func (m *ClusterAlert) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ClusterAlert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ClusterAlert.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ClusterAlert) XXX_Merge(src proto.Message) { + xxx_messageInfo_ClusterAlert.Merge(m, src) +} +func (m *ClusterAlert) XXX_Size() int { + return m.Size() +} +func (m *ClusterAlert) XXX_DiscardUnknown() { + xxx_messageInfo_ClusterAlert.DiscardUnknown(m) +} + +var xxx_messageInfo_ClusterAlert proto.InternalMessageInfo + +// ClusterAlertSpec is a cluster alert specification. +type ClusterAlertSpec struct { + // Severity represents how problematic/urgent the alert is. + Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"severity"` + // Message is the user-facing message associated with the alert. + Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"` + // Created is the time at which the alert was generated. + Created time.Time `protobuf:"bytes,3,opt,name=Created,proto3,stdtime" json:"created,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ClusterAlertSpec) Reset() { *m = ClusterAlertSpec{} } +func (m *ClusterAlertSpec) String() string { return proto.CompactTextString(m) } +func (*ClusterAlertSpec) ProtoMessage() {} +func (*ClusterAlertSpec) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{194} +} +func (m *ClusterAlertSpec) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ClusterAlertSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ClusterAlertSpec.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ClusterAlertSpec) XXX_Merge(src proto.Message) { + xxx_messageInfo_ClusterAlertSpec.Merge(m, src) +} +func (m *ClusterAlertSpec) XXX_Size() int { + return m.Size() +} +func (m *ClusterAlertSpec) XXX_DiscardUnknown() { + xxx_messageInfo_ClusterAlertSpec.DiscardUnknown(m) +} + +var xxx_messageInfo_ClusterAlertSpec proto.InternalMessageInfo + +// GetClusterAlertsRequest matches cluster alerts. +type GetClusterAlertsRequest struct { + // Severity is an optional minimum severity. + Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"Severity,omitempty"` + // AlertID optionally specifies the ID of the alert being requested. + AlertID string `protobuf:"bytes,2,opt,name=AlertID,proto3" json:"AlertID,omitempty"` + // Labels is an optional label selector. + Labels map[string]string `protobuf:"bytes,3,rep,name=Labels,proto3" json:"Labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *GetClusterAlertsRequest) Reset() { *m = GetClusterAlertsRequest{} } +func (m *GetClusterAlertsRequest) String() string { return proto.CompactTextString(m) } +func (*GetClusterAlertsRequest) ProtoMessage() {} +func (*GetClusterAlertsRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{195} +} +func (m *GetClusterAlertsRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GetClusterAlertsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_GetClusterAlertsRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *GetClusterAlertsRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_GetClusterAlertsRequest.Merge(m, src) +} +func (m *GetClusterAlertsRequest) XXX_Size() int { + return m.Size() +} +func (m *GetClusterAlertsRequest) XXX_DiscardUnknown() { + xxx_messageInfo_GetClusterAlertsRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_GetClusterAlertsRequest proto.InternalMessageInfo + func init() { proto.RegisterEnum("types.DatabaseTLSMode", DatabaseTLSMode_name, DatabaseTLSMode_value) proto.RegisterEnum("types.PrivateKeyType", PrivateKeyType_name, PrivateKeyType_value) @@ -9889,8 +10511,12 @@ func init() { proto.RegisterEnum("types.CertExtensionMode", CertExtensionMode_name, CertExtensionMode_value) proto.RegisterEnum("types.CertExtensionType", CertExtensionType_name, CertExtensionType_value) proto.RegisterEnum("types.SessionState", SessionState_name, SessionState_value) + proto.RegisterEnum("types.AlertSeverity", AlertSeverity_name, AlertSeverity_value) proto.RegisterEnum("types.KeepAlive_KeepAliveType", KeepAlive_KeepAliveType_name, KeepAlive_KeepAliveType_value) proto.RegisterEnum("types.CertAuthoritySpecV2_SigningAlgType", CertAuthoritySpecV2_SigningAlgType_name, CertAuthoritySpecV2_SigningAlgType_value) + proto.RegisterEnum("types.ClusterAuditConfigSpecV2_FIPSEndpointState", ClusterAuditConfigSpecV2_FIPSEndpointState_name, ClusterAuditConfigSpecV2_FIPSEndpointState_value) + proto.RegisterEnum("types.ConnectionDiagnosticTrace_TraceType", ConnectionDiagnosticTrace_TraceType_name, ConnectionDiagnosticTrace_TraceType_value) + proto.RegisterEnum("types.ConnectionDiagnosticTrace_StatusType", ConnectionDiagnosticTrace_StatusType_name, ConnectionDiagnosticTrace_StatusType_value) proto.RegisterType((*KeepAlive)(nil), "types.KeepAlive") proto.RegisterType((*Metadata)(nil), "types.Metadata") proto.RegisterMapType((map[string]string)(nil), "types.Metadata.LabelsEntry") @@ -9932,6 +10558,7 @@ func init() { proto.RegisterType((*Rewrite)(nil), "types.Rewrite") proto.RegisterType((*Header)(nil), "types.Header") proto.RegisterType((*CommandLabelV2)(nil), "types.CommandLabelV2") + proto.RegisterType((*AppAWS)(nil), "types.AppAWS") proto.RegisterType((*SSHKeyPair)(nil), "types.SSHKeyPair") proto.RegisterType((*TLSKeyPair)(nil), "types.TLSKeyPair") proto.RegisterType((*JWTKeyPair)(nil), "types.JWTKeyPair") @@ -10091,886 +10718,950 @@ func init() { proto.RegisterType((*SessionTrackerSpecV1)(nil), "types.SessionTrackerSpecV1") proto.RegisterType((*SessionTrackerPolicySet)(nil), "types.SessionTrackerPolicySet") proto.RegisterType((*Participant)(nil), "types.Participant") + proto.RegisterType((*InstallerV1)(nil), "types.InstallerV1") + proto.RegisterType((*InstallerSpecV1)(nil), "types.InstallerSpecV1") + proto.RegisterType((*InstallerV1List)(nil), "types.InstallerV1List") proto.RegisterType((*SortBy)(nil), "types.SortBy") -} - -func init() { proto.RegisterFile("types.proto", fileDescriptor_d938547f84707355) } - -var fileDescriptor_d938547f84707355 = []byte{ - // 13957 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x6c, 0x1c, 0x49, - 0x76, 0x98, 0x7a, 0x66, 0x48, 0x0e, 0x1f, 0x87, 0xe4, 0xb0, 0x48, 0x49, 0x94, 0x56, 0xbb, 0xa3, - 0xed, 0xdd, 0xd5, 0x6a, 0xb5, 0xbb, 0xd2, 0x89, 0xba, 0xd5, 0x79, 0x6f, 0xbf, 0x6e, 0x86, 0xa4, - 0x56, 0x5c, 0x51, 0x24, 0xb7, 0x87, 0x22, 0xef, 0x7c, 0xb7, 0xd7, 0xd7, 0x9c, 0x2e, 0x92, 0xbd, - 0x9c, 0x99, 0x9e, 0xeb, 0xee, 0x91, 0x44, 0x5f, 0x0c, 0xdb, 0x08, 0x2e, 0x87, 0x83, 0xe1, 0x3b, - 0x9f, 0x71, 0x8e, 0xed, 0xc0, 0x81, 0x1d, 0x23, 0x0e, 0xe2, 0x24, 0xf6, 0x0f, 0x3b, 0x41, 0x62, - 0x24, 0x48, 0x62, 0x20, 0x30, 0x2e, 0x41, 0x82, 0xf8, 0x5f, 0x90, 0x4b, 0xc2, 0xc4, 0x77, 0xf9, - 0x11, 0x10, 0x08, 0x90, 0xc0, 0x40, 0x00, 0x9f, 0x6d, 0x20, 0xa8, 0x57, 0x55, 0xdd, 0x55, 0x3d, - 0x3d, 0xe4, 0x70, 0xa5, 0x45, 0xac, 0x45, 0x7e, 0x91, 0xf3, 0xea, 0xbd, 0x57, 0x5d, 0x55, 0xaf, - 0x5e, 0xbd, 0x7a, 0xf5, 0xea, 0x15, 0x8c, 0x45, 0xfb, 0x1d, 0x1a, 0x5e, 0xed, 0x04, 0x7e, 0xe4, - 0x93, 0x21, 0xfc, 0x71, 0x7e, 0x66, 0xc7, 0xdf, 0xf1, 0x11, 0x72, 0x8d, 0xfd, 0xc7, 0x0b, 0xcf, - 0x57, 0x76, 0x7c, 0x7f, 0xa7, 0x49, 0xaf, 0xe1, 0xaf, 0xad, 0xee, 0xf6, 0xb5, 0xc8, 0x6b, 0xd1, - 0x30, 0x72, 0x5a, 0x1d, 0x81, 0x30, 0xbf, 0xe3, 0x45, 0xbb, 0xdd, 0xad, 0xab, 0x0d, 0xbf, 0x75, - 0x6d, 0x27, 0x70, 0xee, 0x7b, 0x91, 0x13, 0x79, 0x7e, 0xdb, 0x69, 0x5e, 0x8b, 0x68, 0x93, 0x76, - 0xfc, 0x20, 0xba, 0xe6, 0x74, 0xbc, 0x6b, 0x58, 0xc7, 0xb5, 0x07, 0x81, 0xd3, 0xe9, 0xd0, 0x20, - 0xf9, 0x87, 0x33, 0x31, 0xff, 0x56, 0x1e, 0x46, 0xef, 0x50, 0xda, 0xa9, 0x36, 0xbd, 0xfb, 0x94, - 0x3c, 0x07, 0x85, 0x15, 0xa7, 0x45, 0x67, 0x8d, 0x8b, 0xc6, 0xe5, 0xd1, 0xda, 0xe4, 0xe1, 0x41, - 0x65, 0x2c, 0xa4, 0xc1, 0x7d, 0x1a, 0xd8, 0x6d, 0xa7, 0x45, 0x2d, 0x2c, 0x24, 0x2f, 0xc3, 0x28, - 0xfb, 0x1b, 0x76, 0x9c, 0x06, 0x9d, 0xcd, 0x21, 0xe6, 0xf8, 0xe1, 0x41, 0x65, 0xb4, 0x2d, 0x81, - 0x56, 0x52, 0x4e, 0x2e, 0xc1, 0xc8, 0x32, 0x75, 0x42, 0xba, 0xb4, 0x30, 0x9b, 0xbf, 0x68, 0x5c, - 0xce, 0xd7, 0x4a, 0x87, 0x07, 0x95, 0x62, 0x93, 0x81, 0x6c, 0xcf, 0xb5, 0x64, 0x21, 0x59, 0x82, - 0x91, 0xc5, 0x87, 0x1d, 0x2f, 0xa0, 0xe1, 0x6c, 0xe1, 0xa2, 0x71, 0x79, 0x6c, 0xee, 0xfc, 0x55, - 0xde, 0xfe, 0xab, 0xb2, 0xfd, 0x57, 0xd7, 0x65, 0xfb, 0x6b, 0xd3, 0xdf, 0x3b, 0xa8, 0x9c, 0x3a, - 0x3c, 0xa8, 0x8c, 0x50, 0x4e, 0xf2, 0xf3, 0xff, 0xb5, 0x62, 0x58, 0x92, 0x9e, 0xbc, 0x09, 0x85, - 0xf5, 0xfd, 0x0e, 0x9d, 0x1d, 0xbd, 0x68, 0x5c, 0x9e, 0x98, 0x7b, 0xe6, 0x2a, 0xef, 0xf1, 0xb8, - 0x91, 0xc9, 0x7f, 0x0c, 0xab, 0x56, 0x3c, 0x3c, 0xa8, 0x14, 0x18, 0x8a, 0x85, 0x54, 0xe4, 0x55, - 0x18, 0xbe, 0xed, 0x87, 0xd1, 0xd2, 0xc2, 0x2c, 0x60, 0xd3, 0x4e, 0x1f, 0x1e, 0x54, 0xa6, 0x76, - 0xfd, 0x30, 0xb2, 0x3d, 0xf7, 0x15, 0xbf, 0xe5, 0x45, 0xb4, 0xd5, 0x89, 0xf6, 0x2d, 0x81, 0x64, - 0x6e, 0xc1, 0xb8, 0xc6, 0x8f, 0x8c, 0xc1, 0xc8, 0xbd, 0x95, 0x3b, 0x2b, 0xab, 0x9b, 0x2b, 0xe5, - 0x53, 0xa4, 0x08, 0x85, 0x95, 0xd5, 0x85, 0xc5, 0xb2, 0x41, 0x46, 0x20, 0x5f, 0x5d, 0x5b, 0x2b, - 0xe7, 0x48, 0x09, 0x8a, 0x0b, 0xd5, 0xf5, 0x6a, 0xad, 0x5a, 0x5f, 0x2c, 0xe7, 0xc9, 0x34, 0x4c, - 0x6e, 0x2e, 0xad, 0x2c, 0xac, 0x6e, 0xd6, 0xed, 0x85, 0xc5, 0xfa, 0x9d, 0xf5, 0xd5, 0xb5, 0x72, - 0x81, 0x4c, 0x00, 0xdc, 0xb9, 0x57, 0x5b, 0xb4, 0x56, 0x16, 0xd7, 0x17, 0xeb, 0xe5, 0x21, 0xf3, - 0x1b, 0x79, 0x28, 0xde, 0xa5, 0x91, 0xe3, 0x3a, 0x91, 0x43, 0x2e, 0x68, 0x43, 0x84, 0x5f, 0xaf, - 0x8c, 0xcd, 0x73, 0xbd, 0x63, 0x33, 0x74, 0x78, 0x50, 0x31, 0x5e, 0x55, 0xc7, 0xe4, 0x0d, 0x18, - 0x5b, 0xa0, 0x61, 0x23, 0xf0, 0x3a, 0x4c, 0x5e, 0x70, 0x5c, 0x46, 0x6b, 0xe7, 0x0e, 0x0f, 0x2a, - 0xa7, 0xdd, 0x04, 0xac, 0xb4, 0x55, 0xc5, 0x26, 0x4b, 0x30, 0xbc, 0xec, 0x6c, 0xd1, 0x66, 0x38, - 0x3b, 0x74, 0x31, 0x7f, 0x79, 0x6c, 0xee, 0x29, 0xd1, 0xbf, 0xf2, 0x03, 0xaf, 0xf2, 0xd2, 0xc5, - 0x76, 0x14, 0xec, 0xd7, 0x66, 0x0e, 0x0f, 0x2a, 0xe5, 0x26, 0x02, 0xd4, 0xbe, 0xe3, 0x28, 0xa4, - 0x9e, 0x8c, 0xf9, 0xf0, 0xb1, 0x63, 0xfe, 0xf4, 0xf7, 0x0e, 0x2a, 0x06, 0x1b, 0x0b, 0x31, 0xe6, - 0x09, 0x3f, 0x7d, 0xf4, 0x2f, 0x42, 0x6e, 0x69, 0x61, 0x76, 0x04, 0x65, 0xad, 0x7c, 0x78, 0x50, - 0x29, 0x69, 0xc3, 0x96, 0x5b, 0x5a, 0x38, 0xff, 0x3a, 0x8c, 0x29, 0xdf, 0x48, 0xca, 0x90, 0xdf, - 0xa3, 0xfb, 0xbc, 0x3f, 0x2d, 0xf6, 0x2f, 0x99, 0x81, 0xa1, 0xfb, 0x4e, 0xb3, 0x2b, 0x3a, 0xd0, - 0xe2, 0x3f, 0x3e, 0x9b, 0xfb, 0x31, 0xc3, 0xfc, 0x85, 0x02, 0x14, 0x2d, 0x9f, 0xcf, 0x33, 0xf2, - 0x12, 0x0c, 0xd5, 0x23, 0x27, 0x92, 0x43, 0x31, 0x7d, 0x78, 0x50, 0x99, 0x0c, 0x19, 0x40, 0xa9, - 0x8f, 0x63, 0x30, 0xd4, 0xb5, 0x5d, 0x27, 0x94, 0x43, 0x82, 0xa8, 0x1d, 0x06, 0x50, 0x51, 0x11, - 0x83, 0x5c, 0x82, 0xc2, 0x5d, 0xdf, 0xa5, 0x62, 0x54, 0xc8, 0xe1, 0x41, 0x65, 0xa2, 0xe5, 0xbb, - 0x2a, 0x22, 0x96, 0x93, 0x57, 0x60, 0x74, 0xbe, 0x1b, 0x04, 0xb4, 0xcd, 0x44, 0xb5, 0x80, 0xc8, - 0x13, 0x87, 0x07, 0x15, 0x68, 0x70, 0x20, 0x9b, 0x5c, 0x09, 0x02, 0xeb, 0xea, 0x7a, 0xe4, 0x04, - 0x11, 0x75, 0x67, 0x87, 0x06, 0xea, 0x6a, 0x36, 0xbd, 0xa6, 0x42, 0x4e, 0x92, 0xee, 0x6a, 0xc1, - 0x89, 0xdc, 0x86, 0xb1, 0x77, 0x03, 0xa7, 0x41, 0xd7, 0x68, 0xe0, 0xf9, 0x2e, 0x8e, 0x61, 0xbe, - 0x76, 0xe9, 0xf0, 0xa0, 0x72, 0x66, 0x87, 0x81, 0xed, 0x0e, 0xc2, 0x13, 0xea, 0x1f, 0x1d, 0x54, - 0x8a, 0x0b, 0xdd, 0x00, 0x7b, 0xcf, 0x52, 0x49, 0xc9, 0x57, 0xd8, 0x90, 0x84, 0x11, 0x76, 0x2d, - 0x75, 0x71, 0xf4, 0x8e, 0xfe, 0x44, 0x53, 0x7c, 0xe2, 0x99, 0xa6, 0x13, 0x46, 0x76, 0xc0, 0xe9, - 0x52, 0xdf, 0xa9, 0xb2, 0x24, 0xab, 0x50, 0xac, 0x37, 0x76, 0xa9, 0xdb, 0x6d, 0xd2, 0xd9, 0x22, - 0xb2, 0x3f, 0x2b, 0x04, 0x57, 0x8e, 0xa7, 0x2c, 0xae, 0x9d, 0x17, 0xbc, 0x49, 0x28, 0x20, 0x4a, - 0xdf, 0xc7, 0x4c, 0x3e, 0x5b, 0xfc, 0xe5, 0x5f, 0xaf, 0x9c, 0xfa, 0xe9, 0xff, 0x7c, 0xf1, 0x94, - 0xf9, 0x8f, 0x73, 0x50, 0x4e, 0x33, 0x21, 0xdb, 0x30, 0x7e, 0xaf, 0xe3, 0x3a, 0x11, 0x9d, 0x6f, - 0x7a, 0xb4, 0x1d, 0x85, 0x28, 0x24, 0x47, 0xb7, 0xe9, 0x79, 0x51, 0xef, 0x6c, 0x17, 0x09, 0xed, - 0x06, 0xa7, 0x4c, 0xb5, 0x4a, 0x67, 0x9b, 0xd4, 0x53, 0x47, 0x3d, 0x1d, 0xa2, 0x84, 0x9d, 0xac, - 0x1e, 0xae, 0xe1, 0xfb, 0xd4, 0x23, 0xd8, 0x0a, 0x01, 0x6a, 0xbb, 0x5b, 0xfb, 0x28, 0x99, 0x83, - 0x0b, 0x10, 0x23, 0xc9, 0x10, 0x20, 0x06, 0x36, 0xff, 0xbb, 0x01, 0x13, 0x16, 0x0d, 0xfd, 0x6e, - 0xd0, 0xa0, 0xb7, 0xa9, 0xe3, 0xd2, 0x80, 0x89, 0xff, 0x1d, 0xaf, 0xed, 0x8a, 0x39, 0x85, 0xe2, - 0xbf, 0xe7, 0xb5, 0xd5, 0x29, 0x8c, 0xe5, 0xe4, 0x53, 0x30, 0x52, 0xef, 0x6e, 0x21, 0x2a, 0x9f, - 0x53, 0x67, 0x70, 0xc4, 0xba, 0x5b, 0x76, 0x0a, 0x5d, 0xa2, 0x91, 0x6b, 0x30, 0xb2, 0x41, 0x83, - 0x30, 0xd1, 0x78, 0xa8, 0xd9, 0xef, 0x73, 0x90, 0x4a, 0x20, 0xb0, 0xc8, 0xbb, 0x89, 0xd6, 0x15, - 0x6b, 0xd2, 0x64, 0x4a, 0xd7, 0x25, 0xa2, 0xd2, 0x12, 0x10, 0x55, 0x54, 0x24, 0x96, 0xf9, 0x9d, - 0x1c, 0x94, 0x17, 0x9c, 0xc8, 0xd9, 0x72, 0x42, 0xd1, 0x9f, 0x1b, 0x37, 0x98, 0x1e, 0x57, 0x1a, - 0x8a, 0x7a, 0x9c, 0x7d, 0xf9, 0x47, 0x6e, 0xde, 0x0b, 0xe9, 0xe6, 0x8d, 0xb1, 0x05, 0x52, 0x34, - 0x2f, 0x69, 0xd4, 0x5b, 0xc7, 0x37, 0xaa, 0x2c, 0x1a, 0x55, 0x94, 0x8d, 0x4a, 0x9a, 0x42, 0xde, - 0x82, 0x42, 0xbd, 0x43, 0x1b, 0x42, 0x89, 0x48, 0xdd, 0xaf, 0x37, 0x8e, 0x21, 0x6c, 0xdc, 0xa8, - 0x95, 0x04, 0x9b, 0x42, 0xd8, 0xa1, 0x0d, 0x0b, 0xc9, 0x94, 0x49, 0xf3, 0xaf, 0x87, 0x61, 0x26, - 0x8b, 0x8c, 0xbc, 0xa5, 0x2f, 0x4e, 0xbc, 0x7b, 0x9e, 0xea, 0xbb, 0x38, 0xcd, 0x1a, 0xfa, 0xf2, - 0x74, 0x05, 0x8a, 0x6b, 0x4c, 0x20, 0x1b, 0x7e, 0x53, 0xf4, 0x1c, 0xd3, 0x8a, 0xc5, 0x8e, 0x84, - 0x19, 0x56, 0x5c, 0x4e, 0x9e, 0x82, 0xfc, 0x3d, 0x6b, 0x49, 0x74, 0xd7, 0xe8, 0xe1, 0x41, 0x25, - 0xdf, 0x0d, 0xbc, 0x59, 0xc3, 0x62, 0x50, 0x72, 0x0d, 0x86, 0xe7, 0xab, 0xf3, 0x34, 0x88, 0xb0, - 0x9b, 0x4a, 0xb5, 0xb3, 0x4c, 0x5a, 0x1a, 0x8e, 0xdd, 0xa0, 0x41, 0xa4, 0x55, 0x2f, 0xd0, 0xc8, - 0xcb, 0x90, 0xaf, 0x6e, 0xd6, 0x45, 0xcf, 0x80, 0xe8, 0x99, 0xea, 0x66, 0xbd, 0x36, 0x2e, 0x3a, - 0x22, 0xef, 0x3c, 0x08, 0x19, 0xf7, 0xea, 0x66, 0x5d, 0x1d, 0xad, 0xe1, 0x23, 0x46, 0xeb, 0x32, - 0x14, 0x99, 0x9d, 0xc1, 0x16, 0x78, 0x54, 0x8a, 0xa3, 0xdc, 0x7c, 0xda, 0x15, 0x30, 0x2b, 0x2e, - 0x25, 0xcf, 0xc5, 0x66, 0x4b, 0x31, 0xe1, 0x27, 0xcc, 0x16, 0x69, 0xac, 0x90, 0x87, 0x30, 0xbe, - 0xb0, 0xdf, 0x76, 0x5a, 0x5e, 0x43, 0x2c, 0xe1, 0xa3, 0xb8, 0x84, 0x5f, 0x3d, 0x62, 0x18, 0xaf, - 0x6a, 0x04, 0x7c, 0x55, 0x97, 0xca, 0x77, 0xd6, 0xe5, 0x65, 0x76, 0x7a, 0x85, 0x9f, 0x35, 0x2c, - 0xbd, 0x22, 0x36, 0x97, 0xa4, 0x8a, 0x44, 0xbb, 0x2a, 0x11, 0x3b, 0x09, 0x4e, 0xe6, 0x52, 0x20, - 0x20, 0xea, 0x5c, 0x8a, 0x17, 0xdd, 0xb7, 0x20, 0xff, 0xee, 0xfc, 0xda, 0xec, 0x18, 0xf2, 0x20, - 0x82, 0xc7, 0xbb, 0xf3, 0x6b, 0xf3, 0x4d, 0xbf, 0xeb, 0xd6, 0xdf, 0x5f, 0xae, 0x9d, 0x15, 0x6c, - 0xc6, 0x77, 0x1a, 0x1d, 0xed, 0x8b, 0x18, 0x1d, 0x59, 0x84, 0xa2, 0x6c, 0xe5, 0x6c, 0x09, 0x79, - 0x4c, 0xa5, 0x1a, 0xbf, 0x71, 0x83, 0xcf, 0x35, 0x57, 0xfc, 0x56, 0xbf, 0x42, 0xe2, 0x90, 0x1b, - 0x28, 0x65, 0x0f, 0xf7, 0x97, 0x16, 0xc2, 0xd9, 0xf1, 0x8b, 0xf9, 0xcb, 0xa3, 0x28, 0x1e, 0xd3, - 0x1d, 0x06, 0xb3, 0x3d, 0x57, 0x35, 0x76, 0x62, 0xc4, 0xf3, 0x9b, 0x40, 0x7a, 0x3b, 0x33, 0xc3, - 0xfc, 0x78, 0x59, 0x35, 0x3f, 0xc6, 0xe6, 0x4e, 0x8b, 0x0f, 0x9c, 0xf7, 0x5b, 0x2d, 0xa7, 0xed, - 0x22, 0xed, 0xc6, 0x9c, 0x6a, 0x95, 0x54, 0x61, 0x22, 0xf9, 0xfa, 0x65, 0x2f, 0x8c, 0xc8, 0x35, - 0x18, 0x95, 0x10, 0xb6, 0xf2, 0xe4, 0x33, 0xdb, 0x69, 0x25, 0x38, 0xe6, 0x1f, 0xe6, 0x00, 0x92, - 0x92, 0x27, 0x54, 0x39, 0x7d, 0x46, 0x53, 0x4e, 0xa7, 0xd3, 0x52, 0xdd, 0x57, 0x2d, 0x91, 0x77, - 0x60, 0x98, 0xd9, 0x69, 0x5d, 0x69, 0x87, 0x9e, 0x4d, 0x93, 0x62, 0xe1, 0xc6, 0x8d, 0xda, 0x84, - 0x20, 0x1e, 0x0e, 0x11, 0x62, 0x09, 0x32, 0x45, 0xaf, 0xfd, 0xee, 0x50, 0x32, 0x18, 0x42, 0xa3, - 0x5d, 0x56, 0x54, 0x92, 0x91, 0x4c, 0x62, 0xa9, 0x92, 0x14, 0x85, 0x74, 0x8e, 0x2b, 0x24, 0xde, - 0xa9, 0x23, 0x42, 0x21, 0xa5, 0xd5, 0x11, 0xef, 0xc0, 0x63, 0xd5, 0x51, 0x27, 0x3d, 0xd7, 0x0b, - 0x28, 0x06, 0x97, 0x33, 0x7b, 0x25, 0x6b, 0x96, 0x5f, 0x3c, 0x6e, 0x96, 0xa7, 0xe7, 0xf8, 0x8d, - 0x7e, 0x0a, 0xf0, 0xb4, 0x9c, 0x92, 0xce, 0x03, 0x95, 0x1c, 0x15, 0xe1, 0x1b, 0x7c, 0x3e, 0x0f, - 0xf7, 0x9d, 0xcf, 0xa7, 0x33, 0xe7, 0x33, 0x9f, 0xcd, 0x6f, 0xc0, 0x50, 0xf5, 0x27, 0xba, 0x01, - 0x15, 0x06, 0x63, 0x49, 0xd6, 0xc9, 0x60, 0xb1, 0x22, 0x98, 0x74, 0xd8, 0x4f, 0xd5, 0xd0, 0xc6, - 0x72, 0x56, 0xf3, 0xfa, 0x72, 0x5d, 0x18, 0x83, 0x24, 0xd5, 0x2d, 0xeb, 0xcb, 0xca, 0x67, 0x47, - 0x5a, 0xab, 0x19, 0x15, 0xb9, 0x06, 0xb9, 0xea, 0x02, 0xee, 0x30, 0xc7, 0xe6, 0x46, 0x65, 0xb5, - 0x0b, 0xb5, 0x19, 0x41, 0x52, 0x72, 0xb4, 0x4d, 0x47, 0x75, 0x81, 0xd4, 0x60, 0xe8, 0xee, 0x7e, - 0xfd, 0xfd, 0x65, 0xa1, 0xfd, 0xa6, 0xa5, 0x5c, 0x33, 0xd8, 0x2a, 0x2e, 0x5d, 0x61, 0xf2, 0xc5, - 0xad, 0xfd, 0xf0, 0xab, 0x4d, 0xf5, 0x8b, 0x11, 0xed, 0xe3, 0x53, 0x20, 0xff, 0xdb, 0x50, 0x0c, - 0x14, 0x21, 0xeb, 0x6c, 0x23, 0x2c, 0x24, 0xce, 0x48, 0xcc, 0xa5, 0x1e, 0x89, 0x8b, 0xe5, 0xed, - 0x25, 0x3e, 0xfa, 0xb9, 0x9e, 0xd1, 0x1f, 0x53, 0x96, 0x3f, 0x3e, 0xe6, 0x71, 0x5f, 0xe4, 0x3f, - 0x72, 0x5f, 0x90, 0x77, 0xa0, 0x74, 0xd7, 0x69, 0x3b, 0x3b, 0xd4, 0xbd, 0x17, 0x32, 0xb3, 0xb7, - 0x80, 0x5a, 0x98, 0xd9, 0x09, 0x67, 0x5b, 0x1c, 0x6e, 0x77, 0x43, 0xcd, 0xaa, 0xb5, 0x34, 0x02, - 0xf3, 0xbf, 0xe4, 0xf1, 0x83, 0xc9, 0x2b, 0x30, 0x6c, 0xd1, 0x9d, 0xc4, 0xd4, 0xc0, 0x2d, 0x6b, - 0x80, 0x10, 0xb5, 0x95, 0x1c, 0x07, 0xd7, 0x31, 0xea, 0x86, 0xbb, 0xde, 0x76, 0x24, 0x9a, 0x1a, - 0xaf, 0x63, 0x02, 0xac, 0xac, 0x63, 0x02, 0xa2, 0xad, 0x63, 0x02, 0xc6, 0x26, 0x8b, 0xb5, 0x50, - 0x17, 0x3d, 0x20, 0xbb, 0xcb, 0x5a, 0x50, 0xa4, 0x2e, 0xd0, 0x96, 0x11, 0x86, 0x4d, 0x6e, 0xc2, - 0x68, 0xb5, 0xd1, 0xf0, 0xbb, 0xca, 0x9e, 0x6f, 0xf6, 0xf0, 0xa0, 0x32, 0xe3, 0x70, 0xa0, 0xee, - 0xa1, 0x48, 0x50, 0x49, 0x1d, 0xc6, 0x16, 0xd9, 0x46, 0xc9, 0x9b, 0x77, 0x1a, 0xbb, 0x54, 0xcc, - 0x50, 0x29, 0xf2, 0x4a, 0x49, 0x6c, 0xb8, 0x9f, 0xa6, 0x08, 0x6c, 0x30, 0xa0, 0xea, 0x08, 0x50, - 0x70, 0xc9, 0x3a, 0x8c, 0xd5, 0x69, 0x23, 0xa0, 0x51, 0x3d, 0xf2, 0x03, 0x9a, 0x9a, 0xc1, 0x4a, - 0x49, 0xed, 0x19, 0xb9, 0x57, 0x0b, 0x11, 0x68, 0x87, 0x0c, 0xaa, 0x72, 0x55, 0x90, 0xb9, 0xd1, - 0xdd, 0xf2, 0x83, 0xfd, 0x85, 0x9a, 0x98, 0xd5, 0xc9, 0x12, 0xc0, 0xc1, 0xaa, 0xd1, 0xcd, 0x20, - 0xee, 0x96, 0x6e, 0x74, 0x73, 0x2c, 0xf3, 0x6b, 0xda, 0xe7, 0xb1, 0xae, 0xbb, 0x43, 0xf7, 0xd7, - 0x02, 0xba, 0xed, 0x3d, 0x14, 0x23, 0x8d, 0x5d, 0xb7, 0x47, 0xf7, 0xed, 0x0e, 0x42, 0xd5, 0xae, - 0x8b, 0x51, 0xc9, 0xa7, 0xa1, 0x78, 0xe7, 0x6e, 0xfd, 0x0e, 0xdd, 0x5f, 0x5a, 0x10, 0x7a, 0x99, - 0x93, 0xb5, 0x42, 0x9b, 0x91, 0x6a, 0x3d, 0x1e, 0x63, 0x9a, 0xb5, 0x44, 0x4c, 0x58, 0xcd, 0xf3, - 0xcd, 0x6e, 0x18, 0xd1, 0x60, 0x69, 0x41, 0xad, 0xb9, 0xc1, 0x81, 0xa9, 0x41, 0x8b, 0x51, 0xcd, - 0xff, 0x64, 0xa0, 0x88, 0x90, 0xd7, 0x01, 0x96, 0xda, 0x6c, 0x23, 0xd5, 0xa0, 0x31, 0x03, 0x74, - 0xd6, 0x78, 0x02, 0xaa, 0x73, 0x50, 0x90, 0xf5, 0xaa, 0x73, 0x03, 0x57, 0xcd, 0xaa, 0x94, 0xdb, - 0x32, 0xe1, 0xb7, 0x13, 0x55, 0x06, 0x02, 0x9a, 0xaa, 0x32, 0x41, 0x26, 0x97, 0x60, 0x64, 0xa9, - 0x7a, 0xb7, 0xda, 0x8d, 0x76, 0x51, 0x40, 0x8b, 0x7c, 0xad, 0xf3, 0x9c, 0x96, 0xed, 0x74, 0xa3, - 0x5d, 0x4b, 0x16, 0x9a, 0xff, 0x26, 0xa7, 0xc9, 0x24, 0xb1, 0x80, 0x58, 0xb4, 0xd3, 0xf4, 0x1a, - 0x68, 0xe6, 0xbd, 0x1b, 0xf8, 0xdd, 0x4e, 0xdc, 0x5a, 0xf3, 0xf0, 0xa0, 0xf2, 0x4c, 0x90, 0x94, - 0xda, 0x3b, 0xac, 0x58, 0xff, 0x86, 0x0c, 0x6a, 0xf2, 0x39, 0x28, 0xb1, 0xb9, 0x2e, 0x7e, 0xb2, - 0xad, 0x31, 0xd3, 0x11, 0x17, 0x70, 0xeb, 0x1b, 0xd2, 0x20, 0x66, 0xa3, 0x29, 0x09, 0x95, 0x82, - 0xb8, 0x30, 0xbb, 0x1e, 0x38, 0xed, 0xd0, 0x8b, 0x16, 0xdb, 0x8d, 0x60, 0x1f, 0x75, 0xd3, 0x62, - 0xdb, 0xd9, 0x6a, 0x52, 0x17, 0xbb, 0xa5, 0x58, 0xbb, 0x7c, 0x78, 0x50, 0x79, 0x3e, 0xe2, 0x38, - 0x36, 0x8d, 0x91, 0x6c, 0xca, 0xb1, 0x14, 0xce, 0x7d, 0x39, 0x31, 0x5d, 0xb6, 0xd8, 0x76, 0x3b, - 0xbe, 0xd7, 0x8e, 0xd0, 0x71, 0x59, 0x88, 0xf7, 0x3c, 0x67, 0xa9, 0x80, 0xdb, 0x6c, 0x0e, 0xa8, - 0x9f, 0xa9, 0x12, 0x98, 0xff, 0xc7, 0x48, 0x66, 0x0d, 0x79, 0x13, 0xc6, 0xc4, 0x48, 0x2a, 0x7e, - 0xc2, 0xf3, 0x6c, 0xfe, 0xc9, 0x61, 0x67, 0x1b, 0x06, 0x75, 0xfe, 0x29, 0xe8, 0xcc, 0xb6, 0xab, - 0xce, 0x2f, 0x23, 0xa5, 0x62, 0xdb, 0x39, 0x8d, 0x66, 0x9a, 0x4a, 0xa2, 0x31, 0x61, 0x59, 0x5f, - 0xae, 0xeb, 0xbd, 0x82, 0xc2, 0x12, 0x35, 0xc3, 0x8c, 0x6e, 0x50, 0x90, 0x1f, 0xbd, 0xe1, 0x3f, - 0x6d, 0xc0, 0x98, 0x62, 0x2c, 0x30, 0x81, 0x5f, 0x0b, 0xfc, 0x0f, 0x69, 0x23, 0xd2, 0xe7, 0x5a, - 0x87, 0x03, 0x53, 0x02, 0x1f, 0xa3, 0xa6, 0xe6, 0x58, 0xee, 0x04, 0x73, 0xcc, 0xbc, 0x26, 0x6c, - 0x10, 0x72, 0x49, 0x73, 0xcc, 0xa2, 0xe7, 0x22, 0xd5, 0x65, 0x58, 0x6e, 0xfe, 0x96, 0xc1, 0x6c, - 0x07, 0x72, 0x0d, 0xe0, 0x0e, 0xdd, 0x8f, 0x9c, 0xad, 0x5b, 0x5e, 0x53, 0x73, 0xb8, 0xef, 0x21, - 0xd4, 0xde, 0xf6, 0x9a, 0xd4, 0x52, 0x50, 0xd8, 0x9e, 0xe3, 0x4e, 0xb0, 0xf5, 0x1a, 0xa2, 0xe7, - 0x62, 0x1b, 0x70, 0x7a, 0x2f, 0xd8, 0x7a, 0x0d, 0x91, 0x35, 0x45, 0x24, 0x10, 0x89, 0x09, 0xc3, - 0x0b, 0x7e, 0xcb, 0xf1, 0xa4, 0xdd, 0x0d, 0xcc, 0x78, 0x75, 0x11, 0x62, 0x89, 0x12, 0x66, 0x75, - 0xd6, 0xd7, 0x56, 0x44, 0xe7, 0xa3, 0xd5, 0x19, 0x76, 0xda, 0x16, 0x83, 0x99, 0xbf, 0x6d, 0xc0, - 0x98, 0x62, 0x12, 0x91, 0x4f, 0x0b, 0xe7, 0xa4, 0x81, 0xae, 0xf5, 0x33, 0xbd, 0x46, 0x13, 0x2b, - 0xe5, 0xfb, 0x85, 0x96, 0xef, 0x52, 0xe1, 0xaa, 0x4c, 0x2c, 0x89, 0xdc, 0x20, 0x96, 0xc4, 0xeb, - 0x00, 0x7c, 0x07, 0x8a, 0xdd, 0xa9, 0x68, 0x1f, 0xe5, 0x28, 0x42, 0x1d, 0x8c, 0x04, 0xd9, 0xb4, - 0xa0, 0xa4, 0x5a, 0x11, 0xa4, 0x06, 0xe3, 0xc2, 0xe1, 0x22, 0x76, 0x1f, 0xbc, 0x9f, 0x51, 0x05, - 0x08, 0x6e, 0xbd, 0x0e, 0x20, 0x9d, 0xc4, 0xfc, 0x99, 0x1c, 0x14, 0x05, 0x64, 0xee, 0x09, 0xdd, - 0x18, 0xbd, 0xa6, 0x6d, 0x8c, 0xa6, 0xe3, 0x35, 0x3a, 0xde, 0xe6, 0xcf, 0x1d, 0xe3, 0xad, 0x79, - 0x1d, 0x4a, 0xb2, 0x0b, 0x70, 0x7f, 0xf9, 0x12, 0x8c, 0x48, 0x7f, 0x23, 0xdf, 0x5d, 0x4e, 0x6a, - 0x3c, 0x37, 0xe6, 0x2c, 0x59, 0x6e, 0xfe, 0xd9, 0x90, 0xa4, 0xe5, 0x35, 0xb1, 0x2e, 0xac, 0xba, - 0x6e, 0xa0, 0x76, 0xa1, 0xe3, 0xba, 0x81, 0x85, 0x50, 0x36, 0xf8, 0x6b, 0xdd, 0xad, 0xa6, 0xd7, - 0x40, 0x1c, 0x65, 0x26, 0x76, 0x10, 0x6a, 0x33, 0x54, 0x75, 0xf0, 0x13, 0x64, 0xcd, 0x59, 0x92, - 0x3f, 0xd2, 0x59, 0xf2, 0x65, 0x18, 0x9d, 0x6f, 0xb9, 0xda, 0xbe, 0xc8, 0xcc, 0xe8, 0x94, 0xab, - 0x31, 0x12, 0xdf, 0x11, 0x5d, 0x10, 0x7d, 0x34, 0xd3, 0x68, 0xb9, 0xbd, 0xbb, 0xa1, 0x84, 0xa5, - 0xe6, 0xed, 0x18, 0x7a, 0x14, 0x6f, 0xc7, 0x4d, 0x18, 0xbd, 0x17, 0xd2, 0xf5, 0x6e, 0xbb, 0x4d, - 0x9b, 0x68, 0x61, 0x15, 0xb9, 0x3e, 0xeb, 0x86, 0xd4, 0x8e, 0x10, 0xaa, 0x7e, 0x40, 0x8c, 0xaa, - 0x8a, 0xd5, 0xc8, 0x11, 0x62, 0xf5, 0x69, 0x28, 0x54, 0x3b, 0x1d, 0xe9, 0x06, 0x8a, 0x8d, 0xf6, - 0x4e, 0x07, 0xad, 0xe0, 0x09, 0xa7, 0xd3, 0xd1, 0x9d, 0x3a, 0x88, 0x4d, 0x28, 0x90, 0x3b, 0xdd, - 0x2d, 0x1a, 0xb4, 0x69, 0x44, 0x43, 0xb1, 0x76, 0x84, 0xb3, 0x80, 0x3c, 0x66, 0xe5, 0x69, 0x5b, - 0x1a, 0x81, 0x6b, 0xf5, 0xbd, 0xee, 0x16, 0xb5, 0xc5, 0x32, 0xa4, 0xf6, 0x5d, 0x06, 0x43, 0xf4, - 0xb1, 0x50, 0x1a, 0xa0, 0x1c, 0x8c, 0x25, 0xfa, 0xae, 0x43, 0x69, 0x90, 0x96, 0x82, 0x18, 0x51, - 0x73, 0xcc, 0x94, 0x06, 0x75, 0xcc, 0xd4, 0x61, 0x42, 0x1f, 0xe9, 0xc7, 0xb0, 0xa7, 0x7a, 0xaf, - 0x50, 0x2c, 0x96, 0x47, 0xcd, 0x6f, 0xe4, 0x60, 0xac, 0xda, 0xe9, 0x3c, 0xe1, 0x5e, 0xdf, 0x1f, - 0xd3, 0xf4, 0xc7, 0x99, 0x44, 0x4e, 0x4e, 0xe0, 0xf0, 0xfd, 0x9d, 0x1c, 0x4c, 0xa6, 0x28, 0xd4, - 0xaf, 0x37, 0x06, 0xf4, 0x82, 0xe6, 0x06, 0xf4, 0x82, 0xe6, 0xfb, 0x7b, 0x41, 0xd5, 0xd9, 0x59, - 0x78, 0x94, 0xd9, 0xf9, 0x22, 0xe4, 0xab, 0x9d, 0x8e, 0xe8, 0x95, 0x52, 0xd2, 0x2b, 0x1b, 0x37, - 0xf8, 0x32, 0xea, 0x74, 0x3a, 0x16, 0xc3, 0xd0, 0xa4, 0x72, 0x78, 0x40, 0xa9, 0x34, 0x5f, 0x85, - 0x51, 0xe4, 0x85, 0x0a, 0xf7, 0xa2, 0x98, 0xa9, 0x5c, 0xdb, 0x6a, 0x75, 0xf1, 0x59, 0x69, 0xfe, - 0x99, 0x01, 0x43, 0xf8, 0xfb, 0x09, 0x95, 0xb1, 0x39, 0x4d, 0xc6, 0xca, 0x8a, 0x8c, 0x0d, 0x22, - 0x5d, 0xbf, 0x9b, 0xc7, 0xde, 0x12, 0x72, 0x25, 0xfc, 0x68, 0x46, 0x86, 0x1f, 0xed, 0x11, 0xd6, - 0x97, 0xbd, 0xb4, 0x47, 0x2d, 0x8f, 0x83, 0xf1, 0x5c, 0xfa, 0x53, 0x1f, 0x8b, 0x33, 0xed, 0x36, - 0x90, 0xa5, 0x76, 0x48, 0x1b, 0xdd, 0x80, 0xd6, 0xf7, 0xbc, 0xce, 0x06, 0x0d, 0xbc, 0xed, 0x7d, - 0xb1, 0xa5, 0xc2, 0x25, 0xc0, 0x13, 0xa5, 0x76, 0xb8, 0xe7, 0x75, 0x98, 0x15, 0xe3, 0x6d, 0xef, - 0x5b, 0x19, 0x34, 0xe4, 0x1d, 0x18, 0xb1, 0xe8, 0x83, 0xc0, 0x8b, 0xe4, 0xc6, 0x7f, 0x22, 0xf6, - 0x58, 0x20, 0x94, 0x9b, 0x63, 0x01, 0xff, 0xa1, 0x8e, 0xbf, 0x28, 0xff, 0xf8, 0xdc, 0x4e, 0xdf, - 0x1d, 0xc2, 0x09, 0x74, 0x4c, 0x48, 0xc3, 0x11, 0x4e, 0x51, 0x7d, 0x30, 0xf3, 0x27, 0x19, 0xcc, - 0x0d, 0x28, 0xd5, 0xd9, 0x34, 0xd6, 0xbd, 0xa3, 0x17, 0x92, 0xb1, 0xbc, 0xaa, 0x16, 0x1f, 0x15, - 0xcd, 0xa0, 0xf1, 0x21, 0x76, 0x5a, 0x48, 0x78, 0x94, 0xc4, 0xd3, 0x0a, 0xe3, 0x0c, 0xf1, 0x88, - 0xf5, 0x4d, 0x83, 0x77, 0xd6, 0x89, 0x05, 0x63, 0xf8, 0xd1, 0x04, 0x63, 0xe4, 0xa3, 0x08, 0x46, - 0x3a, 0x8e, 0xa4, 0x78, 0x92, 0x38, 0x92, 0xf3, 0xef, 0xc0, 0x54, 0x4f, 0x0f, 0x9f, 0x24, 0x16, - 0xe3, 0xe3, 0x13, 0xcb, 0x9f, 0x8c, 0xfb, 0x85, 0xcc, 0xa1, 0x1f, 0xc7, 0x0b, 0x68, 0x23, 0x42, - 0xd5, 0x2b, 0xb4, 0x65, 0x20, 0x60, 0x29, 0xcf, 0x1e, 0xc2, 0xc8, 0xdb, 0x30, 0xc2, 0xcf, 0xb2, - 0xb9, 0xc3, 0x61, 0x6c, 0x6e, 0x5c, 0xd4, 0xc8, 0xa1, 0x22, 0xa0, 0x88, 0x63, 0xa8, 0xbd, 0x2a, - 0x88, 0xcc, 0x77, 0x61, 0x58, 0x9c, 0x85, 0x1f, 0x3d, 0x2f, 0x2a, 0x30, 0xb4, 0x91, 0xf4, 0x0c, - 0x9e, 0x5f, 0xf2, 0x46, 0x58, 0x1c, 0x6e, 0xfe, 0xac, 0x01, 0x13, 0x7a, 0x2b, 0xc9, 0x55, 0x18, - 0x16, 0xc1, 0x1a, 0x06, 0x06, 0x6b, 0xb0, 0xd6, 0x0c, 0xf3, 0x30, 0x0d, 0x2d, 0x38, 0x43, 0x60, - 0x31, 0xd5, 0x2f, 0x38, 0x08, 0xe7, 0x09, 0xaa, 0x7e, 0x21, 0xa4, 0x96, 0x2c, 0x63, 0xbb, 0x4c, - 0x8b, 0x86, 0xdd, 0x66, 0xa4, 0xee, 0x32, 0x03, 0x84, 0x58, 0xa2, 0xc4, 0x3c, 0x30, 0x00, 0xea, - 0xf5, 0xdb, 0x77, 0xe8, 0xfe, 0x9a, 0xe3, 0x05, 0xb8, 0x53, 0xc7, 0xd9, 0x78, 0x47, 0x8c, 0x56, - 0x49, 0xec, 0xd4, 0xf9, 0xcc, 0xdd, 0xa3, 0xfb, 0xda, 0x4e, 0x5d, 0xa2, 0xe2, 0x94, 0x0f, 0xbc, - 0xfb, 0x4e, 0x44, 0x19, 0x61, 0x0e, 0x09, 0xf9, 0x94, 0xe7, 0xd0, 0x14, 0xa5, 0x82, 0x4c, 0x3e, - 0x80, 0x89, 0xe4, 0x17, 0xfa, 0x1b, 0xf2, 0xb8, 0x8d, 0x95, 0x12, 0xa1, 0x17, 0xd6, 0x9e, 0x39, - 0x3c, 0xa8, 0x9c, 0x57, 0xb8, 0xa6, 0x3d, 0x11, 0x29, 0x66, 0xe6, 0x6f, 0x18, 0xe8, 0x08, 0x91, - 0x0d, 0xbc, 0x04, 0x85, 0xd8, 0x79, 0x5e, 0xe2, 0xee, 0x80, 0xd4, 0x7e, 0x17, 0xcb, 0xc9, 0x73, - 0x90, 0x4f, 0x5a, 0x32, 0x75, 0x78, 0x50, 0x19, 0xd7, 0x5b, 0xc0, 0x4a, 0xc9, 0xbb, 0x30, 0x32, - 0xd0, 0x37, 0xa3, 0x74, 0x66, 0x7c, 0xab, 0xa4, 0xc6, 0x51, 0x78, 0x6f, 0x73, 0xfd, 0x93, 0x3b, - 0x0a, 0xdf, 0xce, 0xc1, 0x24, 0xeb, 0xd7, 0x6a, 0x37, 0xda, 0xf5, 0x03, 0x2f, 0xda, 0x7f, 0x62, - 0x37, 0xed, 0x6f, 0x6a, 0x06, 0xd1, 0x79, 0xa9, 0xb6, 0xd4, 0xb6, 0x0d, 0xb4, 0x77, 0xff, 0xe3, - 0x11, 0x98, 0xce, 0xa0, 0x22, 0xaf, 0x88, 0x30, 0xc9, 0xc4, 0x4d, 0x86, 0x61, 0x90, 0x3f, 0x3a, - 0xa8, 0x94, 0x24, 0xfa, 0x7a, 0x12, 0x16, 0x39, 0xa7, 0x7b, 0x15, 0x79, 0x4f, 0x61, 0x7c, 0x9d, - 0xea, 0x55, 0xd4, 0x7d, 0x89, 0x55, 0x28, 0xcd, 0xef, 0xd2, 0xc6, 0x9e, 0xd7, 0xde, 0xb9, 0x43, - 0xf7, 0xb9, 0xbd, 0x54, 0xaa, 0x3d, 0xcd, 0x36, 0x82, 0x0d, 0x01, 0x67, 0x43, 0xaa, 0xef, 0x31, - 0x35, 0x12, 0xf2, 0x36, 0x8c, 0xd5, 0xbd, 0x9d, 0xb6, 0xe4, 0x50, 0x40, 0x0e, 0x17, 0xf0, 0x30, - 0x81, 0x83, 0x7b, 0x19, 0xa8, 0x04, 0xe4, 0x25, 0x18, 0xb2, 0xfc, 0x26, 0xe5, 0xcb, 0xb0, 0x08, - 0xbc, 0x0b, 0x18, 0x40, 0x3d, 0x51, 0x42, 0x0c, 0x72, 0x1b, 0x46, 0xd8, 0x3f, 0x77, 0x9d, 0x0e, - 0xda, 0xe8, 0xc9, 0x59, 0x86, 0x80, 0x76, 0xbc, 0xf6, 0x8e, 0xba, 0x31, 0x68, 0x52, 0xbb, 0xe5, - 0x74, 0xb4, 0x75, 0x91, 0x23, 0x92, 0x0d, 0x18, 0x4b, 0x14, 0x41, 0x38, 0x3b, 0xa2, 0x9d, 0xbf, - 0x27, 0x25, 0xb5, 0x67, 0x05, 0xb3, 0xb3, 0x51, 0x93, 0x9f, 0x26, 0x74, 0x18, 0xbe, 0xde, 0x18, - 0x85, 0x91, 0xb6, 0x71, 0x29, 0xf6, 0xdf, 0xb8, 0x18, 0xc7, 0x6e, 0x5c, 0x5c, 0x00, 0xd1, 0x49, - 0xd5, 0xe6, 0x8e, 0x88, 0x93, 0x7d, 0xa9, 0xbf, 0x80, 0x5d, 0x4d, 0x90, 0x71, 0x4e, 0x72, 0x67, - 0x9c, 0xe8, 0x7f, 0xa7, 0xb9, 0xa3, 0x39, 0xe3, 0x62, 0x54, 0xd6, 0x0d, 0x89, 0xaa, 0x91, 0x0e, - 0x02, 0xd9, 0x0d, 0x49, 0x49, 0xd2, 0x0d, 0x1f, 0x3e, 0x88, 0xfa, 0x75, 0x83, 0xc2, 0x88, 0xac, - 0x00, 0x54, 0x1b, 0x91, 0x77, 0x9f, 0xa2, 0x48, 0x8c, 0x69, 0x1d, 0x31, 0x5f, 0xbd, 0x43, 0xf7, - 0xeb, 0x34, 0x4a, 0x4e, 0xb2, 0x1c, 0x44, 0x4d, 0x89, 0x89, 0xa5, 0x70, 0x20, 0x1d, 0x38, 0x5d, - 0x75, 0x5d, 0x8f, 0xc7, 0x4e, 0xaf, 0x07, 0x4c, 0x7e, 0x5d, 0x64, 0x5d, 0xca, 0x66, 0xfd, 0x92, - 0x60, 0xfd, 0xac, 0x13, 0x53, 0xd9, 0x11, 0x27, 0x4b, 0x57, 0x93, 0xcd, 0xd8, 0x5c, 0x85, 0x09, - 0xbd, 0x4b, 0xf5, 0xa8, 0xe1, 0x12, 0x14, 0xad, 0x7a, 0xd5, 0xae, 0xdf, 0xae, 0x5e, 0x2f, 0x1b, - 0xa4, 0x0c, 0x25, 0xf1, 0x6b, 0xce, 0x9e, 0x7b, 0xed, 0x66, 0x39, 0xa7, 0x41, 0x5e, 0xbb, 0x3e, - 0x57, 0xce, 0x9b, 0xbf, 0x6b, 0x40, 0x51, 0x7e, 0x1f, 0xb9, 0x09, 0xf9, 0x7a, 0xfd, 0x76, 0x2a, - 0xec, 0x23, 0x59, 0x7a, 0xf9, 0x22, 0x13, 0x86, 0xbb, 0xea, 0x22, 0x53, 0xaf, 0xdf, 0x66, 0x74, - 0xeb, 0xcb, 0x75, 0x61, 0xb4, 0x64, 0x88, 0xeb, 0x54, 0x9f, 0xb3, 0xf0, 0x9b, 0x90, 0x7f, 0x6f, - 0x73, 0x5d, 0xec, 0x86, 0x32, 0xc6, 0x17, 0xe9, 0x3e, 0x7c, 0xa0, 0x2e, 0x7d, 0x8c, 0xc0, 0xb4, - 0x60, 0x4c, 0x99, 0x5a, 0xdc, 0x88, 0x68, 0xf9, 0x71, 0x3c, 0xad, 0x30, 0x22, 0x18, 0xc4, 0x12, - 0x25, 0xcc, 0xe6, 0x59, 0xf6, 0x1b, 0x4e, 0x53, 0x58, 0x23, 0x68, 0xf3, 0x34, 0x19, 0xc0, 0xe2, - 0x70, 0xf3, 0x0f, 0x0c, 0x28, 0xaf, 0x05, 0xfe, 0x7d, 0x8f, 0x69, 0xe0, 0x75, 0x7f, 0x8f, 0xb6, - 0x37, 0xae, 0x93, 0x57, 0xa5, 0x12, 0x30, 0xe2, 0xbd, 0xf7, 0x10, 0x2a, 0x81, 0x1f, 0x1d, 0x54, - 0xa0, 0xbe, 0x1f, 0x46, 0xb4, 0xc5, 0xca, 0xa5, 0x22, 0x50, 0xc2, 0x92, 0x73, 0x83, 0x87, 0x3a, - 0x1e, 0x13, 0x96, 0x5c, 0x81, 0x21, 0xfc, 0x1c, 0x25, 0xda, 0x6c, 0x28, 0x62, 0x00, 0x8b, 0xc3, - 0x15, 0x85, 0xfd, 0x9d, 0x5c, 0x4f, 0x1b, 0xe6, 0x3e, 0x51, 0xe1, 0x82, 0x7a, 0xe3, 0x06, 0x5a, - 0xc4, 0xbe, 0x00, 0x33, 0xe9, 0x2e, 0x41, 0xbf, 0x48, 0x15, 0x26, 0x75, 0xb8, 0x74, 0x91, 0x9c, - 0xcd, 0xac, 0x6b, 0x63, 0xce, 0x4a, 0xe3, 0x9b, 0x3f, 0x30, 0x60, 0x14, 0xff, 0xb5, 0xba, 0x4d, - 0x3c, 0xcd, 0xaa, 0x6e, 0xd6, 0xc5, 0xd1, 0xb9, 0x7a, 0xda, 0xea, 0x3c, 0x08, 0x6d, 0x71, 0xce, - 0xae, 0xe9, 0x91, 0x18, 0x59, 0x90, 0xf2, 0x40, 0x01, 0x79, 0xd8, 0x18, 0x93, 0xf2, 0x88, 0x82, - 0x30, 0x45, 0x2a, 0x90, 0xf1, 0xd4, 0x6d, 0xb3, 0xce, 0xc4, 0x4f, 0x8c, 0x06, 0x3f, 0x75, 0x63, - 0x74, 0x7e, 0x53, 0x3f, 0x75, 0xe3, 0x68, 0xe4, 0x55, 0x18, 0x66, 0x55, 0x5b, 0xf2, 0xdc, 0x06, - 0x77, 0x15, 0xf8, 0x8d, 0x81, 0x16, 0xb7, 0xc0, 0x91, 0xcc, 0x7f, 0x92, 0x4b, 0x77, 0xa0, 0xb0, - 0x02, 0x4e, 0x38, 0x37, 0xde, 0x80, 0xa1, 0x6a, 0xb3, 0xe9, 0x3f, 0x10, 0x5a, 0x42, 0xba, 0x69, - 0xe2, 0xfe, 0xe3, 0x2b, 0xac, 0xc3, 0x50, 0xb4, 0x88, 0x1b, 0x06, 0x20, 0xf3, 0x30, 0x5a, 0xdd, - 0xac, 0x2f, 0x2d, 0x2d, 0xac, 0xaf, 0x2f, 0x8b, 0xdb, 0x20, 0x2f, 0xc8, 0xfe, 0xf1, 0x3c, 0xd7, - 0x8e, 0xa2, 0x66, 0x9f, 0x60, 0xf1, 0x84, 0x8e, 0xbc, 0x05, 0xf0, 0x9e, 0xef, 0xb5, 0xef, 0xd2, - 0x68, 0xd7, 0x77, 0x45, 0xe3, 0x99, 0x49, 0x31, 0xf6, 0xa1, 0xef, 0xb5, 0xed, 0x16, 0x82, 0xd9, - 0xb7, 0x27, 0x48, 0x96, 0xf2, 0x3f, 0xeb, 0xe9, 0x9a, 0x1f, 0xa1, 0x0d, 0x33, 0x94, 0xf4, 0xf4, - 0x96, 0x1f, 0xf5, 0x9c, 0x6f, 0x0a, 0x34, 0xf3, 0xe7, 0x72, 0x30, 0xc1, 0x77, 0xaa, 0x5c, 0x60, - 0x9e, 0xd8, 0xc9, 0xf8, 0x86, 0x36, 0x19, 0xcf, 0xc9, 0x85, 0x41, 0x69, 0xda, 0x40, 0x53, 0x71, - 0x17, 0x48, 0x2f, 0x0d, 0xb1, 0xa4, 0x3f, 0x65, 0x90, 0x59, 0x78, 0x3d, 0x89, 0x72, 0x09, 0x91, - 0xc8, 0x46, 0x55, 0x18, 0x5a, 0x1a, 0x0f, 0xf3, 0x67, 0x73, 0x30, 0xae, 0xd8, 0x93, 0x4f, 0x6c, - 0xc7, 0x7f, 0x56, 0xeb, 0x78, 0x79, 0x44, 0xa2, 0xb4, 0x6c, 0xa0, 0x7e, 0xef, 0xc2, 0x54, 0x0f, - 0x49, 0xda, 0x2c, 0x37, 0x06, 0x31, 0xcb, 0x5f, 0xe9, 0x8d, 0x0a, 0xe1, 0x37, 0x47, 0xe2, 0xa8, - 0x10, 0x35, 0x0c, 0xe5, 0xdb, 0x39, 0x98, 0x11, 0xbf, 0xaa, 0x5d, 0xd7, 0x8b, 0xe6, 0xfd, 0xf6, - 0xb6, 0xb7, 0xf3, 0xc4, 0x8e, 0x45, 0x55, 0x1b, 0x8b, 0x8a, 0x3e, 0x16, 0x4a, 0x03, 0xfb, 0x0f, - 0x89, 0xf9, 0xcf, 0x8a, 0x30, 0xdb, 0x8f, 0x80, 0x6d, 0xfb, 0x95, 0x5d, 0x15, 0x6e, 0xfb, 0x53, - 0x3b, 0x56, 0xbe, 0x9f, 0x4a, 0xc2, 0xce, 0x72, 0x03, 0x84, 0x9d, 0x2d, 0x43, 0x19, 0xab, 0xaa, - 0xd3, 0x90, 0x75, 0x42, 0x98, 0x84, 0xad, 0x5f, 0x3c, 0x3c, 0xa8, 0x5c, 0x70, 0x58, 0x99, 0x1d, - 0x8a, 0x42, 0xbb, 0x1b, 0x78, 0x0a, 0x8f, 0x1e, 0x4a, 0xf2, 0x1b, 0x06, 0x4c, 0x20, 0x70, 0xf1, - 0x3e, 0x6d, 0x47, 0xc8, 0xac, 0x20, 0x4e, 0x76, 0xe2, 0xdb, 0x81, 0xf5, 0x28, 0xf0, 0xda, 0x3b, - 0xe8, 0x48, 0x0a, 0x6b, 0x5b, 0xac, 0x17, 0xbe, 0x7f, 0x50, 0x79, 0xf3, 0xa3, 0xdc, 0x38, 0x14, - 0xac, 0x42, 0xb6, 0x91, 0xe7, 0x1f, 0x4a, 0xb1, 0xda, 0xd4, 0x67, 0xa6, 0xbe, 0x88, 0xfc, 0x38, - 0x9c, 0xe5, 0x61, 0x22, 0xf3, 0x7e, 0x3b, 0xf2, 0xda, 0x5d, 0xbf, 0x1b, 0xd6, 0x9c, 0xc6, 0x5e, - 0xb7, 0x13, 0x0a, 0x67, 0x27, 0xb6, 0xbc, 0x11, 0x17, 0xda, 0x5b, 0xbc, 0x54, 0x61, 0xd9, 0x8f, - 0x01, 0xb9, 0x0d, 0x53, 0xbc, 0xa8, 0xda, 0x8d, 0xfc, 0x7a, 0xc3, 0x69, 0x7a, 0xed, 0x1d, 0xf4, - 0x81, 0x16, 0x79, 0xa0, 0x8c, 0xd3, 0x8d, 0x7c, 0x3b, 0xe4, 0x70, 0x85, 0x5f, 0x2f, 0x11, 0x59, - 0x82, 0x49, 0x8b, 0x3a, 0xee, 0x5d, 0xe7, 0xe1, 0xbc, 0xd3, 0x71, 0x1a, 0x5e, 0xb4, 0x8f, 0x3b, - 0xb3, 0x7c, 0xad, 0x72, 0x78, 0x50, 0x79, 0x2a, 0xa0, 0x8e, 0x6b, 0xb7, 0x9c, 0x87, 0x76, 0x43, - 0x14, 0x2a, 0xcc, 0xd2, 0x74, 0x31, 0x2b, 0xaf, 0x1d, 0xb3, 0x1a, 0x4d, 0xb3, 0xf2, 0xda, 0xfd, - 0x59, 0x25, 0x74, 0x92, 0xd5, 0xba, 0x13, 0xec, 0xd0, 0x88, 0x3b, 0x09, 0xe1, 0xa2, 0x71, 0xd9, - 0x50, 0x58, 0x45, 0x58, 0x66, 0xa3, 0xc3, 0x30, 0xcd, 0x4a, 0xa1, 0x63, 0x92, 0xb7, 0x19, 0x78, - 0x11, 0x55, 0x5b, 0x38, 0x86, 0x9f, 0x85, 0xfd, 0x8f, 0x6e, 0xd2, 0x7e, 0x4d, 0xec, 0xa1, 0x4c, - 0xb8, 0x29, 0x8d, 0x2c, 0xf5, 0x70, 0xcb, 0x6e, 0x65, 0x0f, 0x65, 0xcc, 0x4d, 0x6d, 0xe7, 0x38, - 0xb6, 0x53, 0xe1, 0xd6, 0xa7, 0xa1, 0x3d, 0x94, 0x64, 0x85, 0x75, 0x5a, 0x44, 0xdb, 0x4c, 0xa2, - 0x85, 0x93, 0x74, 0x02, 0x3f, 0xed, 0x79, 0xb1, 0xa7, 0x2e, 0x07, 0xb2, 0xd8, 0xce, 0x70, 0x99, - 0xa6, 0x89, 0xdf, 0x2b, 0x14, 0x87, 0xca, 0xc3, 0x56, 0x99, 0x8b, 0x7c, 0xc4, 0x04, 0x07, 0x75, - 0xb1, 0xf9, 0x2b, 0x39, 0x38, 0x27, 0xd5, 0x31, 0x8d, 0x1e, 0xf8, 0xc1, 0x9e, 0xd7, 0xde, 0x79, - 0xc2, 0xb5, 0xea, 0x2d, 0x4d, 0xab, 0x3e, 0x9f, 0x5a, 0xe1, 0x52, 0xad, 0x3c, 0x42, 0xb5, 0xfe, - 0xfe, 0x30, 0x3c, 0x7d, 0x24, 0x15, 0x79, 0x9f, 0xad, 0x82, 0x1e, 0x6d, 0x47, 0x4b, 0x6e, 0x93, - 0xb2, 0x6d, 0x98, 0xdf, 0x8d, 0x84, 0x33, 0xfb, 0xb9, 0xc3, 0x83, 0xca, 0x34, 0xbf, 0x34, 0x67, - 0x7b, 0x6e, 0x93, 0xda, 0x11, 0x2f, 0xd6, 0x86, 0xa9, 0x97, 0x9a, 0xb1, 0x8c, 0xaf, 0xf0, 0x2e, - 0xb5, 0x23, 0x1a, 0xdc, 0x77, 0xf8, 0xdd, 0x21, 0xc1, 0x72, 0x8f, 0xd2, 0x8e, 0xed, 0xb0, 0x52, - 0xdb, 0x13, 0xc5, 0x3a, 0xcb, 0x1e, 0x6a, 0x72, 0x4b, 0x61, 0x39, 0xcf, 0x36, 0x07, 0x77, 0x9d, - 0x87, 0xc2, 0xe2, 0x15, 0x51, 0xa7, 0x31, 0x4b, 0x1e, 0xb9, 0xdb, 0x72, 0x1e, 0x5a, 0xbd, 0x24, - 0xe4, 0x03, 0x38, 0x2d, 0x14, 0x37, 0x53, 0x62, 0x81, 0xdf, 0x94, 0x2d, 0x2e, 0x20, 0xaf, 0x17, - 0x0f, 0x0f, 0x2a, 0x67, 0x85, 0xda, 0xb7, 0x1b, 0x1c, 0x23, 0xb3, 0xd5, 0xd9, 0x5c, 0xc8, 0x3a, - 0x5b, 0xc8, 0x52, 0xdd, 0x71, 0x97, 0x86, 0xa1, 0xb3, 0x23, 0xad, 0x63, 0x7e, 0xa2, 0xa4, 0x74, - 0xa6, 0xdd, 0xe2, 0xe5, 0x56, 0x5f, 0x4a, 0x72, 0x1b, 0x26, 0x36, 0xe9, 0x96, 0x3a, 0x3e, 0xc3, - 0xf1, 0x14, 0x2f, 0x3f, 0xa0, 0x5b, 0xfd, 0x07, 0x27, 0x45, 0x47, 0x3c, 0x98, 0xc2, 0xe3, 0x70, - 0xb6, 0xd5, 0xa3, 0x6d, 0x1a, 0x60, 0xec, 0xd9, 0x08, 0xba, 0xab, 0x66, 0x13, 0xcb, 0x52, 0x2f, - 0xaf, 0x3d, 0x7b, 0x78, 0x50, 0x79, 0x9a, 0x1f, 0xad, 0x37, 0x05, 0xdc, 0x4e, 0xdd, 0xa0, 0xed, - 0xe5, 0x4a, 0xbe, 0x02, 0x93, 0x96, 0xdf, 0x8d, 0xbc, 0xf6, 0x4e, 0x3d, 0x0a, 0x9c, 0x88, 0xee, - 0x70, 0x45, 0x9e, 0x04, 0xb9, 0xa5, 0x4a, 0xb9, 0x63, 0x3a, 0xe0, 0x40, 0x3b, 0x14, 0x50, 0x4d, - 0x93, 0xea, 0x04, 0xe4, 0xcb, 0x30, 0xc1, 0xa3, 0x73, 0xe2, 0x0a, 0x46, 0xb5, 0xcb, 0x26, 0x7a, - 0xe1, 0xc6, 0x75, 0xdc, 0xd5, 0x9c, 0xe3, 0x51, 0x3e, 0x59, 0x15, 0xa4, 0xb8, 0x99, 0x07, 0x06, - 0x94, 0xd3, 0x3c, 0xc8, 0xe7, 0x61, 0xb4, 0xba, 0x43, 0xdb, 0x6c, 0x6c, 0x76, 0xc5, 0x15, 0x54, - 0x79, 0x21, 0x3e, 0x86, 0xeb, 0x44, 0x22, 0xa2, 0x9c, 0x15, 0xb2, 0xb1, 0x56, 0xbc, 0x44, 0xb7, - 0x4f, 0x59, 0x09, 0x33, 0xe2, 0x42, 0x09, 0x7b, 0x71, 0x8d, 0x52, 0xb6, 0xbc, 0x0b, 0x57, 0xc9, - 0xb3, 0xea, 0xb0, 0x88, 0xa2, 0x14, 0x7f, 0x0c, 0x04, 0xe2, 0xe3, 0xd3, 0xe1, 0x08, 0x5a, 0x15, - 0x1a, 0xd7, 0x1a, 0x40, 0x31, 0x6e, 0xe0, 0x39, 0x38, 0xdb, 0xe7, 0x9b, 0xcd, 0xfb, 0x70, 0xbe, - 0x7f, 0x8d, 0xe4, 0xf3, 0x30, 0x83, 0x84, 0xf3, 0x7e, 0xbb, 0x4d, 0x1b, 0x11, 0xce, 0x03, 0xb9, - 0xbb, 0xcf, 0xd7, 0x9e, 0x3f, 0x3c, 0xa8, 0x5c, 0xe4, 0xed, 0x6d, 0xc4, 0x08, 0x76, 0x7a, 0xa3, - 0x9f, 0xc9, 0xc1, 0xfc, 0xa5, 0x1c, 0xcc, 0x8a, 0xa9, 0x65, 0xd1, 0x86, 0x1f, 0xb8, 0x4f, 0xbe, - 0x2a, 0x5f, 0xd4, 0x54, 0xf9, 0x73, 0x71, 0x58, 0x5c, 0x56, 0x23, 0x8f, 0xd0, 0xe4, 0xbf, 0x63, - 0xc0, 0x85, 0xa3, 0x88, 0x58, 0xef, 0xc4, 0xa1, 0xa4, 0xa3, 0x3d, 0x21, 0xa3, 0x1d, 0x98, 0xc6, - 0x01, 0xc5, 0xc3, 0x80, 0xf0, 0xb6, 0x1f, 0x46, 0xe8, 0x91, 0xcd, 0x69, 0xc1, 0x21, 0x35, 0xdf, - 0x6f, 0xe2, 0xda, 0x5d, 0x7b, 0x85, 0x2d, 0xd1, 0xdf, 0x3f, 0xa8, 0x00, 0x03, 0xf1, 0xe0, 0x4f, - 0x66, 0xc7, 0x71, 0x29, 0xc3, 0xb3, 0x86, 0xd0, 0xc6, 0x30, 0xa0, 0x3d, 0xba, 0x1f, 0x5a, 0x59, - 0xac, 0xd1, 0xeb, 0x56, 0xed, 0x46, 0xbb, 0x6b, 0x01, 0xdd, 0xa6, 0x01, 0x6d, 0x37, 0xe8, 0x27, - 0xcc, 0xeb, 0xa6, 0x37, 0x6e, 0xa0, 0x2d, 0xe7, 0x9f, 0x8c, 0xc0, 0x4c, 0x16, 0x19, 0xeb, 0x17, - 0x65, 0x97, 0x93, 0x4e, 0xa1, 0xf1, 0x57, 0x0d, 0x28, 0xd5, 0x69, 0xc3, 0x6f, 0xbb, 0xb7, 0x9c, - 0x46, 0xe4, 0xcb, 0x30, 0x1b, 0x9b, 0xaf, 0x56, 0x0c, 0x6e, 0x6f, 0x63, 0x81, 0xe6, 0xed, 0xf9, - 0xdc, 0x60, 0x9b, 0x8b, 0x86, 0x8f, 0xb1, 0xd7, 0x11, 0xde, 0x31, 0x89, 0xab, 0xc0, 0x93, 0x2a, - 0xad, 0x52, 0x52, 0x83, 0x71, 0x31, 0x5d, 0x7d, 0x35, 0x92, 0x18, 0x63, 0x7f, 0x1b, 0xb2, 0x20, - 0xed, 0xf5, 0xd1, 0x49, 0xc8, 0x0d, 0xc8, 0xdf, 0x9b, 0xbb, 0x25, 0xc6, 0x40, 0xc6, 0x47, 0xde, - 0x9b, 0xbb, 0x85, 0xfe, 0x0b, 0x66, 0x13, 0x8e, 0x77, 0xe7, 0xb6, 0x55, 0xbf, 0xf6, 0xbd, 0xb9, - 0x5b, 0x64, 0x15, 0xa6, 0x2c, 0xfa, 0xd5, 0xae, 0x17, 0x50, 0x31, 0x01, 0xee, 0xde, 0xaa, 0xe2, - 0x58, 0x14, 0xf9, 0xda, 0x14, 0xf0, 0x42, 0xb9, 0x5f, 0xb3, 0x5b, 0xdb, 0xea, 0xb5, 0xf1, 0x5e, - 0x5a, 0xf2, 0x53, 0x70, 0x7a, 0xc1, 0x0b, 0xc5, 0x37, 0x73, 0x87, 0xb2, 0x8b, 0x67, 0xcb, 0xc3, - 0x7d, 0xa6, 0xc3, 0x67, 0x32, 0xa7, 0xc3, 0xb3, 0x6e, 0xcc, 0xc4, 0xe6, 0xde, 0x6a, 0x37, 0x1d, - 0x82, 0x9d, 0x5d, 0x0f, 0xf9, 0x10, 0x26, 0xd0, 0x83, 0x87, 0x3e, 0x76, 0xbc, 0xdb, 0x31, 0xd2, - 0xa7, 0xe6, 0x4f, 0x65, 0xd6, 0x7c, 0x1e, 0x1d, 0x82, 0x36, 0x7a, 0xea, 0xf1, 0x1e, 0x88, 0xb6, - 0xef, 0xd3, 0x38, 0x93, 0xf7, 0x60, 0x52, 0x18, 0x12, 0xab, 0xdb, 0xeb, 0xbb, 0x74, 0xc1, 0xd9, - 0x17, 0x81, 0x25, 0x68, 0xd3, 0x0b, 0xeb, 0xc3, 0xf6, 0xb7, 0xed, 0x68, 0x97, 0xda, 0xae, 0xa3, - 0x2d, 0xb9, 0x29, 0x42, 0xf2, 0x35, 0x18, 0x5b, 0xf6, 0xf1, 0x30, 0x11, 0x55, 0xcd, 0x28, 0xf2, - 0xf9, 0x02, 0xa6, 0x8d, 0xe0, 0xe0, 0x94, 0x61, 0xf0, 0xa3, 0x83, 0xca, 0x1b, 0x27, 0x95, 0x42, - 0xa5, 0x02, 0x4b, 0xad, 0x8d, 0xcc, 0x43, 0x71, 0x93, 0x6e, 0xb1, 0xd6, 0xa6, 0xaf, 0x3c, 0x4b, - 0x30, 0xd7, 0x17, 0x0f, 0xc4, 0x2f, 0xf5, 0xa4, 0x4e, 0x62, 0x90, 0x00, 0xa6, 0xb0, 0x7f, 0xd6, - 0x9c, 0x30, 0x7c, 0xe0, 0x07, 0x6e, 0x93, 0x86, 0xf2, 0xc8, 0xab, 0xb7, 0xf3, 0xe7, 0x32, 0x3b, - 0xff, 0x02, 0xef, 0xfc, 0x8e, 0xc2, 0x41, 0x15, 0xb7, 0x1e, 0xf6, 0xe6, 0xef, 0x1b, 0x28, 0xf5, - 0xe4, 0x0a, 0x06, 0x14, 0xc6, 0x17, 0x29, 0xd0, 0x43, 0xe1, 0x74, 0x52, 0xf7, 0x6e, 0x38, 0x0a, - 0x79, 0x05, 0x86, 0x6f, 0x39, 0x0d, 0x1a, 0x49, 0xbf, 0x37, 0x22, 0x6f, 0x23, 0x44, 0x75, 0x67, - 0x70, 0x1c, 0xb6, 0x20, 0x2f, 0xd0, 0xfb, 0x5e, 0x83, 0x56, 0xa3, 0x88, 0x86, 0xbc, 0x87, 0xe7, - 0xab, 0xfc, 0x80, 0x78, 0x94, 0x2f, 0xc8, 0x2e, 0x96, 0xdb, 0x4e, 0x82, 0x60, 0x37, 0x1c, 0x95, - 0x57, 0x26, 0x07, 0xf3, 0x7f, 0x19, 0x49, 0xaf, 0x93, 0x17, 0xa1, 0x60, 0xad, 0xc5, 0xdf, 0xcf, - 0xcf, 0x7e, 0x53, 0x9f, 0x8f, 0x08, 0xe4, 0x8b, 0x70, 0x5a, 0xe1, 0x83, 0x3d, 0x42, 0x5d, 0xf6, - 0x41, 0xbc, 0x31, 0x2f, 0xe0, 0x61, 0x9f, 0xf2, 0x25, 0x0e, 0xc7, 0x48, 0x7d, 0x51, 0x36, 0x0f, - 0xb4, 0x3e, 0x92, 0x82, 0x05, 0xda, 0xf6, 0x38, 0x6f, 0xa5, 0xb1, 0x2a, 0x6f, 0x17, 0x11, 0xd2, - 0x8d, 0xcd, 0xe2, 0xf0, 0x5e, 0xa1, 0x58, 0x28, 0x0f, 0x99, 0x7f, 0x6a, 0x28, 0x39, 0x7f, 0x9e, - 0xd0, 0x15, 0xeb, 0xa6, 0xb6, 0x62, 0xcd, 0x08, 0xd2, 0xb8, 0x55, 0xac, 0x2c, 0xd3, 0xca, 0x98, - 0x84, 0x71, 0x0d, 0x09, 0xe3, 0xad, 0xef, 0x85, 0x34, 0xe0, 0x7e, 0xe6, 0x4f, 0x56, 0xbc, 0x75, - 0xdc, 0xae, 0x81, 0x22, 0x62, 0xff, 0xd8, 0x80, 0xc9, 0x14, 0x05, 0xeb, 0x0d, 0x06, 0x52, 0x7b, - 0xa3, 0x1b, 0xd2, 0xc0, 0x42, 0x28, 0x0f, 0xb4, 0x5c, 0xd6, 0x03, 0x2d, 0x9b, 0x16, 0x83, 0x91, - 0xcf, 0xc1, 0xd0, 0x3d, 0xdc, 0x15, 0xea, 0xb1, 0x3a, 0x31, 0x7f, 0x2c, 0xe4, 0x33, 0xac, 0xcb, - 0xfe, 0x55, 0x15, 0x04, 0x96, 0x91, 0x3a, 0x8c, 0xcc, 0x07, 0x14, 0xb3, 0xfb, 0x14, 0x06, 0x3f, - 0x54, 0x6d, 0x70, 0x92, 0xf4, 0xa1, 0xaa, 0xe0, 0x64, 0xfe, 0x62, 0x0e, 0x48, 0xd2, 0x46, 0xbc, - 0xed, 0x19, 0x3e, 0xb1, 0x83, 0xfe, 0x8e, 0x36, 0xe8, 0x4f, 0xf7, 0x0c, 0x3a, 0x6f, 0xde, 0x40, - 0x63, 0xff, 0x07, 0x06, 0x9c, 0xc9, 0x26, 0x24, 0xcf, 0xc1, 0xf0, 0xea, 0xfa, 0x9a, 0x0c, 0xf7, - 0x12, 0x4d, 0xf1, 0x3b, 0x68, 0x19, 0x5b, 0xa2, 0x88, 0xbc, 0x0a, 0xc3, 0xef, 0x5b, 0xf3, 0x6c, - 0xc9, 0x54, 0x2e, 0x6c, 0x7d, 0x35, 0xb0, 0x1b, 0xfa, 0x36, 0x5a, 0x20, 0xa9, 0x63, 0x9b, 0x7f, - 0x6c, 0x63, 0xfb, 0xed, 0x1c, 0x4c, 0x56, 0x1b, 0x0d, 0x1a, 0x86, 0xcc, 0x20, 0xa2, 0x61, 0xf4, - 0xc4, 0x0e, 0x6c, 0x76, 0x20, 0x97, 0xd6, 0xb6, 0x81, 0x46, 0xf5, 0x0f, 0x0d, 0x38, 0x2d, 0xa9, - 0xee, 0x7b, 0xf4, 0xc1, 0xfa, 0x6e, 0x40, 0xc3, 0x5d, 0xbf, 0xe9, 0x0e, 0x7a, 0xf5, 0x10, 0x57, - 0x69, 0xaf, 0x19, 0xd1, 0x40, 0x3d, 0x74, 0xd8, 0x46, 0x88, 0xb6, 0x4a, 0x23, 0x84, 0x5c, 0x83, - 0x91, 0x6a, 0xa7, 0x13, 0xf8, 0xf7, 0xf9, 0xb4, 0x1f, 0x17, 0x67, 0xcc, 0x1c, 0xa4, 0x9d, 0x49, - 0x73, 0x10, 0xfb, 0x8c, 0x05, 0xda, 0xe6, 0x51, 0xea, 0xe3, 0xfc, 0x33, 0x5c, 0xda, 0x56, 0x2d, - 0x34, 0x2c, 0x37, 0xbf, 0x55, 0x80, 0x92, 0xda, 0x10, 0x62, 0xc2, 0x30, 0x0f, 0x39, 0x52, 0x43, - 0x3f, 0x1c, 0x84, 0x58, 0xa2, 0x24, 0x89, 0xe4, 0xca, 0x1d, 0x1b, 0xc9, 0xb5, 0x09, 0xe3, 0x6b, - 0x81, 0xdf, 0xf1, 0x43, 0xea, 0xf2, 0x04, 0x6d, 0x5c, 0x6b, 0x4d, 0xc7, 0xe1, 0xcd, 0xbc, 0xcf, - 0x59, 0x11, 0xdf, 0x0e, 0x74, 0x04, 0xb6, 0x9d, 0x4e, 0xdf, 0xa6, 0xf3, 0xe1, 0x87, 0x36, 0x4e, - 0x28, 0xee, 0x8d, 0xc4, 0x87, 0x36, 0x0c, 0xa2, 0x1f, 0xda, 0x30, 0x88, 0x3a, 0x2d, 0x86, 0x1e, - 0xd7, 0xb4, 0x20, 0xbf, 0x68, 0xc0, 0x58, 0xb5, 0xdd, 0x16, 0x91, 0x5c, 0x32, 0x61, 0xc9, 0xe9, - 0xe4, 0xe0, 0x86, 0x87, 0xfa, 0xf2, 0x73, 0x9b, 0x2f, 0x89, 0x73, 0x9b, 0x37, 0x3e, 0xd2, 0xb9, - 0xcd, 0x7a, 0xe0, 0x78, 0x51, 0x88, 0x07, 0xf4, 0x49, 0x85, 0x6a, 0x38, 0xb7, 0xf2, 0x1d, 0xe4, - 0x0d, 0x28, 0xc7, 0xf2, 0xb8, 0xd4, 0x76, 0xe9, 0x43, 0xca, 0x03, 0xdf, 0xc6, 0xf9, 0xa5, 0x56, - 0xed, 0x40, 0x2a, 0x8d, 0x68, 0x7e, 0xdb, 0x80, 0x33, 0xaa, 0x40, 0xd4, 0xbb, 0x5b, 0x2d, 0x0f, - 0xb7, 0x3f, 0xe4, 0x2a, 0x8c, 0x8a, 0xf1, 0x8a, 0x0d, 0xb9, 0xde, 0xac, 0x7e, 0x09, 0x0a, 0x59, - 0x64, 0x43, 0xc4, 0x78, 0x08, 0x5f, 0xc1, 0x74, 0x6a, 0xba, 0xb1, 0xa2, 0xda, 0xac, 0xe8, 0xec, - 0x72, 0x80, 0xbf, 0xf5, 0xb1, 0x63, 0x10, 0xf3, 0x6d, 0x98, 0xd2, 0xbf, 0xb2, 0x4e, 0xf1, 0xd6, - 0xa3, 0x6c, 0x9a, 0x91, 0xdd, 0x34, 0x59, 0x6e, 0x6e, 0x02, 0xe9, 0xa1, 0x0f, 0xf1, 0xf0, 0x91, - 0x46, 0xf2, 0x70, 0x5c, 0xba, 0x30, 0x7b, 0x10, 0xe3, 0xfc, 0x96, 0x63, 0x6a, 0x77, 0x23, 0xa9, - 0xf9, 0xab, 0x63, 0x30, 0x9d, 0xa1, 0x3a, 0x8e, 0x59, 0xda, 0x2b, 0xfa, 0xe4, 0x19, 0x8d, 0xa3, - 0x3c, 0xe4, 0x94, 0x79, 0x5b, 0xe6, 0x32, 0x3c, 0x62, 0xaa, 0x1c, 0x95, 0xe0, 0xf0, 0xe3, 0x58, - 0xde, 0xd5, 0x40, 0xac, 0xa1, 0xc7, 0x16, 0x88, 0x55, 0x83, 0x71, 0xd1, 0x2a, 0x31, 0x95, 0x87, - 0x13, 0xb7, 0x40, 0xc0, 0x0b, 0xec, 0x9e, 0x29, 0xad, 0x93, 0x70, 0x1e, 0xa1, 0xdf, 0xbc, 0x4f, - 0x05, 0x8f, 0x11, 0x95, 0x07, 0x16, 0x64, 0xf2, 0x50, 0x48, 0xc8, 0xdf, 0x37, 0x80, 0x08, 0x88, - 0x3a, 0x9f, 0x8b, 0x47, 0xcd, 0x67, 0xf7, 0xf1, 0xcc, 0xe7, 0xa7, 0xe5, 0x37, 0x66, 0xcf, 0xeb, - 0x8c, 0xcf, 0x22, 0x7f, 0xd7, 0x80, 0x29, 0x1e, 0x0d, 0xa4, 0x7e, 0xec, 0xe8, 0x51, 0x1f, 0xdb, - 0x78, 0x3c, 0x1f, 0x7b, 0x21, 0xc4, 0x6a, 0xfb, 0x7c, 0x6b, 0xef, 0x47, 0x91, 0x1f, 0x07, 0x88, - 0x67, 0x94, 0x8c, 0x3a, 0xbd, 0x90, 0xa1, 0x05, 0x62, 0xa4, 0xe4, 0x5e, 0x6f, 0x14, 0xd3, 0x69, - 0x09, 0x0b, 0x62, 0x28, 0xf9, 0x29, 0x98, 0x61, 0xf3, 0x25, 0x86, 0x88, 0xd8, 0xc5, 0xd9, 0x31, - 0xac, 0xe5, 0xd3, 0xfd, 0x97, 0xf6, 0xab, 0x59, 0x64, 0xfc, 0xee, 0x4f, 0x92, 0xf0, 0x25, 0x6a, - 0xa9, 0x5b, 0xbe, 0x2c, 0x0a, 0x0c, 0x52, 0xc6, 0xaf, 0xe7, 0xd7, 0x5b, 0xfb, 0xe8, 0xb7, 0x73, - 0x72, 0x2e, 0x70, 0xfd, 0x16, 0xea, 0x97, 0x77, 0x10, 0x44, 0xde, 0x07, 0x52, 0xef, 0xee, 0xec, - 0xd0, 0x30, 0xa2, 0x2e, 0x87, 0xd1, 0x40, 0x26, 0x33, 0x43, 0x37, 0x55, 0x28, 0x4b, 0xed, 0x40, - 0x16, 0xab, 0x42, 0xd2, 0x4b, 0x4c, 0x28, 0xcc, 0x88, 0x46, 0x33, 0xa8, 0x4c, 0x09, 0x12, 0xce, - 0x4e, 0x68, 0x91, 0xa1, 0x49, 0x49, 0x92, 0x19, 0x46, 0xc9, 0x2b, 0xa2, 0x6d, 0x7b, 0xb3, 0xd8, - 0x91, 0x9b, 0x30, 0xba, 0xec, 0xef, 0x78, 0xed, 0xdb, 0x5e, 0x3b, 0x9a, 0x9d, 0x4c, 0x8e, 0xa9, - 0x9a, 0x0c, 0x68, 0xef, 0x7a, 0x9a, 0xdf, 0x3e, 0x41, 0x3d, 0xbf, 0x05, 0xe7, 0xfa, 0x8e, 0x42, - 0xc6, 0xbd, 0xa1, 0x6b, 0xfa, 0xbd, 0xa1, 0x73, 0xfd, 0xb4, 0x75, 0xa8, 0xde, 0x1d, 0xfa, 0x35, - 0x23, 0xa5, 0x9e, 0x85, 0x2d, 0xc5, 0xb3, 0xd2, 0xf6, 0x5b, 0xbf, 0x72, 0x98, 0x38, 0x85, 0x2b, - 0xf0, 0x5c, 0x62, 0xc3, 0x31, 0x05, 0xae, 0x2e, 0x00, 0xa8, 0xca, 0x1f, 0x51, 0x53, 0x9b, 0xff, - 0xd0, 0x00, 0xc2, 0xbf, 0x70, 0xde, 0xe9, 0x38, 0x5b, 0x5e, 0xd3, 0x8b, 0x3c, 0x1a, 0x92, 0x3b, - 0x50, 0x16, 0x2c, 0x9c, 0xad, 0x26, 0x55, 0x43, 0x02, 0x45, 0xcc, 0x40, 0x5c, 0x66, 0xa7, 0xad, - 0xae, 0x1e, 0xc2, 0x3e, 0xb2, 0x95, 0x7b, 0x04, 0xd9, 0x32, 0x7f, 0x68, 0xc0, 0xb9, 0xde, 0xcf, - 0x16, 0x35, 0xc7, 0x9d, 0x67, 0x1c, 0xd3, 0x79, 0x59, 0xad, 0xcc, 0xa1, 0x67, 0xf6, 0xb1, 0xb5, - 0x32, 0x9f, 0x38, 0x7a, 0x4f, 0xde, 0xca, 0x07, 0x6a, 0xe2, 0x1d, 0xf2, 0x6a, 0x56, 0x70, 0x17, - 0xbf, 0x81, 0xc5, 0xc1, 0x7a, 0x5c, 0x97, 0xdc, 0x1d, 0xe5, 0x32, 0x77, 0x47, 0xf2, 0x32, 0x59, - 0x3e, 0xeb, 0x32, 0x99, 0xf9, 0xcd, 0x1c, 0x94, 0xd6, 0x9a, 0xdd, 0x1d, 0xaf, 0xbd, 0xe0, 0x44, - 0xce, 0x13, 0xbb, 0xd5, 0x7a, 0x5d, 0xdb, 0x6a, 0xc5, 0xd1, 0x87, 0x71, 0xc3, 0x06, 0xda, 0x67, - 0x7d, 0xd7, 0x80, 0xc9, 0x84, 0x84, 0xab, 0x87, 0xdb, 0x50, 0x60, 0x3f, 0x84, 0xe5, 0x76, 0xb1, - 0x87, 0x31, 0x62, 0x5d, 0x8d, 0xff, 0x13, 0x9b, 0x1f, 0x3d, 0x21, 0x2c, 0x72, 0x38, 0xff, 0x19, - 0x9e, 0x9a, 0xf1, 0xe4, 0xb9, 0xa7, 0x7f, 0xcf, 0x80, 0x72, 0xba, 0x25, 0xe4, 0x0e, 0x8c, 0x30, - 0x4e, 0x5e, 0x9c, 0xe6, 0xf1, 0xf9, 0x3e, 0x6d, 0xbe, 0x2a, 0xd0, 0xf8, 0xe7, 0x61, 0xe7, 0x53, - 0x0e, 0xb1, 0x24, 0x87, 0xf3, 0x16, 0x94, 0x54, 0xac, 0x8c, 0xaf, 0x7b, 0x45, 0xd7, 0x89, 0x67, - 0xb2, 0xfb, 0x41, 0xfd, 0xea, 0x5f, 0xd5, 0xbe, 0x5a, 0x68, 0xc3, 0x41, 0x93, 0xfc, 0xe2, 0xf5, - 0x4b, 0x3e, 0x1d, 0x54, 0x39, 0x93, 0xab, 0x85, 0x7e, 0xfd, 0x92, 0xc3, 0xd8, 0x1e, 0x8d, 0xd7, - 0x27, 0xe4, 0x0c, 0xf7, 0x68, 0x1d, 0x84, 0xa8, 0x76, 0x3e, 0xc7, 0x31, 0xff, 0x66, 0x1e, 0xce, - 0x24, 0x9f, 0xc7, 0x53, 0x1e, 0xaf, 0x39, 0x81, 0xd3, 0x0a, 0x8f, 0x99, 0x01, 0x97, 0x7b, 0x3e, - 0x0d, 0x73, 0x12, 0xc8, 0x4f, 0x53, 0x3e, 0xc8, 0x4c, 0x7d, 0x10, 0x6e, 0x6e, 0xf9, 0x07, 0xc9, - 0xcf, 0x20, 0x77, 0x20, 0x5f, 0xa7, 0x91, 0xb8, 0x84, 0x7c, 0xa9, 0xa7, 0x57, 0xd5, 0xef, 0xba, - 0x5a, 0xa7, 0x11, 0x1f, 0x44, 0x7e, 0x8f, 0x83, 0x6a, 0xf7, 0x2a, 0xd8, 0x36, 0x65, 0x13, 0x86, - 0x17, 0x1f, 0x76, 0x68, 0x23, 0x12, 0x77, 0x8f, 0x5f, 0x3a, 0x9a, 0x1f, 0xc7, 0x55, 0x6e, 0x38, - 0x53, 0x04, 0xa8, 0x9d, 0xc5, 0x51, 0xce, 0xdf, 0x84, 0xa2, 0xac, 0xfc, 0x44, 0x37, 0x75, 0x5f, - 0x87, 0x31, 0xa5, 0x92, 0x13, 0x09, 0xfd, 0x5f, 0x18, 0x30, 0xcc, 0xb4, 0xed, 0xc6, 0x6b, 0x4f, - 0xa8, 0x46, 0xba, 0xa1, 0x69, 0xa4, 0x29, 0xe5, 0x4a, 0x19, 0xce, 0xcb, 0xd7, 0x8e, 0xd1, 0x45, - 0x07, 0x06, 0x40, 0x82, 0x4c, 0xde, 0x85, 0x11, 0x91, 0xda, 0x48, 0x04, 0x73, 0xa8, 0x77, 0xd4, - 0x64, 0xea, 0xc4, 0xd8, 0xfa, 0xf3, 0x3b, 0x69, 0x73, 0x59, 0x52, 0x93, 0x85, 0x24, 0x8e, 0x5f, - 0xbd, 0x14, 0xcd, 0xd8, 0xcc, 0xfb, 0x6d, 0x7e, 0x67, 0x49, 0x49, 0xc2, 0xd8, 0x27, 0xa0, 0xbf, - 0x2a, 0x1c, 0x3e, 0xf9, 0xa3, 0x98, 0x9c, 0x11, 0x4c, 0xb2, 0x7d, 0x41, 0xbf, 0x30, 0xc1, 0x6f, - 0x01, 0xc9, 0x0f, 0x7b, 0x0b, 0x4a, 0xb7, 0xfc, 0xe0, 0x81, 0x13, 0xb8, 0x18, 0x70, 0x81, 0xcd, - 0xe4, 0xf9, 0xc4, 0xc6, 0xb7, 0x39, 0xdc, 0xc6, 0x58, 0x8d, 0x1f, 0x1d, 0x54, 0x0a, 0x35, 0xdf, - 0x6f, 0x5a, 0x1a, 0x3a, 0x59, 0x85, 0xf1, 0xbb, 0xce, 0x43, 0x71, 0x76, 0xba, 0xbe, 0xbe, 0x2c, - 0xe2, 0xb8, 0x5e, 0x3a, 0x3c, 0xa8, 0x9c, 0x6b, 0x39, 0x0f, 0xe3, 0x33, 0xd7, 0xfe, 0x57, 0x0d, - 0x74, 0x7a, 0xe2, 0xc1, 0xc4, 0x9a, 0x1f, 0x44, 0xa2, 0x12, 0x66, 0xeb, 0xe7, 0xfb, 0x9c, 0xbe, - 0x5d, 0xcb, 0x3c, 0x7d, 0x3b, 0xc7, 0x36, 0x38, 0xf6, 0x76, 0x4c, 0xae, 0x5d, 0x5d, 0xd5, 0x18, - 0x93, 0xb7, 0x60, 0x6a, 0x9e, 0x06, 0x91, 0xb7, 0xed, 0x35, 0x9c, 0x88, 0xde, 0xf2, 0x83, 0x96, - 0x13, 0x09, 0x47, 0x13, 0x3a, 0x1a, 0x1a, 0x94, 0x73, 0x6a, 0x39, 0x91, 0xd5, 0x8b, 0x49, 0xbe, - 0x98, 0x15, 0x19, 0x37, 0x84, 0xcd, 0x7f, 0x95, 0x59, 0x23, 0x19, 0x91, 0x71, 0x7d, 0xba, 0x20, - 0x23, 0x46, 0x6e, 0xe7, 0xa8, 0x23, 0xe8, 0x62, 0xed, 0xba, 0x38, 0x0e, 0x3f, 0xfe, 0x88, 0x39, - 0x1e, 0xb7, 0x3e, 0x47, 0xcd, 0x73, 0x90, 0xaf, 0xad, 0xdd, 0x42, 0xd7, 0x91, 0x38, 0xf2, 0xa5, - 0xed, 0x5d, 0xa7, 0xdd, 0x40, 0x23, 0x4a, 0xc4, 0x91, 0xa8, 0x0a, 0xaf, 0xb6, 0x76, 0x8b, 0x38, - 0x30, 0xbd, 0x46, 0x83, 0x96, 0x17, 0x7d, 0xfe, 0xfa, 0x75, 0x65, 0xa0, 0x8a, 0xf8, 0x69, 0xd7, - 0xc4, 0xa7, 0x55, 0x3a, 0x88, 0x62, 0x3f, 0xbc, 0x7e, 0x3d, 0x73, 0x38, 0xe2, 0x0f, 0xcb, 0xe2, - 0x45, 0x16, 0x61, 0xe2, 0xae, 0xf3, 0x30, 0x09, 0xff, 0x09, 0x45, 0x6c, 0xee, 0xd3, 0x52, 0xb0, - 0x92, 0xd0, 0x21, 0x75, 0xbe, 0xa5, 0x88, 0xc8, 0x9b, 0x30, 0x96, 0x88, 0x57, 0x88, 0xc7, 0xc2, - 0x79, 0x1e, 0x72, 0xac, 0x08, 0xa7, 0xe6, 0x63, 0x53, 0xd0, 0xc9, 0xbd, 0xd8, 0x75, 0xc1, 0x2d, - 0x61, 0x91, 0x16, 0xe9, 0x9a, 0xea, 0xba, 0x70, 0xb0, 0x44, 0x6b, 0xd6, 0x64, 0xbc, 0x37, 0xe0, - 0xf1, 0x50, 0x96, 0xce, 0x45, 0xf1, 0x88, 0xac, 0x05, 0x7e, 0xab, 0x13, 0x61, 0x44, 0x6e, 0xca, - 0x23, 0xd2, 0xc1, 0x92, 0x0c, 0x8f, 0x08, 0x27, 0xc9, 0x8e, 0x79, 0x18, 0x7f, 0x84, 0x98, 0x07, - 0x0a, 0x85, 0x65, 0xbf, 0xb1, 0x87, 0x21, 0xb8, 0xa3, 0xb5, 0xf7, 0x99, 0xfe, 0x68, 0xfa, 0x8d, - 0xbd, 0xc7, 0x77, 0x56, 0x8f, 0xec, 0xc9, 0x0a, 0x6b, 0x3b, 0x13, 0x2b, 0x51, 0x35, 0xee, 0x27, - 0x93, 0x13, 0x48, 0xad, 0x8c, 0x1b, 0x2a, 0x5c, 0x0a, 0x65, 0x43, 0x2c, 0x9d, 0x9c, 0x50, 0x28, - 0x2f, 0xd0, 0x70, 0x2f, 0xf2, 0x3b, 0xf3, 0x4d, 0xaf, 0xb3, 0xe5, 0x3b, 0x81, 0x3b, 0x5b, 0xee, - 0xa3, 0x30, 0x5e, 0xcc, 0x54, 0x18, 0x53, 0x2e, 0xa7, 0xb7, 0x1b, 0x92, 0x81, 0xd5, 0xc3, 0x92, - 0x7c, 0x11, 0x26, 0xd8, 0x6c, 0x59, 0x7c, 0x18, 0xd1, 0x36, 0x17, 0xa5, 0x29, 0x5c, 0xea, 0x67, - 0x94, 0x4b, 0xbc, 0x71, 0x21, 0x17, 0x52, 0xd4, 0x1e, 0x34, 0x26, 0x50, 0x85, 0x54, 0x67, 0x45, - 0x5c, 0x98, 0xbd, 0xeb, 0x3c, 0x54, 0x32, 0x72, 0x29, 0x52, 0x4f, 0x50, 0x62, 0x31, 0xe9, 0x25, - 0x93, 0xd8, 0xbd, 0x18, 0xa9, 0xcf, 0x04, 0xe8, 0xcb, 0x89, 0x7c, 0x0d, 0xce, 0x8a, 0x66, 0x2d, - 0x60, 0xde, 0x0c, 0x3f, 0xd8, 0xaf, 0xef, 0x3a, 0x18, 0x4a, 0x38, 0x7d, 0x32, 0x0d, 0x2b, 0x3b, - 0xcc, 0x95, 0x7c, 0xec, 0x90, 0x33, 0xb2, 0xfa, 0xd5, 0x40, 0xbe, 0x02, 0x13, 0xdc, 0xc9, 0x78, - 0xdb, 0x0f, 0x23, 0xdc, 0x39, 0xce, 0xf4, 0xa9, 0xf3, 0x52, 0x66, 0x9d, 0x65, 0xee, 0xb9, 0xe4, - 0x31, 0x65, 0xe8, 0x67, 0x4d, 0xf1, 0x23, 0x6f, 0xc0, 0xd8, 0x9a, 0xd7, 0xae, 0xf3, 0xad, 0xdc, - 0xda, 0xec, 0xe9, 0x64, 0x19, 0xeb, 0x78, 0x6d, 0x5b, 0x7a, 0x3b, 0x3a, 0xb1, 0xd6, 0x51, 0xb1, - 0xcd, 0x7f, 0x99, 0x4b, 0x89, 0x25, 0x59, 0x82, 0x11, 0xd1, 0x16, 0xb1, 0xf0, 0xf7, 0x7e, 0xe9, - 0xd3, 0x99, 0x5f, 0x3a, 0x22, 0x7a, 0xc7, 0x92, 0xf4, 0xe4, 0x01, 0x63, 0xb5, 0xed, 0x74, 0x9b, - 0x32, 0x1d, 0xe3, 0x07, 0x5c, 0xea, 0x10, 0xa4, 0xcd, 0xaf, 0x85, 0x93, 0x47, 0x64, 0xe9, 0x01, - 0x7f, 0x38, 0xd1, 0x64, 0x6d, 0x64, 0x8f, 0xdf, 0x4b, 0xce, 0xc7, 0x51, 0x38, 0xfa, 0x25, 0xe4, - 0xc7, 0x56, 0x21, 0xab, 0xc5, 0xfc, 0xe7, 0x06, 0x8c, 0x6b, 0x72, 0x4d, 0x6e, 0x2a, 0x31, 0x6b, - 0x49, 0xfc, 0xb0, 0x86, 0x93, 0xf9, 0x20, 0xd4, 0x4d, 0x11, 0xa8, 0x98, 0xeb, 0x4f, 0x97, 0x99, - 0xf5, 0xf2, 0xc8, 0x0d, 0x77, 0x92, 0xbd, 0xa5, 0xd0, 0x27, 0x7b, 0xcb, 0x37, 0x27, 0x60, 0x42, - 0xb7, 0xa4, 0xd8, 0xd6, 0x06, 0xbd, 0x59, 0xd2, 0x33, 0xc3, 0xf3, 0x11, 0x21, 0x44, 0x7b, 0x5d, - 0x09, 0x21, 0xe4, 0x05, 0x80, 0x38, 0x36, 0x42, 0x3a, 0x5f, 0xc4, 0x5b, 0x50, 0x4a, 0x01, 0xf9, - 0x32, 0xc0, 0x8a, 0xef, 0xd2, 0x38, 0xa5, 0xd5, 0x11, 0x1e, 0xdd, 0x17, 0x85, 0x47, 0x57, 0xbc, - 0xdf, 0x74, 0x78, 0x50, 0x39, 0xdd, 0xf6, 0x5d, 0xda, 0x9b, 0xcb, 0x4a, 0xe1, 0x48, 0x3e, 0x0b, - 0x43, 0x56, 0xb7, 0x49, 0x65, 0x86, 0xa5, 0x31, 0xa9, 0x59, 0xbb, 0x4d, 0x25, 0x45, 0x7b, 0xd0, - 0x4d, 0x1f, 0xe4, 0x31, 0x00, 0x79, 0x07, 0x80, 0x29, 0x0f, 0x4c, 0xc7, 0x2b, 0x53, 0x38, 0xa0, - 0xa3, 0x46, 0xd1, 0x3b, 0x98, 0xc4, 0x57, 0xab, 0x3c, 0x21, 0x21, 0xab, 0x30, 0x22, 0xd6, 0x29, - 0x71, 0x50, 0xf6, 0x4c, 0x96, 0x8b, 0x56, 0x31, 0x56, 0x45, 0xca, 0x23, 0x04, 0xeb, 0x5e, 0x53, - 0xee, 0x68, 0x7a, 0x13, 0x46, 0x19, 0x7b, 0x9e, 0x73, 0x9c, 0x1b, 0x29, 0x18, 0x08, 0xae, 0x7c, - 0x50, 0x3a, 0xed, 0x78, 0x42, 0x40, 0xbe, 0x88, 0x49, 0xca, 0x44, 0x57, 0x1f, 0xe9, 0xe9, 0xbf, - 0xd4, 0xd3, 0xd5, 0x33, 0x4e, 0xa7, 0x93, 0x91, 0x74, 0x32, 0xe6, 0x47, 0x76, 0xe2, 0xcb, 0x92, - 0xf1, 0xe3, 0x1e, 0x47, 0x54, 0x70, 0xa5, 0xa7, 0x82, 0x59, 0x79, 0xff, 0xaf, 0x37, 0x35, 0x99, - 0xc6, 0x97, 0x74, 0xa0, 0x9c, 0xa8, 0x74, 0x51, 0x17, 0x1c, 0x55, 0xd7, 0xab, 0x3d, 0x75, 0xa9, - 0x03, 0xd8, 0x53, 0x5d, 0x0f, 0x77, 0xe2, 0x26, 0x6f, 0x2a, 0x88, 0xfa, 0xc6, 0x8e, 0xaa, 0xef, - 0x85, 0x9e, 0xfa, 0xa6, 0xdd, 0xad, 0xde, 0x7a, 0x52, 0x3c, 0xc9, 0x9b, 0x30, 0x2e, 0x21, 0x38, - 0x3f, 0x44, 0x02, 0x49, 0xfe, 0x1a, 0xc8, 0x16, 0x46, 0x8a, 0xea, 0x79, 0xb9, 0x54, 0x64, 0x95, - 0x9a, 0x4b, 0xc7, 0xb8, 0x46, 0x9d, 0x96, 0x0a, 0x1d, 0x99, 0x7c, 0x01, 0xc6, 0x96, 0x5a, 0xac, - 0x21, 0x7e, 0xdb, 0x89, 0x28, 0x5a, 0x3d, 0xc9, 0xa9, 0x85, 0x52, 0xa2, 0x88, 0x2a, 0xcf, 0x4f, - 0x9c, 0x14, 0xa9, 0x56, 0xa3, 0x42, 0xc1, 0x3a, 0x8f, 0x3b, 0x18, 0x85, 0x0c, 0x87, 0xc2, 0xc6, - 0x79, 0x3a, 0xe3, 0xe4, 0x40, 0x61, 0x8f, 0x46, 0x03, 0xf7, 0x5b, 0xda, 0x62, 0x42, 0x68, 0x9d, - 0xa7, 0xf3, 0x24, 0x6f, 0xc1, 0x98, 0xb8, 0x9a, 0x5e, 0xb5, 0x56, 0xc2, 0xd9, 0x72, 0x92, 0x8e, - 0x5f, 0xde, 0x62, 0xb7, 0x9d, 0x20, 0x75, 0x7c, 0x9c, 0xe0, 0x93, 0xcf, 0xc3, 0xcc, 0xa6, 0xd7, - 0x76, 0xfd, 0x07, 0xa1, 0x58, 0xa6, 0x84, 0xa2, 0x9b, 0x4a, 0x82, 0xe4, 0x1e, 0xf0, 0x72, 0x5b, - 0x2e, 0xf7, 0x3d, 0x8a, 0x2f, 0x93, 0x03, 0xf9, 0xc9, 0x1e, 0xce, 0x5c, 0x82, 0xc8, 0x51, 0x12, - 0x34, 0xd7, 0x23, 0x41, 0xbd, 0xd5, 0xa7, 0xc5, 0x29, 0xb3, 0x1a, 0xe2, 0x03, 0xd1, 0x8d, 0xdb, - 0xf7, 0x7c, 0xaf, 0x3d, 0x3b, 0xad, 0x3d, 0x9d, 0x17, 0xaf, 0x62, 0x88, 0xb7, 0xe6, 0x37, 0xbd, - 0xc6, 0xbe, 0x4c, 0x7a, 0xae, 0x9b, 0xcd, 0x1f, 0xfa, 0x9a, 0x17, 0x2b, 0x83, 0x35, 0xf9, 0x02, - 0x94, 0xd8, 0xdf, 0x78, 0x8f, 0x31, 0xa3, 0x9d, 0x35, 0x2b, 0x98, 0xa2, 0x1e, 0x1c, 0x23, 0xbc, - 0x3b, 0x9f, 0xb1, 0xfd, 0xd0, 0x58, 0x91, 0xd7, 0x01, 0x98, 0x7d, 0x23, 0xd4, 0xf1, 0xe9, 0x24, - 0xc1, 0x01, 0x9a, 0x41, 0xbd, 0x8a, 0x38, 0x41, 0x66, 0x1b, 0x1f, 0xf6, 0xab, 0xde, 0x75, 0x7d, - 0x36, 0x37, 0xce, 0x20, 0x2d, 0x6e, 0x7c, 0x90, 0x36, 0xe4, 0x70, 0x55, 0x3a, 0x14, 0x74, 0xf3, - 0x87, 0x06, 0xcc, 0x64, 0x75, 0xd2, 0x31, 0x19, 0xd2, 0xcc, 0x54, 0xb8, 0x0b, 0x7a, 0xde, 0x78, - 0xb8, 0x4b, 0x1c, 0xe4, 0x52, 0x81, 0xa1, 0x3b, 0x5e, 0xdb, 0x95, 0xe1, 0x98, 0xb8, 0x0e, 0xef, - 0x31, 0x80, 0xc5, 0xe1, 0x0c, 0x81, 0xdf, 0x16, 0x61, 0x0b, 0xf5, 0x10, 0x47, 0xc0, 0xcb, 0x21, - 0x16, 0x87, 0x33, 0x04, 0xb6, 0xde, 0xcb, 0xf5, 0x09, 0x11, 0x98, 0x19, 0x10, 0x5a, 0x1c, 0x4e, - 0x2e, 0xc1, 0xc8, 0x6a, 0x7b, 0x99, 0x3a, 0xf7, 0xa9, 0x38, 0x6b, 0x46, 0x4f, 0xa1, 0xdf, 0xb6, - 0x9b, 0x0c, 0x66, 0xc9, 0x42, 0xf3, 0xbb, 0x06, 0x4c, 0xf5, 0x8c, 0xcf, 0xf1, 0x49, 0xe0, 0x8e, - 0x3e, 0xd8, 0x1f, 0xa4, 0x7d, 0xfc, 0xf3, 0x0b, 0xd9, 0x9f, 0x6f, 0xfe, 0x4e, 0x01, 0xce, 0xf6, - 0x59, 0x2e, 0x93, 0xa0, 0x1c, 0xe3, 0xd8, 0xa0, 0x9c, 0x2f, 0xb1, 0xe5, 0xc9, 0xf1, 0x5a, 0xe1, - 0xba, 0x9f, 0x7c, 0x71, 0x72, 0x7e, 0x89, 0x65, 0x32, 0xcb, 0x92, 0xcc, 0x08, 0x74, 0xae, 0x81, - 0x14, 0x76, 0xe4, 0xf7, 0x1c, 0xc7, 0xe8, 0xcc, 0x7a, 0xc2, 0x62, 0xf2, 0x7f, 0x49, 0xc2, 0x62, - 0xf4, 0xc3, 0xe8, 0xc2, 0x63, 0x3d, 0x8c, 0xce, 0x3e, 0x7f, 0x1a, 0x7a, 0x94, 0x13, 0xdc, 0x79, - 0x18, 0xaf, 0x53, 0x27, 0x68, 0xec, 0x56, 0x43, 0x3e, 0x48, 0x3c, 0x5b, 0x2d, 0xae, 0x05, 0x21, - 0x16, 0xd8, 0x4e, 0xd8, 0x3b, 0x16, 0x1a, 0x8d, 0xf9, 0x6f, 0x53, 0xd1, 0x3c, 0x7f, 0x19, 0xe5, - 0xe5, 0x25, 0x18, 0xda, 0xdc, 0xa5, 0x81, 0xb4, 0xce, 0xf1, 0x43, 0x1e, 0x30, 0x80, 0xfa, 0x21, - 0x88, 0x61, 0x7e, 0x0d, 0x4a, 0x6a, 0x65, 0xa8, 0x10, 0xd8, 0x6f, 0x31, 0x23, 0xb9, 0x42, 0x60, - 0x00, 0x8b, 0xc3, 0x8f, 0x4d, 0xcc, 0x98, 0xf4, 0x42, 0xfe, 0xb8, 0x5e, 0x60, 0x95, 0xa3, 0xbc, - 0x29, 0x95, 0xe3, 0x6f, 0xb5, 0xf2, 0x88, 0x01, 0x2c, 0x0e, 0x7f, 0xac, 0x95, 0xff, 0x2b, 0x03, - 0x0a, 0x98, 0x14, 0xe7, 0x35, 0x18, 0x95, 0xc7, 0x19, 0x6a, 0xa2, 0x98, 0x69, 0x79, 0xda, 0x11, - 0xea, 0xb1, 0x58, 0x02, 0xc8, 0xaa, 0xda, 0xa0, 0xc1, 0x96, 0x16, 0xb2, 0x77, 0x9f, 0x01, 0xd4, - 0xaa, 0x10, 0xe3, 0x04, 0xe3, 0x81, 0x61, 0x89, 0xc2, 0x1b, 0xc1, 0x55, 0x16, 0x0f, 0x4b, 0xec, - 0x71, 0x3d, 0x48, 0x2c, 0xf3, 0x97, 0x0d, 0x38, 0x9d, 0x69, 0x42, 0xb1, 0x5a, 0xb9, 0xad, 0xa6, - 0x88, 0x63, 0xda, 0x50, 0xe3, 0x18, 0x27, 0x09, 0x3f, 0x3c, 0x81, 0x6c, 0x3d, 0x0b, 0xa3, 0xf1, - 0x06, 0x9e, 0xcc, 0xc8, 0xa1, 0x43, 0x9f, 0xb7, 0xdc, 0x07, 0xfe, 0x85, 0x01, 0xc3, 0xec, 0x13, - 0x9e, 0xd8, 0xdb, 0x68, 0xd9, 0x27, 0x20, 0xac, 0x49, 0x03, 0xdd, 0x41, 0xfb, 0x8d, 0x61, 0x80, - 0x04, 0x99, 0x6c, 0xc1, 0xc4, 0xea, 0xd2, 0xc2, 0xfc, 0x92, 0x4b, 0xdb, 0x11, 0x86, 0x00, 0xa4, - 0x32, 0xcd, 0xb0, 0x3d, 0x79, 0xd0, 0x76, 0x9a, 0x02, 0x61, 0x3f, 0xd1, 0x0d, 0xbe, 0xe7, 0x36, - 0x6c, 0x2f, 0xa6, 0x53, 0x6d, 0x59, 0x9d, 0x23, 0xab, 0xa3, 0x5e, 0xbd, 0xbb, 0xac, 0xd4, 0x91, - 0x1b, 0xb0, 0x8e, 0xd0, 0x69, 0x35, 0xfb, 0xd4, 0xa1, 0x73, 0x24, 0xbb, 0x50, 0x7e, 0x17, 0x57, - 0x1f, 0xa5, 0x96, 0xfc, 0xd1, 0xb5, 0x3c, 0x27, 0x6a, 0x79, 0x8a, 0x2f, 0x5b, 0xd9, 0xf5, 0xf4, - 0x70, 0x4d, 0x24, 0xb7, 0x70, 0xac, 0xe4, 0xfe, 0x35, 0x03, 0x86, 0xf9, 0xf2, 0x16, 0xbf, 0xa1, - 0x97, 0xb9, 0x80, 0x6e, 0x3e, 0x9e, 0x05, 0xb4, 0x8c, 0x9a, 0x4b, 0xf3, 0x5d, 0xf0, 0x32, 0xb2, - 0x90, 0x7a, 0x90, 0x4f, 0x1e, 0x73, 0xa1, 0x4d, 0xcf, 0x4b, 0x92, 0x20, 0x4e, 0xfe, 0x16, 0x9f, - 0xca, 0x85, 0x63, 0xa8, 0x6f, 0x8a, 0x8f, 0x3c, 0xe2, 0x9b, 0xe2, 0xcb, 0x30, 0x2a, 0xa2, 0x12, - 0x6b, 0xfb, 0x62, 0xe7, 0x2e, 0x3d, 0x70, 0x31, 0x5c, 0x79, 0x1f, 0x82, 0x83, 0xec, 0x2d, 0x2d, - 0x7d, 0x6a, 0x8c, 0x48, 0x56, 0x61, 0x34, 0xb9, 0x4a, 0xa7, 0xdf, 0x02, 0x8f, 0xe1, 0x22, 0x6c, - 0x5f, 0x86, 0x36, 0x65, 0xdc, 0x9c, 0x4b, 0x78, 0x98, 0xdf, 0x32, 0xa0, 0x9c, 0x96, 0x17, 0x7c, - 0x08, 0x48, 0xde, 0x66, 0x8c, 0x83, 0x8f, 0xf8, 0x43, 0x40, 0xf1, 0xf5, 0x47, 0x2d, 0x0c, 0x49, - 0x45, 0x27, 0x73, 0x50, 0x64, 0xd3, 0xae, 0x9d, 0x7a, 0x09, 0xa8, 0x2b, 0x60, 0xea, 0xd9, 0xbb, - 0xc4, 0x53, 0x66, 0xed, 0xbf, 0xcf, 0xc3, 0x98, 0x32, 0x58, 0xe4, 0x25, 0x28, 0x2e, 0x85, 0xcb, - 0x7e, 0x63, 0x8f, 0xba, 0xe2, 0x48, 0x0f, 0x9f, 0x8c, 0xf7, 0x42, 0xbb, 0x89, 0x40, 0x2b, 0x2e, - 0x26, 0x35, 0x18, 0xe7, 0xff, 0xc9, 0x4c, 0x04, 0xb9, 0xe4, 0x38, 0x82, 0x23, 0xcb, 0x1c, 0x04, - 0xea, 0xf2, 0xae, 0x91, 0x90, 0x0f, 0x00, 0x38, 0x80, 0x8d, 0xef, 0x00, 0x97, 0x12, 0xe4, 0x04, - 0x3e, 0x2d, 0x2a, 0x88, 0x3c, 0xb5, 0x85, 0x28, 0x0a, 0x0a, 0x43, 0x7c, 0xae, 0xda, 0x6f, 0xec, - 0x0d, 0xfe, 0x60, 0x7d, 0xf2, 0x5c, 0xb5, 0xdf, 0xd8, 0xb3, 0xb3, 0x23, 0x54, 0x55, 0x96, 0xe4, - 0xdb, 0x06, 0x9c, 0xb7, 0x68, 0xc3, 0xbf, 0x4f, 0x83, 0xfd, 0x6a, 0x84, 0x58, 0x6a, 0x8d, 0xc7, - 0x87, 0xc3, 0xde, 0x10, 0x35, 0xbe, 0x18, 0x08, 0x2e, 0x78, 0x95, 0xae, 0xd5, 0x89, 0xec, 0x23, - 0x3e, 0xe1, 0x88, 0x2a, 0xcd, 0xff, 0x68, 0x28, 0x53, 0x80, 0xac, 0xc0, 0x68, 0x2c, 0x2c, 0xc2, - 0x23, 0x1d, 0x5b, 0x66, 0x12, 0x6e, 0xd1, 0xed, 0xda, 0x53, 0xe2, 0xf4, 0x6d, 0x3a, 0x16, 0x39, - 0x6d, 0x46, 0x48, 0x20, 0xf9, 0x1c, 0x14, 0x70, 0xa8, 0x8e, 0x4f, 0xb8, 0x28, 0x97, 0x9a, 0x02, - 0x1b, 0x23, 0xfc, 0x6a, 0xa4, 0x24, 0x9f, 0x12, 0x21, 0x60, 0x79, 0x2d, 0x95, 0x39, 0x03, 0xb1, - 0xef, 0x88, 0xd7, 0x98, 0x24, 0x28, 0x5a, 0x91, 0xd6, 0xbf, 0x9e, 0x83, 0x72, 0x7a, 0xe2, 0x91, - 0x77, 0xa0, 0x24, 0xaf, 0x45, 0xde, 0x76, 0x44, 0xf6, 0x84, 0x92, 0xc8, 0x5e, 0x20, 0xe0, 0xf6, - 0xae, 0xa3, 0xa5, 0xd1, 0xd4, 0x08, 0xd8, 0x82, 0xbc, 0x2e, 0xee, 0xda, 0x28, 0x13, 0x28, 0xf2, - 0xa3, 0x4e, 0x2a, 0x3d, 0xb2, 0x44, 0x23, 0xaf, 0x41, 0x9e, 0xdf, 0x15, 0x56, 0x73, 0xeb, 0xdd, - 0xbd, 0x55, 0xe5, 0x57, 0x1d, 0x79, 0xc0, 0x87, 0x7e, 0x72, 0xc6, 0xf0, 0xc9, 0xb2, 0x72, 0xd3, - 0x74, 0x58, 0xcb, 0x31, 0x26, 0xc1, 0x71, 0xe3, 0x8e, 0xbf, 0x72, 0xfa, 0x5e, 0xa1, 0x98, 0x2f, - 0x17, 0xc4, 0xdd, 0xc2, 0xdf, 0xca, 0xc3, 0x68, 0x5c, 0x3f, 0x21, 0x80, 0xf6, 0x86, 0x88, 0xdc, - 0xc0, 0xff, 0xc9, 0x39, 0x28, 0x4a, 0x13, 0x43, 0x44, 0x6f, 0x8c, 0x84, 0xc2, 0xbc, 0x98, 0x05, - 0x69, 0x4b, 0x70, 0xf3, 0xc2, 0x92, 0x3f, 0xc9, 0x75, 0x88, 0x0d, 0x85, 0x7e, 0x16, 0x45, 0x81, - 0x0d, 0x98, 0x15, 0xa3, 0x91, 0x09, 0xc8, 0x79, 0xfc, 0x1e, 0xc5, 0xa8, 0x95, 0xf3, 0x5c, 0xf2, - 0x0e, 0x14, 0x1d, 0xd7, 0xa5, 0xae, 0xed, 0x48, 0xd7, 0xee, 0x51, 0x42, 0x53, 0x64, 0xdc, 0xb8, - 0x46, 0x47, 0xaa, 0x6a, 0x44, 0xaa, 0x30, 0x8a, 0x6f, 0xc7, 0x77, 0xc3, 0x81, 0x1e, 0x9c, 0x4f, - 0x38, 0x14, 0x19, 0xd9, 0xbd, 0x90, 0xba, 0xe4, 0x45, 0x28, 0xb0, 0xd1, 0x14, 0xeb, 0x41, 0x9c, - 0x31, 0x75, 0x75, 0x7d, 0x8d, 0x77, 0xd8, 0xed, 0x53, 0x16, 0x22, 0x90, 0xe7, 0x21, 0xdf, 0x9d, - 0xdb, 0x16, 0x9a, 0xbe, 0x9c, 0x5c, 0x23, 0x8f, 0xd1, 0x58, 0x31, 0xb9, 0x01, 0xc5, 0x07, 0xfa, - 0x85, 0xe1, 0xd3, 0xa9, 0x61, 0x8c, 0xf1, 0x63, 0xc4, 0x5a, 0x11, 0x86, 0xf9, 0x55, 0x59, 0xf3, - 0x19, 0x80, 0xa4, 0xea, 0xde, 0x20, 0x1b, 0xf3, 0x03, 0x18, 0x8d, 0xab, 0x24, 0x4f, 0x03, 0xec, - 0xd1, 0x7d, 0x7b, 0xd7, 0x69, 0xbb, 0xe2, 0xf5, 0xb1, 0x92, 0x35, 0xba, 0x47, 0xf7, 0x6f, 0x23, - 0x80, 0x9c, 0x85, 0x91, 0x0e, 0x1b, 0x55, 0x99, 0xdc, 0xdb, 0x1a, 0xee, 0x74, 0xb7, 0x98, 0x84, - 0xce, 0xc2, 0x08, 0x3a, 0x3f, 0xc4, 0x44, 0x1b, 0xb7, 0xe4, 0x4f, 0xf3, 0xd7, 0x72, 0x98, 0xf6, - 0x45, 0xf9, 0x4e, 0xf2, 0x1c, 0x8c, 0x37, 0x02, 0x8a, 0xcb, 0x91, 0xc3, 0xcc, 0x22, 0x51, 0x4f, - 0x29, 0x01, 0x2e, 0xb9, 0xe4, 0x12, 0x4c, 0x26, 0xd9, 0xc6, 0xed, 0xc6, 0x96, 0x48, 0x17, 0x50, - 0xb2, 0xc6, 0x3b, 0x32, 0xdd, 0xf8, 0xfc, 0x16, 0xde, 0xff, 0x29, 0xab, 0xd7, 0x64, 0x23, 0x99, - 0x39, 0x7c, 0xd4, 0x9a, 0x54, 0xe0, 0x78, 0x62, 0x73, 0x06, 0x86, 0x1d, 0x67, 0xa7, 0xeb, 0xf1, - 0xbb, 0x08, 0x25, 0x4b, 0xfc, 0x22, 0x2f, 0xc3, 0x54, 0xe8, 0xed, 0xb4, 0x9d, 0xa8, 0x1b, 0x88, - 0xbc, 0x3b, 0x34, 0x40, 0x91, 0x1a, 0xb7, 0xca, 0x71, 0xc1, 0x3c, 0x87, 0x93, 0x57, 0x81, 0xa8, - 0xf5, 0xf9, 0x5b, 0x1f, 0xd2, 0x06, 0x17, 0xb5, 0x92, 0x35, 0xa5, 0x94, 0xac, 0x62, 0x01, 0x79, - 0x16, 0x4a, 0x01, 0x0d, 0xd1, 0x24, 0xc3, 0x6e, 0xc3, 0x6c, 0x62, 0xd6, 0x98, 0x84, 0xdd, 0xa1, - 0xfb, 0x66, 0x0d, 0xa6, 0x7a, 0xe6, 0x23, 0x79, 0x95, 0x5b, 0xf7, 0x62, 0x7d, 0x2e, 0xf1, 0xcd, - 0x0c, 0xbe, 0x4e, 0xa8, 0x2d, 0xcd, 0x02, 0xc9, 0x6c, 0x43, 0x49, 0xd5, 0xaf, 0xc7, 0x24, 0x62, - 0x38, 0x83, 0x51, 0xc7, 0x5c, 0xf9, 0x0c, 0x1f, 0x1e, 0x54, 0x72, 0x9e, 0x8b, 0xb1, 0xc6, 0x97, - 0xa1, 0x28, 0xad, 0x04, 0xf5, 0xa5, 0x2c, 0x61, 0x50, 0xee, 0x5b, 0x71, 0xa9, 0xf9, 0x22, 0x8c, - 0x08, 0x15, 0x7a, 0xb4, 0x23, 0xca, 0xfc, 0x7a, 0x0e, 0x26, 0x2d, 0xca, 0x26, 0xb8, 0x78, 0x83, - 0xea, 0x13, 0x96, 0x77, 0x5d, 0x6b, 0xdb, 0x11, 0x79, 0x4f, 0x7e, 0xdb, 0x80, 0xe9, 0x0c, 0xdc, - 0x8f, 0x94, 0xa8, 0xf1, 0x26, 0x8c, 0x2e, 0x78, 0x4e, 0xb3, 0xea, 0xba, 0x71, 0xf4, 0x34, 0x5a, - 0x83, 0x2e, 0x9b, 0x4e, 0x0e, 0x83, 0xaa, 0x8b, 0x69, 0x8c, 0x4a, 0xae, 0x08, 0xa1, 0x48, 0x52, - 0xc9, 0xca, 0xcc, 0xee, 0xc0, 0xbf, 0x29, 0xc9, 0xeb, 0x8e, 0x57, 0x68, 0x39, 0x30, 0x39, 0x9c, - 0x7f, 0x62, 0x87, 0x2e, 0xfb, 0x0a, 0x6d, 0xba, 0x79, 0x03, 0x6d, 0x3b, 0xbf, 0x95, 0x83, 0x33, - 0xd9, 0x84, 0x1f, 0x35, 0xe7, 0x26, 0x26, 0x9d, 0x51, 0x92, 0xe7, 0x63, 0xce, 0x4d, 0x9e, 0xa1, - 0x06, 0xf1, 0x13, 0x04, 0xb2, 0x0d, 0xe3, 0xcb, 0x4e, 0x18, 0xdd, 0xa6, 0x4e, 0x10, 0x6d, 0x51, - 0x27, 0x1a, 0xc0, 0x82, 0x7d, 0x5e, 0x3e, 0x30, 0x84, 0x8b, 0xda, 0xae, 0xa4, 0x4c, 0x19, 0x78, - 0x3a, 0xdb, 0x58, 0x50, 0x0a, 0x03, 0x08, 0xca, 0x57, 0x61, 0xb2, 0x4e, 0x5b, 0x4e, 0x67, 0xd7, - 0x0f, 0xa8, 0xf0, 0x9d, 0x5f, 0x85, 0xf1, 0x18, 0x94, 0x29, 0x2d, 0x7a, 0xb1, 0x86, 0xaf, 0x74, - 0x44, 0xa2, 0x4a, 0xf4, 0x62, 0xf3, 0x57, 0x72, 0x70, 0xb6, 0xda, 0x10, 0x27, 0x1c, 0xa2, 0x40, - 0x1e, 0xc4, 0x7e, 0xcc, 0x75, 0x93, 0x6b, 0x30, 0x7a, 0xd7, 0x79, 0xb8, 0x4c, 0xf1, 0x05, 0x7d, - 0x9e, 0xb9, 0x8d, 0x9b, 0x5f, 0xce, 0x43, 0x3b, 0x76, 0x7b, 0x59, 0x09, 0x8e, 0xba, 0xd9, 0x2c, - 0x3c, 0xe2, 0x66, 0xd3, 0x84, 0xe1, 0xdb, 0x7e, 0xd3, 0x15, 0x8b, 0x93, 0x38, 0xb7, 0xd8, 0x45, - 0x88, 0x25, 0x4a, 0xcc, 0x1f, 0x1a, 0x30, 0x11, 0x7f, 0x31, 0x7e, 0xc2, 0xc7, 0xde, 0x25, 0x97, - 0x60, 0x04, 0x2b, 0x8a, 0x5f, 0x57, 0xc3, 0x45, 0xa3, 0xc9, 0x40, 0xb6, 0xe7, 0x5a, 0xb2, 0x50, - 0xed, 0x89, 0xa1, 0x47, 0xeb, 0x09, 0xf3, 0xef, 0xe1, 0x91, 0x88, 0xda, 0x4a, 0xb6, 0x12, 0x29, - 0x1f, 0x62, 0x0c, 0xf8, 0x21, 0xb9, 0xc7, 0x36, 0x24, 0xf9, 0xbe, 0x43, 0xf2, 0x8d, 0x1c, 0x8c, - 0xc5, 0x1f, 0xfb, 0x09, 0xcb, 0x3d, 0x11, 0xb7, 0x6b, 0xa0, 0x1b, 0x14, 0x75, 0x45, 0x57, 0x88, - 0x8b, 0x0a, 0x9f, 0x83, 0x61, 0x31, 0x99, 0x8c, 0xd4, 0x81, 0x64, 0x6a, 0x74, 0x6b, 0x13, 0x82, - 0xf5, 0x30, 0x0e, 0x68, 0x68, 0x09, 0x3a, 0xbc, 0xa2, 0xb2, 0x49, 0xb7, 0xc4, 0x09, 0xd9, 0x13, - 0xbb, 0x46, 0x65, 0x5f, 0x51, 0x49, 0x1a, 0x36, 0xd0, 0xea, 0xf4, 0xb7, 0x0b, 0x50, 0x4e, 0x93, - 0x1c, 0x9f, 0xdd, 0x63, 0xad, 0xbb, 0x25, 0xde, 0xea, 0xc1, 0xec, 0x1e, 0x9d, 0xee, 0x96, 0xc5, - 0x60, 0xe4, 0x12, 0x14, 0xd6, 0x02, 0xef, 0x3e, 0xb6, 0x5a, 0x3c, 0x55, 0xd4, 0x09, 0xbc, 0xfb, - 0x6a, 0xac, 0x36, 0x2b, 0xc7, 0x0d, 0xed, 0x72, 0x1d, 0xc3, 0x7e, 0xd1, 0xb0, 0x16, 0x1b, 0xda, - 0x66, 0x98, 0x4e, 0x23, 0x25, 0xd1, 0xd8, 0x52, 0x59, 0xa3, 0x4e, 0x20, 0x32, 0x51, 0x08, 0x75, - 0x86, 0x4b, 0xe5, 0x16, 0x82, 0x79, 0xde, 0x6f, 0x4b, 0x45, 0x22, 0x4d, 0x20, 0xca, 0x4f, 0x39, - 0x81, 0x8f, 0xdf, 0xe3, 0xc9, 0x27, 0xf6, 0x66, 0x54, 0xd6, 0xb6, 0x3a, 0x9b, 0x33, 0xf8, 0x3e, - 0x4e, 0x1f, 0xe1, 0x9a, 0xb8, 0x97, 0x88, 0x8e, 0x8c, 0xe2, 0xb1, 0xcc, 0x64, 0x5c, 0x3c, 0xf0, - 0x7b, 0x8b, 0xb1, 0x3b, 0x23, 0x61, 0x42, 0xde, 0x86, 0x31, 0x35, 0x98, 0x9b, 0x87, 0x1c, 0x5f, - 0xe0, 0xd7, 0x07, 0xfb, 0xa4, 0xd0, 0x54, 0x09, 0xcc, 0x4f, 0xa9, 0x52, 0x22, 0x16, 0xed, 0x23, - 0xa5, 0xc4, 0xfc, 0x25, 0x34, 0xe3, 0x5b, 0x7e, 0x44, 0x85, 0xf5, 0xf2, 0xc4, 0xea, 0xb1, 0xc4, - 0x85, 0x3c, 0xa4, 0x05, 0xd3, 0x68, 0xad, 0xe3, 0x18, 0x1b, 0x37, 0x12, 0xa5, 0xc3, 0x9d, 0xc9, - 0xd2, 0x85, 0xac, 0x4c, 0xb9, 0xdf, 0x34, 0xe0, 0x74, 0x26, 0x2d, 0xb9, 0x0a, 0x90, 0xd8, 0x88, - 0xa2, 0x97, 0x78, 0x42, 0xf5, 0x18, 0x6a, 0x29, 0x18, 0xe4, 0x4b, 0x69, 0xeb, 0xee, 0xf8, 0xc5, - 0x49, 0x3e, 0x3b, 0x34, 0xa1, 0x5b, 0x77, 0x19, 0x36, 0x9d, 0xf9, 0xdb, 0x79, 0x98, 0xea, 0x79, - 0x4d, 0xf7, 0x98, 0x28, 0x82, 0xbd, 0xd4, 0x63, 0x88, 0xfc, 0xb8, 0xe3, 0x4a, 0xbf, 0xb7, 0x7c, - 0x33, 0x9e, 0x46, 0x44, 0xb7, 0x98, 0xc8, 0xe5, 0x7f, 0xcc, 0x0b, 0x89, 0x61, 0xf6, 0x33, 0x9a, - 0x2f, 0xf7, 0xad, 0xed, 0x31, 0x3c, 0xa7, 0xf9, 0x97, 0xf8, 0xb5, 0xc1, 0x5f, 0xca, 0xc1, 0x74, - 0x4f, 0x9b, 0x9f, 0xd8, 0x59, 0xf7, 0x39, 0x6d, 0x75, 0x7b, 0xa6, 0xdf, 0x98, 0x0e, 0x64, 0x45, - 0xfc, 0x4f, 0x03, 0xce, 0xf6, 0xa1, 0x24, 0xfb, 0x69, 0x21, 0xe2, 0x56, 0xc5, 0xf5, 0xa3, 0x2b, - 0x7c, 0x2c, 0xa2, 0xf4, 0xb1, 0x49, 0xc2, 0xd7, 0x73, 0x00, 0x9b, 0x74, 0xeb, 0xc9, 0x4e, 0x5d, - 0xf6, 0x19, 0x4d, 0x00, 0x14, 0x07, 0xe6, 0xe0, 0x99, 0xcb, 0x56, 0xd1, 0x91, 0x38, 0x78, 0xde, - 0xb2, 0xf8, 0x69, 0xa5, 0x5c, 0xf6, 0xd3, 0x4a, 0xe6, 0x16, 0xcc, 0xbc, 0x4b, 0xa3, 0x64, 0x25, - 0x94, 0x7b, 0xc8, 0xa3, 0xd9, 0xbe, 0x02, 0xa3, 0x02, 0x5f, 0x7f, 0x26, 0x43, 0xc6, 0xe2, 0x79, - 0xae, 0x95, 0x20, 0x98, 0x14, 0xce, 0x2e, 0xd0, 0x26, 0x8d, 0xe8, 0xc7, 0x5b, 0x4d, 0x1d, 0x08, - 0x6f, 0x0a, 0x7f, 0x71, 0x67, 0xa0, 0x1a, 0x8e, 0xed, 0x9f, 0x0d, 0x38, 0x1d, 0x7f, 0xfb, 0xe3, - 0xe4, 0x7b, 0x8d, 0xd9, 0x12, 0xe2, 0x3e, 0x6c, 0xc2, 0xf1, 0x08, 0x27, 0xe2, 0x43, 0x38, 0x2f, - 0x09, 0x36, 0xbd, 0xf8, 0x24, 0x66, 0x20, 0x5a, 0xf2, 0x26, 0x8c, 0x29, 0x34, 0xe2, 0x56, 0x3f, - 0x9e, 0x76, 0x3e, 0xf0, 0xa2, 0x5d, 0x3b, 0xe4, 0x70, 0xf5, 0xb4, 0x53, 0x41, 0x37, 0xbf, 0x08, - 0x4f, 0xc5, 0x71, 0x2b, 0x19, 0x55, 0xa7, 0x98, 0x1b, 0x27, 0x63, 0xbe, 0x92, 0x34, 0x6b, 0xa9, - 0x1d, 0x87, 0xde, 0x4b, 0xde, 0x44, 0x6d, 0x96, 0x68, 0xcc, 0x05, 0x25, 0xa5, 0xa3, 0x58, 0x8b, - 0x12, 0x80, 0xf9, 0x86, 0xf2, 0xb1, 0x19, 0x0c, 0x35, 0x62, 0x23, 0x4d, 0xfc, 0xf5, 0x1c, 0x4c, - 0xae, 0x2e, 0x2d, 0xcc, 0xc7, 0x6e, 0xe4, 0x4f, 0x58, 0x5e, 0x35, 0xad, 0x6d, 0xfd, 0xf5, 0x8d, - 0x79, 0x0f, 0xa6, 0x53, 0xdd, 0x80, 0x0f, 0x8a, 0xbd, 0xcd, 0xe3, 0x4b, 0x62, 0xb0, 0x5c, 0x59, - 0xce, 0x64, 0xb1, 0xdf, 0xb8, 0x61, 0xa5, 0xb0, 0xcd, 0x7f, 0x34, 0x92, 0xe2, 0x2b, 0x54, 0xd8, - 0x2b, 0x30, 0xba, 0x14, 0x86, 0x5d, 0x1a, 0xdc, 0xb3, 0x96, 0x55, 0x1b, 0xd1, 0x43, 0xa0, 0xdd, - 0x0d, 0x9a, 0x56, 0x82, 0x40, 0x5e, 0x82, 0xa2, 0xb8, 0x83, 0x29, 0x75, 0x02, 0x1e, 0x97, 0xc7, - 0x57, 0x38, 0xad, 0xb8, 0x98, 0xbc, 0x06, 0x25, 0xfe, 0x3f, 0x97, 0x36, 0xd1, 0xe1, 0xe8, 0xab, - 0x12, 0xe8, 0x5c, 0x3a, 0x2d, 0x0d, 0x8d, 0xbc, 0x08, 0x63, 0xf2, 0xc5, 0x62, 0xf6, 0x45, 0xdc, - 0x03, 0x28, 0xae, 0x87, 0xa8, 0x25, 0xe4, 0x0a, 0xe4, 0xab, 0xf3, 0x96, 0xfa, 0x1c, 0x80, 0xd3, - 0x08, 0xf8, 0x73, 0x1a, 0xda, 0x4b, 0x80, 0xd5, 0x79, 0x8b, 0xcc, 0xe1, 0x3b, 0xf7, 0xf7, 0x3d, - 0x97, 0x06, 0x22, 0xd4, 0x15, 0x45, 0xa5, 0x23, 0x60, 0xa9, 0x67, 0xee, 0x11, 0x46, 0xae, 0xc1, - 0xc8, 0x82, 0x17, 0x76, 0x9a, 0xce, 0xbe, 0xc8, 0xa2, 0x84, 0x27, 0x20, 0x2e, 0x07, 0xa9, 0xc2, - 0x25, 0xb0, 0xc8, 0x4b, 0x30, 0x54, 0x6f, 0xf8, 0x1d, 0xb6, 0xc5, 0x8a, 0xe3, 0x59, 0x42, 0x06, - 0xd0, 0x72, 0x9d, 0x30, 0x00, 0xe6, 0x02, 0xe0, 0x57, 0x1a, 0x47, 0x95, 0x5c, 0x00, 0xe9, 0xab, - 0x8c, 0x02, 0xa7, 0x37, 0xe2, 0x10, 0x1e, 0x67, 0xc4, 0xe1, 0x16, 0x9c, 0x7d, 0x17, 0xed, 0xfb, - 0x3a, 0x0d, 0x30, 0x71, 0x2d, 0x7f, 0x35, 0xee, 0x9e, 0xb5, 0x24, 0xae, 0x71, 0xe2, 0xa5, 0x3a, - 0xbe, 0x05, 0xb0, 0x43, 0x8e, 0x23, 0x1f, 0x9c, 0x4b, 0x3d, 0x95, 0xd3, 0x8f, 0x11, 0xf9, 0x3c, - 0xcc, 0x64, 0x15, 0x89, 0x0b, 0x9d, 0x18, 0x45, 0x9f, 0x5d, 0x81, 0x1a, 0xc6, 0x9e, 0xc5, 0x81, - 0x2c, 0x43, 0x99, 0xc3, 0xab, 0x6e, 0xcb, 0x6b, 0x2f, 0xb6, 0x1c, 0xaf, 0x89, 0xd7, 0x3b, 0xc5, - 0x1d, 0x5d, 0xc1, 0xd5, 0x61, 0x85, 0x36, 0x65, 0xa5, 0x5a, 0x48, 0x52, 0x8a, 0x92, 0xfc, 0xbc, - 0x01, 0x25, 0x45, 0xc6, 0x42, 0x71, 0xdf, 0xa1, 0xdf, 0xf3, 0x43, 0xeb, 0x8f, 0xe9, 0xf9, 0xa1, - 0x92, 0x7c, 0xb7, 0x1b, 0xa7, 0x9b, 0xf6, 0x05, 0xe6, 0x1f, 0x8c, 0x70, 0xb5, 0x58, 0xed, 0x46, - 0xbb, 0x52, 0x91, 0xce, 0x65, 0x05, 0xd0, 0x70, 0x47, 0xbf, 0x12, 0x40, 0xa3, 0x87, 0xcd, 0xc8, - 0x03, 0xb9, 0x5c, 0xe6, 0x81, 0xdc, 0x2b, 0x30, 0x8a, 0x69, 0xe7, 0xe3, 0x48, 0x85, 0xa2, 0xd8, - 0x29, 0x32, 0x20, 0xbf, 0x48, 0x98, 0x20, 0x90, 0x6b, 0x00, 0x98, 0xb3, 0x87, 0xaf, 0xb2, 0xca, - 0x4d, 0x70, 0x4c, 0xed, 0x23, 0x7c, 0x27, 0x0a, 0x0a, 0xb2, 0xaf, 0x5b, 0xb7, 0x54, 0x67, 0x0b, - 0x67, 0x1f, 0x06, 0xdb, 0x02, 0x3d, 0x41, 0x60, 0xcd, 0x53, 0x55, 0xc0, 0x70, 0xd2, 0x3c, 0xad, - 0x9f, 0x34, 0x6d, 0xf0, 0x8a, 0xfa, 0x60, 0xf4, 0x08, 0x3a, 0x81, 0xf8, 0x39, 0x46, 0x7c, 0x84, - 0xab, 0x3e, 0x13, 0x3d, 0x07, 0x23, 0xf3, 0x34, 0x88, 0xd6, 0xd7, 0x97, 0xc5, 0xab, 0x48, 0x4c, - 0x7f, 0x14, 0xf1, 0x26, 0x6a, 0x14, 0xe9, 0x8f, 0xa8, 0x48, 0x44, 0x52, 0x83, 0x32, 0x0f, 0x33, - 0x49, 0x0c, 0x29, 0x9c, 0xbd, 0x45, 0xae, 0x4b, 0xc4, 0xc5, 0xcb, 0x07, 0x74, 0x2b, 0xbe, 0x82, - 0xdb, 0x83, 0x4f, 0x16, 0xe5, 0x55, 0x78, 0xb5, 0x7d, 0x80, 0xed, 0x3b, 0xab, 0x3c, 0x12, 0xa3, - 0x35, 0xb3, 0x97, 0x82, 0x54, 0x61, 0x7c, 0xde, 0x6f, 0x75, 0x9c, 0xc8, 0xc3, 0x7c, 0x43, 0xfb, - 0x62, 0xa2, 0xe2, 0x5e, 0xb7, 0xa1, 0x16, 0xe8, 0x09, 0xe4, 0x95, 0x02, 0x72, 0x0b, 0x26, 0x2c, - 0xbf, 0xcb, 0xc6, 0x47, 0x6c, 0x44, 0xc4, 0x5c, 0x8c, 0x5f, 0x0f, 0x61, 0xc3, 0x68, 0x8b, 0x73, - 0x23, 0xed, 0x7a, 0x8d, 0x46, 0x45, 0x56, 0x32, 0x36, 0xf5, 0xea, 0x04, 0x54, 0x2f, 0xe2, 0xf6, - 0x30, 0xcb, 0xf0, 0x07, 0xdc, 0x80, 0xb1, 0x7a, 0x7d, 0x75, 0x9d, 0x86, 0xd1, 0xad, 0xa6, 0xff, - 0x00, 0xe7, 0x5f, 0x51, 0x3e, 0x0c, 0xeb, 0xdb, 0x11, 0x0d, 0x23, 0x7b, 0xbb, 0xe9, 0x3f, 0xb0, - 0x54, 0x2c, 0xf2, 0x65, 0x25, 0xa3, 0x3e, 0xae, 0xbc, 0x93, 0xc7, 0xae, 0xbc, 0xa9, 0x6c, 0xfb, - 0x6c, 0xfd, 0xcd, 0xcc, 0xb6, 0xcf, 0xd0, 0xc9, 0xdb, 0xe2, 0x49, 0x91, 0xaa, 0xeb, 0x06, 0x34, - 0x0c, 0xf1, 0xe2, 0xb4, 0x88, 0x58, 0xe3, 0xe7, 0x64, 0x0e, 0x2f, 0x88, 0x39, 0x58, 0x1a, 0x3e, - 0x9a, 0x36, 0xf5, 0xea, 0xdd, 0xe5, 0x64, 0x7d, 0xfe, 0x64, 0x9d, 0x41, 0x6b, 0x6d, 0x3b, 0xe2, - 0x0c, 0xfa, 0x1e, 0x4c, 0xa7, 0xba, 0x41, 0x9a, 0x36, 0x1a, 0x38, 0x6d, 0xda, 0xa4, 0x68, 0xac, - 0x14, 0xb6, 0xf9, 0x1f, 0x86, 0x53, 0x7c, 0x85, 0xdf, 0xd9, 0x84, 0x61, 0x6e, 0xb9, 0xa8, 0xd9, - 0x5b, 0xb9, 0x5d, 0x63, 0x89, 0x12, 0x72, 0x0e, 0xf2, 0xf5, 0xfa, 0xaa, 0x9a, 0x5b, 0x3a, 0x0c, - 0x7d, 0x8b, 0xc1, 0xd8, 0x08, 0xa1, 0x4b, 0x59, 0xb9, 0x27, 0xcb, 0x34, 0x84, 0x78, 0x1e, 0xff, - 0x85, 0xc4, 0x3c, 0x28, 0x24, 0xfd, 0x2d, 0xcc, 0x83, 0xc4, 0x28, 0x98, 0x87, 0xd9, 0x6a, 0x18, - 0xd2, 0x80, 0x3f, 0xcd, 0xd2, 0x0e, 0xbb, 0x2d, 0x1a, 0x88, 0x25, 0x4c, 0x28, 0x42, 0xac, 0xd4, - 0x69, 0x84, 0x56, 0x5f, 0x44, 0x72, 0x19, 0x8a, 0xd5, 0xae, 0xeb, 0xd1, 0x76, 0x43, 0xbb, 0xa9, - 0xe3, 0x08, 0x98, 0x15, 0x97, 0x92, 0xf7, 0xe1, 0xb4, 0x20, 0x92, 0x76, 0x8c, 0xe8, 0x81, 0x91, - 0x44, 0x43, 0xc8, 0x25, 0x56, 0x5a, 0x3f, 0xb6, 0xe8, 0x92, 0x6c, 0x4a, 0x52, 0x85, 0xf2, 0x22, - 0xc6, 0x5c, 0x2c, 0xd0, 0xb0, 0x11, 0x78, 0x9d, 0xc8, 0x0f, 0xc4, 0xc3, 0x07, 0x68, 0x10, 0xf1, - 0x78, 0x0c, 0xdb, 0x8d, 0x0b, 0xad, 0x1e, 0x74, 0x72, 0x07, 0xa6, 0xd3, 0x30, 0xa6, 0xf8, 0x46, - 0x93, 0x47, 0x6c, 0x7b, 0xb8, 0xa0, 0xea, 0xcb, 0xa2, 0x22, 0x5b, 0x30, 0x55, 0x8d, 0xa2, 0xc0, - 0xdb, 0xea, 0x46, 0x34, 0x65, 0x11, 0xc9, 0x43, 0x8b, 0xb8, 0x5c, 0x5a, 0x45, 0x4f, 0x09, 0x61, - 0x9c, 0x76, 0x62, 0xca, 0xd8, 0x32, 0xb2, 0x7a, 0xd9, 0x11, 0x37, 0x7e, 0x07, 0x5b, 0xbc, 0x15, - 0x2d, 0xee, 0x75, 0xca, 0xc3, 0xa1, 0x6a, 0xb8, 0xdf, 0x6a, 0xd1, 0x28, 0xc0, 0xd5, 0x04, 0xdf, - 0x92, 0x36, 0x45, 0x3c, 0xe1, 0x79, 0xe5, 0xf9, 0x77, 0x7c, 0x2f, 0x5c, 0x0b, 0xb5, 0xd6, 0x78, - 0x6a, 0x56, 0x69, 0x69, 0x40, 0xab, 0xb4, 0x09, 0x53, 0x8b, 0xed, 0x46, 0xb0, 0x8f, 0xd7, 0xe8, - 0xe5, 0xc7, 0x8d, 0x1f, 0xf3, 0x71, 0xf2, 0xa1, 0xb8, 0x0b, 0x8e, 0x94, 0xb0, 0xac, 0xcf, 0xeb, - 0x65, 0x6c, 0xfe, 0x8f, 0x61, 0xae, 0xb8, 0x54, 0xe3, 0xe3, 0x8c, 0x92, 0x31, 0x50, 0x8d, 0xdd, - 0x49, 0x19, 0x25, 0xb9, 0x93, 0x18, 0x25, 0xf9, 0xe3, 0x8d, 0x92, 0xc2, 0x71, 0x46, 0x49, 0xca, - 0x6a, 0x18, 0x3a, 0xb1, 0xd5, 0x30, 0x7c, 0x02, 0xab, 0x61, 0x64, 0x50, 0xab, 0x41, 0xb3, 0x7c, - 0x8a, 0xc7, 0x59, 0x3e, 0xff, 0xdf, 0xc6, 0x78, 0x52, 0x6d, 0x8c, 0xac, 0x25, 0xf0, 0x24, 0x36, - 0x86, 0xf9, 0x57, 0xa0, 0x9c, 0x56, 0x5b, 0xc7, 0x5f, 0xb1, 0x7c, 0x6c, 0x37, 0xaa, 0x98, 0x52, - 0x4d, 0xab, 0x0d, 0x66, 0xe6, 0xaf, 0x05, 0xde, 0x7d, 0x27, 0xa2, 0x49, 0x5a, 0x7e, 0x34, 0xf3, - 0x3b, 0x1c, 0x8a, 0xf3, 0x43, 0x41, 0x89, 0x57, 0xcc, 0x5c, 0xd6, 0x8a, 0x69, 0x7e, 0x33, 0x07, - 0x53, 0xfc, 0x12, 0xc8, 0x93, 0xef, 0xe2, 0x79, 0x5b, 0xb3, 0x83, 0xe4, 0x11, 0x5e, 0xaa, 0x75, - 0x47, 0x38, 0x79, 0x3e, 0x80, 0xd3, 0x3d, 0x5d, 0x81, 0xb6, 0xd0, 0x82, 0xbc, 0x7e, 0xd3, 0x63, - 0x0d, 0xcd, 0x66, 0x57, 0xb2, 0x71, 0xc3, 0xea, 0xa1, 0x30, 0xff, 0x3c, 0xd7, 0xc3, 0x5f, 0xb8, - 0x7b, 0x54, 0x07, 0x8e, 0x71, 0x32, 0x07, 0x4e, 0x6e, 0x30, 0x07, 0x4e, 0x4a, 0x0f, 0xe7, 0x07, - 0xd1, 0xc3, 0xef, 0xc3, 0xf8, 0x3a, 0x75, 0x5a, 0xe1, 0xba, 0x2f, 0xae, 0xd7, 0xf3, 0x0b, 0xa9, - 0xf2, 0x76, 0x0d, 0x2b, 0x93, 0x4b, 0x79, 0x9c, 0x9a, 0x23, 0x62, 0x04, 0x4c, 0x81, 0xf0, 0xfb, - 0xf6, 0x96, 0xce, 0x41, 0xb5, 0xcf, 0x86, 0x8e, 0xb0, 0xcf, 0xea, 0x50, 0x12, 0x74, 0xc9, 0xbd, - 0x52, 0xe5, 0xe9, 0x43, 0xea, 0xe0, 0x2b, 0xf3, 0xa1, 0xac, 0x3d, 0xce, 0x19, 0x17, 0xd7, 0xce, - 0x6d, 0x08, 0x8d, 0x89, 0xf9, 0x0f, 0x46, 0xa4, 0xa4, 0x7f, 0xbc, 0xbb, 0x76, 0x7d, 0x1f, 0x9e, - 0x3f, 0xe1, 0x3e, 0xbc, 0x70, 0xdc, 0x6a, 0xa4, 0xad, 0x8e, 0x43, 0x27, 0x58, 0x1d, 0x87, 0x1f, - 0x65, 0x4f, 0x3d, 0x72, 0xc2, 0xf5, 0x2e, 0x25, 0x6f, 0xc5, 0x41, 0xe4, 0x2d, 0x73, 0x8d, 0x1c, - 0x7d, 0xf4, 0x35, 0x12, 0x4e, 0xbc, 0x46, 0x2a, 0xa9, 0xe4, 0xc7, 0x06, 0x4a, 0x25, 0x6f, 0x0c, - 0x90, 0x4a, 0xfe, 0x13, 0xb5, 0xf0, 0x7e, 0x25, 0x7b, 0xe1, 0x3d, 0x5a, 0xe7, 0x9e, 0x68, 0xe9, - 0x0d, 0xf0, 0xb3, 0x36, 0x9d, 0x80, 0x19, 0xe7, 0x21, 0xb9, 0x06, 0x23, 0xf2, 0x86, 0x97, 0x91, - 0xec, 0x73, 0x7a, 0xaf, 0x76, 0x49, 0x2c, 0x66, 0xc7, 0x4b, 0x62, 0x11, 0x0d, 0xcd, 0x2f, 0xb3, - 0x08, 0x98, 0x76, 0x99, 0x45, 0xc0, 0xcc, 0xbf, 0x53, 0x90, 0xa2, 0xcf, 0x8c, 0x57, 0x91, 0xd9, - 0xb5, 0xe7, 0x65, 0x40, 0xe3, 0xe4, 0x2f, 0x03, 0x7e, 0x84, 0xeb, 0x71, 0x4a, 0xfe, 0xa6, 0xfc, - 0x00, 0xf9, 0x9b, 0x5e, 0xd7, 0x92, 0x1f, 0x15, 0x92, 0x6c, 0x1b, 0x4c, 0x1c, 0x8e, 0x4e, 0x7b, - 0x74, 0x53, 0xcd, 0x52, 0x34, 0x94, 0x04, 0x8e, 0x23, 0xe5, 0x11, 0xf9, 0x89, 0x62, 0x4b, 0x66, - 0xf8, 0x24, 0x57, 0x45, 0x47, 0xfe, 0x9f, 0x5e, 0x15, 0x5d, 0x04, 0x50, 0xd2, 0x7d, 0x72, 0x37, - 0xe3, 0x0b, 0xac, 0x9b, 0x8e, 0x4f, 0xf5, 0xa9, 0x10, 0x9a, 0x7f, 0x3a, 0x05, 0x53, 0xf5, 0xfa, - 0xea, 0x82, 0xe7, 0xec, 0xb4, 0xfd, 0x30, 0xf2, 0x1a, 0x4b, 0xed, 0x6d, 0x9f, 0x2d, 0xe3, 0xf1, - 0x34, 0x52, 0xae, 0x2d, 0x26, 0x53, 0x28, 0x2e, 0x66, 0x66, 0xe2, 0x62, 0x10, 0xc4, 0x8f, 0x5d, - 0xa2, 0x99, 0x48, 0x19, 0xc0, 0xe2, 0x70, 0xb6, 0x52, 0xd6, 0xbb, 0x3c, 0x6f, 0x23, 0xf7, 0xfc, - 0xe2, 0x4a, 0x19, 0x72, 0x90, 0x25, 0xcb, 0x08, 0xed, 0x15, 0x58, 0x61, 0x39, 0x9d, 0xd5, 0x2e, - 0x9c, 0x26, 0xc5, 0xe2, 0x25, 0x7c, 0xae, 0xc4, 0xf1, 0xea, 0x48, 0x07, 0xe1, 0xaa, 0x0b, 0xbe, - 0x67, 0x0e, 0xec, 0xc3, 0x69, 0xdc, 0x71, 0x9e, 0x74, 0x8b, 0x7f, 0x45, 0xac, 0xcc, 0x26, 0x5e, - 0x75, 0xce, 0xd8, 0xe7, 0xab, 0x0f, 0xe2, 0x65, 0xd6, 0x40, 0xbe, 0x69, 0xc0, 0xd3, 0x99, 0x25, - 0xf1, 0xec, 0x1e, 0xd3, 0x2e, 0xfd, 0x2a, 0x4a, 0x03, 0x73, 0x5d, 0xbe, 0xdc, 0xaf, 0x6a, 0x3b, - 0x43, 0x15, 0x1c, 0x5d, 0x13, 0xf9, 0xa7, 0x06, 0x9c, 0xd5, 0x30, 0x70, 0x15, 0x6f, 0xd1, 0x76, - 0x14, 0xa2, 0x32, 0xef, 0x2b, 0xd7, 0x1f, 0x3e, 0x1e, 0xb9, 0x7e, 0x4e, 0x6f, 0x0b, 0x7f, 0x80, - 0x08, 0xab, 0x57, 0xcf, 0x7b, 0xfa, 0x7c, 0x21, 0xb9, 0x0f, 0x53, 0x58, 0x24, 0xdd, 0x0d, 0x4c, - 0x66, 0x85, 0x97, 0x62, 0x26, 0xf9, 0xec, 0xf9, 0x6e, 0x18, 0xf9, 0x2d, 0xcc, 0x6d, 0x37, 0xf7, - 0xfd, 0x83, 0xca, 0xb8, 0x86, 0x8e, 0x79, 0x42, 0xf0, 0x1b, 0x62, 0x9f, 0x85, 0xd7, 0xde, 0xf6, - 0xb5, 0x27, 0x36, 0xd2, 0x55, 0x90, 0x7f, 0x61, 0xc0, 0x2c, 0x83, 0xf2, 0x66, 0xdc, 0x0a, 0xfc, - 0x56, 0x5c, 0x2e, 0xcf, 0x72, 0xfa, 0x74, 0x5b, 0xf3, 0xf1, 0x74, 0xdb, 0x0b, 0xf8, 0xc9, 0x5c, - 0x27, 0xd8, 0xdb, 0x81, 0xdf, 0x4a, 0x3e, 0x5f, 0xcb, 0x3e, 0xd9, 0xef, 0x23, 0xc9, 0xcf, 0x18, - 0x70, 0x4e, 0xdb, 0x4b, 0xaa, 0x59, 0x36, 0x66, 0x27, 0xb5, 0x83, 0x3f, 0xb5, 0xa8, 0x76, 0x55, - 0xc8, 0xff, 0x25, 0xfc, 0x82, 0x64, 0xb5, 0xc0, 0x6f, 0xb1, 0x5b, 0x1c, 0x4b, 0xf9, 0x84, 0xfe, - 0xb5, 0x10, 0x0f, 0xa6, 0xd0, 0x65, 0xae, 0x9d, 0x39, 0xce, 0xf4, 0x3f, 0x73, 0xbc, 0x24, 0xaa, - 0x7e, 0x06, 0x33, 0x19, 0xf4, 0x3f, 0x78, 0xec, 0xe5, 0x4a, 0x7e, 0x12, 0xce, 0xf5, 0x00, 0xe3, - 0xd9, 0x76, 0xba, 0xef, 0x6c, 0x7b, 0xf9, 0xf0, 0xa0, 0xf2, 0x62, 0x56, 0x6d, 0x59, 0x33, 0xad, - 0x7f, 0x0d, 0xc4, 0x01, 0x48, 0x0a, 0x67, 0xcf, 0x1c, 0x21, 0xa0, 0x2f, 0x0b, 0xf9, 0x50, 0xf0, - 0x99, 0x2e, 0x57, 0xbe, 0x41, 0x5d, 0xf2, 0x12, 0x24, 0x42, 0xa1, 0xa4, 0x64, 0x71, 0xd8, 0x9f, - 0x3d, 0x7b, 0x54, 0x25, 0xdf, 0x3f, 0xa8, 0x68, 0xd8, 0xcc, 0x90, 0x54, 0xd3, 0x43, 0xa8, 0x86, - 0xa4, 0x86, 0x48, 0x7e, 0xcf, 0x80, 0x19, 0x06, 0x48, 0x84, 0x4a, 0x34, 0x6a, 0xf6, 0x28, 0xa9, - 0xdf, 0x7d, 0x3c, 0x52, 0xff, 0x2c, 0x7e, 0xa3, 0x2a, 0xf5, 0x3d, 0x5d, 0x92, 0xf9, 0x71, 0x28, - 0xed, 0xda, 0xe9, 0x8c, 0x26, 0xed, 0xe7, 0x06, 0x90, 0x76, 0x3e, 0x00, 0xc7, 0x4b, 0x7b, 0xdf, - 0x5a, 0xc8, 0x3a, 0x94, 0x84, 0x0d, 0xc9, 0x3b, 0xec, 0x19, 0xed, 0xd2, 0xb8, 0x5a, 0xc4, 0x0d, - 0x7b, 0x91, 0xe4, 0xa2, 0xa7, 0x85, 0x1a, 0x17, 0xd2, 0x86, 0x69, 0xfe, 0x5b, 0xdf, 0xd7, 0x56, - 0xfa, 0xee, 0x6b, 0x2f, 0x8b, 0x16, 0x5d, 0x14, 0xfc, 0x53, 0xdb, 0x5b, 0xa5, 0xa2, 0x2c, 0xc6, - 0xa4, 0x03, 0x44, 0x03, 0xf3, 0x49, 0x7b, 0xf1, 0xe8, 0xdd, 0xec, 0x8b, 0xa2, 0xce, 0x4a, 0xba, - 0xce, 0xf4, 0xcc, 0xcd, 0xe0, 0x4d, 0x1c, 0x98, 0x14, 0x50, 0xb6, 0x59, 0x44, 0x0d, 0xff, 0xac, - 0x76, 0x35, 0x23, 0x55, 0xca, 0x13, 0x64, 0xca, 0x9a, 0x30, 0x06, 0x3e, 0xa5, 0xd0, 0xd3, 0xfc, - 0xcc, 0x6f, 0x18, 0x3d, 0x75, 0xb0, 0x4d, 0x29, 0xfe, 0x50, 0x6e, 0x97, 0xe2, 0xa6, 0x94, 0x73, - 0xc4, 0xcd, 0x71, 0x82, 0xc0, 0x6c, 0x1b, 0xf5, 0xa6, 0x4d, 0x5e, 0x3c, 0x30, 0xc1, 0x41, 0xc9, - 0x86, 0xa9, 0x22, 0x43, 0x37, 0xf2, 0x89, 0x8d, 0x84, 0xa1, 0x1b, 0x22, 0x60, 0xc3, 0xfc, 0x99, - 0x9c, 0x2e, 0x25, 0xe4, 0xb2, 0x62, 0x66, 0x2b, 0x77, 0x7d, 0xa4, 0x99, 0xad, 0x18, 0xd7, 0xbf, - 0x69, 0xc0, 0xf4, 0x6a, 0xb0, 0xe3, 0xb4, 0xbd, 0x9f, 0xe0, 0x37, 0x81, 0x7d, 0xec, 0xc6, 0x38, - 0xfa, 0xf2, 0x63, 0xcd, 0x04, 0xe6, 0x2b, 0x15, 0xb3, 0x81, 0xc5, 0x11, 0xb6, 0xb2, 0xbe, 0x07, - 0xa3, 0xe6, 0xf0, 0xc3, 0x94, 0x84, 0x6c, 0x1c, 0x9d, 0xc3, 0xcd, 0x6f, 0xe5, 0x60, 0x4c, 0x91, - 0x58, 0xf2, 0x69, 0x28, 0xa9, 0x7c, 0x54, 0x87, 0x86, 0x5a, 0xad, 0xa5, 0x61, 0xa1, 0x47, 0x83, - 0x3a, 0x2d, 0xcd, 0xa3, 0xc1, 0xe4, 0x12, 0xa1, 0x27, 0xdc, 0x89, 0xbc, 0x93, 0xb1, 0x13, 0x39, - 0x51, 0x1a, 0xd6, 0x37, 0x7b, 0xf7, 0x23, 0x83, 0x67, 0x4d, 0x35, 0xbf, 0x63, 0x40, 0x39, 0x3d, - 0xa7, 0x3e, 0x96, 0x5e, 0x39, 0x81, 0x23, 0xf7, 0xe7, 0x72, 0x50, 0x5e, 0x0f, 0xd8, 0x76, 0xdb, - 0x95, 0x21, 0xdb, 0x4f, 0xea, 0x59, 0xf3, 0x5b, 0x9a, 0x8f, 0xf5, 0xa9, 0x78, 0x19, 0x50, 0x1b, - 0x77, 0xc4, 0xa5, 0xa4, 0xc2, 0x2f, 0xff, 0x7a, 0xe5, 0x94, 0xf9, 0x05, 0x98, 0x49, 0x77, 0x07, - 0xfa, 0x59, 0xab, 0x30, 0xa9, 0xc3, 0xd3, 0xf9, 0x9a, 0xd2, 0x54, 0x56, 0x1a, 0xdf, 0xfc, 0xa3, - 0x5c, 0x9a, 0xb7, 0x38, 0x77, 0x66, 0x4a, 0xa7, 0xed, 0x6c, 0x35, 0xe3, 0x94, 0x32, 0xe2, 0x55, - 0x1b, 0x04, 0x59, 0xb2, 0xec, 0x24, 0x99, 0xbb, 0xe2, 0x88, 0xd6, 0x7c, 0x76, 0x44, 0x2b, 0xb9, - 0x99, 0x8a, 0x50, 0x28, 0x24, 0x0f, 0xd8, 0x3c, 0xa0, 0x5b, 0x76, 0x12, 0xa5, 0xa0, 0x47, 0x26, - 0x90, 0x79, 0x98, 0xd1, 0x2e, 0x85, 0x4b, 0xfa, 0xa1, 0xc4, 0x97, 0x18, 0x61, 0x01, 0x27, 0xce, - 0x44, 0xc6, 0xb7, 0xdf, 0xfc, 0x26, 0xdb, 0x89, 0x09, 0xf7, 0xa9, 0xfa, 0xf8, 0x87, 0x5c, 0x6b, - 0xe4, 0x4d, 0x11, 0x82, 0x29, 0x57, 0x5b, 0x4e, 0x47, 0xcb, 0x62, 0xcc, 0x11, 0xcd, 0x3f, 0x31, - 0xd8, 0xfc, 0x6f, 0xec, 0x7d, 0xc2, 0x72, 0x8a, 0xb1, 0x26, 0x1d, 0x11, 0x16, 0xf1, 0xef, 0x0c, - 0x9e, 0x15, 0x48, 0x88, 0xcf, 0xeb, 0x30, 0xbc, 0xee, 0x04, 0x3b, 0x34, 0x12, 0xf9, 0x6b, 0x54, - 0x2e, 0xbc, 0x20, 0xb9, 0x15, 0x14, 0xe1, 0x6f, 0x4b, 0x10, 0xa8, 0xae, 0xab, 0xdc, 0x40, 0xae, - 0x2b, 0xc5, 0xfd, 0x98, 0x7f, 0x5c, 0xee, 0x47, 0xf3, 0xcf, 0x73, 0xbc, 0x3d, 0xe2, 0xa3, 0x06, - 0x7d, 0x03, 0xed, 0x12, 0x14, 0x98, 0x1c, 0xa8, 0x0f, 0xcd, 0x31, 0x59, 0xd1, 0x1e, 0xc5, 0xf7, - 0x9b, 0x78, 0xac, 0x85, 0xfa, 0x5f, 0x4d, 0x63, 0x87, 0x4b, 0x84, 0x3a, 0x6f, 0x10, 0x03, 0xdf, - 0x1f, 0xf6, 0x5d, 0xaa, 0x4e, 0x87, 0xb6, 0xfe, 0x54, 0x34, 0x96, 0x93, 0x9b, 0x4a, 0x36, 0x19, - 0x35, 0xa2, 0xb4, 0xb5, 0xed, 0xd8, 0x3c, 0x8b, 0x89, 0xba, 0x02, 0x24, 0x89, 0x67, 0x16, 0x61, - 0x42, 0x4f, 0xae, 0x2b, 0xc2, 0x33, 0x30, 0x2f, 0x65, 0x2a, 0x31, 0xaf, 0xea, 0x67, 0xd5, 0x89, - 0x48, 0x0d, 0xc6, 0xb5, 0x44, 0xa6, 0xea, 0xb3, 0x9d, 0xfc, 0xdd, 0x0c, 0xbb, 0x37, 0xf5, 0xb7, - 0x4e, 0xa2, 0x5c, 0x53, 0xf8, 0x14, 0x94, 0xc5, 0xcc, 0x8c, 0x33, 0x0a, 0xe2, 0xc9, 0xdc, 0xd2, - 0x82, 0xa5, 0xce, 0xa6, 0x86, 0xe7, 0x06, 0x16, 0x42, 0xcd, 0xef, 0x1a, 0x70, 0x6e, 0x85, 0x46, - 0x0f, 0xfc, 0x60, 0xcf, 0xa2, 0x61, 0x14, 0x78, 0x3c, 0x41, 0x21, 0xca, 0xe3, 0xa7, 0xc9, 0x9b, - 0xf2, 0x49, 0x1e, 0x5d, 0x41, 0xa6, 0xeb, 0xa8, 0x8d, 0x0b, 0xa1, 0x1c, 0xc2, 0x47, 0x79, 0xe4, - 0x53, 0x3c, 0xaf, 0x8b, 0xa7, 0x78, 0x72, 0x47, 0x13, 0xc7, 0xf3, 0xc2, 0xa5, 0x6d, 0xf9, 0x04, - 0xcf, 0x77, 0x72, 0x70, 0x3a, 0xe3, 0xb3, 0x36, 0x3e, 0xfd, 0x84, 0x2a, 0x87, 0x9a, 0xa6, 0x1c, - 0xe4, 0x5b, 0x6d, 0x7d, 0x3b, 0x3e, 0x53, 0x57, 0xfc, 0xaa, 0x01, 0x67, 0x75, 0xe9, 0x11, 0x51, - 0x3b, 0x1b, 0x37, 0xc8, 0x1b, 0x30, 0x7c, 0x9b, 0x3a, 0x2e, 0x95, 0x89, 0xaf, 0x4e, 0xa7, 0x1e, - 0xb6, 0xe4, 0x85, 0x9c, 0xed, 0x1f, 0xf1, 0xa9, 0x7c, 0xca, 0x12, 0x24, 0x64, 0x41, 0x7c, 0x1c, - 0x37, 0x4b, 0x4d, 0x79, 0x3f, 0x26, 0xab, 0xaa, 0x23, 0xce, 0x35, 0xbf, 0x6f, 0xc0, 0x53, 0x47, - 0xd0, 0xb0, 0x81, 0x63, 0x43, 0xaf, 0x0e, 0x1c, 0x2e, 0x2c, 0x08, 0x25, 0x6f, 0xc3, 0xe4, 0xba, - 0x30, 0x6b, 0xe5, 0x70, 0x28, 0xef, 0x81, 0x4b, 0x8b, 0xd7, 0x96, 0xe3, 0x92, 0x46, 0x66, 0x46, - 0xf9, 0x6d, 0x3f, 0x8c, 0xda, 0xc9, 0xeb, 0x06, 0x68, 0x94, 0xef, 0x0a, 0x98, 0x15, 0x97, 0x92, - 0x1b, 0x18, 0x7a, 0xf3, 0x70, 0x7f, 0x69, 0x41, 0xda, 0x8d, 0x78, 0xee, 0xc3, 0xd7, 0x49, 0xfd, - 0xad, 0xcf, 0x18, 0x91, 0xd9, 0x12, 0x7a, 0xdb, 0xc4, 0xcd, 0xd5, 0xe7, 0x60, 0x98, 0x31, 0x8e, - 0xcf, 0xf4, 0x50, 0x78, 0x30, 0x7d, 0xb4, 0xe7, 0x5a, 0xa2, 0x28, 0x3e, 0xcb, 0xcf, 0x65, 0x5e, - 0x30, 0xf9, 0x96, 0x01, 0x65, 0x9d, 0xf7, 0xa3, 0x8e, 0xe7, 0x5b, 0xda, 0x78, 0x3e, 0x95, 0x3d, - 0x9e, 0xfd, 0x07, 0xb2, 0x27, 0x3b, 0xf9, 0x40, 0x03, 0x68, 0xc2, 0xf0, 0x82, 0xdf, 0x72, 0xbc, - 0xb6, 0x9a, 0xd8, 0xda, 0x45, 0x88, 0x25, 0x4a, 0x94, 0xde, 0xca, 0xf7, 0xed, 0x2d, 0xf3, 0xe7, - 0x0b, 0x70, 0xce, 0xa2, 0x3b, 0x1e, 0xb3, 0xaa, 0xee, 0x85, 0x5e, 0x7b, 0x47, 0xbb, 0xfe, 0x63, - 0xa6, 0x3a, 0x5c, 0x24, 0x3d, 0x60, 0x90, 0xb8, 0xbf, 0x5f, 0x82, 0x22, 0x53, 0xed, 0x4a, 0x9f, - 0xa3, 0x87, 0x1c, 0xdf, 0x85, 0xe0, 0xc2, 0x20, 0x8b, 0xc9, 0x15, 0xb1, 0xf0, 0x28, 0x69, 0x69, - 0xd8, 0xc2, 0xf3, 0xa3, 0x83, 0x0a, 0xf0, 0x57, 0x7c, 0x59, 0xa9, 0x58, 0x7c, 0x62, 0x4b, 0xac, - 0xd0, 0xc7, 0x12, 0xbb, 0x0b, 0x33, 0x55, 0x97, 0x2b, 0x35, 0xa7, 0xb9, 0x16, 0x78, 0xed, 0x86, - 0xd7, 0x71, 0x9a, 0x72, 0x77, 0x81, 0xe7, 0x24, 0x4e, 0x5c, 0x6e, 0x77, 0x62, 0x04, 0x2b, 0x93, - 0x8c, 0x35, 0x63, 0x61, 0xa5, 0xce, 0xd3, 0xfe, 0xf3, 0xc3, 0x0f, 0x6c, 0x86, 0xdb, 0x0e, 0x79, - 0xde, 0x7f, 0x2b, 0x2e, 0x46, 0x1b, 0x10, 0x4f, 0x63, 0xd7, 0x97, 0xeb, 0x49, 0x14, 0x34, 0xbf, - 0x35, 0xcf, 0x4f, 0x6c, 0xa3, 0x66, 0x88, 0xa7, 0xb6, 0x1a, 0x5e, 0x42, 0x57, 0xaf, 0xdf, 0x66, - 0x74, 0xc5, 0x1e, 0xba, 0x30, 0xdc, 0x55, 0xe9, 0x38, 0x1e, 0xb9, 0x06, 0xc0, 0xef, 0x1d, 0xa3, - 0x40, 0x8c, 0x26, 0x16, 0x63, 0x80, 0x50, 0x6e, 0x31, 0x2a, 0x28, 0xe4, 0x4d, 0x98, 0x5e, 0x9c, - 0x9f, 0x93, 0x2e, 0xab, 0x05, 0xbf, 0xd1, 0x6d, 0xd1, 0x76, 0x84, 0x87, 0xa6, 0x25, 0x3e, 0x86, - 0xb4, 0x31, 0xc7, 0xa4, 0x20, 0x0b, 0x4d, 0x24, 0x72, 0xe2, 0x69, 0x00, 0xe7, 0x7d, 0x97, 0x86, - 0x1b, 0xd7, 0x3f, 0x61, 0x89, 0x9c, 0x94, 0xb6, 0xe1, 0x6c, 0xbb, 0x9e, 0x39, 0x33, 0xff, 0x06, - 0x26, 0x72, 0xea, 0xc1, 0x25, 0x3f, 0x06, 0x43, 0xf8, 0x53, 0x2c, 0xd3, 0xd3, 0x19, 0x6c, 0x93, - 0x25, 0xba, 0xc1, 0x13, 0xa9, 0x23, 0x01, 0x59, 0x4a, 0xde, 0x48, 0x3f, 0x41, 0x3a, 0x12, 0x91, - 0x4b, 0x54, 0x7b, 0x19, 0xdd, 0x74, 0xa1, 0xa4, 0x56, 0xc8, 0x64, 0xe4, 0xb6, 0x13, 0xee, 0x52, - 0x97, 0xfd, 0x12, 0x99, 0xc4, 0x50, 0x46, 0x76, 0x11, 0x6a, 0xb3, 0xef, 0xb0, 0x14, 0x14, 0xa6, - 0x1d, 0x96, 0xc2, 0x7b, 0xa1, 0xf8, 0x14, 0xb1, 0x75, 0xf2, 0x70, 0x1b, 0xee, 0x5a, 0xa2, 0x08, - 0xb5, 0xa5, 0x3c, 0x22, 0x0b, 0x9c, 0xc6, 0x1e, 0x0d, 0x36, 0xae, 0x7f, 0x1c, 0xda, 0x52, 0xaf, - 0xe3, 0x88, 0x31, 0xf9, 0x3a, 0xc4, 0xef, 0x00, 0x68, 0xc8, 0xcc, 0xb0, 0x4c, 0x2e, 0x51, 0x1a, - 0x89, 0x61, 0x99, 0x5c, 0xa2, 0x54, 0x0d, 0xcb, 0x18, 0x35, 0x7e, 0x88, 0x34, 0x77, 0xcc, 0x43, - 0xa4, 0x7d, 0x1e, 0x5d, 0x96, 0xf9, 0x37, 0x3e, 0x41, 0xcf, 0xe3, 0x7f, 0x16, 0x4a, 0xd5, 0x28, - 0x72, 0x1a, 0xbb, 0xd4, 0xc5, 0x07, 0x6f, 0x95, 0x6b, 0x5c, 0x8e, 0x80, 0xab, 0xce, 0x58, 0x15, - 0x97, 0xbc, 0x02, 0xc3, 0xda, 0x7b, 0xf8, 0x68, 0x4e, 0xf4, 0xbc, 0x83, 0x2f, 0x70, 0xd8, 0x26, - 0x6a, 0xa9, 0x7d, 0xdf, 0x63, 0x7d, 0x52, 0x4c, 0xf2, 0x78, 0x7b, 0x1c, 0xa4, 0x6a, 0x0d, 0x81, - 0x45, 0x5e, 0x57, 0xcc, 0x8e, 0xd1, 0xc4, 0xfe, 0xe7, 0x7b, 0x33, 0x5b, 0x5a, 0x1f, 0xaa, 0x49, - 0x11, 0xdb, 0x21, 0x37, 0x61, 0x44, 0x6e, 0xb9, 0x21, 0xb1, 0xf9, 0x05, 0x65, 0xfa, 0x56, 0xc1, - 0xbe, 0x25, 0x91, 0x31, 0x85, 0xae, 0x92, 0xea, 0x6b, 0x4c, 0x49, 0xa1, 0xab, 0xa4, 0xfa, 0xd2, - 0x52, 0xe8, 0x2a, 0x49, 0xbf, 0xe2, 0x1d, 0x54, 0xe9, 0xd8, 0x1d, 0xd4, 0x06, 0x94, 0xd6, 0x9c, - 0x20, 0xf2, 0xd8, 0x72, 0xd4, 0x8e, 0xf8, 0xe3, 0x31, 0xc9, 0x06, 0x5f, 0x29, 0x4a, 0xde, 0x4c, - 0xef, 0x28, 0xf8, 0x7a, 0x0e, 0xd2, 0x04, 0x9e, 0x1d, 0x5a, 0x32, 0xf1, 0x28, 0xa1, 0x25, 0xc5, - 0xf8, 0xc9, 0xb4, 0xc9, 0x24, 0x90, 0x27, 0x7e, 0x07, 0x2d, 0xdd, 0xfb, 0xb8, 0xe3, 0xfc, 0x12, - 0x94, 0xd8, 0xff, 0xf8, 0xa0, 0x85, 0x47, 0xf9, 0xe3, 0x30, 0x49, 0x72, 0x00, 0x7d, 0x42, 0xf3, - 0x57, 0x2f, 0xea, 0x34, 0xe2, 0x13, 0x18, 0x19, 0xa7, 0xbd, 0x35, 0x1a, 0x37, 0xf2, 0x0e, 0x94, - 0xd4, 0x97, 0x78, 0x66, 0xa7, 0x92, 0xe0, 0x20, 0x57, 0xc0, 0xd3, 0xa3, 0xa4, 0x11, 0xb0, 0xf5, - 0xab, 0xda, 0xe9, 0x20, 0x2d, 0x51, 0xa4, 0xbd, 0xd3, 0x49, 0x93, 0x49, 0x34, 0xf2, 0x39, 0x28, - 0x55, 0x3b, 0x9d, 0x44, 0xe3, 0x4c, 0x2b, 0xfb, 0xc8, 0x4e, 0xc7, 0xce, 0xd4, 0x3a, 0x1a, 0x05, - 0x13, 0x2c, 0x61, 0xf0, 0x61, 0xbd, 0x33, 0x89, 0x60, 0xc9, 0xf7, 0x65, 0xd2, 0x82, 0xa5, 0xa0, - 0x9b, 0x3f, 0x34, 0xe0, 0x6c, 0x9f, 0x6e, 0xc3, 0xbd, 0x78, 0xe2, 0x2d, 0xe7, 0x7b, 0x71, 0x9d, - 0x55, 0x41, 0x24, 0x38, 0x1b, 0xd1, 0x8d, 0x7f, 0x9c, 0x7e, 0x62, 0x0d, 0x56, 0x1b, 0x2d, 0x57, - 0xe3, 0xec, 0x97, 0x6c, 0xf2, 0x1f, 0xdb, 0x4b, 0x36, 0xe6, 0x81, 0x01, 0x63, 0x8a, 0x30, 0x3f, - 0xc6, 0x37, 0xf4, 0x2f, 0x89, 0x27, 0xdd, 0xf2, 0x09, 0x5e, 0x2b, 0xe5, 0xaf, 0xc0, 0x27, 0xdc, - 0x3e, 0x00, 0x58, 0x76, 0xc2, 0xa8, 0xda, 0x88, 0xbc, 0xfb, 0x74, 0x00, 0xcd, 0x9d, 0xa4, 0x91, - 0x76, 0xf0, 0x29, 0x4e, 0x46, 0xd6, 0x93, 0x46, 0x3a, 0x66, 0x68, 0xae, 0xc0, 0x70, 0xdd, 0x0f, - 0xa2, 0xda, 0x3e, 0x5f, 0x8e, 0x17, 0x68, 0xd8, 0x50, 0x3d, 0x99, 0x1e, 0xfa, 0x34, 0x1a, 0x96, - 0x28, 0x62, 0x36, 0xf1, 0x2d, 0x8f, 0x36, 0x5d, 0x35, 0xc2, 0x64, 0x9b, 0x01, 0x2c, 0x0e, 0xbf, - 0xf2, 0x0e, 0x4c, 0x4a, 0xc1, 0x5e, 0x5f, 0xae, 0x63, 0x0b, 0x26, 0x61, 0x6c, 0x63, 0xd1, 0x5a, - 0xba, 0xf5, 0x05, 0xfb, 0xd6, 0xbd, 0xe5, 0xe5, 0xf2, 0x29, 0x32, 0x0e, 0xa3, 0x02, 0x30, 0x5f, - 0x2d, 0x1b, 0xa4, 0x04, 0xc5, 0xa5, 0x95, 0xfa, 0xe2, 0xfc, 0x3d, 0x6b, 0xb1, 0x9c, 0xbb, 0xf2, - 0x02, 0x4c, 0x24, 0x61, 0xc6, 0x78, 0xb0, 0x33, 0x02, 0x79, 0xab, 0xba, 0x59, 0x3e, 0x45, 0x00, - 0x86, 0xd7, 0xee, 0xcc, 0xd7, 0xaf, 0x5f, 0x2f, 0x1b, 0x57, 0x3e, 0x05, 0x53, 0xb8, 0x59, 0x5b, - 0x66, 0xfb, 0x86, 0x36, 0x0d, 0xb0, 0xa6, 0x12, 0x14, 0xeb, 0xb4, 0xe3, 0x04, 0x4e, 0x44, 0x79, - 0x35, 0x77, 0xbb, 0xcd, 0xc8, 0xeb, 0x34, 0xe9, 0xc3, 0xb2, 0x71, 0xe5, 0x75, 0x98, 0xb4, 0xfc, - 0x6e, 0xe4, 0xb5, 0x77, 0xe4, 0x23, 0xa4, 0xe4, 0x34, 0x4c, 0xdd, 0x5b, 0xa9, 0xde, 0xad, 0x2d, - 0xbd, 0x7b, 0x6f, 0xf5, 0x5e, 0xdd, 0xbe, 0x5b, 0x5d, 0x9f, 0xbf, 0x5d, 0x3e, 0xc5, 0x3e, 0xf8, - 0xee, 0x6a, 0x7d, 0xdd, 0xb6, 0x16, 0xe7, 0x17, 0x57, 0xd6, 0xcb, 0xc6, 0x95, 0x9f, 0x35, 0x60, - 0x82, 0x0d, 0x1a, 0x9a, 0xfd, 0xf7, 0xd0, 0x9b, 0x76, 0x11, 0x2e, 0xdc, 0xab, 0x2f, 0x5a, 0xf6, - 0xfa, 0xea, 0x9d, 0xc5, 0x15, 0xfb, 0x5e, 0xbd, 0xfa, 0xee, 0xa2, 0x7d, 0x6f, 0xa5, 0xbe, 0xb6, - 0x38, 0xbf, 0x74, 0x6b, 0x69, 0x71, 0xa1, 0x7c, 0x8a, 0x54, 0xe0, 0x29, 0x05, 0xc3, 0x5a, 0x9c, - 0x5f, 0xdd, 0x58, 0xb4, 0xec, 0xb5, 0x6a, 0xbd, 0xbe, 0xb9, 0x6a, 0x2d, 0x94, 0x0d, 0x72, 0x1e, - 0xce, 0x64, 0x20, 0xdc, 0xbd, 0x55, 0x2d, 0xe7, 0x7a, 0xca, 0x56, 0x16, 0x37, 0xab, 0xcb, 0x76, - 0x6d, 0x75, 0xbd, 0x9c, 0xbf, 0xf2, 0x0e, 0x33, 0xbc, 0xc4, 0x6b, 0xaa, 0x6c, 0x61, 0x2f, 0x42, - 0x61, 0x65, 0x75, 0x65, 0xb1, 0x7c, 0x8a, 0x8c, 0xc1, 0xc8, 0xda, 0xe2, 0xca, 0xc2, 0xd2, 0xca, - 0xbb, 0xbc, 0x5b, 0xab, 0x6b, 0x6b, 0xd6, 0xea, 0xc6, 0xe2, 0x42, 0x39, 0xc7, 0xfa, 0x6e, 0x61, - 0x71, 0x85, 0x7d, 0x59, 0xfe, 0x8a, 0xc9, 0x1f, 0xf9, 0xd5, 0x9e, 0x0e, 0x64, 0xbd, 0xb5, 0xf8, - 0xf9, 0xf5, 0xc5, 0x95, 0xfa, 0xd2, 0xea, 0x4a, 0xf9, 0xd4, 0x95, 0x0b, 0x29, 0x1c, 0x39, 0x12, - 0xf5, 0xfa, 0xed, 0xf2, 0xa9, 0x2b, 0x5f, 0x82, 0x92, 0x6a, 0x77, 0x90, 0xb3, 0x30, 0xad, 0xfe, - 0x5e, 0xa3, 0x6d, 0xd7, 0x6b, 0xef, 0x94, 0x4f, 0xa5, 0x0b, 0xac, 0x6e, 0xbb, 0xcd, 0x0a, 0xb0, - 0xf1, 0x6a, 0xc1, 0x3a, 0x0d, 0x5a, 0x5e, 0x9b, 0x99, 0x14, 0xe5, 0x5c, 0xad, 0xfc, 0xbd, 0x3f, - 0x7e, 0xe6, 0xd4, 0xf7, 0x7e, 0xf0, 0x8c, 0xf1, 0x47, 0x3f, 0x78, 0xc6, 0xf8, 0x6f, 0x3f, 0x78, - 0xc6, 0xd8, 0x1a, 0x46, 0x41, 0xbf, 0xf1, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x71, 0x46, 0xf4, - 0x45, 0xba, 0xdc, 0x00, 0x00, + proto.RegisterType((*ConnectionDiagnosticV1)(nil), "types.ConnectionDiagnosticV1") + proto.RegisterType((*ConnectionDiagnosticSpecV1)(nil), "types.ConnectionDiagnosticSpecV1") + proto.RegisterType((*ConnectionDiagnosticTrace)(nil), "types.ConnectionDiagnosticTrace") + proto.RegisterType((*ClusterAlert)(nil), "types.ClusterAlert") + proto.RegisterType((*ClusterAlertSpec)(nil), "types.ClusterAlertSpec") + proto.RegisterType((*GetClusterAlertsRequest)(nil), "types.GetClusterAlertsRequest") + proto.RegisterMapType((map[string]string)(nil), "types.GetClusterAlertsRequest.LabelsEntry") +} + +func init() { proto.RegisterFile("teleport/legacy/types/types.proto", fileDescriptor_9198ee693835762e) } + +var fileDescriptor_9198ee693835762e = []byte{ + // 14826 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x6c, 0x1c, 0x49, + 0x76, 0x18, 0xae, 0x9e, 0x19, 0x92, 0xc3, 0xc7, 0x21, 0x39, 0x2c, 0x52, 0x12, 0xa5, 0xd5, 0x2e, + 0xb5, 0xbd, 0xbb, 0x5a, 0xad, 0x76, 0x57, 0x3a, 0x51, 0xb7, 0x3a, 0xef, 0xed, 0xd7, 0xcd, 0x70, + 0x28, 0x91, 0x2b, 0x8a, 0xe4, 0xf5, 0xf0, 0xe3, 0xd6, 0x77, 0x7b, 0x7d, 0xcd, 0xe9, 0x22, 0xd9, + 0xcb, 0x99, 0xe9, 0xb9, 0xee, 0x1e, 0x49, 0xf4, 0xd9, 0xb0, 0x0d, 0xff, 0xce, 0xf7, 0x3b, 0x18, + 0xbe, 0x8f, 0x1f, 0xce, 0x5f, 0x3f, 0x38, 0xb0, 0x63, 0xc4, 0x49, 0x9c, 0xc4, 0x46, 0x62, 0x07, + 0x08, 0x82, 0x00, 0x49, 0x8c, 0x04, 0xc6, 0xe5, 0xdb, 0x40, 0xfe, 0xca, 0x25, 0x61, 0xe2, 0x3b, + 0x23, 0x7f, 0x28, 0x30, 0x10, 0xc0, 0x40, 0x00, 0x9f, 0x63, 0x20, 0xa8, 0x57, 0x55, 0xdd, 0x55, + 0x3d, 0x3d, 0xfc, 0x58, 0x69, 0x11, 0x6b, 0x91, 0x7f, 0x24, 0xce, 0xab, 0xf7, 0x5e, 0x7d, 0xf4, + 0xab, 0x57, 0xaf, 0x5e, 0xbd, 0x7a, 0x05, 0xcf, 0x46, 0xb4, 0x49, 0x3b, 0x7e, 0x10, 0x5d, 0x6b, + 0xd2, 0x1d, 0xa7, 0xb1, 0x7f, 0x2d, 0xda, 0xef, 0xd0, 0x90, 0xff, 0x7b, 0xb5, 0x13, 0xf8, 0x91, + 0x4f, 0x06, 0xf0, 0xc7, 0xf9, 0xa9, 0x1d, 0x7f, 0xc7, 0x47, 0xc8, 0x35, 0xf6, 0x17, 0x2f, 0x3c, + 0x3f, 0xb3, 0xe3, 0xfb, 0x3b, 0x4d, 0x7a, 0x0d, 0x7f, 0x6d, 0x75, 0xb7, 0xaf, 0x45, 0x5e, 0x8b, + 0x86, 0x91, 0xd3, 0xea, 0x08, 0x84, 0x57, 0xb3, 0x2b, 0xb8, 0x1f, 0x38, 0x9d, 0x0e, 0x0d, 0x92, + 0x3f, 0x38, 0xba, 0xf9, 0x57, 0xf3, 0x30, 0x7c, 0x87, 0xd2, 0x4e, 0xa5, 0xe9, 0xdd, 0xa3, 0xe4, + 0x39, 0x28, 0x2c, 0x3b, 0x2d, 0x3a, 0x6d, 0x5c, 0x34, 0x2e, 0x0f, 0x57, 0xc7, 0x1f, 0x1e, 0xcc, + 0x8c, 0x84, 0x34, 0xb8, 0x47, 0x03, 0xbb, 0xed, 0xb4, 0xa8, 0x85, 0x85, 0xe4, 0x65, 0x18, 0x66, + 0xff, 0x87, 0x1d, 0xa7, 0x41, 0xa7, 0x73, 0x88, 0x39, 0xfa, 0xf0, 0x60, 0x66, 0xb8, 0x2d, 0x81, + 0x56, 0x52, 0x4e, 0x2e, 0xc1, 0xd0, 0x12, 0x75, 0x42, 0xba, 0x58, 0x9b, 0xce, 0x5f, 0x34, 0x2e, + 0xe7, 0xab, 0xa5, 0x87, 0x07, 0x33, 0xc5, 0x26, 0x03, 0xd9, 0x9e, 0x6b, 0xc9, 0x42, 0xb2, 0x08, + 0x43, 0xf3, 0x0f, 0x3a, 0x5e, 0x40, 0xc3, 0xe9, 0xc2, 0x45, 0xe3, 0xf2, 0xc8, 0xec, 0xf9, 0xab, + 0xbc, 0xa7, 0x57, 0x65, 0x4f, 0xaf, 0xae, 0xc9, 0x9e, 0x56, 0x27, 0xbf, 0x7b, 0x30, 0x73, 0xea, + 0xe1, 0xc1, 0xcc, 0x10, 0xe5, 0x24, 0xdf, 0xfa, 0x2f, 0x33, 0x86, 0x25, 0xe9, 0xc9, 0x9b, 0x50, + 0x58, 0xdb, 0xef, 0xd0, 0xe9, 0xe1, 0x8b, 0xc6, 0xe5, 0xb1, 0xd9, 0x67, 0xae, 0xf2, 0xb1, 0x8d, + 0x3b, 0x99, 0xfc, 0xc5, 0xb0, 0xaa, 0xc5, 0x87, 0x07, 0x33, 0x05, 0x86, 0x62, 0x21, 0x15, 0x79, + 0x15, 0x06, 0x17, 0xfc, 0x30, 0x5a, 0xac, 0x4d, 0x03, 0x76, 0xed, 0xf4, 0xc3, 0x83, 0x99, 0x89, + 0x5d, 0x3f, 0x8c, 0x6c, 0xcf, 0x7d, 0xc5, 0x6f, 0x79, 0x11, 0x6d, 0x75, 0xa2, 0x7d, 0x4b, 0x20, + 0x99, 0x5b, 0x30, 0xaa, 0xf1, 0x23, 0x23, 0x30, 0xb4, 0xbe, 0x7c, 0x67, 0x79, 0x65, 0x73, 0xb9, + 0x7c, 0x8a, 0x14, 0xa1, 0xb0, 0xbc, 0x52, 0x9b, 0x2f, 0x1b, 0x64, 0x08, 0xf2, 0x95, 0xd5, 0xd5, + 0x72, 0x8e, 0x94, 0xa0, 0x58, 0xab, 0xac, 0x55, 0xaa, 0x95, 0xfa, 0x7c, 0x39, 0x4f, 0x26, 0x61, + 0x7c, 0x73, 0x71, 0xb9, 0xb6, 0xb2, 0x59, 0xb7, 0x6b, 0xf3, 0xf5, 0x3b, 0x6b, 0x2b, 0xab, 0xe5, + 0x02, 0x19, 0x03, 0xb8, 0xb3, 0x5e, 0x9d, 0xb7, 0x96, 0xe7, 0xd7, 0xe6, 0xeb, 0xe5, 0x01, 0xf3, + 0x6b, 0x79, 0x28, 0xde, 0xa5, 0x91, 0xe3, 0x3a, 0x91, 0x43, 0x2e, 0x68, 0x9f, 0x08, 0x5b, 0xaf, + 0x7c, 0x9b, 0xe7, 0x7a, 0xbf, 0xcd, 0xc0, 0xc3, 0x83, 0x19, 0xe3, 0x55, 0xf5, 0x9b, 0xbc, 0x01, + 0x23, 0x35, 0x1a, 0x36, 0x02, 0xaf, 0x13, 0x79, 0x7e, 0x1b, 0xbf, 0xcb, 0x70, 0xf5, 0xdc, 0xc3, + 0x83, 0x99, 0xd3, 0x6e, 0x02, 0x56, 0xfa, 0xaa, 0x62, 0x93, 0x45, 0x18, 0x5c, 0x72, 0xb6, 0x68, + 0x33, 0x9c, 0x1e, 0xb8, 0x98, 0xbf, 0x3c, 0x32, 0xfb, 0x94, 0x18, 0x5f, 0xd9, 0xc0, 0xab, 0xbc, + 0x74, 0xbe, 0x1d, 0x05, 0xfb, 0xd5, 0xa9, 0x87, 0x07, 0x33, 0xe5, 0x26, 0x02, 0xd4, 0xb1, 0xe3, + 0x28, 0xa4, 0x9e, 0x7c, 0xf3, 0xc1, 0x23, 0xbf, 0xf9, 0xd3, 0xdf, 0x3d, 0x98, 0x31, 0xd8, 0xb7, + 0x10, 0xdf, 0x3c, 0xe1, 0xa7, 0x7f, 0xfd, 0x8b, 0x90, 0x5b, 0xac, 0x4d, 0x0f, 0xa1, 0xac, 0x95, + 0x1f, 0x1e, 0xcc, 0x94, 0xb4, 0xcf, 0x96, 0x5b, 0xac, 0x9d, 0x7f, 0x1d, 0x46, 0x94, 0x36, 0x92, + 0x32, 0xe4, 0xf7, 0xe8, 0x3e, 0x1f, 0x4f, 0x8b, 0xfd, 0x49, 0xa6, 0x60, 0xe0, 0x9e, 0xd3, 0xec, + 0x8a, 0x01, 0xb4, 0xf8, 0x8f, 0x4f, 0xe7, 0x7e, 0xc4, 0x30, 0xff, 0xbf, 0x02, 0x14, 0x2d, 0x3f, + 0x72, 0x70, 0x24, 0x5e, 0x82, 0x81, 0x7a, 0xe4, 0x44, 0xf2, 0x53, 0x4c, 0x3e, 0x3c, 0x98, 0x19, + 0x0f, 0x19, 0x40, 0xa9, 0x8f, 0x63, 0x30, 0xd4, 0xd5, 0x5d, 0x27, 0x94, 0x9f, 0x04, 0x51, 0x3b, + 0x0c, 0xa0, 0xa2, 0x22, 0x06, 0xb9, 0x04, 0x85, 0xbb, 0xbe, 0x4b, 0xc5, 0x57, 0x21, 0x0f, 0x0f, + 0x66, 0xc6, 0x5a, 0xbe, 0xab, 0x22, 0x62, 0x39, 0x79, 0x05, 0x86, 0xe7, 0xba, 0x41, 0x40, 0xdb, + 0x4c, 0x54, 0x0b, 0x88, 0x3c, 0xf6, 0xf0, 0x60, 0x06, 0x1a, 0x1c, 0xc8, 0x26, 0x57, 0x82, 0xc0, + 0x86, 0xba, 0x1e, 0x39, 0x41, 0x44, 0xdd, 0xe9, 0x81, 0x63, 0x0d, 0x35, 0x9b, 0x5e, 0x13, 0x21, + 0x27, 0x49, 0x0f, 0xb5, 0xe0, 0x44, 0x16, 0x60, 0xe4, 0x76, 0xe0, 0x34, 0xe8, 0x2a, 0x0d, 0x3c, + 0xdf, 0xc5, 0x6f, 0x98, 0xaf, 0x5e, 0x7a, 0x78, 0x30, 0x73, 0x66, 0x87, 0x81, 0xed, 0x0e, 0xc2, + 0x13, 0xea, 0x1f, 0x1e, 0xcc, 0x14, 0x6b, 0xdd, 0x00, 0x47, 0xcf, 0x52, 0x49, 0xc9, 0x97, 0xd8, + 0x27, 0x09, 0x23, 0x1c, 0x5a, 0xea, 0xe2, 0xd7, 0x3b, 0xbc, 0x89, 0xa6, 0x68, 0xe2, 0x99, 0xa6, + 0x13, 0x46, 0x76, 0xc0, 0xe9, 0x52, 0xed, 0x54, 0x59, 0x92, 0x15, 0x28, 0xd6, 0x1b, 0xbb, 0xd4, + 0xed, 0x36, 0xe9, 0x74, 0x11, 0xd9, 0x9f, 0x15, 0x82, 0x2b, 0xbf, 0xa7, 0x2c, 0xae, 0x9e, 0x17, + 0xbc, 0x49, 0x28, 0x20, 0xca, 0xd8, 0xc7, 0x4c, 0x3e, 0x5d, 0xfc, 0xe5, 0x5f, 0x9f, 0x39, 0xf5, + 0x53, 0xff, 0xe9, 0xe2, 0x29, 0xf3, 0x1f, 0xe4, 0xa0, 0x9c, 0x66, 0x42, 0xb6, 0x61, 0x74, 0xbd, + 0xe3, 0x3a, 0x11, 0x9d, 0x6b, 0x7a, 0xb4, 0x1d, 0x85, 0x28, 0x24, 0x87, 0xf7, 0xe9, 0x79, 0x51, + 0xef, 0x74, 0x17, 0x09, 0xed, 0x06, 0xa7, 0x4c, 0xf5, 0x4a, 0x67, 0x9b, 0xd4, 0x53, 0x47, 0x3d, + 0x1d, 0xa2, 0x84, 0x9d, 0xac, 0x1e, 0xae, 0xe1, 0xfb, 0xd4, 0x23, 0xd8, 0x0a, 0x01, 0x6a, 0xbb, + 0x5b, 0xfb, 0x28, 0x99, 0xc7, 0x17, 0x20, 0x46, 0x92, 0x21, 0x40, 0x0c, 0x6c, 0xfe, 0xb1, 0x01, + 0x63, 0x16, 0x0d, 0xfd, 0x6e, 0xd0, 0xa0, 0x0b, 0xd4, 0x71, 0x69, 0xc0, 0xc4, 0xff, 0x8e, 0xd7, + 0x76, 0xc5, 0x9c, 0x42, 0xf1, 0xdf, 0xf3, 0xda, 0xea, 0x14, 0xc6, 0x72, 0xf2, 0x09, 0x18, 0xaa, + 0x77, 0xb7, 0x10, 0x95, 0xcf, 0xa9, 0x33, 0xf8, 0xc5, 0xba, 0x5b, 0x76, 0x0a, 0x5d, 0xa2, 0x91, + 0x6b, 0x30, 0xb4, 0x41, 0x83, 0x30, 0xd1, 0x78, 0xa8, 0xd9, 0xef, 0x71, 0x90, 0x4a, 0x20, 0xb0, + 0xc8, 0xed, 0x44, 0xeb, 0x8a, 0x35, 0x69, 0x3c, 0xa5, 0xeb, 0x12, 0x51, 0x69, 0x09, 0x88, 0x2a, + 0x2a, 0x12, 0xcb, 0xfc, 0x76, 0x0e, 0xca, 0x35, 0x27, 0x72, 0xb6, 0x9c, 0x50, 0x8c, 0xe7, 0xc6, + 0x0d, 0xa6, 0xc7, 0x95, 0x8e, 0xa2, 0x1e, 0x67, 0x2d, 0xff, 0xd0, 0xdd, 0x7b, 0x21, 0xdd, 0xbd, + 0x11, 0xb6, 0x40, 0x8a, 0xee, 0x25, 0x9d, 0x7a, 0xeb, 0xe8, 0x4e, 0x95, 0x45, 0xa7, 0x8a, 0xb2, + 0x53, 0x49, 0x57, 0xc8, 0x5b, 0x50, 0xa8, 0x77, 0x68, 0x43, 0x28, 0x11, 0xa9, 0xfb, 0xf5, 0xce, + 0x31, 0x84, 0x8d, 0x1b, 0xd5, 0x92, 0x60, 0x53, 0x08, 0x3b, 0xb4, 0x61, 0x21, 0x99, 0x32, 0x69, + 0xfe, 0xc5, 0x20, 0x4c, 0x65, 0x91, 0x91, 0xb7, 0xf4, 0xc5, 0x89, 0x0f, 0xcf, 0x53, 0x7d, 0x17, + 0xa7, 0x69, 0x43, 0x5f, 0x9e, 0xae, 0x40, 0x71, 0x95, 0x09, 0x64, 0xc3, 0x6f, 0x8a, 0x91, 0x63, + 0x5a, 0xb1, 0xd8, 0x91, 0x30, 0xc3, 0x8a, 0xcb, 0xc9, 0x53, 0x90, 0x5f, 0xb7, 0x16, 0xc5, 0x70, + 0x0d, 0x3f, 0x3c, 0x98, 0xc9, 0x77, 0x03, 0x6f, 0xda, 0xb0, 0x18, 0x94, 0x5c, 0x83, 0xc1, 0xb9, + 0xca, 0x1c, 0x0d, 0x22, 0x1c, 0xa6, 0x52, 0xf5, 0x2c, 0x93, 0x96, 0x86, 0x63, 0x37, 0x68, 0x10, + 0x69, 0xd5, 0x0b, 0x34, 0xf2, 0x32, 0xe4, 0x2b, 0x9b, 0x75, 0x31, 0x32, 0x20, 0x46, 0xa6, 0xb2, + 0x59, 0xaf, 0x8e, 0x8a, 0x81, 0xc8, 0x3b, 0xf7, 0x43, 0xc6, 0xbd, 0xb2, 0x59, 0x57, 0xbf, 0xd6, + 0xe0, 0x21, 0x5f, 0xeb, 0x32, 0x14, 0x99, 0x9d, 0xc1, 0x16, 0x78, 0x54, 0x8a, 0xc3, 0xdc, 0x7c, + 0xda, 0x15, 0x30, 0x2b, 0x2e, 0x25, 0xcf, 0xc5, 0x66, 0x4b, 0x31, 0xe1, 0x27, 0xcc, 0x16, 0x69, + 0xac, 0x90, 0x07, 0x30, 0x5a, 0xdb, 0x6f, 0x3b, 0x2d, 0xaf, 0x21, 0x96, 0xf0, 0x61, 0x5c, 0xc2, + 0xaf, 0x1e, 0xf2, 0x19, 0xaf, 0x6a, 0x04, 0x7c, 0x55, 0x97, 0xca, 0x77, 0xda, 0xe5, 0x65, 0x76, + 0x7a, 0x85, 0x9f, 0x36, 0x2c, 0xbd, 0x22, 0x36, 0x97, 0xa4, 0x8a, 0x44, 0xbb, 0x2a, 0x11, 0x3b, + 0x09, 0x4e, 0xe6, 0x52, 0x20, 0x20, 0xea, 0x5c, 0x8a, 0x17, 0xdd, 0xb7, 0x20, 0x7f, 0x7b, 0x6e, + 0x75, 0x7a, 0x04, 0x79, 0x10, 0xc1, 0xe3, 0xf6, 0xdc, 0xea, 0x5c, 0xd3, 0xef, 0xba, 0xf5, 0xcf, + 0x2e, 0x55, 0xcf, 0x0a, 0x36, 0xa3, 0x3b, 0x8d, 0x8e, 0xd6, 0x22, 0x46, 0x47, 0xe6, 0xa1, 0x28, + 0x7b, 0x39, 0x5d, 0x42, 0x1e, 0x13, 0xa9, 0xce, 0x6f, 0xdc, 0xe0, 0x73, 0xcd, 0x15, 0xbf, 0xd5, + 0x56, 0x48, 0x1c, 0x72, 0x03, 0xa5, 0xec, 0xc1, 0xfe, 0x62, 0x2d, 0x9c, 0x1e, 0xbd, 0x98, 0xbf, + 0x3c, 0x8c, 0xe2, 0x31, 0xd9, 0x61, 0x30, 0xdb, 0x73, 0x55, 0x63, 0x27, 0x46, 0x3c, 0xbf, 0x09, + 0xa4, 0x77, 0x30, 0x33, 0xcc, 0x8f, 0x97, 0x55, 0xf3, 0x63, 0x64, 0xf6, 0xb4, 0x68, 0xe0, 0x9c, + 0xdf, 0x6a, 0x39, 0x6d, 0x17, 0x69, 0x37, 0x66, 0x55, 0xab, 0xa4, 0x02, 0x63, 0x49, 0xeb, 0x97, + 0xbc, 0x30, 0x22, 0xd7, 0x60, 0x58, 0x42, 0xd8, 0xca, 0x93, 0xcf, 0xec, 0xa7, 0x95, 0xe0, 0x98, + 0x7f, 0x90, 0x03, 0x48, 0x4a, 0x9e, 0x50, 0xe5, 0xf4, 0x29, 0x4d, 0x39, 0x9d, 0x4e, 0x4b, 0x75, + 0x5f, 0xb5, 0x44, 0xde, 0x81, 0x41, 0x66, 0xa7, 0x75, 0xa5, 0x1d, 0x7a, 0x36, 0x4d, 0x8a, 0x85, + 0x1b, 0x37, 0xaa, 0x63, 0x82, 0x78, 0x30, 0x44, 0x88, 0x25, 0xc8, 0x14, 0xbd, 0xf6, 0xbb, 0x03, + 0xc9, 0xc7, 0x10, 0x1a, 0xed, 0xb2, 0xa2, 0x92, 0x8c, 0x64, 0x12, 0x4b, 0x95, 0xa4, 0x28, 0xa4, + 0x73, 0x5c, 0x21, 0xf1, 0x41, 0x1d, 0x12, 0x0a, 0x29, 0xad, 0x8e, 0xf8, 0x00, 0x1e, 0xa9, 0x8e, + 0x3a, 0xe9, 0xb9, 0x5e, 0x40, 0x31, 0xb8, 0x9c, 0x39, 0x2a, 0x59, 0xb3, 0xfc, 0xe2, 0x51, 0xb3, + 0x3c, 0x3d, 0xc7, 0x6f, 0xf4, 0x53, 0x80, 0xa7, 0xe5, 0x94, 0x74, 0xee, 0xab, 0xe4, 0xa8, 0x08, + 0xdf, 0xe0, 0xf3, 0x79, 0xb0, 0xef, 0x7c, 0x3e, 0x9d, 0x39, 0x9f, 0xf9, 0x6c, 0x7e, 0x03, 0x06, + 0x2a, 0x3f, 0xd6, 0x0d, 0xa8, 0x30, 0x18, 0x4b, 0xb2, 0x4e, 0x06, 0x8b, 0x15, 0xc1, 0xb8, 0xc3, + 0x7e, 0xaa, 0x86, 0x36, 0x96, 0xb3, 0x9a, 0xd7, 0x96, 0xea, 0xc2, 0x18, 0x24, 0xa9, 0x61, 0x59, + 0x5b, 0x52, 0x9a, 0x1d, 0x69, 0xbd, 0x66, 0x54, 0xe4, 0x1a, 0xe4, 0x2a, 0x35, 0xdc, 0x61, 0x8e, + 0xcc, 0x0e, 0xcb, 0x6a, 0x6b, 0xd5, 0x29, 0x41, 0x52, 0x72, 0xb4, 0x4d, 0x47, 0xa5, 0x46, 0xaa, + 0x30, 0x70, 0x77, 0xbf, 0xfe, 0xd9, 0x25, 0xa1, 0xfd, 0x26, 0xa5, 0x5c, 0x33, 0xd8, 0x0a, 0x2e, + 0x5d, 0x61, 0xd2, 0xe2, 0xd6, 0x7e, 0xf8, 0xe5, 0xa6, 0xda, 0x62, 0x44, 0xfb, 0xe8, 0x14, 0xc8, + 0x5f, 0x53, 0x0d, 0x14, 0x21, 0xeb, 0x6c, 0x23, 0x2c, 0x24, 0xce, 0x48, 0xcc, 0xa5, 0x1e, 0x89, + 0x8b, 0xe5, 0xed, 0x25, 0xfe, 0xf5, 0x73, 0x3d, 0x5f, 0x7f, 0x44, 0x59, 0xfe, 0xf8, 0x37, 0x8f, + 0xc7, 0x22, 0xff, 0xa1, 0xc7, 0x82, 0xbc, 0x03, 0xa5, 0xbb, 0x4e, 0xdb, 0xd9, 0xa1, 0xee, 0x7a, + 0xc8, 0xcc, 0xde, 0x02, 0x6a, 0x61, 0x66, 0x27, 0x9c, 0x6d, 0x71, 0xb8, 0xdd, 0x0d, 0x35, 0xab, + 0xd6, 0xd2, 0x08, 0xc8, 0x75, 0x29, 0x3b, 0x03, 0x19, 0xb2, 0x23, 0x97, 0xec, 0x01, 0x94, 0x1d, + 0x21, 0x31, 0xe6, 0x7f, 0xce, 0x63, 0x1f, 0xc9, 0x2b, 0x30, 0x68, 0xd1, 0x9d, 0xc4, 0x3a, 0xc1, + 0x5d, 0x6e, 0x80, 0x10, 0x75, 0x60, 0x38, 0x0e, 0x2e, 0x7d, 0xd4, 0x0d, 0x77, 0xbd, 0xed, 0x48, + 0x8c, 0x4e, 0xbc, 0xf4, 0x09, 0xb0, 0xb2, 0xf4, 0x09, 0x88, 0xb6, 0xf4, 0x09, 0x18, 0x9b, 0x5f, + 0x56, 0xad, 0x2e, 0x06, 0x4d, 0x8e, 0xb0, 0x55, 0x53, 0x04, 0x35, 0xd0, 0x56, 0x1e, 0x86, 0x4d, + 0x6e, 0xc2, 0x70, 0xa5, 0xd1, 0xf0, 0xbb, 0xca, 0x36, 0x71, 0xfa, 0xe1, 0xc1, 0xcc, 0x94, 0xc3, + 0x81, 0xba, 0x53, 0x23, 0x41, 0x25, 0x75, 0x18, 0x99, 0x67, 0x7b, 0x2b, 0x6f, 0xce, 0x69, 0xec, + 0xca, 0x41, 0x92, 0xb3, 0x44, 0x29, 0x89, 0x6d, 0xfd, 0xd3, 0x14, 0x81, 0x0d, 0x06, 0x54, 0x7d, + 0x07, 0x0a, 0x2e, 0x59, 0x83, 0x91, 0x3a, 0x6d, 0x04, 0x34, 0xaa, 0x47, 0x7e, 0x40, 0x53, 0x93, + 0x5e, 0x29, 0xa9, 0x3e, 0x23, 0xb7, 0x77, 0x21, 0x02, 0xed, 0x90, 0x41, 0x55, 0xae, 0x0a, 0x32, + 0xb7, 0xd3, 0x5b, 0x7e, 0xb0, 0x5f, 0xab, 0x0a, 0x45, 0x90, 0xac, 0x1a, 0x1c, 0xac, 0xda, 0xe9, + 0x0c, 0xe2, 0x6e, 0xe9, 0x76, 0x3a, 0xc7, 0x32, 0xbf, 0xa2, 0x35, 0x8f, 0x0d, 0xdd, 0x1d, 0xba, + 0xbf, 0x1a, 0xd0, 0x6d, 0xef, 0x81, 0xf8, 0xd2, 0x38, 0x74, 0x7b, 0x74, 0xdf, 0xee, 0x20, 0x54, + 0x1d, 0xba, 0x18, 0x95, 0x7c, 0x12, 0x8a, 0x77, 0xee, 0xd6, 0xef, 0xd0, 0xfd, 0xc5, 0x9a, 0x50, + 0xe5, 0x9c, 0xac, 0x15, 0xda, 0x8c, 0x54, 0x1b, 0xf1, 0x18, 0xd3, 0xac, 0x26, 0x62, 0xc2, 0x6a, + 0x9e, 0x6b, 0x76, 0xc3, 0x88, 0x06, 0x8b, 0x35, 0xb5, 0xe6, 0x06, 0x07, 0xa6, 0x3e, 0x5a, 0x8c, + 0x6a, 0xfe, 0x47, 0x03, 0x45, 0x84, 0xbc, 0x0e, 0xb0, 0xd8, 0x66, 0x7b, 0xaf, 0x06, 0x8d, 0x19, + 0xa0, 0x7f, 0xc7, 0x13, 0x50, 0x9d, 0x83, 0x82, 0xac, 0x57, 0x9d, 0x3b, 0x76, 0xd5, 0xac, 0x4a, + 0xb9, 0x93, 0x13, 0xae, 0x3e, 0x51, 0x65, 0x20, 0xa0, 0xa9, 0x2a, 0x13, 0x64, 0x72, 0x09, 0x86, + 0x16, 0x2b, 0x77, 0x2b, 0xdd, 0x68, 0x17, 0x05, 0xb4, 0xc8, 0x97, 0x47, 0xcf, 0x69, 0xd9, 0x4e, + 0x37, 0xda, 0xb5, 0x64, 0xa1, 0xf9, 0x2f, 0x73, 0x9a, 0x4c, 0x12, 0x0b, 0x88, 0x45, 0x3b, 0x4d, + 0xaf, 0x81, 0x96, 0xe1, 0xed, 0xc0, 0xef, 0x76, 0xe2, 0xde, 0x9a, 0x0f, 0x0f, 0x66, 0x9e, 0x09, + 0x92, 0x52, 0x7b, 0x87, 0x15, 0xeb, 0x6d, 0xc8, 0xa0, 0x26, 0x9f, 0x81, 0x12, 0x53, 0x0f, 0xe2, + 0x27, 0xdb, 0x4d, 0x33, 0xb5, 0x72, 0x01, 0x77, 0xcb, 0x21, 0x0d, 0x62, 0x36, 0x9a, 0x5e, 0x51, + 0x29, 0x88, 0x0b, 0xd3, 0x6b, 0x81, 0xd3, 0x0e, 0xbd, 0x68, 0xbe, 0xdd, 0x08, 0xf6, 0x51, 0x9d, + 0xcd, 0xb7, 0x9d, 0xad, 0x26, 0x75, 0x71, 0x58, 0x8a, 0xd5, 0xcb, 0x0f, 0x0f, 0x66, 0x9e, 0x8f, + 0x38, 0x8e, 0x4d, 0x63, 0x24, 0x9b, 0x72, 0x2c, 0x85, 0x73, 0x5f, 0x4e, 0x4c, 0xfd, 0xcd, 0xb7, + 0xdd, 0x8e, 0xef, 0xb5, 0x23, 0xf4, 0x75, 0x16, 0xe2, 0x6d, 0xd2, 0x59, 0x2a, 0xe0, 0x36, 0x9b, + 0x03, 0x6a, 0x33, 0x55, 0x02, 0xf3, 0x7f, 0x1a, 0xc9, 0xac, 0x21, 0x6f, 0xc2, 0x88, 0xf8, 0x92, + 0x8a, 0x6b, 0xf1, 0x3c, 0x9b, 0x7f, 0xf2, 0xb3, 0xb3, 0x3d, 0x86, 0x3a, 0xff, 0x14, 0x74, 0x66, + 0x0e, 0x56, 0xe6, 0x96, 0x90, 0x52, 0x31, 0x07, 0x9d, 0x46, 0x33, 0x4d, 0x25, 0xd1, 0x98, 0xb0, + 0xac, 0x2d, 0xd5, 0xf5, 0x51, 0x41, 0x61, 0x89, 0x9a, 0x61, 0xc6, 0x30, 0x28, 0xc8, 0x8f, 0xde, + 0xf1, 0x9f, 0x32, 0x60, 0x44, 0xb1, 0x2f, 0x98, 0xc0, 0xaf, 0x06, 0xfe, 0x07, 0xb4, 0x11, 0xe9, + 0x73, 0xad, 0xc3, 0x81, 0x29, 0x81, 0x8f, 0x51, 0x53, 0x73, 0x2c, 0x77, 0x82, 0x39, 0x66, 0x7e, + 0x20, 0x96, 0x1e, 0x72, 0x49, 0xf3, 0xe5, 0xa2, 0xb3, 0x23, 0x35, 0x64, 0x05, 0x39, 0x5e, 0xca, + 0xe4, 0xca, 0x9d, 0x60, 0x72, 0x99, 0xbf, 0x65, 0x30, 0x4b, 0x85, 0x5c, 0x03, 0xb8, 0x43, 0xf7, + 0x23, 0x67, 0xeb, 0x96, 0xd7, 0xd4, 0xdc, 0xfb, 0x7b, 0x08, 0xb5, 0xb7, 0xbd, 0x26, 0xb5, 0x14, + 0x14, 0xb6, 0xc3, 0xb9, 0x13, 0x6c, 0xbd, 0x86, 0xe8, 0xb9, 0xd8, 0xe2, 0x9c, 0xdc, 0x0b, 0xb6, + 0x5e, 0x43, 0x64, 0x4d, 0x87, 0x09, 0x44, 0x62, 0xc2, 0x60, 0xcd, 0x6f, 0x39, 0x9e, 0xb4, 0xf2, + 0x81, 0x99, 0xca, 0x2e, 0x42, 0x2c, 0x51, 0xc2, 0x6c, 0xdc, 0xfa, 0xea, 0xb2, 0xf8, 0x6e, 0x68, + 0xe3, 0x86, 0x9d, 0xb6, 0xc5, 0x60, 0xe6, 0x6f, 0x1b, 0x30, 0xa2, 0x18, 0x60, 0xe4, 0x93, 0xc2, + 0x15, 0x6a, 0xa0, 0x23, 0xff, 0x4c, 0xaf, 0x89, 0xc6, 0x4a, 0xf9, 0xee, 0xa4, 0xe5, 0xbb, 0x54, + 0x38, 0x46, 0x13, 0xbb, 0x25, 0x77, 0x1c, 0xbb, 0xe5, 0x75, 0x00, 0xbe, 0xdf, 0xc5, 0x2f, 0xa1, + 0x28, 0x2e, 0xe5, 0xe0, 0x43, 0x1d, 0xdb, 0x04, 0xd9, 0xb4, 0xa0, 0xa4, 0xda, 0x2c, 0xa4, 0x0a, + 0xa3, 0xc2, 0xbd, 0x23, 0xf6, 0x3a, 0x7c, 0x9c, 0x51, 0x7b, 0x08, 0x6e, 0xbd, 0xee, 0x26, 0x9d, + 0xc4, 0xfc, 0xe9, 0x1c, 0x14, 0x05, 0x64, 0xf6, 0x09, 0xdd, 0x86, 0xbd, 0xa6, 0x6d, 0xc3, 0x26, + 0xe3, 0xe5, 0x3d, 0x76, 0x2a, 0xcc, 0x1e, 0xe1, 0x1b, 0x7a, 0x1d, 0x4a, 0x72, 0x08, 0x70, 0x37, + 0xfb, 0x12, 0x0c, 0x49, 0xef, 0x26, 0xdf, 0xcb, 0x8e, 0x6b, 0x3c, 0x37, 0x66, 0x2d, 0x59, 0x6e, + 0xfe, 0xf9, 0x80, 0xa4, 0xe5, 0x35, 0xb1, 0x21, 0xac, 0xb8, 0x6e, 0xa0, 0x0e, 0xa1, 0xe3, 0xba, + 0x81, 0x85, 0x50, 0xf6, 0xf1, 0x57, 0xbb, 0x5b, 0x4d, 0xaf, 0x81, 0x38, 0xca, 0xc4, 0xea, 0x20, + 0xd4, 0x66, 0xa8, 0xea, 0xc7, 0x4f, 0x90, 0x35, 0xd7, 0x4c, 0xfe, 0x50, 0xd7, 0xcc, 0x17, 0x61, + 0x78, 0xae, 0xe5, 0x6a, 0xbb, 0x30, 0x33, 0x63, 0x50, 0xae, 0xc6, 0x48, 0x7c, 0xff, 0x75, 0x41, + 0x8c, 0xd1, 0x54, 0xa3, 0xe5, 0xf6, 0xee, 0xbd, 0x12, 0x96, 0x9a, 0x6f, 0x65, 0xe0, 0x51, 0x7c, + 0x2b, 0x37, 0x61, 0x78, 0x3d, 0xa4, 0x6b, 0xdd, 0x76, 0x9b, 0x36, 0xd1, 0x38, 0x2b, 0x72, 0x55, + 0xd8, 0x0d, 0xa9, 0x1d, 0x21, 0x54, 0x6d, 0x40, 0x8c, 0xaa, 0x8a, 0xd5, 0xd0, 0x21, 0x62, 0xf5, + 0x49, 0x28, 0x54, 0x3a, 0x1d, 0xe9, 0x74, 0x8a, 0xb7, 0x08, 0x9d, 0x0e, 0x1a, 0xd0, 0x63, 0x4e, + 0xa7, 0xa3, 0xbb, 0x90, 0x10, 0x9b, 0x50, 0x20, 0x77, 0xba, 0x5b, 0x34, 0x68, 0xd3, 0x88, 0x86, + 0x62, 0xd9, 0x09, 0xa7, 0x01, 0x79, 0x4c, 0xcb, 0xb3, 0xbd, 0x34, 0x02, 0x5f, 0x10, 0xf6, 0xba, + 0x5b, 0xd4, 0x16, 0x2b, 0x98, 0x3a, 0x76, 0x19, 0x0c, 0xd1, 0xa3, 0x43, 0x69, 0x80, 0x72, 0x30, + 0x92, 0xe8, 0xbb, 0x0e, 0xa5, 0x41, 0x5a, 0x0a, 0x62, 0x44, 0xcd, 0x0d, 0x54, 0x3a, 0xae, 0x1b, + 0xa8, 0x0e, 0x63, 0xfa, 0x97, 0x7e, 0x0c, 0x3b, 0xb8, 0x77, 0x0b, 0xc5, 0x62, 0x79, 0xd8, 0xfc, + 0x5a, 0x0e, 0x46, 0x2a, 0x9d, 0xce, 0x13, 0xee, 0x63, 0xfe, 0x11, 0x4d, 0x7f, 0x9c, 0x49, 0xe4, + 0xe4, 0x04, 0xee, 0xe5, 0xdf, 0xc9, 0xc1, 0x78, 0x8a, 0x42, 0x6d, 0xbd, 0x71, 0x4c, 0x9f, 0x6b, + 0xee, 0x98, 0x3e, 0xd7, 0x7c, 0x7f, 0x9f, 0xab, 0x3a, 0x3b, 0x0b, 0x8f, 0x32, 0x3b, 0x5f, 0x84, + 0x7c, 0xa5, 0xd3, 0x49, 0x6f, 0x57, 0x3b, 0x9d, 0x8d, 0x1b, 0x7c, 0x19, 0x75, 0x3a, 0x1d, 0x8b, + 0x61, 0x68, 0x52, 0x39, 0x78, 0x4c, 0xa9, 0x34, 0x5f, 0x85, 0x61, 0xe4, 0x85, 0x0a, 0xf7, 0xa2, + 0x98, 0xa9, 0x5c, 0xdb, 0x6a, 0x75, 0xf1, 0x59, 0x69, 0xfe, 0xb9, 0x01, 0x03, 0xf8, 0xfb, 0x09, + 0x95, 0xb1, 0x59, 0x4d, 0xc6, 0xca, 0x8a, 0x8c, 0x1d, 0x47, 0xba, 0xfe, 0x5b, 0x1e, 0x47, 0x4b, + 0xc8, 0x95, 0xf0, 0xda, 0x19, 0x19, 0x5e, 0xbb, 0x47, 0x58, 0x5f, 0xf6, 0xd2, 0xfe, 0xbb, 0x3c, + 0x7e, 0x8c, 0xe7, 0xd2, 0x4d, 0x7d, 0x2c, 0xae, 0xbb, 0x05, 0x20, 0x8b, 0xed, 0x90, 0x36, 0xba, + 0x01, 0xad, 0xef, 0x79, 0x9d, 0x0d, 0x1a, 0x78, 0xdb, 0xfb, 0x62, 0x37, 0x86, 0x4b, 0x80, 0x27, + 0x4a, 0xed, 0x70, 0xcf, 0xeb, 0x30, 0x2b, 0xc6, 0xdb, 0xde, 0xb7, 0x32, 0x68, 0xc8, 0x3b, 0x30, + 0x64, 0xd1, 0xfb, 0x81, 0x17, 0x49, 0x9f, 0xc1, 0x58, 0xec, 0xec, 0x40, 0x28, 0x37, 0xc7, 0x02, + 0xfe, 0x43, 0xfd, 0xfe, 0xa2, 0x9c, 0xcc, 0x72, 0x3f, 0x12, 0xf7, 0x0d, 0x8c, 0x26, 0xbd, 0xad, + 0x6c, 0xd6, 0xab, 0x13, 0xd9, 0x4e, 0xc4, 0x8f, 0xce, 0x31, 0xf6, 0x9d, 0x01, 0x9c, 0x74, 0x47, + 0x04, 0x5d, 0x1c, 0xe2, 0xb6, 0xd5, 0x05, 0x20, 0x7f, 0x12, 0x01, 0xd8, 0x80, 0x52, 0x9d, 0x4d, + 0x7d, 0xdd, 0x7f, 0x7b, 0x21, 0x19, 0x91, 0xab, 0x6a, 0xf1, 0x61, 0xf1, 0x16, 0x1a, 0x1f, 0x62, + 0xa7, 0x05, 0x8b, 0xc7, 0x71, 0x3c, 0xad, 0x30, 0xce, 0x10, 0xa9, 0x58, 0x47, 0x35, 0xf8, 0x60, + 0x9d, 0x58, 0x98, 0x06, 0x1f, 0x4d, 0x98, 0x86, 0x3e, 0x94, 0x30, 0xa5, 0x22, 0x5d, 0x8a, 0x27, + 0x89, 0x74, 0x39, 0xff, 0x0e, 0x4c, 0xf4, 0x8c, 0xf0, 0x49, 0xa2, 0x45, 0x3e, 0x3a, 0xb1, 0xfc, + 0x09, 0x50, 0xa6, 0x4b, 0xd1, 0xa2, 0xae, 0x17, 0xd0, 0x46, 0x84, 0xea, 0x5a, 0x68, 0xd8, 0x40, + 0xc0, 0x52, 0x8e, 0x44, 0x84, 0x91, 0xb7, 0x61, 0x88, 0x9f, 0xb6, 0x73, 0xff, 0x46, 0x32, 0xcd, + 0x38, 0x54, 0x84, 0x3c, 0x71, 0x0c, 0x75, 0x54, 0x05, 0x91, 0x79, 0x1b, 0x06, 0xc5, 0x69, 0xfd, + 0xe1, 0xf3, 0x62, 0x06, 0x06, 0x36, 0x92, 0x91, 0xc1, 0x13, 0x56, 0xde, 0x09, 0x8b, 0xc3, 0xcd, + 0x9f, 0x33, 0x60, 0x4c, 0xef, 0x25, 0xb9, 0x0a, 0x83, 0x22, 0x9c, 0xc4, 0xc0, 0x70, 0x12, 0xd6, + 0x9b, 0x41, 0x1e, 0x48, 0xa2, 0x85, 0x8f, 0x08, 0x2c, 0xb6, 0x5c, 0x08, 0x0e, 0xc2, 0x57, 0x83, + 0xcb, 0x85, 0x10, 0x52, 0x4b, 0x96, 0xb1, 0x9d, 0xa9, 0x45, 0xc3, 0x6e, 0x33, 0x52, 0x77, 0xa6, + 0x01, 0x42, 0x2c, 0x51, 0x62, 0xce, 0xc1, 0x20, 0xd7, 0x33, 0x6c, 0xd6, 0xce, 0x3f, 0x88, 0x68, + 0xd0, 0x76, 0x9a, 0xba, 0xff, 0x8c, 0x0a, 0x68, 0x6a, 0xbf, 0x9d, 0x20, 0x9b, 0x07, 0x06, 0x40, + 0xbd, 0xbe, 0x70, 0x87, 0xee, 0xaf, 0x3a, 0x5e, 0x80, 0xde, 0x05, 0x9c, 0xd2, 0x77, 0xc4, 0x27, + 0x2f, 0x09, 0xef, 0x02, 0x9f, 0xfe, 0x7b, 0x74, 0x5f, 0xf3, 0x2e, 0x48, 0x54, 0xd4, 0x1b, 0x81, + 0x77, 0xcf, 0x89, 0x28, 0x23, 0xcc, 0x21, 0x21, 0xd7, 0x1b, 0x1c, 0x9a, 0xa2, 0x54, 0x90, 0xc9, + 0xfb, 0x30, 0x96, 0xfc, 0x42, 0x1f, 0x49, 0x1e, 0xf7, 0xcf, 0x52, 0xac, 0xf4, 0xc2, 0xea, 0x33, + 0x0f, 0x0f, 0x66, 0xce, 0x2b, 0x5c, 0xd3, 0xde, 0x93, 0x14, 0x33, 0xf3, 0x37, 0x0c, 0x74, 0xde, + 0xc8, 0x0e, 0x5e, 0x82, 0x42, 0x7c, 0x46, 0x50, 0xe2, 0x2e, 0x8c, 0xd4, 0x46, 0x1b, 0xcb, 0xc9, + 0x73, 0x90, 0x4f, 0x7a, 0x82, 0x7a, 0x5c, 0xef, 0x01, 0x2b, 0x25, 0xb7, 0x61, 0xe8, 0x58, 0x6d, + 0x46, 0x11, 0xcf, 0x68, 0xab, 0xa4, 0xc6, 0xaf, 0xf0, 0xee, 0xe6, 0xda, 0xc7, 0xf7, 0x2b, 0x7c, + 0x33, 0x07, 0xe3, 0x6c, 0x5c, 0x2b, 0xdd, 0x68, 0xd7, 0x0f, 0xbc, 0x68, 0xff, 0x89, 0xf5, 0x16, + 0xbc, 0xa9, 0x59, 0x62, 0xe7, 0xa5, 0xee, 0x53, 0xfb, 0x76, 0x2c, 0xa7, 0xc1, 0x1f, 0x0d, 0xc1, + 0x64, 0x06, 0x15, 0x79, 0x45, 0x44, 0x83, 0x26, 0xae, 0x3d, 0x8c, 0xf6, 0xfc, 0xe1, 0xc1, 0x4c, + 0x49, 0xa2, 0xaf, 0x25, 0xd1, 0x9f, 0xb3, 0xba, 0x27, 0x94, 0x8f, 0x14, 0x86, 0x11, 0xaa, 0x9e, + 0x50, 0xdd, 0xff, 0x59, 0x81, 0xd2, 0xdc, 0x2e, 0x6d, 0xec, 0x79, 0xed, 0x9d, 0x3b, 0x74, 0x9f, + 0x1b, 0x6a, 0xa5, 0xea, 0xd3, 0x6c, 0x07, 0xda, 0x10, 0x70, 0xf6, 0x49, 0xf5, 0xcd, 0xad, 0x46, + 0x42, 0xde, 0x86, 0x91, 0xba, 0xb7, 0xd3, 0x96, 0x1c, 0x0a, 0xc8, 0xe1, 0x02, 0x1e, 0x80, 0x70, + 0x70, 0x2f, 0x03, 0x95, 0x80, 0xbc, 0x04, 0x03, 0x96, 0xdf, 0xa4, 0x7c, 0x2d, 0x17, 0xf1, 0x85, + 0x01, 0x03, 0xa8, 0x07, 0x67, 0x88, 0x41, 0x16, 0x60, 0x88, 0xfd, 0x71, 0xd7, 0xe9, 0xe0, 0xe6, + 0x20, 0x39, 0x7f, 0x11, 0xd0, 0x8e, 0xd7, 0xde, 0x51, 0x77, 0x24, 0x4d, 0x6a, 0xb7, 0x9c, 0x8e, + 0xb6, 0xb8, 0x72, 0x44, 0xb2, 0x01, 0x23, 0x89, 0x22, 0x08, 0xa7, 0x87, 0xb4, 0x30, 0x83, 0xa4, + 0xa4, 0xfa, 0xac, 0x60, 0x76, 0x36, 0x6a, 0xf2, 0x13, 0x90, 0x0e, 0xc3, 0xd7, 0x3b, 0xa3, 0x30, + 0xd2, 0x76, 0x4c, 0xc5, 0xfe, 0x3b, 0x26, 0xe3, 0xc8, 0x1d, 0x93, 0x0b, 0x20, 0x06, 0xa9, 0xd2, + 0xdc, 0x11, 0xe1, 0xc0, 0x2f, 0xf5, 0x17, 0xb0, 0xab, 0x09, 0x32, 0xce, 0x49, 0xee, 0x05, 0x14, + 0xe3, 0xef, 0x34, 0x77, 0x34, 0x2f, 0x60, 0x8c, 0xca, 0x86, 0x21, 0x51, 0x35, 0xd2, 0x33, 0x21, + 0x87, 0x21, 0x29, 0x49, 0x86, 0xe1, 0x83, 0xfb, 0x51, 0xbf, 0x61, 0x50, 0x18, 0x91, 0x65, 0x80, + 0x4a, 0x23, 0xf2, 0xee, 0x51, 0x14, 0x89, 0x11, 0x6d, 0x20, 0xe6, 0x2a, 0x77, 0xe8, 0x7e, 0x9d, + 0x46, 0xc9, 0xe9, 0x9b, 0x83, 0xa8, 0x29, 0x31, 0xb1, 0x14, 0x0e, 0xa4, 0x03, 0xa7, 0x2b, 0xae, + 0xeb, 0xb1, 0x91, 0x71, 0x9a, 0x6b, 0x01, 0x93, 0x5f, 0x17, 0x59, 0x97, 0xb2, 0x59, 0xbf, 0x24, + 0x58, 0x3f, 0xeb, 0xc4, 0x54, 0x76, 0xc4, 0xc9, 0xd2, 0xd5, 0x64, 0x33, 0x36, 0x57, 0x60, 0x4c, + 0x1f, 0x52, 0x3d, 0x38, 0xba, 0x04, 0x45, 0xab, 0x5e, 0xb1, 0xeb, 0x0b, 0x95, 0xeb, 0x65, 0x83, + 0x94, 0xa1, 0x24, 0x7e, 0xcd, 0xda, 0xb3, 0xaf, 0xdd, 0x2c, 0xe7, 0x34, 0xc8, 0x6b, 0xd7, 0x67, + 0xcb, 0x79, 0xf3, 0x77, 0x0d, 0x28, 0xca, 0xf6, 0x91, 0x9b, 0x90, 0xaf, 0xd7, 0x17, 0x52, 0xd1, + 0x2d, 0xc9, 0xd2, 0xcb, 0x17, 0x99, 0x30, 0xdc, 0x55, 0x17, 0x99, 0x7a, 0x7d, 0x81, 0xd1, 0xad, + 0x2d, 0xd5, 0x85, 0xe5, 0x93, 0x21, 0xae, 0x13, 0x7d, 0x8e, 0xfc, 0x6f, 0x42, 0xfe, 0xdd, 0xcd, + 0x35, 0xb1, 0x0d, 0xcb, 0xf8, 0xbe, 0x48, 0xf7, 0xc1, 0x7d, 0x75, 0xe9, 0x63, 0x04, 0xa6, 0x05, + 0x23, 0xca, 0xd4, 0xe2, 0x96, 0x48, 0xcb, 0x8f, 0xc3, 0x86, 0x85, 0x25, 0xc2, 0x20, 0x96, 0x28, + 0x61, 0x86, 0xd3, 0x92, 0xdf, 0x70, 0x9a, 0xc2, 0xa4, 0x41, 0xc3, 0xa9, 0xc9, 0x00, 0x16, 0x87, + 0x9b, 0xbf, 0x6f, 0x40, 0x79, 0x35, 0xf0, 0xef, 0x79, 0x4c, 0x03, 0xaf, 0xf9, 0x7b, 0xb4, 0xbd, + 0x71, 0x9d, 0xbc, 0x2a, 0x95, 0x80, 0x11, 0x6f, 0xfa, 0x07, 0x50, 0x09, 0xfc, 0xf0, 0x60, 0x06, + 0xea, 0xfb, 0x61, 0x44, 0x5b, 0xac, 0x5c, 0x2a, 0x02, 0x25, 0xfa, 0x3a, 0x77, 0xfc, 0x88, 0xce, + 0x23, 0xa2, 0xaf, 0x67, 0x60, 0x00, 0x9b, 0xa3, 0x04, 0xd5, 0x0d, 0x44, 0x0c, 0x60, 0x71, 0xb8, + 0xa2, 0xb0, 0xbf, 0x9d, 0xeb, 0xe9, 0xc3, 0xec, 0xc7, 0x2a, 0x2a, 0x52, 0xef, 0xdc, 0xb1, 0x16, + 0xb1, 0xf7, 0x60, 0x2a, 0x3d, 0x24, 0xe8, 0x90, 0xa9, 0xc0, 0xb8, 0x0e, 0x97, 0xbe, 0x99, 0xb3, + 0x99, 0x75, 0x6d, 0xcc, 0x5a, 0x69, 0x7c, 0xf3, 0xfb, 0x06, 0x0c, 0xe3, 0x9f, 0x56, 0xb7, 0x89, + 0x27, 0x4a, 0x95, 0xcd, 0xba, 0x38, 0xee, 0x57, 0x2d, 0x5c, 0xe7, 0x7e, 0x68, 0x8b, 0xd8, 0x00, + 0x4d, 0x8f, 0xc4, 0xc8, 0x82, 0x94, 0x07, 0x37, 0xc8, 0x03, 0xd2, 0x98, 0x94, 0x47, 0x41, 0x84, + 0x29, 0x52, 0x81, 0x8c, 0x27, 0x85, 0x9b, 0x75, 0x26, 0x7e, 0xe2, 0x6b, 0xf0, 0x93, 0x42, 0x46, + 0xe7, 0x37, 0xf5, 0x93, 0x42, 0x8e, 0x46, 0x5e, 0x85, 0x41, 0x56, 0xb5, 0x25, 0x0f, 0x8c, 0x70, + 0x6b, 0x82, 0x6d, 0x0c, 0xb4, 0x58, 0x0b, 0x8e, 0x64, 0xfe, 0x8d, 0x7c, 0x7a, 0x00, 0x85, 0x15, + 0x70, 0xc2, 0xb9, 0xf1, 0x06, 0x0c, 0x54, 0x9a, 0x4d, 0xff, 0xbe, 0xd0, 0x12, 0xd2, 0x3f, 0x14, + 0x8f, 0x1f, 0x5f, 0x61, 0x1d, 0x86, 0xa2, 0x05, 0x16, 0x31, 0x00, 0x99, 0x83, 0xe1, 0xca, 0x66, + 0x7d, 0x71, 0xb1, 0xb6, 0xb6, 0xb6, 0x24, 0x2e, 0xbd, 0xbc, 0x20, 0xc7, 0xc7, 0xf3, 0x5c, 0x3b, + 0x8a, 0x9a, 0x7d, 0x62, 0xe2, 0x13, 0x3a, 0xf2, 0x16, 0xc0, 0xbb, 0xbe, 0xd7, 0xbe, 0x4b, 0xa3, + 0x5d, 0xdf, 0x15, 0x9d, 0x67, 0x26, 0xc5, 0xc8, 0x07, 0xbe, 0xd7, 0xb6, 0x5b, 0x08, 0x66, 0x6d, + 0x4f, 0x90, 0x2c, 0xe5, 0x6f, 0x36, 0xd2, 0x55, 0x3f, 0x42, 0x1b, 0x66, 0x20, 0x19, 0xe9, 0x2d, + 0x3f, 0xea, 0x39, 0x93, 0x15, 0x68, 0xa4, 0x05, 0xe3, 0xf5, 0xee, 0xce, 0x0e, 0x65, 0xda, 0x5b, + 0x38, 0x06, 0x06, 0xc5, 0x76, 0x34, 0xbe, 0x32, 0xc4, 0x37, 0x69, 0x6c, 0xeb, 0x16, 0x56, 0x5f, + 0x61, 0x82, 0xfc, 0xbd, 0x83, 0x19, 0x71, 0x99, 0x83, 0xd9, 0xaf, 0xa1, 0xa4, 0xef, 0xf5, 0x37, + 0xa5, 0x79, 0x9b, 0x3f, 0x9f, 0x83, 0x31, 0xbe, 0xbb, 0xe6, 0xf2, 0xf9, 0xc4, 0xce, 0xfd, 0x37, + 0xb4, 0xb9, 0x7f, 0x4e, 0xae, 0x43, 0x4a, 0xd7, 0x8e, 0x35, 0xf3, 0x77, 0x81, 0xf4, 0xd2, 0x10, + 0x4b, 0xfa, 0x80, 0x8e, 0x33, 0xe9, 0xaf, 0x27, 0x81, 0x40, 0x21, 0x12, 0xd9, 0xa8, 0x79, 0x43, + 0x4b, 0xe3, 0x61, 0xfe, 0x5c, 0x0e, 0x46, 0x15, 0xf3, 0xf5, 0x89, 0x1d, 0xf8, 0x4f, 0x6b, 0x03, + 0x2f, 0x8f, 0x82, 0x94, 0x9e, 0x1d, 0x6b, 0xdc, 0xbb, 0x30, 0xd1, 0x43, 0x92, 0xde, 0x05, 0x18, + 0xc7, 0xd9, 0x05, 0xbc, 0xd2, 0x1b, 0x38, 0xc3, 0xef, 0xe3, 0xc4, 0x81, 0x33, 0x6a, 0xa4, 0xce, + 0x37, 0x73, 0x30, 0x25, 0x7e, 0x55, 0xba, 0xae, 0x17, 0xcd, 0xf9, 0xed, 0x6d, 0x6f, 0xe7, 0x89, + 0xfd, 0x16, 0x15, 0xed, 0x5b, 0xcc, 0xe8, 0xdf, 0x42, 0xe9, 0x60, 0xff, 0x4f, 0x62, 0xfe, 0x3f, + 0x00, 0xd3, 0xfd, 0x08, 0xc8, 0x25, 0x6d, 0x13, 0x87, 0x5e, 0x86, 0xd4, 0x06, 0x99, 0x6f, 0xdf, + 0x92, 0xc8, 0xbc, 0xdc, 0x31, 0x22, 0xf3, 0x96, 0xa0, 0x8c, 0x55, 0xd5, 0x69, 0xc8, 0x06, 0x21, + 0x4c, 0x2e, 0x03, 0x5c, 0x7c, 0x78, 0x30, 0x73, 0xc1, 0x61, 0x65, 0x76, 0x28, 0x0a, 0xed, 0x6e, + 0xe0, 0x29, 0x3c, 0x7a, 0x28, 0xc9, 0x6f, 0x18, 0x30, 0x86, 0xc0, 0xf9, 0x7b, 0xb4, 0x1d, 0x21, + 0xb3, 0x82, 0x38, 0xc1, 0x8a, 0x15, 0x68, 0x3d, 0x0a, 0xbc, 0xf6, 0x8e, 0xd0, 0xa0, 0x5b, 0x42, + 0x83, 0xbe, 0xb9, 0xe3, 0x45, 0xbb, 0xdd, 0xad, 0xab, 0x0d, 0xbf, 0x75, 0x6d, 0x27, 0x70, 0xee, + 0x79, 0x7c, 0xfb, 0xe2, 0x34, 0xaf, 0xc5, 0x57, 0x39, 0x9d, 0x8e, 0x97, 0xba, 0xc7, 0x29, 0x58, + 0xa1, 0xde, 0xe5, 0x0d, 0xa5, 0x58, 0x6d, 0xaa, 0x99, 0xa9, 0x16, 0x91, 0x1f, 0x85, 0xb3, 0x3c, + 0x92, 0x66, 0xce, 0x6f, 0x47, 0x5e, 0xbb, 0xeb, 0x77, 0xc3, 0xaa, 0xd3, 0xd8, 0xeb, 0x76, 0x42, + 0xe1, 0xa0, 0xc5, 0x9e, 0x37, 0xe2, 0x42, 0x7b, 0x8b, 0x97, 0x2a, 0x2c, 0xfb, 0x31, 0x20, 0x0b, + 0x30, 0xc1, 0x8b, 0x2a, 0xdd, 0xc8, 0xaf, 0x37, 0x9c, 0xa6, 0xd7, 0xde, 0x41, 0xbf, 0x6d, 0x91, + 0xc7, 0x12, 0x39, 0xdd, 0xc8, 0xb7, 0x43, 0x0e, 0x57, 0xf8, 0xf5, 0x12, 0x91, 0x45, 0x18, 0xb7, + 0xa8, 0xe3, 0xde, 0x75, 0x1e, 0xcc, 0x39, 0x1d, 0xa7, 0xe1, 0x45, 0xfb, 0xb8, 0x11, 0xcc, 0x57, + 0x67, 0x1e, 0x1e, 0xcc, 0x3c, 0x15, 0x50, 0xc7, 0xb5, 0x5b, 0xce, 0x03, 0xbb, 0x21, 0x0a, 0xd5, + 0x75, 0x26, 0x45, 0x17, 0xb3, 0xf2, 0xda, 0x31, 0xab, 0xe1, 0x34, 0x2b, 0xaf, 0xdd, 0x9f, 0x55, + 0x42, 0x27, 0x59, 0xad, 0x39, 0xc1, 0x0e, 0x8d, 0xb8, 0x63, 0x13, 0x2e, 0x1a, 0x97, 0x0d, 0x85, + 0x55, 0x84, 0x65, 0x36, 0x3a, 0x39, 0xd3, 0xac, 0x14, 0x3a, 0x26, 0x79, 0x9b, 0x81, 0x17, 0x51, + 0xb5, 0x87, 0x23, 0xd8, 0x2c, 0x1c, 0x7f, 0x74, 0xed, 0xf6, 0xeb, 0x62, 0x0f, 0x65, 0xc2, 0x4d, + 0xe9, 0x64, 0xa9, 0x87, 0x5b, 0x76, 0x2f, 0x7b, 0x28, 0x63, 0x6e, 0x6a, 0x3f, 0x47, 0xb1, 0x9f, + 0x0a, 0xb7, 0x3e, 0x1d, 0xed, 0xa1, 0x24, 0xcb, 0x6c, 0xd0, 0x22, 0xda, 0x66, 0x12, 0x2d, 0x1c, + 0xbb, 0x63, 0xd8, 0xb4, 0xe7, 0xc5, 0x16, 0xbe, 0x1c, 0xc8, 0x62, 0x3b, 0xc3, 0xcd, 0x9b, 0x26, + 0x26, 0x3f, 0x0e, 0xe3, 0xeb, 0x21, 0xbd, 0xb5, 0xb8, 0x5a, 0x97, 0x51, 0x5d, 0xd3, 0xe3, 0xb8, + 0xb1, 0xbf, 0x7e, 0x84, 0xd2, 0xb9, 0xaa, 0xd2, 0xe0, 0xad, 0x4c, 0xfe, 0xdd, 0xba, 0x21, 0xb5, + 0xb7, 0xbd, 0x4e, 0x68, 0xcb, 0xf0, 0x31, 0xf5, 0xbb, 0xa5, 0xaa, 0x32, 0x17, 0x60, 0xa2, 0x87, + 0x0d, 0x19, 0x03, 0x60, 0x40, 0x7b, 0x7d, 0xb9, 0x3e, 0xbf, 0x56, 0x3e, 0xc5, 0xf6, 0xad, 0xf8, + 0x7b, 0x7e, 0xb9, 0x52, 0x5d, 0x9a, 0xaf, 0x95, 0x0d, 0x32, 0x01, 0xa3, 0x08, 0xa9, 0x2d, 0xd6, + 0x39, 0x28, 0xf7, 0x6e, 0xa1, 0x38, 0x50, 0x1e, 0xb4, 0xca, 0x7c, 0xea, 0x46, 0x6c, 0x02, 0xe0, + 0x9a, 0x62, 0xfe, 0x4a, 0x0e, 0xce, 0xc9, 0x65, 0x85, 0x46, 0xf7, 0xfd, 0x60, 0xcf, 0x6b, 0xef, + 0x3c, 0xe1, 0xab, 0xc3, 0x2d, 0x6d, 0x75, 0x78, 0x3e, 0xb5, 0x52, 0xa7, 0x7a, 0x79, 0xc8, 0x12, + 0xf1, 0x8b, 0x43, 0xf0, 0xf4, 0xa1, 0x54, 0xe4, 0xb3, 0x6c, 0x35, 0xf7, 0x68, 0x3b, 0x5a, 0x74, + 0x9b, 0x94, 0xed, 0x5e, 0xfd, 0x6e, 0x24, 0x0e, 0x12, 0x9e, 0x7b, 0x78, 0x30, 0x33, 0xc9, 0xaf, + 0x54, 0xda, 0x9e, 0xdb, 0xa4, 0x76, 0xc4, 0x8b, 0x35, 0x71, 0xeb, 0xa5, 0x66, 0x2c, 0xe3, 0x0b, + 0xde, 0x8b, 0xed, 0x88, 0x06, 0xf7, 0x1c, 0x7e, 0xb3, 0x4c, 0xb0, 0xdc, 0xa3, 0xb4, 0x63, 0x3b, + 0xac, 0xd4, 0xf6, 0x44, 0xb1, 0xce, 0xb2, 0x87, 0x9a, 0xdc, 0x52, 0x58, 0xce, 0xb1, 0x3d, 0xd5, + 0x5d, 0xe7, 0x81, 0xd8, 0x28, 0x88, 0x00, 0xe3, 0x98, 0x25, 0x0f, 0xd2, 0x6e, 0x39, 0x0f, 0xac, + 0x5e, 0x12, 0xf2, 0x3e, 0x9c, 0x16, 0x0b, 0x10, 0x53, 0xc6, 0x81, 0xdf, 0x94, 0x3d, 0x2e, 0x20, + 0xaf, 0x17, 0x1f, 0x1e, 0xcc, 0x9c, 0x15, 0xcb, 0x97, 0xdd, 0xe0, 0x18, 0x99, 0xbd, 0xce, 0xe6, + 0x42, 0xd6, 0xd8, 0x82, 0x9c, 0x1a, 0x8e, 0xbb, 0x34, 0x0c, 0x9d, 0x1d, 0xb9, 0xa9, 0xe0, 0xa7, + 0x79, 0xca, 0x60, 0xda, 0x2d, 0x5e, 0x6e, 0xf5, 0xa5, 0x24, 0x0b, 0x30, 0xb6, 0x49, 0xb7, 0xd4, + 0xef, 0x33, 0x18, 0xab, 0xaa, 0xf2, 0x7d, 0xba, 0xd5, 0xff, 0xe3, 0xa4, 0xe8, 0x88, 0x07, 0x13, + 0x18, 0xbe, 0xc0, 0x76, 0xc8, 0xb4, 0x4d, 0x03, 0x8c, 0x15, 0x1c, 0x42, 0x65, 0x30, 0x9d, 0x58, + 0xc8, 0x7a, 0x79, 0xf5, 0xd9, 0x87, 0x07, 0x33, 0x4f, 0xf3, 0x50, 0x88, 0xa6, 0x80, 0xdb, 0xa9, + 0xfb, 0xd5, 0xbd, 0x5c, 0xc9, 0x97, 0x60, 0xdc, 0xf2, 0xbb, 0x91, 0xd7, 0xde, 0xa9, 0x47, 0x81, + 0x13, 0xd1, 0x1d, 0xbe, 0x20, 0x25, 0x41, 0x89, 0xa9, 0x52, 0xee, 0xcf, 0x0f, 0x38, 0xd0, 0x0e, + 0x05, 0x54, 0x5b, 0x11, 0x74, 0x02, 0xf2, 0x45, 0x18, 0xe3, 0xd1, 0x54, 0x71, 0x05, 0xc3, 0xda, + 0x55, 0x24, 0xbd, 0x70, 0xe3, 0x3a, 0x6e, 0x06, 0xcf, 0xf1, 0xa8, 0xac, 0xac, 0x0a, 0x52, 0xdc, + 0xc8, 0xe7, 0xc5, 0x60, 0xad, 0x7a, 0xed, 0x9d, 0x58, 0x8c, 0x01, 0x47, 0xfe, 0xd5, 0x64, 0x48, + 0x3a, 0xac, 0xb9, 0x52, 0x8c, 0xfb, 0x6c, 0x52, 0x7b, 0xf9, 0x98, 0x07, 0x06, 0x94, 0xd3, 0x0d, + 0x24, 0x9f, 0x83, 0xe1, 0xca, 0x0e, 0x6d, 0xb3, 0x0f, 0xbf, 0x2b, 0x6e, 0x3f, 0xcb, 0x5c, 0x0c, + 0x31, 0x5c, 0x27, 0x12, 0x37, 0x13, 0x58, 0x21, 0x13, 0x24, 0xc5, 0x73, 0xb7, 0x70, 0xca, 0x4a, + 0x98, 0x11, 0x17, 0x4a, 0xbc, 0x0d, 0x94, 0x32, 0x1b, 0x48, 0xb8, 0xaf, 0x9e, 0x55, 0xbf, 0xb9, + 0x28, 0x4a, 0xf1, 0xc7, 0xa8, 0x30, 0xd1, 0x53, 0x8e, 0xa0, 0x55, 0xa1, 0x71, 0xad, 0x02, 0x14, + 0x25, 0xa1, 0x79, 0x0e, 0xce, 0xf6, 0x69, 0xb3, 0x79, 0x0f, 0xce, 0xf7, 0xaf, 0x91, 0x7c, 0x0e, + 0xa6, 0x90, 0x70, 0xce, 0x6f, 0xb7, 0x69, 0x23, 0xc2, 0x49, 0x26, 0x3d, 0x2e, 0xf9, 0xea, 0xf3, + 0x0f, 0x0f, 0x66, 0x2e, 0xf2, 0xfe, 0x36, 0x62, 0x04, 0x3b, 0xed, 0x7c, 0xc9, 0xe4, 0x60, 0xfe, + 0x52, 0x0e, 0xa6, 0xc5, 0xbc, 0xb5, 0x68, 0xc3, 0x0f, 0xdc, 0x27, 0x7f, 0x9d, 0x98, 0xd7, 0xd6, + 0x89, 0xe7, 0xe2, 0x18, 0xc9, 0xac, 0x4e, 0x1e, 0xb2, 0x4c, 0xfc, 0x8e, 0x01, 0x17, 0x0e, 0x23, + 0x62, 0xa3, 0x13, 0xc7, 0x15, 0x0f, 0xf7, 0xc4, 0x0f, 0x77, 0x60, 0x12, 0x3f, 0x28, 0x1e, 0xd0, + 0x84, 0x0b, 0x7e, 0x18, 0xa1, 0x97, 0x3c, 0xa7, 0x45, 0x0a, 0x55, 0x7d, 0x9f, 0x3b, 0x42, 0xd0, + 0x0f, 0x62, 0x7c, 0xef, 0x60, 0x06, 0x18, 0x88, 0x47, 0x02, 0x33, 0x63, 0x97, 0x4b, 0x19, 0x9e, + 0xff, 0x84, 0x36, 0xc6, 0x84, 0xed, 0xd1, 0xfd, 0xd0, 0xca, 0x62, 0x8d, 0x9e, 0xd0, 0x4a, 0x37, + 0xda, 0x5d, 0x0d, 0xe8, 0x36, 0x0d, 0x68, 0xbb, 0x41, 0x3f, 0x66, 0x9e, 0x50, 0xbd, 0x73, 0xc7, + 0xda, 0x97, 0xff, 0xe9, 0x10, 0x4c, 0x65, 0x91, 0xb1, 0x71, 0x51, 0xb6, 0x82, 0xe9, 0xec, 0x2d, + 0x3f, 0x63, 0x40, 0xa9, 0x4e, 0x1b, 0x7e, 0xdb, 0xbd, 0xe5, 0x34, 0x22, 0x5f, 0xc6, 0x5c, 0xd9, + 0x7c, 0x29, 0x64, 0x70, 0x7b, 0x1b, 0x0b, 0x34, 0xe5, 0xf6, 0x99, 0xe3, 0xed, 0xc0, 0x1a, 0x3e, + 0xc6, 0xf0, 0x47, 0x78, 0x57, 0x29, 0xae, 0x02, 0x4f, 0x0f, 0xb5, 0x4a, 0x49, 0x15, 0x46, 0xc5, + 0x74, 0xf5, 0xd5, 0xb0, 0x72, 0x0c, 0x04, 0x6f, 0xc8, 0x82, 0xb4, 0x27, 0x4e, 0x27, 0x21, 0x37, + 0x20, 0xbf, 0x3e, 0x7b, 0x4b, 0x7c, 0x03, 0x19, 0x2c, 0xbb, 0x3e, 0x7b, 0x0b, 0x9d, 0x3c, 0xcc, + 0x70, 0x1e, 0xed, 0xce, 0x6e, 0xab, 0x67, 0x0d, 0xeb, 0xb3, 0xb7, 0xc8, 0x0a, 0x4c, 0x58, 0xf4, + 0xcb, 0x5d, 0x2f, 0xa0, 0x62, 0x02, 0xdc, 0xbd, 0x55, 0xc1, 0x6f, 0x51, 0xe4, 0x0b, 0x5f, 0xc0, + 0x0b, 0xe5, 0xa6, 0xd6, 0x6e, 0x6d, 0xab, 0x19, 0x0b, 0x7a, 0x69, 0xc9, 0x4f, 0xc2, 0xe9, 0x9a, + 0x17, 0x8a, 0x36, 0x73, 0x27, 0xbf, 0x8b, 0xe7, 0xfd, 0x83, 0x7d, 0xa6, 0xc3, 0xa7, 0x32, 0xa7, + 0xc3, 0xb3, 0x6e, 0xcc, 0xc4, 0xe6, 0x27, 0x08, 0x6e, 0x3a, 0x1e, 0x3f, 0xbb, 0x1e, 0xf2, 0x01, + 0x8c, 0xa1, 0x57, 0x15, 0xcf, 0x3d, 0xf0, 0x8e, 0xd0, 0x50, 0x9f, 0x9a, 0x3f, 0x91, 0x59, 0xf3, + 0x79, 0x74, 0xd2, 0xda, 0x78, 0x7a, 0x82, 0xf7, 0x89, 0xb4, 0xcd, 0xb1, 0xc6, 0x99, 0xbc, 0x0b, + 0xe3, 0xc2, 0x4a, 0x59, 0xd9, 0x5e, 0xdb, 0xa5, 0x35, 0x67, 0x5f, 0x44, 0x0c, 0xe1, 0xc6, 0x47, + 0x98, 0x36, 0xb6, 0xbf, 0x6d, 0x47, 0xbb, 0xd4, 0x76, 0x1d, 0x6d, 0x3d, 0x4f, 0x11, 0x92, 0xaf, + 0xc0, 0xc8, 0x92, 0x8f, 0x07, 0xbc, 0xa8, 0x6a, 0x86, 0x91, 0xcf, 0x7b, 0x98, 0xb1, 0x84, 0x83, + 0x53, 0x56, 0xc7, 0x0f, 0x0f, 0x66, 0xde, 0x38, 0xa9, 0x14, 0x2a, 0x15, 0x58, 0x6a, 0x6d, 0x64, + 0x0e, 0x8a, 0x9b, 0x74, 0x8b, 0xf5, 0x36, 0x7d, 0xdb, 0x5e, 0x82, 0xb9, 0xbe, 0xb8, 0x2f, 0x7e, + 0xa9, 0xa7, 0xa7, 0x12, 0x83, 0x04, 0x30, 0x81, 0xe3, 0xb3, 0xea, 0x84, 0xe1, 0x7d, 0x3f, 0x70, + 0x9b, 0x34, 0x94, 0xc7, 0x90, 0xbd, 0x83, 0x3f, 0x9b, 0x39, 0xf8, 0x17, 0xf8, 0xe0, 0x77, 0x14, + 0x0e, 0xaa, 0xb8, 0xf5, 0xb0, 0x37, 0xff, 0xa1, 0x81, 0x52, 0x4f, 0xae, 0x60, 0x74, 0x69, 0x1c, + 0x7b, 0x83, 0x6e, 0x1c, 0xa7, 0x93, 0xba, 0xbf, 0xc5, 0x51, 0xc8, 0x2b, 0x30, 0x78, 0xcb, 0x69, + 0xd0, 0x48, 0x9e, 0x45, 0x20, 0xf2, 0x36, 0x42, 0x54, 0x9f, 0x0f, 0xc7, 0x61, 0x0b, 0x72, 0x8d, + 0xde, 0xf3, 0x1a, 0xb4, 0x12, 0x45, 0x34, 0xe4, 0x23, 0x3c, 0x57, 0xe1, 0x87, 0xf6, 0xc3, 0x7c, + 0x41, 0x76, 0xb1, 0xdc, 0x76, 0x12, 0x04, 0xbb, 0xe1, 0xa8, 0xbc, 0x32, 0x39, 0x98, 0xff, 0xc3, + 0x48, 0x46, 0x9d, 0xbc, 0x08, 0x05, 0x6b, 0x35, 0x6e, 0x3f, 0x3f, 0x8f, 0x4f, 0x35, 0x1f, 0x11, + 0xc8, 0xe7, 0xe1, 0xb4, 0xc2, 0x07, 0x47, 0x84, 0xba, 0xac, 0x41, 0xbc, 0x33, 0x2f, 0xe0, 0x01, + 0xac, 0xd2, 0x12, 0x87, 0x63, 0xa4, 0x5a, 0x94, 0xcd, 0x03, 0xad, 0x8f, 0xa4, 0xa0, 0x46, 0xdb, + 0x1e, 0xe7, 0xad, 0x74, 0x56, 0xe5, 0xed, 0x22, 0x42, 0xba, 0xb3, 0x59, 0x1c, 0xde, 0x2d, 0x14, + 0x0b, 0xe5, 0x01, 0xf3, 0xcf, 0x0c, 0x25, 0xdd, 0xd4, 0x13, 0xba, 0x62, 0xdd, 0xd4, 0x56, 0xac, + 0x29, 0x41, 0x1a, 0xf7, 0x8a, 0x95, 0x65, 0x5a, 0x19, 0xe3, 0x30, 0xaa, 0x21, 0x61, 0xf0, 0xfd, + 0x7a, 0x48, 0x03, 0xee, 0x8c, 0xff, 0x78, 0x05, 0xdf, 0xc7, 0xfd, 0x3a, 0x56, 0x78, 0xf4, 0x1f, + 0x19, 0xe8, 0xa4, 0x51, 0x29, 0xd8, 0x68, 0x30, 0x90, 0x3a, 0x1a, 0xdd, 0x90, 0x06, 0x16, 0x42, + 0x79, 0x04, 0xed, 0x92, 0x1e, 0x41, 0xdb, 0xb4, 0x18, 0x8c, 0x7c, 0x06, 0x06, 0xd6, 0x71, 0xcb, + 0xa9, 0xc7, 0x4f, 0xc5, 0xfc, 0xb1, 0x90, 0xcf, 0xb0, 0x2e, 0xfb, 0x53, 0x55, 0x10, 0x58, 0x46, + 0xea, 0x30, 0x34, 0x17, 0x50, 0x4c, 0x2c, 0x55, 0x38, 0xfe, 0x41, 0x77, 0x83, 0x93, 0xa4, 0x0f, + 0xba, 0x05, 0x27, 0xf3, 0x17, 0x72, 0x40, 0x92, 0x3e, 0xe2, 0xad, 0xe1, 0xf0, 0x89, 0xfd, 0xe8, + 0xef, 0x68, 0x1f, 0xfd, 0xe9, 0x9e, 0x8f, 0xce, 0xbb, 0x77, 0xac, 0x6f, 0xff, 0xfb, 0x06, 0x9c, + 0xc9, 0x26, 0x24, 0xcf, 0xc1, 0xe0, 0xca, 0xda, 0xaa, 0x0c, 0xc1, 0x13, 0x5d, 0xf1, 0x3b, 0x68, + 0x19, 0x5b, 0xa2, 0x88, 0xbc, 0x0a, 0x83, 0x9f, 0xb5, 0xe6, 0xd8, 0x92, 0xa9, 0xdc, 0xde, 0xfb, + 0x72, 0x60, 0x37, 0xf4, 0x3d, 0xba, 0x40, 0x52, 0xbf, 0x6d, 0xfe, 0xb1, 0x7d, 0xdb, 0x6f, 0xe6, + 0x60, 0xbc, 0xd2, 0x68, 0xd0, 0x30, 0x64, 0x06, 0x11, 0x0d, 0xa3, 0x27, 0xf6, 0xc3, 0x66, 0x07, + 0xd7, 0x69, 0x7d, 0x3b, 0xd6, 0x57, 0xfd, 0x03, 0x03, 0x4e, 0x4b, 0xaa, 0x7b, 0x1e, 0xbd, 0xbf, + 0xb6, 0x1b, 0xd0, 0x70, 0xd7, 0x6f, 0xba, 0xc7, 0xbe, 0xc2, 0xca, 0x56, 0x69, 0xaf, 0x19, 0xd1, + 0x40, 0x3d, 0x99, 0xd9, 0x46, 0x88, 0xb6, 0x4a, 0x23, 0x84, 0x5c, 0x83, 0xa1, 0x4a, 0xa7, 0x13, + 0xf8, 0xf7, 0xf8, 0xb4, 0x1f, 0x15, 0xe7, 0xfe, 0x1c, 0xa4, 0xc5, 0x09, 0x70, 0x10, 0x6b, 0x46, + 0x8d, 0xb6, 0xf9, 0x95, 0x85, 0x51, 0xde, 0x0c, 0x97, 0xb6, 0x55, 0x0b, 0x0d, 0xcb, 0xcd, 0x6f, + 0x14, 0xa0, 0xa4, 0x76, 0x84, 0x98, 0x30, 0xc8, 0xc3, 0xc0, 0xd4, 0x70, 0x1c, 0x07, 0x21, 0x96, + 0x28, 0x49, 0xa2, 0xeb, 0x72, 0x47, 0x46, 0xd7, 0x6d, 0xc2, 0xe8, 0x6a, 0xe0, 0x77, 0xfc, 0x90, + 0xba, 0x3c, 0x37, 0x20, 0xd7, 0x5a, 0x93, 0x71, 0xdc, 0x3a, 0x1f, 0x73, 0x74, 0x3f, 0xe3, 0x76, + 0xa0, 0x23, 0xb0, 0xed, 0x74, 0xe6, 0x40, 0x9d, 0x0f, 0x3f, 0xd9, 0x72, 0x42, 0x71, 0x89, 0x28, + 0x3e, 0xd9, 0x62, 0x10, 0xfd, 0x64, 0x8b, 0x41, 0xd4, 0x69, 0x31, 0xf0, 0xb8, 0xa6, 0x05, 0xf9, + 0x05, 0x03, 0x46, 0x2a, 0xed, 0xb6, 0x88, 0xae, 0x3b, 0x22, 0x3c, 0xe0, 0x0b, 0xe2, 0x70, 0xeb, + 0x8d, 0x0f, 0x75, 0xb8, 0xb5, 0x16, 0x38, 0x5e, 0x14, 0x62, 0xd0, 0x44, 0x52, 0xa1, 0x1a, 0xa7, + 0xaf, 0xb4, 0x83, 0xbc, 0x01, 0xe5, 0x58, 0x1e, 0x17, 0xdb, 0x2e, 0x7d, 0x40, 0x79, 0x30, 0xe2, + 0x28, 0xbf, 0xe1, 0xac, 0x9d, 0xda, 0xa5, 0x11, 0xcd, 0x6f, 0x1a, 0x70, 0x46, 0x15, 0x88, 0x7a, + 0x77, 0xab, 0xe5, 0xe1, 0xf6, 0x87, 0x5c, 0x85, 0x61, 0xf1, 0xbd, 0x62, 0x43, 0xae, 0x37, 0xa1, + 0x64, 0x82, 0x42, 0xe6, 0xd9, 0x27, 0x62, 0x3c, 0x84, 0xaf, 0x60, 0x32, 0x35, 0xdd, 0x58, 0x51, + 0x75, 0x5a, 0x0c, 0x76, 0x39, 0xc0, 0xdf, 0xfa, 0xb7, 0x63, 0x10, 0xf3, 0x6d, 0x98, 0xd0, 0x5b, + 0x59, 0xa7, 0x78, 0x05, 0x56, 0x76, 0xcd, 0xc8, 0xee, 0x9a, 0x2c, 0x37, 0x37, 0x81, 0xf4, 0xd0, + 0x87, 0x78, 0x42, 0x4b, 0x23, 0x19, 0x41, 0x20, 0xfd, 0xa3, 0x3d, 0x88, 0x71, 0x6a, 0xd5, 0x11, + 0x75, 0xb8, 0x91, 0xd4, 0xfc, 0x57, 0x23, 0x30, 0x99, 0xa1, 0x3a, 0x8e, 0x58, 0xda, 0x67, 0xf4, + 0xc9, 0x33, 0x1c, 0x47, 0xde, 0xc8, 0x29, 0xf3, 0xb6, 0x4c, 0xa3, 0x79, 0xc8, 0x54, 0x39, 0x2c, + 0xb7, 0xe6, 0x47, 0xb1, 0xbc, 0xab, 0xc1, 0x71, 0x03, 0x8f, 0x2d, 0x38, 0xae, 0x0a, 0xa3, 0xa2, + 0x57, 0x62, 0x2a, 0x0f, 0x26, 0x6e, 0x81, 0x80, 0x17, 0xd8, 0x3d, 0x53, 0x5a, 0x27, 0xe1, 0x3c, + 0x42, 0xbf, 0x79, 0x8f, 0x0a, 0x1e, 0x43, 0x2a, 0x0f, 0x2c, 0xc8, 0xe4, 0xa1, 0x90, 0x90, 0xbf, + 0x6d, 0x00, 0x11, 0x10, 0x75, 0x3e, 0x17, 0x0f, 0x9b, 0xcf, 0xee, 0xe3, 0x99, 0xcf, 0x4f, 0xcb, + 0x36, 0x66, 0xcf, 0xeb, 0x8c, 0x66, 0x91, 0xbf, 0x69, 0xc0, 0x04, 0x8f, 0xd0, 0x52, 0x1b, 0x3b, + 0x7c, 0x58, 0x63, 0x1b, 0x8f, 0xa7, 0xb1, 0x17, 0x42, 0xac, 0xb6, 0x4f, 0x5b, 0x7b, 0x1b, 0x45, + 0x7e, 0x14, 0x20, 0x9e, 0x51, 0x32, 0x12, 0xf8, 0x42, 0x86, 0x16, 0x88, 0x91, 0x92, 0x4b, 0xde, + 0x51, 0x4c, 0xa7, 0x25, 0xbe, 0x88, 0xa1, 0xe4, 0x27, 0x61, 0x8a, 0xcd, 0x97, 0x18, 0x22, 0xe2, + 0x49, 0xa7, 0x47, 0xb0, 0x96, 0x4f, 0xf6, 0x5f, 0xda, 0xaf, 0x66, 0x91, 0xf1, 0x4b, 0x5d, 0x49, + 0xe2, 0xa0, 0xa8, 0xa5, 0x6e, 0xf9, 0xb2, 0x28, 0x30, 0x70, 0x1c, 0x5b, 0xcf, 0xef, 0x3a, 0xf7, + 0xd1, 0x6f, 0xe7, 0xe4, 0x5c, 0xe0, 0xfa, 0x2d, 0xd4, 0x6f, 0x65, 0x21, 0x88, 0x7c, 0x16, 0x48, + 0x1c, 0x0e, 0xc6, 0x61, 0x34, 0x90, 0x79, 0xf4, 0xd0, 0x4d, 0x95, 0x04, 0x92, 0x05, 0xb2, 0x58, + 0x15, 0x92, 0x5e, 0x62, 0x42, 0x61, 0x4a, 0x74, 0x9a, 0x41, 0x65, 0xf6, 0x8b, 0x70, 0x7a, 0x4c, + 0x8b, 0xd6, 0x4d, 0x4a, 0x92, 0x0c, 0x43, 0x4a, 0x0a, 0x0d, 0x6d, 0xdb, 0x9b, 0xc5, 0x8e, 0xdc, + 0x84, 0xe1, 0x25, 0x7f, 0xc7, 0x6b, 0x2f, 0xc8, 0x73, 0x67, 0x71, 0x06, 0xd6, 0x64, 0x40, 0x7b, + 0x57, 0x3f, 0x3d, 0x4e, 0x50, 0x99, 0x55, 0x5b, 0x0b, 0xf6, 0xad, 0x6e, 0x7b, 0xba, 0x8c, 0xce, + 0x38, 0x34, 0x67, 0xdc, 0x60, 0xdf, 0x0e, 0xba, 0xda, 0xf2, 0xcd, 0x91, 0xce, 0x6f, 0xc1, 0xb9, + 0xbe, 0x1f, 0x2d, 0xe3, 0xfe, 0xd8, 0x35, 0xfd, 0xfe, 0xd8, 0xb9, 0x7e, 0xca, 0x3d, 0x54, 0xef, + 0x90, 0xfd, 0x9a, 0x91, 0xd2, 0xe6, 0xc2, 0xf4, 0xe2, 0xf9, 0x93, 0xfb, 0x2d, 0x77, 0x39, 0xcc, + 0xd7, 0xc3, 0xf5, 0x7d, 0x2e, 0x31, 0xf9, 0x98, 0xbe, 0x57, 0xd7, 0x0b, 0xd4, 0xfc, 0x8f, 0xa8, + 0xd8, 0xcd, 0xbf, 0x6f, 0x00, 0xe1, 0x2d, 0x9c, 0x73, 0x3a, 0xce, 0x96, 0xd7, 0xf4, 0x22, 0x8f, + 0x86, 0xe4, 0x0e, 0x94, 0x05, 0x0b, 0x67, 0xab, 0x49, 0xd5, 0xa8, 0x4e, 0x11, 0x87, 0x11, 0x97, + 0xd9, 0x69, 0x23, 0xad, 0x87, 0xb0, 0x8f, 0x28, 0xe6, 0x1e, 0x41, 0x14, 0xcd, 0x1f, 0x18, 0x70, + 0xae, 0xb7, 0xd9, 0xa2, 0xe6, 0x78, 0xf0, 0x8c, 0x23, 0x06, 0x2f, 0xab, 0x97, 0x39, 0x94, 0x9d, + 0xc7, 0xd6, 0xcb, 0x7c, 0xe2, 0x17, 0x3e, 0x79, 0x2f, 0xef, 0xab, 0x29, 0x69, 0xc8, 0xab, 0x59, + 0x01, 0x73, 0xfc, 0x26, 0x1e, 0x07, 0xeb, 0xb1, 0x72, 0x72, 0x33, 0x95, 0xcb, 0xdc, 0x4c, 0xc9, + 0x4b, 0x85, 0xf9, 0xac, 0x4b, 0x85, 0xe6, 0xd7, 0x73, 0x50, 0x5a, 0x6d, 0x76, 0x77, 0xbc, 0x76, + 0xcd, 0x89, 0x9c, 0x27, 0x76, 0x67, 0xf6, 0xba, 0xb6, 0x33, 0x8b, 0x23, 0x3a, 0xe3, 0x8e, 0x1d, + 0x6b, 0x5b, 0xf6, 0x1d, 0x03, 0xc6, 0x13, 0x12, 0xae, 0x1e, 0x16, 0xa0, 0xc0, 0x7e, 0x08, 0x43, + 0xef, 0x62, 0x0f, 0x63, 0xc4, 0xba, 0x1a, 0xff, 0x25, 0xf6, 0x4a, 0x7a, 0xea, 0x62, 0xe4, 0x70, + 0xfe, 0x53, 0x3c, 0x89, 0xe8, 0xc9, 0xb3, 0xa4, 0xff, 0x9e, 0x01, 0xe5, 0x74, 0x4f, 0xc8, 0x1d, + 0x18, 0x62, 0x9c, 0xbc, 0x38, 0x21, 0xe9, 0xf3, 0x7d, 0xfa, 0x7c, 0x55, 0xa0, 0xf1, 0xe6, 0xe1, + 0xe0, 0x53, 0x0e, 0xb1, 0x24, 0x87, 0xf3, 0x16, 0x94, 0x54, 0xac, 0x8c, 0xd6, 0xbd, 0xa2, 0xeb, + 0xc4, 0x33, 0xd9, 0xe3, 0xa0, 0xb6, 0xfa, 0x57, 0xb5, 0x56, 0x0b, 0x6d, 0x78, 0xdc, 0x74, 0xd4, + 0x78, 0x0d, 0x97, 0x4f, 0x07, 0x55, 0xce, 0xe4, 0xe2, 0xa2, 0x5f, 0xc3, 0xe5, 0x30, 0xb6, 0xa5, + 0xe3, 0xf5, 0x09, 0x39, 0xc3, 0x2d, 0x5d, 0x07, 0x21, 0xea, 0x9a, 0xc0, 0x71, 0xcc, 0xbf, 0x92, + 0x87, 0x33, 0x49, 0xf3, 0x78, 0x72, 0xee, 0x55, 0x27, 0x70, 0x5a, 0xe1, 0x11, 0x33, 0xe0, 0x72, + 0x4f, 0xd3, 0x30, 0x9f, 0x85, 0x6c, 0x9a, 0xd2, 0x20, 0x33, 0xd5, 0x20, 0xdc, 0x0b, 0xf3, 0x06, + 0xc9, 0x66, 0x90, 0x3b, 0x90, 0xaf, 0xd3, 0x48, 0x5c, 0x46, 0xbf, 0xd4, 0x33, 0xaa, 0x6a, 0xbb, + 0xae, 0xd6, 0x69, 0xc4, 0x3f, 0x22, 0xbf, 0x8a, 0x43, 0xb5, 0xab, 0x31, 0x6c, 0x57, 0xb3, 0x09, + 0x83, 0xf3, 0x0f, 0x3a, 0xb4, 0x11, 0x89, 0x3b, 0xe8, 0x2f, 0x1d, 0xce, 0x8f, 0xe3, 0x2a, 0x37, + 0xdd, 0x29, 0x02, 0xd4, 0xc1, 0xe2, 0x28, 0xe7, 0x6f, 0x42, 0x51, 0x56, 0x7e, 0xa2, 0x1b, 0xdb, + 0xaf, 0xc3, 0x88, 0x52, 0xc9, 0x89, 0x84, 0xfe, 0x2f, 0x0c, 0x18, 0x64, 0xda, 0x76, 0xe3, 0xb5, + 0x27, 0x54, 0x23, 0xdd, 0xd0, 0x34, 0xd2, 0x84, 0x72, 0x2b, 0x10, 0xe7, 0xe5, 0x6b, 0x47, 0xe8, + 0xa2, 0x03, 0x03, 0x20, 0x41, 0x26, 0xb7, 0x61, 0x48, 0xa4, 0xc5, 0x12, 0xb1, 0x1f, 0xea, 0x35, + 0x43, 0x99, 0xe4, 0x33, 0x36, 0x16, 0xfd, 0x4e, 0xda, 0xba, 0x96, 0xd4, 0xa4, 0x96, 0x5c, 0xc5, + 0x50, 0x2f, 0xc7, 0x33, 0x36, 0x73, 0x7e, 0x9b, 0x5f, 0x3b, 0x53, 0xd2, 0x85, 0xf6, 0xb9, 0x93, + 0x51, 0x11, 0xfe, 0xa1, 0xfc, 0x61, 0x4c, 0xce, 0x08, 0x26, 0xd9, 0xae, 0xa3, 0xff, 0x3e, 0xc6, + 0x2f, 0x72, 0xc9, 0x86, 0xbd, 0x05, 0xa5, 0x5b, 0x7e, 0x70, 0xdf, 0x09, 0x5c, 0x8c, 0xcf, 0xc0, + 0x6e, 0xf2, 0x34, 0x76, 0xa3, 0xdb, 0x1c, 0x6e, 0x63, 0x68, 0xc7, 0x0f, 0x0f, 0x66, 0x0a, 0x55, + 0xdf, 0x6f, 0x5a, 0x1a, 0x3a, 0x59, 0x81, 0xd1, 0xbb, 0xce, 0x03, 0x71, 0xd4, 0xba, 0xb6, 0xb6, + 0x24, 0x62, 0xca, 0x5e, 0x7a, 0x78, 0x30, 0x73, 0xae, 0xe5, 0x3c, 0x88, 0x8f, 0x68, 0xfb, 0xdf, + 0x16, 0xd1, 0xe9, 0x89, 0x07, 0x63, 0xab, 0x7e, 0x10, 0x89, 0x4a, 0xd8, 0xd6, 0x20, 0xdf, 0xe7, + 0xb0, 0xee, 0x5a, 0xe6, 0x61, 0xdd, 0x39, 0xb6, 0x1f, 0xb2, 0xb7, 0x63, 0x72, 0xed, 0xf6, 0xb1, + 0xc6, 0x98, 0xbc, 0x05, 0x13, 0x73, 0x34, 0x88, 0xbc, 0x6d, 0xaf, 0xe1, 0x44, 0xf4, 0x96, 0x1f, + 0xb4, 0x9c, 0x48, 0xf8, 0xa5, 0xd0, 0x2f, 0xd1, 0xa0, 0x9c, 0x53, 0xcb, 0x89, 0xac, 0x5e, 0x4c, + 0xf2, 0xf9, 0xac, 0x28, 0xbd, 0x81, 0x24, 0x16, 0x29, 0x23, 0x4a, 0xaf, 0x5f, 0x2c, 0x52, 0x6f, + 0xbc, 0xde, 0xce, 0x61, 0x27, 0xd6, 0xc5, 0xea, 0x75, 0x71, 0x7a, 0x7e, 0xf4, 0x89, 0x74, 0xfc, + 0xdd, 0xfa, 0x9c, 0x4c, 0xcf, 0x42, 0xbe, 0xba, 0x7a, 0x0b, 0x3d, 0x4d, 0xe2, 0x84, 0x98, 0xb6, + 0x77, 0x9d, 0x76, 0x03, 0x8d, 0x28, 0x11, 0x76, 0xa2, 0x2a, 0xbc, 0xea, 0xea, 0x2d, 0xe2, 0xc0, + 0xe4, 0x2a, 0x0d, 0x5a, 0x5e, 0xf4, 0xb9, 0xeb, 0xd7, 0x95, 0x0f, 0x55, 0xc4, 0xa6, 0x5d, 0x13, + 0x4d, 0x9b, 0xe9, 0x20, 0x8a, 0xfd, 0xe0, 0xfa, 0xf5, 0xcc, 0xcf, 0x11, 0x37, 0x2c, 0x8b, 0x17, + 0x99, 0x87, 0xb1, 0xbb, 0xce, 0x83, 0x24, 0x5a, 0x28, 0x14, 0xf1, 0xce, 0x4f, 0x4b, 0xc1, 0x4a, + 0x22, 0x8d, 0xd4, 0xf9, 0x96, 0x22, 0x22, 0x6f, 0xc2, 0x48, 0x22, 0x5e, 0xa1, 0x88, 0x14, 0xc3, + 0x30, 0x6e, 0x45, 0x38, 0x35, 0x97, 0x9c, 0x82, 0x4e, 0xd6, 0x63, 0x4f, 0x07, 0xb7, 0x84, 0x45, + 0x4a, 0xad, 0x6b, 0xaa, 0xa7, 0xc3, 0xc1, 0x12, 0xad, 0x5b, 0xe3, 0xf1, 0xde, 0x80, 0x87, 0x4f, + 0x59, 0x3a, 0x17, 0xc5, 0x81, 0xb2, 0x1a, 0xf8, 0xad, 0x4e, 0x84, 0x51, 0xce, 0x29, 0x07, 0x4a, + 0x07, 0x4b, 0x32, 0x1c, 0x28, 0x9c, 0x24, 0x3b, 0x44, 0x62, 0xf4, 0x11, 0x42, 0x24, 0x28, 0x14, + 0x96, 0xfc, 0xc6, 0x1e, 0x86, 0x35, 0x0f, 0x57, 0x3f, 0xcb, 0xf4, 0x47, 0xd3, 0x6f, 0xec, 0x3d, + 0xbe, 0xa3, 0x7d, 0x64, 0x4f, 0x96, 0x59, 0xdf, 0x99, 0x58, 0x89, 0xaa, 0x71, 0xfb, 0x99, 0x1c, + 0x58, 0x6a, 0x65, 0xdc, 0x50, 0xe1, 0x52, 0x28, 0x3b, 0x62, 0xe9, 0xe4, 0x84, 0x42, 0xb9, 0x46, + 0xc3, 0xbd, 0xc8, 0xef, 0xcc, 0x35, 0xbd, 0xce, 0x96, 0xef, 0x04, 0x2e, 0x6e, 0x4e, 0xb3, 0x14, + 0xc6, 0x8b, 0x99, 0x0a, 0x63, 0xc2, 0xe5, 0xf4, 0x76, 0x43, 0x32, 0xb0, 0x7a, 0x58, 0x92, 0xcf, + 0xc3, 0x18, 0x9b, 0x2d, 0xf3, 0x0f, 0x22, 0xda, 0xe6, 0xa2, 0x34, 0x81, 0x4b, 0xfd, 0x94, 0x72, + 0x0f, 0x3b, 0x2e, 0xe4, 0x42, 0x8a, 0xda, 0x83, 0xc6, 0x04, 0xaa, 0x90, 0xea, 0xac, 0x88, 0x0b, + 0xd3, 0x77, 0x9d, 0x07, 0x4a, 0x36, 0x37, 0x45, 0xea, 0x09, 0x4a, 0x2c, 0xe6, 0x5a, 0x65, 0x12, + 0xbb, 0x17, 0x23, 0xf5, 0x99, 0x00, 0x7d, 0x39, 0x91, 0xaf, 0xc0, 0x59, 0xd1, 0xad, 0x1a, 0xe6, + 0x4f, 0xf1, 0x83, 0xfd, 0xfa, 0xae, 0x83, 0x91, 0x87, 0x93, 0x27, 0xd3, 0xb0, 0x72, 0xc0, 0x5c, + 0xc9, 0xc7, 0x0e, 0x39, 0x23, 0xab, 0x5f, 0x0d, 0xe4, 0x4b, 0x30, 0xc6, 0x7d, 0x92, 0x0b, 0x7e, + 0x18, 0xe1, 0xce, 0x71, 0xaa, 0x4f, 0x9d, 0x97, 0x32, 0xeb, 0x2c, 0x73, 0x47, 0x27, 0x0f, 0x41, + 0x43, 0xb7, 0x6c, 0x8a, 0x1f, 0x79, 0x03, 0x46, 0x56, 0xbd, 0x76, 0x9d, 0x6f, 0xe5, 0x56, 0xa7, + 0x4f, 0x27, 0xcb, 0x58, 0xc7, 0x6b, 0xdb, 0xd2, 0x39, 0xd2, 0x89, 0xb5, 0x8e, 0x8a, 0x4d, 0x36, + 0x61, 0xa4, 0x5e, 0x5f, 0xb8, 0xe5, 0xb1, 0x75, 0xb4, 0xb3, 0x3f, 0x7d, 0xa6, 0x4f, 0xdb, 0x9e, + 0xcb, 0x6c, 0xdb, 0x68, 0x18, 0xee, 0x62, 0x32, 0x51, 0xbb, 0xe1, 0x77, 0xf6, 0x2d, 0x95, 0x93, + 0xf9, 0x4f, 0x73, 0x29, 0x79, 0x27, 0x8b, 0x30, 0x24, 0x06, 0x49, 0x58, 0x14, 0xbd, 0xd5, 0x3c, + 0x9d, 0x59, 0xcd, 0x90, 0x18, 0x76, 0x4b, 0xd2, 0x93, 0xfb, 0x8c, 0xd5, 0xb6, 0xd3, 0x6d, 0xca, + 0x1c, 0xa1, 0xef, 0x73, 0x71, 0x46, 0x90, 0x36, 0x71, 0x6b, 0x27, 0x8f, 0x0c, 0xd3, 0x03, 0x0f, + 0x71, 0x06, 0xcb, 0xda, 0xc8, 0x1e, 0xbf, 0xb3, 0x9e, 0x8f, 0xa3, 0x81, 0xf4, 0x0b, 0xea, 0x8f, + 0xad, 0x42, 0x56, 0x8b, 0xf9, 0x8f, 0x0d, 0x18, 0xd5, 0x26, 0x0c, 0xb9, 0xa9, 0xc4, 0xce, 0x25, + 0x41, 0xd2, 0x1a, 0x4e, 0xe6, 0x9b, 0x68, 0x37, 0x45, 0xc0, 0x64, 0xae, 0x3f, 0x5d, 0x66, 0x2a, + 0xd6, 0x43, 0x77, 0xf2, 0x49, 0x7a, 0xa0, 0x42, 0x9f, 0xf4, 0x40, 0x5f, 0x1f, 0x83, 0x31, 0xdd, + 0x44, 0x63, 0x7b, 0x26, 0xf4, 0xaa, 0x49, 0x97, 0x0f, 0x4f, 0x78, 0x85, 0x10, 0xed, 0x81, 0x31, + 0x84, 0x90, 0x17, 0x00, 0xe2, 0x18, 0x0d, 0xe9, 0xd5, 0x11, 0xcf, 0xa1, 0x29, 0x05, 0xe4, 0x8b, + 0x00, 0xcb, 0xbe, 0x4b, 0xe3, 0x3c, 0x6b, 0x87, 0x78, 0x96, 0x5f, 0xec, 0xb9, 0xf5, 0x7a, 0xba, + 0xed, 0xbb, 0xb4, 0xf7, 0xc2, 0xab, 0xc2, 0x91, 0x7c, 0x1a, 0x06, 0xac, 0x6e, 0x93, 0xca, 0x14, + 0x5e, 0x23, 0x52, 0x65, 0x77, 0x9b, 0xca, 0x2b, 0x05, 0x41, 0x37, 0x7d, 0xa0, 0xc8, 0x00, 0xe4, + 0x1d, 0x00, 0xa6, 0x95, 0x30, 0xbd, 0xb4, 0x4c, 0xef, 0x81, 0x1e, 0x20, 0x45, 0xa1, 0x61, 0x52, + 0x6a, 0xad, 0xf2, 0x84, 0x84, 0xac, 0xc0, 0x90, 0x58, 0x00, 0xc5, 0x81, 0xdd, 0x33, 0x59, 0xae, + 0x62, 0xc5, 0x0a, 0x16, 0x39, 0xb5, 0x10, 0xac, 0x7b, 0x6f, 0xb9, 0x07, 0xeb, 0x4d, 0x18, 0x66, + 0xec, 0x79, 0xda, 0x7d, 0x6e, 0xfd, 0x60, 0xb4, 0xbb, 0xd2, 0xa0, 0x74, 0xe6, 0xfd, 0x84, 0x80, + 0x7c, 0x1e, 0x33, 0xe7, 0x89, 0xa1, 0x3e, 0xf4, 0xc4, 0xe1, 0x52, 0xcf, 0x50, 0x4f, 0x39, 0x9d, + 0x4e, 0x46, 0x26, 0xd4, 0x98, 0x1f, 0xd9, 0x89, 0x6f, 0xb6, 0xc6, 0xef, 0xdb, 0x1c, 0x52, 0xc1, + 0x95, 0x9e, 0x0a, 0xa6, 0xe5, 0x65, 0xcd, 0xde, 0x7c, 0x79, 0x1a, 0x5f, 0xd2, 0x81, 0x72, 0xb2, + 0x56, 0x88, 0xba, 0xe0, 0xb0, 0xba, 0x5e, 0xed, 0xa9, 0x4b, 0xfd, 0x80, 0x3d, 0xd5, 0xf5, 0x70, + 0x27, 0x6e, 0xf2, 0xac, 0x88, 0xa8, 0x6f, 0xe4, 0xb0, 0xfa, 0x5e, 0xe8, 0xa9, 0x6f, 0xd2, 0xdd, + 0xea, 0xad, 0x27, 0xc5, 0x93, 0xbc, 0x09, 0xa3, 0x12, 0x82, 0xf3, 0x43, 0x64, 0x35, 0xe5, 0x0f, + 0xe2, 0x6c, 0x61, 0xc4, 0xaa, 0x9e, 0xf8, 0x4d, 0x45, 0x56, 0xa9, 0xb9, 0x74, 0x8c, 0x6a, 0xd4, + 0x69, 0xa9, 0xd0, 0x91, 0xc9, 0x7b, 0x30, 0xb2, 0xd8, 0x62, 0x1d, 0xf1, 0xdb, 0x4e, 0x44, 0xd1, + 0x9c, 0x4a, 0x4e, 0x4f, 0x94, 0x12, 0x45, 0x54, 0x79, 0xbe, 0xed, 0xa4, 0x48, 0x35, 0x47, 0x15, + 0x0a, 0x36, 0x78, 0xdc, 0x73, 0x29, 0x64, 0x38, 0x14, 0xc6, 0xd3, 0xd3, 0x19, 0x27, 0x18, 0x0a, + 0x7b, 0xb4, 0x46, 0xb8, 0x43, 0xd4, 0x16, 0x13, 0x42, 0x1b, 0x3c, 0x9d, 0x27, 0x79, 0x0b, 0x46, + 0x44, 0xda, 0x82, 0x8a, 0xb5, 0x1c, 0x4e, 0x97, 0x93, 0x17, 0x29, 0x64, 0x86, 0x03, 0xdb, 0x09, + 0x52, 0xc7, 0xd8, 0x09, 0x3e, 0xf9, 0x1c, 0x4c, 0x6d, 0x7a, 0x6d, 0xd7, 0xbf, 0x1f, 0x8a, 0x65, + 0x4a, 0x28, 0xba, 0x89, 0x24, 0x58, 0xef, 0x3e, 0x2f, 0xb7, 0xa5, 0x1d, 0xd1, 0xa3, 0xf8, 0x32, + 0x39, 0x90, 0x9f, 0xe8, 0xe1, 0xcc, 0x25, 0x88, 0x1c, 0x26, 0x41, 0xb3, 0x3d, 0x12, 0xd4, 0x5b, + 0x7d, 0x5a, 0x9c, 0x32, 0xab, 0x21, 0x3e, 0x10, 0xdd, 0x6a, 0x7e, 0xd7, 0xf7, 0xda, 0xd3, 0x93, + 0xda, 0xeb, 0x91, 0xf1, 0x2a, 0x86, 0x78, 0xab, 0x7e, 0xd3, 0x6b, 0xec, 0xcb, 0x24, 0xfe, 0xba, + 0x3d, 0xfe, 0x81, 0xaf, 0xb9, 0xc7, 0x32, 0x58, 0x93, 0xf7, 0xa0, 0xc4, 0xfe, 0x8f, 0x37, 0x2f, + 0x53, 0xda, 0x99, 0xb7, 0x82, 0x29, 0xea, 0xc1, 0x6f, 0x84, 0x79, 0x15, 0x32, 0xf6, 0x35, 0x1a, + 0x2b, 0xf2, 0x3a, 0x00, 0x33, 0x9c, 0x84, 0x3a, 0x3e, 0x9d, 0x24, 0xbf, 0x40, 0xfb, 0xaa, 0x57, + 0x11, 0x27, 0xc8, 0x6c, 0x47, 0xc5, 0x7e, 0xd5, 0xbb, 0xae, 0xcf, 0xe6, 0xc6, 0x19, 0xa4, 0xc5, + 0x1d, 0x15, 0xd2, 0x86, 0x1c, 0xae, 0x4a, 0x87, 0x82, 0x6e, 0xfe, 0xc0, 0x80, 0xa9, 0xac, 0x41, + 0x3a, 0x22, 0x05, 0x9f, 0x99, 0x0a, 0xbb, 0x41, 0x97, 0x1e, 0x0f, 0xbb, 0x89, 0x83, 0x6d, 0x66, + 0x60, 0xe0, 0x8e, 0xd7, 0x76, 0x65, 0x58, 0x28, 0xae, 0xc3, 0x7b, 0x0c, 0x60, 0x71, 0x38, 0x43, + 0xe0, 0xb7, 0x56, 0xd8, 0x42, 0x3d, 0xc0, 0x11, 0xf0, 0x92, 0x8a, 0xc5, 0xe1, 0x0c, 0x81, 0xad, + 0xf7, 0x72, 0x7d, 0x42, 0x04, 0x66, 0x06, 0x84, 0x16, 0x87, 0x93, 0x4b, 0x30, 0xb4, 0xd2, 0x5e, + 0xa2, 0xce, 0x3d, 0x2a, 0xce, 0xbc, 0xd1, 0x05, 0xe9, 0xb7, 0xed, 0x26, 0x83, 0x59, 0xb2, 0xd0, + 0xfc, 0x8e, 0x01, 0x13, 0x3d, 0xdf, 0xe7, 0xe8, 0x2c, 0x83, 0x87, 0x07, 0x18, 0x1c, 0xa7, 0x7f, + 0xbc, 0xf9, 0x85, 0xec, 0xe6, 0x9b, 0xbf, 0x53, 0x80, 0xb3, 0x7d, 0x96, 0xcb, 0x24, 0x38, 0xc8, + 0x38, 0x32, 0x38, 0xe8, 0x0b, 0x6c, 0x79, 0x72, 0xbc, 0x56, 0xb8, 0xe6, 0x27, 0x2d, 0x4e, 0xce, + 0x51, 0xb1, 0x4c, 0x66, 0xe0, 0x92, 0xd9, 0xa2, 0xce, 0x35, 0x90, 0xc2, 0x8e, 0xfc, 0x9e, 0x73, + 0x1e, 0x9d, 0x59, 0x4f, 0x78, 0x4e, 0xfe, 0x2f, 0x49, 0x78, 0x8e, 0x7e, 0x28, 0x5e, 0x78, 0xac, + 0x87, 0xe2, 0xd9, 0x07, 0x5b, 0x03, 0x8f, 0x72, 0x92, 0x3c, 0x07, 0xa3, 0x75, 0xea, 0x04, 0x8d, + 0xdd, 0x4a, 0xc8, 0x3f, 0x12, 0x4f, 0xa1, 0x8c, 0x6b, 0x41, 0x88, 0x05, 0xb6, 0x13, 0xf6, 0x7e, + 0x0b, 0x8d, 0xc6, 0xfc, 0xd7, 0xa9, 0xa8, 0xa2, 0xbf, 0x8c, 0xf2, 0xf2, 0x12, 0x0c, 0x6c, 0xee, + 0xd2, 0x40, 0x5a, 0xe7, 0xd8, 0x90, 0xfb, 0x0c, 0xa0, 0x36, 0x04, 0x31, 0xcc, 0xaf, 0x40, 0x49, + 0xad, 0x0c, 0x15, 0x02, 0xfb, 0x2d, 0x66, 0x24, 0x57, 0x08, 0x0c, 0x60, 0x71, 0xf8, 0x91, 0x99, + 0x3f, 0x93, 0x51, 0xc8, 0x1f, 0x35, 0x0a, 0xac, 0x72, 0x94, 0x37, 0xa5, 0x72, 0xfc, 0xad, 0x56, + 0x1e, 0x31, 0x80, 0xc5, 0xe1, 0x8f, 0xb5, 0xf2, 0x7f, 0x6e, 0x40, 0x01, 0x13, 0x26, 0xbd, 0x06, + 0xc3, 0xf2, 0x9c, 0x44, 0x4d, 0x22, 0x34, 0x29, 0x8f, 0x51, 0x42, 0x3d, 0x26, 0x4c, 0x00, 0x59, + 0x55, 0x1b, 0x34, 0xd8, 0xd2, 0x42, 0x07, 0xef, 0x31, 0x80, 0x5a, 0x15, 0x62, 0x9c, 0xe0, 0x7b, + 0x60, 0x78, 0xa4, 0x70, 0x73, 0x70, 0x95, 0xc5, 0xc3, 0x23, 0x7b, 0x7c, 0x1a, 0x12, 0xcb, 0xfc, + 0x65, 0x03, 0x4e, 0x67, 0x9a, 0x50, 0xac, 0x56, 0x6e, 0xab, 0x29, 0xe2, 0x98, 0x36, 0xd4, 0x38, + 0xc6, 0x49, 0xc2, 0x20, 0x4f, 0x20, 0x5b, 0xcf, 0xc2, 0x70, 0xbc, 0x81, 0x27, 0x53, 0xf2, 0xd3, + 0xa1, 0x33, 0x5d, 0xee, 0x03, 0xff, 0xc2, 0x80, 0x41, 0xd6, 0x84, 0x27, 0xf6, 0x56, 0x5c, 0xf6, + 0xd1, 0x0a, 0xeb, 0xd2, 0xb1, 0xee, 0xc2, 0xfd, 0xc6, 0x20, 0x40, 0x82, 0x4c, 0xb6, 0x60, 0x6c, + 0x65, 0xb1, 0x36, 0xb7, 0xe8, 0xd2, 0x76, 0x84, 0xb1, 0x05, 0xa9, 0xb4, 0x40, 0x71, 0x36, 0x5a, + 0x8e, 0xb0, 0x9f, 0xe8, 0x06, 0xdf, 0x73, 0x1b, 0xb6, 0x17, 0xd3, 0xa9, 0xb6, 0xac, 0xce, 0x91, + 0xd5, 0x51, 0xaf, 0xdc, 0x5d, 0x52, 0xea, 0xc8, 0x1d, 0xb3, 0x8e, 0xd0, 0x69, 0x35, 0xfb, 0xd4, + 0xa1, 0x73, 0x24, 0xbb, 0x50, 0xbe, 0x8d, 0xab, 0x8f, 0x52, 0x4b, 0xfe, 0xf0, 0x5a, 0x9e, 0x13, + 0xb5, 0x3c, 0xc5, 0x97, 0xad, 0xec, 0x7a, 0x7a, 0xb8, 0x26, 0x92, 0x5b, 0x38, 0x52, 0x72, 0x7f, + 0xd6, 0x80, 0x41, 0xbe, 0xbc, 0xc5, 0xcf, 0x48, 0x66, 0x2e, 0xa0, 0x9b, 0x8f, 0x67, 0x01, 0x2d, + 0xa3, 0xe6, 0xd2, 0x7c, 0x17, 0xbc, 0x8c, 0xd4, 0x52, 0x6f, 0x52, 0xca, 0xf3, 0x33, 0xb4, 0xe9, + 0x79, 0x49, 0x12, 0x4c, 0xca, 0x9f, 0xa3, 0x54, 0xb9, 0x70, 0x0c, 0xf5, 0x59, 0xfd, 0xa1, 0x47, + 0x7c, 0x56, 0x7f, 0x09, 0x86, 0x45, 0x74, 0x64, 0x75, 0x5f, 0xec, 0xdc, 0xa5, 0x07, 0x2e, 0x86, + 0x2b, 0x8f, 0x96, 0x70, 0x90, 0xbd, 0xa5, 0xa5, 0xd6, 0x8d, 0x11, 0xc9, 0x0a, 0x0c, 0x27, 0x57, + 0xfa, 0xf4, 0xab, 0xee, 0x31, 0x5c, 0x5c, 0x1f, 0x90, 0x21, 0x56, 0x19, 0x37, 0xf8, 0x12, 0x1e, + 0xe6, 0x37, 0x0c, 0x28, 0xa7, 0xe5, 0x05, 0x1f, 0xb6, 0x92, 0xb7, 0x2a, 0xe3, 0xa8, 0x26, 0xfe, + 0xb0, 0x55, 0x7c, 0x0d, 0x53, 0x8b, 0x6f, 0x52, 0xd1, 0xc9, 0x2c, 0x14, 0xd9, 0xb4, 0x6b, 0xa7, + 0x5e, 0xb6, 0xea, 0x0a, 0x98, 0x7a, 0xa8, 0x2f, 0xf1, 0x94, 0x59, 0xfb, 0xef, 0xf2, 0x30, 0xa2, + 0x7c, 0x2c, 0xf2, 0x12, 0x14, 0x17, 0xc3, 0x25, 0xbf, 0xb1, 0x47, 0x5d, 0x71, 0x56, 0x38, 0xfa, + 0xf0, 0x60, 0x66, 0xd8, 0x0b, 0xed, 0x26, 0x02, 0xad, 0xb8, 0x98, 0x54, 0x61, 0x94, 0xff, 0x25, + 0xd3, 0x2d, 0xe4, 0x92, 0x73, 0x0e, 0x8e, 0x2c, 0x13, 0x2d, 0xa8, 0xcb, 0xbb, 0x46, 0x42, 0xde, + 0x07, 0xe0, 0x00, 0xf6, 0x7d, 0x8f, 0x71, 0x39, 0x42, 0x4e, 0xe0, 0xd3, 0xa2, 0x82, 0xc8, 0x53, + 0x7b, 0x88, 0xa2, 0xa0, 0x30, 0xc4, 0x17, 0xdb, 0xfd, 0xc6, 0x9e, 0x14, 0xae, 0xc2, 0x09, 0x5e, + 0x6c, 0xf7, 0x1b, 0x7b, 0x76, 0x76, 0xa4, 0xac, 0xca, 0x92, 0x7c, 0xd3, 0x80, 0xf3, 0x16, 0x6d, + 0xf8, 0xf7, 0x68, 0xb0, 0x5f, 0x89, 0x10, 0x4b, 0xad, 0xf1, 0xe8, 0xb0, 0xdc, 0x1b, 0xa2, 0xc6, + 0x17, 0x03, 0xc1, 0x05, 0xaf, 0xf4, 0xb5, 0x3a, 0x91, 0x7d, 0x48, 0x13, 0x0e, 0xa9, 0xd2, 0xfc, + 0x0f, 0x86, 0x32, 0x05, 0xc8, 0x32, 0x0c, 0xc7, 0xc2, 0x22, 0x3c, 0xd2, 0xb1, 0x65, 0x26, 0xe1, + 0x16, 0xdd, 0xae, 0x3e, 0x25, 0x8e, 0xf5, 0x26, 0x63, 0x91, 0xd3, 0x66, 0x84, 0x04, 0x92, 0xcf, + 0x40, 0x01, 0x3f, 0xd5, 0xd1, 0xc9, 0x38, 0xe5, 0x52, 0x53, 0x60, 0xdf, 0x08, 0x5b, 0x8d, 0x94, + 0xe4, 0x13, 0x22, 0xb6, 0x2c, 0xaf, 0xe5, 0xca, 0x67, 0x20, 0xd6, 0x8e, 0x78, 0x8d, 0x49, 0x82, + 0xb3, 0x15, 0x69, 0xfd, 0xc5, 0x1c, 0x94, 0xd3, 0x13, 0x8f, 0xbc, 0x03, 0x25, 0x79, 0x3d, 0x73, + 0xc1, 0x11, 0x59, 0x1c, 0x4a, 0x22, 0x8b, 0x82, 0x80, 0xdb, 0xbb, 0x8e, 0x96, 0x62, 0x55, 0x23, + 0x60, 0x0b, 0xf2, 0x9a, 0xb8, 0xf3, 0xa3, 0x4c, 0xa0, 0xc8, 0x8f, 0x3a, 0xa9, 0xd4, 0xd9, 0x12, + 0x8d, 0xbc, 0x06, 0x79, 0x7e, 0x67, 0x59, 0xcd, 0xbb, 0x78, 0xf7, 0x56, 0x85, 0x5f, 0xb9, 0xe4, + 0x91, 0x24, 0xfa, 0x91, 0x1c, 0xc3, 0x27, 0x4b, 0xca, 0x8d, 0xd7, 0x41, 0x2d, 0x21, 0x9c, 0x04, + 0xc7, 0x9d, 0x3b, 0xfa, 0xea, 0xeb, 0xbb, 0x85, 0x62, 0xbe, 0x5c, 0x10, 0x77, 0x1c, 0x7f, 0x2b, + 0x0f, 0xc3, 0x71, 0xfd, 0x84, 0x00, 0xda, 0x1b, 0x22, 0x24, 0x04, 0xff, 0x26, 0xe7, 0xa0, 0x28, + 0x4d, 0x0c, 0x11, 0x16, 0x32, 0x14, 0x0a, 0xf3, 0x62, 0x1a, 0xa4, 0x2d, 0xc1, 0xcd, 0x0b, 0x4b, + 0xfe, 0x24, 0xd7, 0x21, 0x36, 0x14, 0xfa, 0x59, 0x14, 0x05, 0xf6, 0xc1, 0xac, 0x18, 0x8d, 0x8c, + 0x41, 0xce, 0xe3, 0xf7, 0x39, 0x86, 0xad, 0x9c, 0xe7, 0x92, 0x77, 0xa0, 0xe8, 0xb8, 0x2e, 0x75, + 0x6d, 0x47, 0xba, 0x76, 0x0f, 0x13, 0x9a, 0x22, 0xe3, 0xc6, 0x35, 0x3a, 0x52, 0x55, 0x22, 0x52, + 0x81, 0xe1, 0xa6, 0xc3, 0x8f, 0x85, 0xdc, 0x63, 0x2c, 0x0f, 0x09, 0x87, 0x22, 0x23, 0x5b, 0x0f, + 0xa9, 0x4b, 0x5e, 0x84, 0x02, 0xfb, 0x9a, 0x62, 0x3d, 0x88, 0xb3, 0xe9, 0xae, 0xac, 0xad, 0xf2, + 0x01, 0x5b, 0x38, 0x65, 0x21, 0x02, 0x79, 0x1e, 0xf2, 0xdd, 0xd9, 0x6d, 0xa1, 0xe9, 0xcb, 0xc9, + 0x75, 0xf6, 0x18, 0x8d, 0x15, 0x93, 0x1b, 0x50, 0xbc, 0xaf, 0x5f, 0x5c, 0x3e, 0x9d, 0xfa, 0x8c, + 0x31, 0x7e, 0x8c, 0x58, 0x2d, 0xc2, 0x20, 0xbf, 0xb2, 0x6b, 0x3e, 0x03, 0x90, 0x54, 0xdd, 0x1b, + 0xbd, 0x63, 0xbe, 0x0f, 0xc3, 0x71, 0x95, 0xe4, 0x69, 0x80, 0x3d, 0xba, 0x6f, 0xef, 0x3a, 0x6d, + 0x57, 0x3c, 0x89, 0x57, 0xb2, 0x86, 0xf7, 0xe8, 0xfe, 0x02, 0x02, 0xc8, 0x59, 0x18, 0xea, 0xb0, + 0xaf, 0x2a, 0x13, 0xbf, 0x5b, 0x83, 0x9d, 0xee, 0x16, 0x93, 0xd0, 0x69, 0x18, 0x42, 0xe7, 0x87, + 0x98, 0x68, 0xa3, 0x96, 0xfc, 0x69, 0xfe, 0x5a, 0x0e, 0x73, 0xdb, 0x28, 0xed, 0x24, 0xcf, 0xc1, + 0x68, 0x23, 0xa0, 0xb8, 0x1c, 0xe1, 0xab, 0x01, 0xa2, 0x9e, 0x52, 0x02, 0x5c, 0x74, 0xc9, 0x25, + 0x18, 0x4f, 0x32, 0xd1, 0xdb, 0x8d, 0x2d, 0x91, 0xb6, 0xa0, 0x64, 0x8d, 0x76, 0x64, 0x2a, 0xfa, + 0xb9, 0x2d, 0xbc, 0x87, 0x54, 0x56, 0xaf, 0xeb, 0x46, 0x32, 0xab, 0xfc, 0xb0, 0x35, 0xae, 0xc0, + 0xf1, 0xc4, 0xe6, 0x0c, 0x0c, 0x3a, 0xce, 0x4e, 0xd7, 0xe3, 0x77, 0x22, 0x4a, 0x96, 0xf8, 0x45, + 0x5e, 0x86, 0x89, 0xd0, 0xdb, 0x69, 0x3b, 0x51, 0x37, 0x10, 0xc9, 0x85, 0x68, 0x80, 0x22, 0x35, + 0x6a, 0x95, 0xe3, 0x82, 0x39, 0x0e, 0x27, 0xaf, 0x02, 0x51, 0xeb, 0xf3, 0xb7, 0x3e, 0xa0, 0x0d, + 0x2e, 0x6a, 0x25, 0x6b, 0x42, 0x29, 0x59, 0xc1, 0x02, 0xf2, 0x2c, 0x94, 0x02, 0x1a, 0xa2, 0x49, + 0x86, 0xc3, 0x86, 0xa9, 0xdf, 0xac, 0x11, 0x09, 0xbb, 0x43, 0xf7, 0xcd, 0x2a, 0x4c, 0xf4, 0xcc, + 0x47, 0xf2, 0x2a, 0xb7, 0xee, 0xc5, 0xfa, 0x5c, 0xe2, 0x9b, 0x19, 0x7c, 0x6d, 0x53, 0x5b, 0x9a, + 0x05, 0x92, 0xd9, 0x86, 0x92, 0xaa, 0x5f, 0x8f, 0x48, 0x08, 0x71, 0x06, 0xc3, 0x99, 0xb9, 0xf2, + 0x19, 0x7c, 0x78, 0x30, 0x93, 0xf3, 0x5c, 0x0c, 0x62, 0xbe, 0x0c, 0x45, 0x69, 0x25, 0xa8, 0xcf, + 0xb7, 0x09, 0x83, 0x72, 0xdf, 0x8a, 0x4b, 0xcd, 0x17, 0x61, 0x48, 0xa8, 0xd0, 0xc3, 0x1d, 0x51, + 0xe6, 0x57, 0x73, 0x30, 0x6e, 0x51, 0x36, 0xc1, 0xc5, 0xc3, 0x68, 0x1f, 0xb3, 0x9c, 0xfc, 0x5a, + 0xdf, 0x0e, 0xc9, 0xbf, 0xf2, 0xdb, 0x06, 0x4c, 0x66, 0xe0, 0x7e, 0xa8, 0xac, 0x9a, 0x37, 0x61, + 0xb8, 0xe6, 0x39, 0xcd, 0x8a, 0xeb, 0xc6, 0x61, 0xd9, 0x68, 0x0d, 0xba, 0x6c, 0x3a, 0x39, 0x0c, + 0xaa, 0x2e, 0xa6, 0x31, 0x2a, 0xb9, 0x22, 0x84, 0x22, 0x49, 0x33, 0x2c, 0xb3, 0xfe, 0x03, 0x6f, + 0x53, 0x92, 0xf3, 0x1f, 0xaf, 0xf2, 0x72, 0x60, 0x72, 0xea, 0xff, 0xc4, 0x7e, 0xba, 0xec, 0xab, + 0xbc, 0xe9, 0xee, 0x1d, 0x6b, 0xdb, 0xf9, 0x8d, 0x1c, 0x9c, 0xc9, 0x26, 0xfc, 0xb0, 0x09, 0x52, + 0x31, 0xf9, 0x8d, 0xf2, 0xb0, 0x02, 0x26, 0x48, 0xe5, 0x99, 0x72, 0x10, 0x3f, 0x41, 0x20, 0xdb, + 0x30, 0xba, 0xe4, 0x84, 0xd1, 0x02, 0x75, 0x82, 0x68, 0x8b, 0x3a, 0xd1, 0x31, 0x2c, 0xd8, 0xe7, + 0xe5, 0xab, 0x57, 0xb8, 0xa8, 0xed, 0x4a, 0xca, 0x94, 0x81, 0xa7, 0xb3, 0x8d, 0x05, 0xa5, 0x70, + 0x0c, 0x41, 0xf9, 0x32, 0x8c, 0xd7, 0x69, 0xcb, 0xe9, 0xec, 0xfa, 0x01, 0x15, 0xbe, 0xf3, 0xab, + 0x30, 0x1a, 0x83, 0x32, 0xa5, 0x45, 0x2f, 0xd6, 0xf0, 0x95, 0x81, 0x48, 0x54, 0x89, 0x5e, 0x6c, + 0xfe, 0x4a, 0x0e, 0xce, 0x56, 0x1a, 0xe2, 0x84, 0x43, 0x14, 0xc8, 0x83, 0xd8, 0x8f, 0xb8, 0x6e, + 0x72, 0x0d, 0x86, 0xef, 0x3a, 0x0f, 0x96, 0xa8, 0x13, 0xd2, 0x50, 0xa4, 0xa7, 0xe3, 0xe6, 0x97, + 0xf3, 0xc0, 0x8e, 0xdd, 0x5e, 0x56, 0x82, 0xa3, 0x6e, 0x36, 0x0b, 0x8f, 0xb8, 0xd9, 0x34, 0x61, + 0x70, 0xc1, 0x6f, 0xba, 0x62, 0x71, 0x12, 0xe7, 0x16, 0xbb, 0x08, 0xb1, 0x44, 0x89, 0xf9, 0x03, + 0x03, 0xc6, 0xe2, 0x16, 0x63, 0x13, 0x3e, 0xf2, 0x21, 0xb9, 0x04, 0x43, 0x58, 0x51, 0xfc, 0xe4, + 0x1f, 0x2e, 0x1a, 0x4d, 0x06, 0xb2, 0x3d, 0xd7, 0x92, 0x85, 0xea, 0x48, 0x0c, 0x3c, 0xda, 0x48, + 0x98, 0x7f, 0x0b, 0x8f, 0x44, 0xd4, 0x5e, 0xb2, 0x95, 0x48, 0x69, 0x88, 0x71, 0xcc, 0x86, 0xe4, + 0x1e, 0xdb, 0x27, 0xc9, 0xf7, 0xfd, 0x24, 0x5f, 0xcb, 0xc1, 0x48, 0xdc, 0xd8, 0x8f, 0x59, 0x0e, + 0x8c, 0xb8, 0x5f, 0xc7, 0xba, 0x9a, 0x51, 0x57, 0x74, 0x85, 0xb8, 0x01, 0xf1, 0x19, 0x18, 0x14, + 0x93, 0xc9, 0x48, 0x1d, 0x48, 0xa6, 0xbe, 0x6e, 0x75, 0x4c, 0xb0, 0x1e, 0xc4, 0x0f, 0x1a, 0x5a, + 0x82, 0x0e, 0xef, 0xbe, 0x6c, 0xd2, 0x2d, 0x71, 0x42, 0xf6, 0xc4, 0xae, 0x51, 0xd9, 0x77, 0x5f, + 0x92, 0x8e, 0x1d, 0x6b, 0x75, 0xfa, 0x7f, 0x07, 0xa0, 0x9c, 0x26, 0x39, 0x3a, 0xcb, 0xc8, 0x6a, + 0x77, 0x4b, 0xbc, 0xe3, 0x84, 0x59, 0x46, 0x3a, 0xdd, 0x2d, 0x8b, 0xc1, 0xc8, 0x25, 0x28, 0xac, + 0x06, 0xde, 0x3d, 0xec, 0xb5, 0x78, 0xc6, 0xaa, 0x13, 0x78, 0xf7, 0xd4, 0x20, 0x70, 0x56, 0x8e, + 0x1b, 0xda, 0xa5, 0x3a, 0xc6, 0x13, 0xa3, 0x61, 0x2d, 0x36, 0xb4, 0xcd, 0x30, 0x9d, 0xce, 0x4a, + 0xa2, 0xb1, 0xa5, 0xb2, 0x4a, 0x9d, 0x40, 0x64, 0xc4, 0x10, 0xea, 0x0c, 0x97, 0xca, 0x2d, 0x04, + 0xf3, 0x24, 0xed, 0x96, 0x8a, 0x44, 0x9a, 0x40, 0x94, 0x9f, 0x72, 0x02, 0x1f, 0xbd, 0xc7, 0x93, + 0xef, 0x3e, 0x4e, 0xa9, 0xac, 0x6d, 0x75, 0x36, 0x67, 0xf0, 0x7d, 0x9c, 0x3e, 0xc2, 0x55, 0x71, + 0x3f, 0x12, 0x1d, 0x19, 0xc5, 0x23, 0x99, 0xc9, 0x80, 0x7b, 0xe0, 0xf7, 0x27, 0x63, 0x77, 0x46, + 0xc2, 0x84, 0xbc, 0x0d, 0x23, 0x6a, 0x94, 0x38, 0x8f, 0x65, 0xbe, 0xc0, 0xef, 0x25, 0xf6, 0xc9, + 0x13, 0xaa, 0x12, 0x90, 0x2d, 0x38, 0x3b, 0xe7, 0xb7, 0xc3, 0x6e, 0x8b, 0xba, 0xda, 0x09, 0xee, + 0x62, 0x0d, 0x37, 0x98, 0xc3, 0x3c, 0x42, 0xb4, 0x21, 0x50, 0x44, 0x50, 0xb2, 0x8c, 0xf6, 0xd0, + 0x37, 0x20, 0xfd, 0x18, 0x99, 0x9f, 0x50, 0x25, 0x51, 0x18, 0x06, 0x87, 0x4a, 0xa2, 0xf9, 0x4b, + 0xb8, 0x55, 0x68, 0xf9, 0x11, 0x15, 0x16, 0xd2, 0x13, 0xab, 0x2b, 0x13, 0x37, 0xf5, 0x80, 0x16, + 0xb0, 0xa3, 0xf5, 0x8e, 0x63, 0x6c, 0xdc, 0x48, 0x14, 0x1b, 0x77, 0x58, 0x4b, 0x37, 0xb5, 0x32, + 0xad, 0x7f, 0xd3, 0x80, 0xd3, 0x99, 0xb4, 0xe4, 0x2a, 0x40, 0x62, 0x87, 0x8a, 0x51, 0xe2, 0x19, + 0xf6, 0x63, 0xa8, 0xa5, 0x60, 0x90, 0x2f, 0xa4, 0x2d, 0xc8, 0xa3, 0x17, 0x40, 0xf9, 0xec, 0xd5, + 0x98, 0x6e, 0x41, 0x66, 0xd8, 0x8d, 0xe6, 0x6f, 0xe7, 0x61, 0xa2, 0xe7, 0x19, 0xe9, 0x23, 0x22, + 0x15, 0xf6, 0x52, 0x2f, 0x7a, 0xf2, 0x23, 0x95, 0x2b, 0xfd, 0x1e, 0xb1, 0xce, 0x78, 0xdf, 0x13, + 0x5d, 0x6f, 0xe2, 0x71, 0x87, 0x23, 0x9e, 0xf9, 0x0c, 0xb3, 0xdf, 0x8f, 0x7d, 0xb9, 0x6f, 0x6d, + 0x8f, 0xe1, 0x1d, 0xd9, 0xbf, 0xc4, 0x4f, 0x66, 0xfe, 0x52, 0x0e, 0x26, 0x7b, 0xfa, 0xfc, 0xc4, + 0xce, 0xba, 0xcf, 0x68, 0x2b, 0xe8, 0x33, 0xfd, 0xbe, 0xe9, 0xb1, 0x2c, 0x95, 0x3f, 0x31, 0xe0, + 0x6c, 0x1f, 0x4a, 0xb2, 0x9f, 0x16, 0x22, 0x6e, 0xb9, 0x5c, 0x3f, 0xbc, 0xc2, 0xc7, 0x22, 0x4a, + 0x1f, 0x99, 0x24, 0x7c, 0x35, 0x07, 0xb0, 0x49, 0xb7, 0x9e, 0xec, 0x34, 0x6d, 0x9f, 0xd2, 0x04, + 0x40, 0x71, 0x92, 0x1e, 0x3f, 0x4b, 0xdb, 0x0a, 0x3a, 0x2b, 0x8f, 0x9f, 0xa3, 0x2d, 0x7e, 0xda, + 0x2b, 0x97, 0xfd, 0xb4, 0x97, 0xb9, 0x05, 0x53, 0xb7, 0x69, 0x94, 0xac, 0x84, 0x72, 0x9f, 0x7a, + 0x38, 0xdb, 0x57, 0x60, 0x58, 0xe0, 0xeb, 0xef, 0xa6, 0xc8, 0x78, 0x3f, 0xcf, 0xb5, 0x12, 0x04, + 0x93, 0xc2, 0xd9, 0x1a, 0x6d, 0xd2, 0x88, 0x7e, 0xb4, 0xd5, 0xd4, 0x81, 0xf0, 0xae, 0xf0, 0x17, + 0x9f, 0x8e, 0x55, 0xc3, 0x91, 0xe3, 0xb3, 0x01, 0xa7, 0xe3, 0xb6, 0x3f, 0x4e, 0xbe, 0xd7, 0x98, + 0x2d, 0x21, 0x2e, 0xf3, 0x26, 0x1c, 0x0f, 0x71, 0x54, 0x3e, 0x80, 0xf3, 0x92, 0x60, 0xd3, 0x8b, + 0x4f, 0x7b, 0x8e, 0x45, 0x4b, 0xde, 0x84, 0x11, 0x85, 0x46, 0xa4, 0x24, 0xc0, 0x13, 0xd5, 0xfb, + 0x5e, 0xb4, 0x6b, 0x87, 0x1c, 0xae, 0x9e, 0xa8, 0x2a, 0xe8, 0xe6, 0xe7, 0xe1, 0xa9, 0x38, 0x36, + 0x26, 0xa3, 0xea, 0x14, 0x73, 0xe3, 0x64, 0xcc, 0x97, 0x93, 0x6e, 0x2d, 0xb6, 0xe3, 0xf0, 0x7e, + 0xc9, 0x9b, 0xa8, 0xdd, 0x12, 0x9d, 0xb9, 0xa0, 0xa4, 0xaf, 0x14, 0x6b, 0x51, 0x02, 0x30, 0xdf, + 0x50, 0x1a, 0x9b, 0xc1, 0x50, 0x23, 0x36, 0xd2, 0xc4, 0x5f, 0xcd, 0xc1, 0xf8, 0xca, 0x62, 0x6d, + 0x2e, 0x76, 0x55, 0x7f, 0xcc, 0x72, 0xc8, 0x69, 0x7d, 0xeb, 0xaf, 0x6f, 0xcc, 0x75, 0x98, 0x4c, + 0x0d, 0x03, 0x3e, 0x68, 0xf7, 0x36, 0x8f, 0x61, 0x89, 0xc1, 0x72, 0x65, 0x39, 0x93, 0xc5, 0x7e, + 0xe3, 0x86, 0x95, 0xc2, 0x36, 0xff, 0x7d, 0x31, 0xc5, 0x57, 0xa8, 0xb0, 0x57, 0x60, 0x78, 0x31, + 0x0c, 0xbb, 0x34, 0x58, 0xb7, 0x96, 0x54, 0x1b, 0xd1, 0x43, 0xa0, 0xdd, 0x0d, 0x9a, 0x56, 0x82, + 0x40, 0x5e, 0x82, 0xa2, 0xb8, 0x40, 0x2a, 0x75, 0x02, 0x1e, 0xc9, 0xc7, 0xf7, 0x4f, 0xad, 0xb8, + 0x98, 0xbc, 0x06, 0x25, 0xfe, 0x37, 0x97, 0x36, 0x31, 0xe0, 0xe8, 0x0f, 0x13, 0xe8, 0x5c, 0x3a, + 0x2d, 0x0d, 0x8d, 0xbc, 0x08, 0x23, 0xf2, 0xd9, 0x6d, 0xd6, 0x22, 0xee, 0x65, 0x14, 0x57, 0x50, + 0xd4, 0x12, 0x72, 0x05, 0xf2, 0x95, 0x39, 0x4b, 0x7d, 0x57, 0xc1, 0x69, 0x04, 0xfc, 0x7d, 0x15, + 0xfd, 0xb9, 0xfb, 0x39, 0x8b, 0xcc, 0x42, 0x11, 0x9f, 0xfe, 0x72, 0x69, 0x20, 0xc2, 0x69, 0x51, + 0x54, 0x3a, 0x02, 0xa6, 0x1e, 0x69, 0x4a, 0x3c, 0x72, 0x0d, 0x86, 0x6a, 0x5e, 0xd8, 0x69, 0x3a, + 0xfb, 0x22, 0x63, 0x14, 0x4f, 0x41, 0xc3, 0x41, 0xaa, 0x70, 0x09, 0x2c, 0xf2, 0x12, 0x0c, 0xd4, + 0x1b, 0x7e, 0x87, 0x6d, 0xe3, 0xe2, 0x98, 0x99, 0x90, 0x01, 0xb4, 0x44, 0x2d, 0x0c, 0x80, 0x89, + 0x0c, 0xf8, 0x7d, 0xcc, 0x61, 0x25, 0x91, 0x41, 0xfa, 0x1e, 0xa6, 0xc0, 0xe9, 0x8d, 0x6a, 0x84, + 0xc7, 0x19, 0xd5, 0xb8, 0x05, 0x67, 0x6f, 0xa3, 0x7d, 0x5f, 0xa7, 0x01, 0x26, 0xe9, 0xe5, 0xaf, + 0x16, 0xae, 0x5b, 0x8b, 0xe2, 0x0e, 0x2a, 0xee, 0xf7, 0xf8, 0x16, 0xc0, 0x0e, 0x39, 0x8e, 0x7c, + 0xf0, 0x30, 0xf5, 0x76, 0x52, 0x3f, 0x46, 0xe4, 0x73, 0x30, 0x95, 0x55, 0x24, 0x6e, 0xa3, 0x62, + 0xa4, 0x7e, 0x76, 0x05, 0x6a, 0xa8, 0x7c, 0x16, 0x07, 0xb2, 0x04, 0x65, 0x0e, 0xaf, 0xb8, 0x2d, + 0xaf, 0x3d, 0xdf, 0x72, 0xbc, 0x26, 0xde, 0x4d, 0x15, 0x17, 0x8c, 0x05, 0x57, 0x87, 0x15, 0xda, + 0x94, 0x95, 0x6a, 0x61, 0x4f, 0x29, 0x4a, 0xf2, 0x2d, 0x03, 0x4a, 0x8a, 0x8c, 0x85, 0xe2, 0x4e, + 0x45, 0xbf, 0xf7, 0xa8, 0xd6, 0x1e, 0xd3, 0x7b, 0x54, 0x25, 0xf9, 0xf8, 0x3c, 0x4e, 0x37, 0xad, + 0x05, 0x98, 0x91, 0xb8, 0xd9, 0xf4, 0xef, 0xaf, 0xb7, 0xf1, 0xd9, 0x7f, 0x8f, 0xba, 0xbc, 0x93, + 0xe3, 0xa8, 0xea, 0x79, 0x46, 0x62, 0xcc, 0x19, 0xdd, 0x8d, 0x11, 0x7a, 0x3a, 0x9a, 0xc9, 0x81, + 0x54, 0x61, 0x54, 0x06, 0xe1, 0xf0, 0xd8, 0xd4, 0x72, 0x12, 0x33, 0x23, 0x23, 0x76, 0x6c, 0x14, + 0x23, 0x55, 0x78, 0x34, 0x12, 0xf3, 0x0f, 0x86, 0xb8, 0xd2, 0xae, 0x74, 0xa3, 0x5d, 0xa9, 0xe6, + 0x67, 0xb3, 0x42, 0x88, 0xf8, 0x51, 0x87, 0x12, 0x42, 0xa4, 0x07, 0x0e, 0xc9, 0x23, 0xc9, 0x5c, + 0xe6, 0x91, 0xe4, 0x2b, 0x30, 0x8c, 0x0f, 0x00, 0xc4, 0xb1, 0x1a, 0x45, 0xb1, 0x8f, 0x65, 0x40, + 0x7e, 0x47, 0x33, 0x41, 0x20, 0xd7, 0x00, 0x30, 0x1d, 0x12, 0xb7, 0x01, 0x94, 0x4b, 0xf6, 0x98, + 0x35, 0x49, 0x78, 0x8f, 0x14, 0x14, 0x64, 0x5f, 0xb7, 0x6e, 0xa9, 0xee, 0x26, 0xce, 0x3e, 0x0c, + 0xb6, 0x05, 0x7a, 0x82, 0xc0, 0xba, 0xa7, 0x2a, 0xa8, 0xc1, 0xa4, 0x7b, 0xda, 0x57, 0xd4, 0x74, + 0xd5, 0x2b, 0xea, 0x73, 0xea, 0x43, 0xe8, 0x06, 0xe3, 0x27, 0x39, 0xf1, 0x21, 0xb6, 0xfa, 0x88, + 0xfa, 0xa7, 0x60, 0x68, 0x8e, 0x06, 0xd1, 0xda, 0xda, 0x92, 0x78, 0xc4, 0xeb, 0x69, 0xb6, 0xd0, + 0xe0, 0x25, 0xdf, 0x28, 0x6a, 0xfe, 0xf0, 0x60, 0x66, 0x34, 0xf2, 0x5a, 0xf4, 0x6a, 0xec, 0xbe, + 0x91, 0xd8, 0xa4, 0x0a, 0x65, 0x1e, 0x6d, 0x93, 0xd8, 0x7a, 0xa8, 0x60, 0x8a, 0x5c, 0xdd, 0x89, + 0x8b, 0xad, 0xf7, 0xe9, 0x56, 0x7c, 0xc5, 0xb9, 0x07, 0x9f, 0xcc, 0xcb, 0x54, 0x03, 0x6a, 0x27, + 0xb9, 0xe3, 0xe7, 0xac, 0xf2, 0x20, 0x90, 0xd6, 0xd7, 0x5e, 0x0a, 0x52, 0x81, 0xd1, 0x39, 0xbf, + 0xd5, 0x71, 0x22, 0x0f, 0xf3, 0x39, 0xed, 0x0b, 0x5d, 0x82, 0xdb, 0xf1, 0x86, 0x5a, 0xa0, 0xe7, + 0xf3, 0x57, 0x0a, 0xc8, 0x2d, 0x18, 0xb3, 0xfc, 0x2e, 0xfb, 0x48, 0x62, 0xaf, 0x24, 0xd4, 0x45, + 0xfc, 0x52, 0x0c, 0xfb, 0x96, 0xb6, 0x38, 0x3e, 0xd3, 0x6e, 0x19, 0x69, 0x54, 0x64, 0x39, 0xc3, + 0xef, 0xa0, 0xea, 0x08, 0xf5, 0xa2, 0x73, 0x0f, 0xb3, 0x0c, 0x97, 0xc5, 0x0d, 0x18, 0xa9, 0xd7, + 0x57, 0xd6, 0x68, 0x18, 0xdd, 0x6a, 0xfa, 0xf7, 0x51, 0x45, 0x14, 0xe5, 0xdb, 0xc9, 0xbe, 0x1d, + 0xd1, 0x30, 0xb2, 0xb7, 0x9b, 0xfe, 0x7d, 0x4b, 0xc5, 0x22, 0x5f, 0x54, 0x1e, 0x38, 0x40, 0xe3, + 0x60, 0xfc, 0x48, 0xe3, 0x20, 0xf5, 0xf8, 0x01, 0x33, 0x11, 0x32, 0x1f, 0x3f, 0x60, 0xe8, 0xe4, + 0x6d, 0xf1, 0xc2, 0x4b, 0xc5, 0x75, 0x03, 0x1a, 0x86, 0x62, 0x2e, 0x9f, 0x4f, 0x1e, 0xd6, 0x70, + 0x78, 0x41, 0xcc, 0xc1, 0xd2, 0xf0, 0xd1, 0xfa, 0xaa, 0x57, 0xee, 0x2e, 0x25, 0x26, 0xc4, 0xc7, + 0xeb, 0x28, 0x5e, 0xeb, 0xdb, 0x21, 0x47, 0xf1, 0xeb, 0x30, 0x99, 0x1a, 0x06, 0x69, 0x7d, 0x69, + 0xe0, 0xb4, 0xf5, 0x95, 0xa2, 0xb1, 0x52, 0xd8, 0xe6, 0xdf, 0x19, 0x4a, 0xf1, 0x15, 0xee, 0x77, + 0x13, 0x06, 0xb9, 0x71, 0xa5, 0x26, 0xd3, 0xe5, 0xa6, 0x97, 0x25, 0x4a, 0xc8, 0x39, 0xc8, 0xd7, + 0xeb, 0x2b, 0x6a, 0xaa, 0xef, 0x30, 0xf4, 0x2d, 0x06, 0x63, 0x5f, 0x08, 0x3d, 0xeb, 0xca, 0x75, + 0x61, 0xa6, 0x26, 0x2c, 0x84, 0xb2, 0xf1, 0x96, 0x16, 0x4c, 0x21, 0x19, 0x6f, 0x61, 0xc1, 0x24, + 0x76, 0xcb, 0x1c, 0x4c, 0x57, 0xc2, 0x90, 0x06, 0xfc, 0xa5, 0x1c, 0x74, 0xd8, 0x06, 0x62, 0x95, + 0x15, 0xda, 0x10, 0x2b, 0x75, 0x1a, 0xa1, 0xd5, 0x17, 0x91, 0x5c, 0x86, 0x62, 0xa5, 0xeb, 0x7a, + 0xb4, 0xdd, 0xd0, 0x2e, 0x2c, 0x39, 0x02, 0x66, 0xc5, 0xa5, 0xe4, 0xb3, 0x70, 0x5a, 0x10, 0x49, + 0x53, 0x4b, 0x8c, 0xc0, 0x50, 0xa2, 0x21, 0xa4, 0x15, 0x20, 0x0d, 0x34, 0x5b, 0x0c, 0x49, 0x36, + 0x25, 0xa9, 0x40, 0x79, 0x1e, 0x43, 0x4f, 0x6a, 0x34, 0x6c, 0x04, 0x5e, 0x27, 0xf2, 0x03, 0xf1, + 0x0e, 0x05, 0xda, 0x6c, 0x3c, 0x2c, 0xc5, 0x76, 0xe3, 0x42, 0xab, 0x07, 0x9d, 0xdc, 0x81, 0xc9, + 0x34, 0x8c, 0x29, 0xbe, 0xe1, 0xe4, 0x9d, 0xe7, 0x1e, 0x2e, 0xa8, 0xfa, 0xb2, 0xa8, 0xc8, 0x16, + 0x4c, 0x54, 0xa2, 0x28, 0xf0, 0xb6, 0xba, 0x11, 0x4d, 0x19, 0x6d, 0xf2, 0xec, 0x26, 0x2e, 0x97, + 0x86, 0xdb, 0x53, 0x42, 0x18, 0x27, 0x9d, 0x98, 0x32, 0x36, 0xde, 0xac, 0x5e, 0x76, 0xc4, 0x8d, + 0x9f, 0x8a, 0x17, 0xcf, 0xa9, 0x8b, 0xeb, 0xad, 0xf2, 0x8c, 0xac, 0x12, 0xee, 0xb7, 0x5a, 0x34, + 0x0a, 0x70, 0x49, 0xc1, 0xe7, 0xd6, 0x4d, 0x11, 0x56, 0x79, 0x5e, 0xbe, 0xd0, 0x2f, 0x9f, 0xd4, + 0xd7, 0x22, 0xce, 0x35, 0x9e, 0x9a, 0xe1, 0x5c, 0x3a, 0xa6, 0xe1, 0xdc, 0x84, 0x89, 0xf9, 0x76, + 0x23, 0xd8, 0xc7, 0x6c, 0x02, 0xb2, 0x71, 0xa3, 0x47, 0x34, 0x4e, 0x3e, 0x6e, 0x78, 0xc1, 0x91, + 0x12, 0x96, 0xd5, 0xbc, 0x5e, 0xc6, 0xa4, 0x2e, 0x1e, 0xdd, 0x58, 0xac, 0xad, 0x2e, 0xb6, 0xbd, + 0xc8, 0xc3, 0xb4, 0xb6, 0x5c, 0x27, 0xbf, 0x20, 0x78, 0x3e, 0xcd, 0x0d, 0x24, 0xcf, 0xed, 0xd8, + 0x9e, 0x44, 0xe9, 0x79, 0x55, 0x43, 0xa5, 0x37, 0xff, 0x64, 0x90, 0x6b, 0x43, 0xd5, 0xac, 0x39, + 0xa3, 0xa4, 0x79, 0x54, 0xe3, 0xa2, 0x52, 0xe6, 0x4e, 0xee, 0x24, 0xe6, 0x4e, 0xfe, 0x68, 0x73, + 0xa7, 0x70, 0x94, 0xb9, 0x93, 0xb2, 0x47, 0x06, 0x4e, 0x6c, 0x8f, 0x0c, 0x9e, 0xc0, 0x1e, 0x19, + 0x3a, 0x91, 0x3d, 0xa2, 0x19, 0x56, 0xc5, 0xa3, 0x0c, 0xab, 0xff, 0x6b, 0xbd, 0x3c, 0xa9, 0xd6, + 0x4b, 0xd6, 0xe2, 0x7a, 0x12, 0xeb, 0xc5, 0xfc, 0x71, 0x28, 0xa7, 0x15, 0xe2, 0xd1, 0x77, 0x58, + 0x1f, 0xdb, 0x95, 0x35, 0xa6, 0xae, 0xd3, 0x0a, 0x89, 0xed, 0x22, 0x56, 0x03, 0xef, 0x9e, 0x13, + 0xd1, 0xe4, 0xfd, 0x05, 0xdc, 0x45, 0x74, 0x38, 0x14, 0x27, 0x89, 0x82, 0x12, 0xaf, 0xc5, 0xb9, + 0xac, 0xb5, 0xd8, 0xfc, 0x7a, 0x0e, 0x26, 0xf8, 0x2d, 0x9b, 0x27, 0xdf, 0xbf, 0xf5, 0xb6, 0x66, + 0x61, 0xc9, 0xf3, 0xcb, 0x54, 0xef, 0x0e, 0xf1, 0x70, 0xbd, 0x0f, 0xa7, 0x7b, 0x86, 0x02, 0xad, + 0xac, 0x9a, 0xbc, 0xdf, 0xd4, 0x63, 0x67, 0x4d, 0x67, 0x57, 0xb2, 0x71, 0xc3, 0xea, 0xa1, 0x30, + 0xbf, 0x95, 0xef, 0xe1, 0x2f, 0x7c, 0x5d, 0xaa, 0xf7, 0xca, 0x38, 0x99, 0xf7, 0x2a, 0x77, 0x3c, + 0xef, 0x55, 0x4a, 0x19, 0xe7, 0x8f, 0xa3, 0x8c, 0x3f, 0x0f, 0xa3, 0x6b, 0xd4, 0x69, 0x85, 0x6b, + 0xbe, 0xc8, 0x5f, 0xc0, 0x6f, 0xfc, 0xca, 0xeb, 0x4b, 0xac, 0xac, 0xc7, 0xbb, 0x13, 0x31, 0x02, + 0xa6, 0x40, 0x7a, 0x12, 0x1a, 0xe8, 0xbc, 0x54, 0x1b, 0x70, 0xe0, 0x10, 0x1b, 0xf0, 0x7d, 0x28, + 0x09, 0xba, 0xe4, 0x0a, 0xaf, 0xf2, 0x94, 0x26, 0x75, 0x5a, 0x08, 0x97, 0xed, 0x88, 0xcf, 0xa6, + 0xe2, 0x76, 0xa4, 0xa7, 0x96, 0xc6, 0xce, 0xfc, 0x7b, 0x43, 0x52, 0xfa, 0x3f, 0x5a, 0x47, 0x81, + 0xbe, 0xf5, 0xcf, 0x9f, 0x70, 0xeb, 0x5f, 0x38, 0x6a, 0x85, 0xd2, 0x96, 0xcd, 0x81, 0x13, 0x2c, + 0x9b, 0x83, 0x8f, 0xbc, 0x8d, 0x1f, 0x3a, 0xe1, 0x42, 0x98, 0x12, 0xc4, 0xe2, 0x71, 0x04, 0x31, + 0x73, 0xf1, 0x1c, 0x7e, 0xf4, 0xc5, 0x13, 0x4e, 0xbc, 0x78, 0x2a, 0x8f, 0x09, 0x8c, 0x1c, 0xeb, + 0x31, 0x01, 0xe3, 0x18, 0x8f, 0x09, 0x7c, 0xac, 0x56, 0xe4, 0x2f, 0x65, 0xaf, 0xc8, 0x87, 0x2b, + 0xe3, 0x13, 0xad, 0xc9, 0x01, 0x36, 0x6b, 0xd3, 0x09, 0xd8, 0x7e, 0x20, 0x24, 0xd7, 0x60, 0x48, + 0xde, 0xad, 0x33, 0x92, 0xad, 0x55, 0xef, 0xa5, 0x3a, 0x89, 0xc5, 0xb6, 0x0e, 0x92, 0x58, 0xc4, + 0xa1, 0xf3, 0x6b, 0x44, 0x02, 0xa6, 0x5d, 0x23, 0x12, 0x30, 0xf3, 0xaf, 0x17, 0xa4, 0xe8, 0x33, + 0xd3, 0x56, 0x24, 0xeb, 0xed, 0x79, 0x1b, 0xd2, 0x38, 0xf9, 0xdb, 0x90, 0x1f, 0xe2, 0x62, 0xa2, + 0x92, 0x39, 0x2b, 0x7f, 0x8c, 0xcc, 0x59, 0xaf, 0x6b, 0x69, 0xa7, 0x0a, 0x49, 0x9e, 0x13, 0x26, + 0x0e, 0x87, 0x27, 0x9c, 0xba, 0xa9, 0xe6, 0x87, 0x1a, 0x48, 0x42, 0xf6, 0x91, 0xf2, 0x90, 0xcc, + 0x50, 0xb1, 0x89, 0x33, 0x78, 0x92, 0x4b, 0xba, 0x43, 0xff, 0x47, 0x2f, 0xe9, 0xce, 0x03, 0x28, + 0x19, 0x5c, 0xb9, 0x7b, 0xf3, 0x05, 0x36, 0x4c, 0x47, 0x67, 0x6f, 0x55, 0x08, 0xcd, 0x3f, 0x9b, + 0x80, 0x89, 0x7a, 0x7d, 0xa5, 0xe6, 0x39, 0x3b, 0x6d, 0x3f, 0x8c, 0xbc, 0xc6, 0x62, 0x7b, 0xdb, + 0x67, 0xeb, 0x7b, 0x3c, 0x8d, 0x94, 0x0b, 0xa3, 0xc9, 0x14, 0x8a, 0x8b, 0x99, 0xfd, 0x38, 0x1f, + 0x04, 0xf1, 0x73, 0xa7, 0x68, 0x3f, 0x52, 0x06, 0xb0, 0x38, 0x9c, 0x2d, 0x9c, 0xf5, 0x2e, 0x4f, + 0xc5, 0xc9, 0x3d, 0xce, 0xb8, 0x70, 0x86, 0x1c, 0x64, 0xc9, 0x32, 0x42, 0x7b, 0x05, 0x56, 0x98, + 0x54, 0x67, 0xb5, 0xab, 0xbe, 0x49, 0x31, 0x57, 0x12, 0x42, 0x89, 0xe3, 0xa5, 0x9d, 0x0e, 0xc2, + 0xd5, 0x83, 0x89, 0x9e, 0x39, 0xb0, 0x0f, 0xa7, 0x71, 0x3f, 0x7a, 0x52, 0xaf, 0xc2, 0x15, 0xb1, + 0x50, 0x9b, 0x78, 0xc9, 0x3c, 0xc3, 0xb5, 0xa0, 0x3e, 0x89, 0x98, 0x59, 0x03, 0xf9, 0xba, 0x01, + 0x4f, 0x67, 0x96, 0xc4, 0xb3, 0x7b, 0x44, 0xbb, 0x6e, 0xad, 0x28, 0x0d, 0x4c, 0x5f, 0xfa, 0x72, + 0xbf, 0xaa, 0xed, 0x0c, 0x55, 0x70, 0x78, 0x4d, 0xe4, 0x1f, 0x19, 0x70, 0x56, 0xc3, 0xc0, 0xa5, + 0xbc, 0x45, 0xdb, 0x51, 0x88, 0xca, 0xbc, 0xaf, 0x5c, 0x7f, 0xf0, 0x78, 0xe4, 0xfa, 0x39, 0xbd, + 0x2f, 0xfc, 0x09, 0x2a, 0xac, 0x5e, 0x3d, 0x05, 0xeb, 0xd3, 0x42, 0x72, 0x0f, 0x26, 0xb0, 0x48, + 0x7a, 0x38, 0x98, 0xcc, 0x0a, 0xc7, 0xc8, 0x54, 0xd2, 0xec, 0xb9, 0x6e, 0x18, 0xf9, 0x2d, 0xcc, + 0x2a, 0x38, 0xfb, 0xbd, 0x83, 0x99, 0x51, 0x0d, 0x1d, 0x33, 0xb4, 0x60, 0x1b, 0x62, 0x37, 0x89, + 0xd7, 0xde, 0xf6, 0xb5, 0x47, 0x56, 0xd2, 0x55, 0x90, 0x7f, 0x62, 0xc0, 0x34, 0x83, 0xf2, 0x6e, + 0xdc, 0x0a, 0xfc, 0x56, 0x5c, 0x2e, 0x4f, 0xb8, 0xfa, 0x0c, 0x5b, 0xf3, 0xf1, 0x0c, 0xdb, 0x0b, + 0xd8, 0x64, 0xae, 0x13, 0xec, 0xed, 0xc0, 0x6f, 0x25, 0xcd, 0xd7, 0x12, 0x8a, 0xf6, 0x6b, 0x24, + 0xf9, 0x69, 0x03, 0xce, 0x69, 0x9b, 0x4c, 0x35, 0xbf, 0xc9, 0xf4, 0xb8, 0x76, 0x1c, 0xaa, 0x16, + 0x55, 0xaf, 0x0a, 0xf9, 0xbf, 0x84, 0x2d, 0x48, 0x56, 0x0b, 0x6c, 0x8b, 0xdd, 0xe2, 0x58, 0x4a, + 0x13, 0xfa, 0xd7, 0x42, 0x3c, 0x98, 0x40, 0x2f, 0xbd, 0x76, 0x12, 0x3b, 0xd5, 0xff, 0x24, 0xf6, + 0x92, 0xa8, 0xfa, 0x19, 0xcc, 0x21, 0xd1, 0xff, 0x38, 0xb6, 0x97, 0x2b, 0xf9, 0x09, 0x38, 0xd7, + 0x03, 0x8c, 0x67, 0xdb, 0xe9, 0xbe, 0xb3, 0xed, 0xe5, 0x87, 0x07, 0x33, 0x2f, 0x66, 0xd5, 0x96, + 0x35, 0xd3, 0xfa, 0xd7, 0x40, 0x1c, 0x80, 0xa4, 0x50, 0x64, 0x28, 0xcd, 0x16, 0xd0, 0x97, 0x85, + 0x7c, 0x28, 0xf8, 0x4c, 0x97, 0x2b, 0x6d, 0x50, 0x97, 0xbc, 0x04, 0x89, 0x50, 0x28, 0x29, 0xf9, + 0x33, 0xf6, 0xa7, 0xcf, 0x1e, 0x56, 0xc9, 0xf7, 0x0e, 0x66, 0x34, 0x6c, 0x66, 0x48, 0xaa, 0x89, + 0x39, 0x54, 0x43, 0x52, 0x43, 0x24, 0xbf, 0x67, 0xc0, 0x14, 0x03, 0x24, 0x42, 0x25, 0x3a, 0x35, + 0x7d, 0x98, 0xd4, 0xef, 0x3e, 0x1e, 0xa9, 0x7f, 0x16, 0xdb, 0xa8, 0x4a, 0x7d, 0xcf, 0x90, 0x64, + 0x36, 0x0e, 0xa5, 0x5d, 0x3b, 0x10, 0xd2, 0xa4, 0xfd, 0xdc, 0x31, 0xa4, 0x9d, 0x7f, 0x80, 0xa3, + 0xa5, 0xbd, 0x6f, 0x2d, 0x64, 0x0d, 0x4a, 0xc2, 0x86, 0xe4, 0x03, 0xf6, 0x8c, 0x76, 0x5d, 0x5f, + 0x2d, 0xe2, 0x86, 0xbd, 0x48, 0x2f, 0xd2, 0xd3, 0x43, 0x8d, 0x0b, 0x69, 0xc3, 0x24, 0xff, 0xad, + 0x6f, 0x78, 0x67, 0xfa, 0x6e, 0x78, 0x2f, 0x8b, 0x1e, 0x5d, 0x14, 0xfc, 0xfb, 0xef, 0x7b, 0xb3, + 0x18, 0x93, 0x0e, 0x10, 0x0d, 0xcc, 0x27, 0xed, 0xc5, 0xc3, 0x37, 0xb7, 0x2f, 0x8a, 0x3a, 0x67, + 0xd2, 0x75, 0xa6, 0x67, 0x6e, 0x06, 0x6f, 0xe2, 0xc0, 0xb8, 0x80, 0xb2, 0x1d, 0x23, 0x6a, 0xf8, + 0x67, 0xb5, 0x4b, 0x31, 0xa9, 0x52, 0x9e, 0x9a, 0x54, 0xd6, 0x84, 0xb7, 0x0f, 0x52, 0x0a, 0x3d, + 0xcd, 0xcf, 0xfc, 0x9a, 0xd1, 0x53, 0x07, 0xdb, 0x99, 0xe2, 0x0f, 0xe5, 0x5e, 0x2f, 0xee, 0x4c, + 0x39, 0x47, 0xdc, 0x21, 0x27, 0x08, 0xcc, 0xb6, 0x51, 0xef, 0x38, 0xe5, 0xc5, 0x9b, 0x21, 0x1c, + 0x94, 0x6c, 0x98, 0x66, 0x64, 0x40, 0x4b, 0x3e, 0xb1, 0x91, 0x30, 0xa0, 0x45, 0x84, 0xb1, 0x98, + 0x3f, 0x9d, 0xd3, 0xa5, 0x84, 0x5c, 0x56, 0xcc, 0x6c, 0xe5, 0x96, 0x95, 0x34, 0xb3, 0x15, 0xe3, + 0xfa, 0x37, 0x0d, 0x98, 0x5c, 0x09, 0x76, 0x9c, 0xb6, 0xf7, 0x63, 0xfc, 0x0e, 0xb6, 0x8f, 0xc3, + 0x18, 0xc7, 0xa4, 0x7e, 0xa4, 0x39, 0xd8, 0x7c, 0xa5, 0x62, 0xf6, 0x61, 0xf1, 0x0b, 0x5b, 0x59, + 0xed, 0xc1, 0x58, 0x42, 0x6c, 0x98, 0x92, 0x0a, 0x8f, 0xa3, 0x73, 0xb8, 0xf9, 0x8d, 0x1c, 0x8c, + 0x28, 0x12, 0x4b, 0x3e, 0x09, 0x25, 0x95, 0x8f, 0xea, 0xd5, 0x50, 0xab, 0xb5, 0x34, 0x2c, 0x74, + 0x6b, 0x50, 0xa7, 0xa5, 0xb9, 0x35, 0x98, 0x5c, 0x22, 0xf4, 0x84, 0x3b, 0x91, 0x77, 0x32, 0x76, + 0x22, 0x27, 0x4a, 0x80, 0xfb, 0x66, 0xef, 0x7e, 0xe4, 0xf8, 0xf9, 0x6a, 0xcd, 0x6f, 0x1b, 0x50, + 0x4e, 0xcf, 0xa9, 0x8f, 0x64, 0x54, 0x4e, 0xe0, 0xe1, 0xfd, 0xf9, 0x1c, 0x94, 0xd7, 0x02, 0xb6, + 0xdd, 0x76, 0x65, 0x20, 0xfb, 0x93, 0x7a, 0xbc, 0xfd, 0x96, 0xe6, 0x7c, 0x7d, 0x2a, 0x5e, 0x06, + 0xd4, 0xce, 0x1d, 0x72, 0x1d, 0xac, 0xf0, 0xcb, 0xbf, 0x3e, 0x73, 0xca, 0x7c, 0x0f, 0xa6, 0xd2, + 0xc3, 0x81, 0x0e, 0xd8, 0x0a, 0x8c, 0xeb, 0xf0, 0x74, 0xa6, 0xac, 0x34, 0x95, 0x95, 0xc6, 0x37, + 0xff, 0x30, 0x97, 0xe6, 0x2d, 0x8e, 0xba, 0x99, 0xd2, 0x69, 0x3b, 0x5b, 0xcd, 0x38, 0x99, 0x8f, + 0x78, 0xa8, 0x08, 0x41, 0x96, 0x2c, 0x3b, 0x49, 0xce, 0xb4, 0x38, 0xce, 0x37, 0x9f, 0x1d, 0xe7, + 0x4b, 0x6e, 0xa6, 0x82, 0x22, 0x0a, 0xc9, 0x9b, 0x44, 0xf7, 0xe9, 0x96, 0x9d, 0x04, 0x46, 0xe8, + 0xc1, 0x10, 0x64, 0x0e, 0xa6, 0xb4, 0xeb, 0xf8, 0x92, 0x7e, 0x20, 0x71, 0x28, 0x46, 0x58, 0xc0, + 0x89, 0x33, 0x91, 0xf1, 0xf5, 0x3f, 0xbf, 0xc9, 0x76, 0x62, 0xc2, 0x9b, 0xaa, 0xbe, 0xe7, 0x22, + 0xd7, 0x1a, 0x79, 0x7f, 0x86, 0x60, 0xb2, 0xdb, 0x96, 0xd3, 0xd1, 0xf2, 0x47, 0x73, 0x44, 0xf3, + 0x4f, 0x0d, 0x36, 0xff, 0x1b, 0x7b, 0x1f, 0xb3, 0x6c, 0x6e, 0xac, 0x4b, 0x87, 0x44, 0x62, 0xfc, + 0x1b, 0x83, 0xe7, 0x63, 0x12, 0xe2, 0xf3, 0x3a, 0x0c, 0xae, 0x39, 0xc1, 0x0e, 0x8d, 0x44, 0xe6, + 0x20, 0x95, 0x0b, 0x2f, 0x48, 0xee, 0x4a, 0x45, 0xf8, 0xdb, 0x12, 0x04, 0xaa, 0xeb, 0x2a, 0x77, + 0x2c, 0xd7, 0x95, 0xe2, 0x7e, 0xcc, 0x3f, 0x2e, 0xf7, 0xa3, 0xf9, 0xbf, 0x72, 0xbc, 0x3f, 0xa2, + 0x51, 0xc7, 0x7d, 0xd6, 0xee, 0x12, 0x14, 0x98, 0x1c, 0xa8, 0x6f, 0x07, 0x32, 0x59, 0x51, 0xf1, + 0x58, 0x39, 0x9b, 0x37, 0xa8, 0xff, 0xd5, 0x04, 0x82, 0xb8, 0x44, 0xa8, 0xf3, 0x06, 0x31, 0xf0, + 0x05, 0x6a, 0xdf, 0xa5, 0xea, 0x74, 0x68, 0xeb, 0x8f, 0x85, 0x63, 0x39, 0xb9, 0xa9, 0xe4, 0xf1, + 0x51, 0xe3, 0x6c, 0x5b, 0xdb, 0x8e, 0xcd, 0xf3, 0xc7, 0xa8, 0x2b, 0x40, 0x92, 0xf2, 0x67, 0x1e, + 0xc6, 0xf4, 0xb4, 0xc6, 0x22, 0x22, 0x04, 0x33, 0x82, 0xa6, 0x52, 0x22, 0xab, 0x7e, 0x56, 0x9d, + 0x88, 0x54, 0x61, 0x54, 0xbb, 0x37, 0xa8, 0x3e, 0xdc, 0xaa, 0xdf, 0x3a, 0x54, 0xfd, 0x7e, 0x1a, + 0x89, 0x72, 0x79, 0xe3, 0x13, 0x50, 0x16, 0x33, 0x33, 0xce, 0xe5, 0x88, 0x47, 0x76, 0x8b, 0x35, + 0x4b, 0x9d, 0x4d, 0x0d, 0xcf, 0x0d, 0x2c, 0x84, 0x9a, 0xdf, 0x31, 0xe0, 0xdc, 0x32, 0x8d, 0xee, + 0xfb, 0xc1, 0x9e, 0x45, 0xc3, 0x28, 0xf0, 0x78, 0x6a, 0x48, 0x94, 0xc7, 0x4f, 0x92, 0x37, 0xe5, + 0x2b, 0x4b, 0xba, 0x82, 0x4c, 0xd7, 0x51, 0x1d, 0x15, 0x42, 0x39, 0x80, 0x41, 0x08, 0xf2, 0x75, + 0xa5, 0xd7, 0xc5, 0xeb, 0x4a, 0xb9, 0xc3, 0x89, 0xe3, 0x79, 0xe1, 0xd2, 0xb6, 0x7c, 0x55, 0xe9, + 0xdb, 0x39, 0x38, 0x9d, 0xd1, 0xac, 0x8d, 0x4f, 0x3e, 0xa1, 0xca, 0xa1, 0xaa, 0x29, 0x07, 0xf9, + 0xfc, 0x5e, 0xdf, 0x81, 0xcf, 0xd4, 0x15, 0xbf, 0x6a, 0xc0, 0x59, 0x5d, 0x7a, 0x44, 0xa0, 0xd0, + 0xc6, 0x0d, 0xf2, 0x06, 0x0c, 0x2e, 0x50, 0xc7, 0xa5, 0x32, 0xe5, 0xd8, 0xe9, 0xd4, 0xd3, 0xa6, + 0xbc, 0x90, 0xb3, 0xfd, 0x43, 0x3e, 0x95, 0x4f, 0x59, 0x82, 0x84, 0xd4, 0x44, 0xe3, 0xb8, 0x59, + 0x6a, 0xca, 0x5b, 0x43, 0x59, 0x55, 0x1d, 0x72, 0xe0, 0xf9, 0x3d, 0x03, 0x9e, 0x3a, 0x84, 0x86, + 0x7d, 0x38, 0xf6, 0xe9, 0xd5, 0x0f, 0x87, 0x0b, 0x0b, 0x42, 0xc9, 0xdb, 0x30, 0xbe, 0x26, 0xcc, + 0x5a, 0xf9, 0x39, 0x94, 0x17, 0xe1, 0xa5, 0xc5, 0x6b, 0xcb, 0xef, 0x92, 0x46, 0x66, 0x46, 0xf9, + 0x82, 0x1f, 0x46, 0xed, 0xe4, 0x5d, 0x09, 0x34, 0xca, 0x77, 0x05, 0xcc, 0x8a, 0x4b, 0xc9, 0x0d, + 0x8c, 0xf6, 0x79, 0xb0, 0xbf, 0x58, 0x93, 0x76, 0x23, 0x9e, 0xfb, 0xf0, 0x75, 0x52, 0x7f, 0xed, + 0x35, 0x46, 0x64, 0xb6, 0x84, 0xde, 0x37, 0x71, 0x9f, 0xf7, 0x39, 0x18, 0x64, 0x8c, 0xe3, 0x83, + 0x3d, 0x14, 0x1e, 0x4c, 0xdc, 0xed, 0xb9, 0x96, 0x28, 0x8a, 0x0f, 0xf9, 0x73, 0x99, 0xd7, 0x6e, + 0xbe, 0x61, 0x40, 0x59, 0xe7, 0xfd, 0xa8, 0xdf, 0xf3, 0x2d, 0xed, 0x7b, 0x3e, 0x95, 0xfd, 0x3d, + 0xfb, 0x7f, 0xc8, 0x9e, 0xbc, 0xf0, 0xc7, 0xfa, 0x80, 0x26, 0x0c, 0xd6, 0xfc, 0x96, 0xe3, 0xb5, + 0xd5, 0x94, 0xe2, 0x2e, 0x42, 0x2c, 0x51, 0xa2, 0x8c, 0x56, 0xbe, 0xef, 0x68, 0x99, 0xdf, 0x2a, + 0xc0, 0x39, 0x8b, 0xee, 0x78, 0xcc, 0xaa, 0x5a, 0x0f, 0xbd, 0xf6, 0x8e, 0x76, 0x29, 0xca, 0x4c, + 0x0d, 0xb8, 0x48, 0x37, 0xc1, 0x20, 0xf1, 0x78, 0xbf, 0x04, 0x45, 0xa6, 0xda, 0x95, 0x31, 0x47, + 0x0f, 0x39, 0xbe, 0xc8, 0xc1, 0x85, 0x41, 0x16, 0x93, 0x2b, 0x62, 0xe1, 0x51, 0x12, 0x02, 0xb1, + 0x85, 0xe7, 0x87, 0x07, 0x33, 0xc0, 0xdf, 0x71, 0x66, 0xa5, 0x62, 0xf1, 0x89, 0x2d, 0xb1, 0x42, + 0x1f, 0x4b, 0xec, 0x2e, 0x4c, 0x55, 0x5c, 0xae, 0xd4, 0x9c, 0xe6, 0x6a, 0xe0, 0xb5, 0x1b, 0x5e, + 0xc7, 0x69, 0xca, 0xdd, 0x05, 0x9e, 0x93, 0x38, 0x71, 0xb9, 0xdd, 0x89, 0x11, 0xac, 0x4c, 0x32, + 0xd6, 0x8d, 0xda, 0x72, 0x9d, 0x3f, 0xb8, 0xc0, 0x0f, 0x3f, 0xb0, 0x1b, 0x6e, 0x3b, 0xe4, 0x2f, + 0x2e, 0x58, 0x71, 0x31, 0xda, 0x80, 0x78, 0x24, 0xbb, 0xb6, 0x54, 0x4f, 0xa2, 0xaf, 0x79, 0xbe, + 0x02, 0x7e, 0x6c, 0x1b, 0x35, 0x43, 0x3c, 0xba, 0xd5, 0xf0, 0x12, 0xba, 0x7a, 0x7d, 0x81, 0xd1, + 0x15, 0x7b, 0xe8, 0xc2, 0x70, 0x57, 0xa5, 0xe3, 0x78, 0xe4, 0x1a, 0x00, 0xbf, 0x8d, 0x8d, 0x02, + 0x31, 0x9c, 0x58, 0x8c, 0x01, 0x42, 0xb9, 0xc5, 0xa8, 0xa0, 0x90, 0x37, 0x61, 0x72, 0x7e, 0x6e, + 0x56, 0xba, 0xac, 0x6a, 0x7e, 0xa3, 0xdb, 0xa2, 0xed, 0x08, 0x0f, 0x4d, 0x4b, 0xfc, 0x1b, 0xd2, + 0xc6, 0x2c, 0x93, 0x82, 0x2c, 0x34, 0x91, 0x42, 0x8b, 0x27, 0x60, 0x9c, 0xf3, 0x5d, 0x1a, 0x6e, + 0x5c, 0xff, 0x98, 0xa5, 0xd0, 0x52, 0xfa, 0x86, 0xb3, 0xed, 0x7a, 0xe6, 0xcc, 0xfc, 0xff, 0x31, + 0x85, 0x56, 0x0f, 0x2e, 0xf9, 0x11, 0x18, 0xc0, 0x9f, 0x62, 0x99, 0x9e, 0xcc, 0x60, 0x9b, 0x2c, + 0xd1, 0x0d, 0x9e, 0xc2, 0x1e, 0x09, 0xc8, 0x62, 0xf2, 0x4a, 0xfe, 0x09, 0x12, 0xc1, 0x88, 0x2c, + 0xae, 0xda, 0xdb, 0xf8, 0xa6, 0x0b, 0x25, 0xb5, 0x42, 0x26, 0x23, 0x0b, 0x4e, 0xb8, 0x4b, 0x5d, + 0xf6, 0x4b, 0xe4, 0x70, 0x43, 0x19, 0xd9, 0x45, 0xa8, 0xcd, 0xda, 0x61, 0x29, 0x28, 0x4c, 0x3b, + 0x2c, 0x86, 0xeb, 0xa1, 0x68, 0x8a, 0xd8, 0x3a, 0x79, 0xb8, 0x0d, 0x77, 0x2d, 0x51, 0x84, 0xda, + 0x52, 0x1e, 0x91, 0x05, 0x4e, 0x63, 0x8f, 0x06, 0x1b, 0xd7, 0x3f, 0x0a, 0x6d, 0xa9, 0xd7, 0x71, + 0xc8, 0x37, 0xf9, 0x2a, 0xc4, 0x2f, 0x30, 0x68, 0xc8, 0xcc, 0xb0, 0x4c, 0xae, 0x96, 0x1a, 0x89, + 0x61, 0x99, 0x5c, 0x2d, 0x55, 0x0d, 0xcb, 0x18, 0x35, 0x7e, 0x5b, 0x36, 0x77, 0xc4, 0xdb, 0xb2, + 0x7d, 0xde, 0xd1, 0x96, 0x99, 0x4f, 0x8e, 0x7a, 0x47, 0x9b, 0xd9, 0xff, 0xf2, 0xd3, 0x17, 0x8e, + 0x65, 0xff, 0xe3, 0x93, 0x9c, 0xe2, 0xd3, 0xa7, 0xed, 0x7f, 0xc1, 0x49, 0xdd, 0x54, 0x0c, 0x1c, + 0x9f, 0xe9, 0x11, 0x31, 0x0d, 0x9f, 0x86, 0x52, 0x25, 0x8a, 0x9c, 0xc6, 0x2e, 0x75, 0xf1, 0x0d, + 0x63, 0xe5, 0x72, 0x9b, 0x23, 0xe0, 0xaa, 0x33, 0x56, 0xc5, 0x25, 0xaf, 0xc0, 0xa0, 0x45, 0x9d, + 0x50, 0x04, 0x97, 0x08, 0x73, 0x22, 0x40, 0x88, 0xea, 0x55, 0xe2, 0x38, 0x6c, 0x13, 0xb5, 0xd8, + 0xbe, 0xe7, 0xb1, 0x31, 0x29, 0x26, 0x19, 0xd4, 0x3d, 0x0e, 0x52, 0xb5, 0x86, 0xc0, 0x22, 0xaf, + 0x2b, 0x66, 0xc7, 0x70, 0x62, 0xff, 0xf3, 0xbd, 0x99, 0x2d, 0xad, 0x0f, 0xd5, 0xa4, 0x88, 0xed, + 0x90, 0x9b, 0x30, 0x24, 0xb7, 0xdc, 0x90, 0xd8, 0xfc, 0x82, 0x32, 0x7d, 0x91, 0x61, 0xdf, 0x92, + 0xc8, 0x98, 0xbc, 0x58, 0x49, 0xb2, 0x36, 0xa2, 0x24, 0x2f, 0x56, 0x92, 0xac, 0x69, 0xc9, 0x8b, + 0x95, 0x74, 0x6b, 0xf1, 0x0e, 0xaa, 0x74, 0xe4, 0x0e, 0x6a, 0x03, 0x4a, 0xab, 0x4e, 0x10, 0x79, + 0x6c, 0x39, 0x6a, 0x47, 0xfc, 0xd9, 0x9e, 0x64, 0x83, 0xaf, 0x14, 0x25, 0xaf, 0xe6, 0x77, 0x14, + 0x7c, 0x3d, 0xfb, 0x6b, 0x02, 0xcf, 0x0e, 0x2d, 0x19, 0x7b, 0x94, 0xd0, 0x92, 0x62, 0xfc, 0x0a, + 0xde, 0x78, 0x12, 0xc8, 0x13, 0x3f, 0x6d, 0x97, 0x1e, 0x7d, 0xdc, 0x71, 0x7e, 0x01, 0x4a, 0xec, + 0x6f, 0x7c, 0x4a, 0xc4, 0xa3, 0xfc, 0x59, 0x9e, 0x24, 0x65, 0x82, 0x3e, 0xa1, 0xf9, 0x7b, 0x23, + 0x75, 0x1a, 0xf1, 0x09, 0x8c, 0x8c, 0x7b, 0x42, 0xc1, 0x54, 0x6e, 0xe4, 0x1d, 0x28, 0xa9, 0x6f, + 0x20, 0x4d, 0x4f, 0x24, 0xc1, 0x41, 0xae, 0x80, 0xa7, 0xbf, 0x92, 0x46, 0xc0, 0xd6, 0xaf, 0x4a, + 0xa7, 0x83, 0xb4, 0x44, 0x91, 0xf6, 0x4e, 0x27, 0x4d, 0x26, 0xd1, 0xc8, 0x67, 0xa0, 0x54, 0xe9, + 0x74, 0x12, 0x8d, 0x33, 0xa9, 0xec, 0x23, 0x3b, 0x1d, 0x3b, 0x53, 0xeb, 0x68, 0x14, 0x4c, 0xb0, + 0x84, 0xc1, 0x87, 0xf5, 0x4e, 0x25, 0x82, 0x25, 0x5f, 0xf6, 0x49, 0x0b, 0x96, 0x82, 0x6e, 0xfe, + 0xc0, 0x80, 0xb3, 0x7d, 0x86, 0x0d, 0xf7, 0xe2, 0x89, 0xb7, 0x9c, 0xef, 0xc5, 0x75, 0x56, 0x05, + 0x91, 0x5a, 0x6e, 0x48, 0x37, 0xfe, 0x71, 0xfa, 0x89, 0x35, 0x58, 0xed, 0xb4, 0x5c, 0x8d, 0xb3, + 0xdf, 0x10, 0xca, 0x7f, 0x64, 0x6f, 0x08, 0x99, 0x07, 0x06, 0x8c, 0x28, 0xc2, 0x4c, 0x2e, 0x2a, + 0xf1, 0xf2, 0x65, 0x9e, 0x7e, 0x48, 0xe1, 0x90, 0xe3, 0xea, 0x1c, 0x25, 0x33, 0x77, 0xb4, 0x0b, + 0x04, 0x1f, 0xd3, 0xcb, 0x27, 0x78, 0xad, 0x94, 0xbf, 0x02, 0x1f, 0xcf, 0x7b, 0x1f, 0x60, 0xc9, + 0x09, 0xa3, 0x4a, 0x23, 0xf2, 0xee, 0xd1, 0x63, 0x68, 0xee, 0x24, 0x81, 0xb7, 0x83, 0xaf, 0xab, + 0x32, 0xb2, 0x9e, 0x04, 0xde, 0x31, 0x43, 0xf3, 0x2f, 0x0c, 0x18, 0x59, 0x6c, 0x87, 0x91, 0xd3, + 0x6c, 0xe2, 0xd2, 0xfa, 0x71, 0x4a, 0xd5, 0x16, 0xf7, 0xeb, 0x90, 0xe5, 0xfc, 0x35, 0x18, 0x4f, + 0xa1, 0xb1, 0x2d, 0x47, 0x1d, 0xef, 0xbd, 0xa8, 0x5b, 0x0e, 0x7e, 0x13, 0xc6, 0x12, 0x25, 0xe6, + 0xbc, 0x42, 0xb6, 0x71, 0x1d, 0xdd, 0xcc, 0xb3, 0x00, 0x9e, 0x04, 0x49, 0xcb, 0x8c, 0xa4, 0x5b, + 0xb2, 0x71, 0xdd, 0x52, 0xb0, 0xcc, 0x65, 0x18, 0xac, 0xfb, 0x41, 0x54, 0xdd, 0xe7, 0xc6, 0x50, + 0x8d, 0x86, 0x0d, 0xd5, 0x8f, 0xec, 0xa1, 0x47, 0xa9, 0x61, 0x89, 0x22, 0xb6, 0x23, 0xb9, 0xe5, + 0xd1, 0xa6, 0xab, 0xc6, 0xf7, 0x6c, 0x33, 0x80, 0xc5, 0xe1, 0xcc, 0x60, 0x3c, 0x93, 0xe4, 0x3e, + 0x4a, 0x02, 0x89, 0x1e, 0xd5, 0x66, 0x9a, 0xd3, 0xc6, 0xf7, 0x59, 0x3d, 0xbf, 0xb9, 0x56, 0xd3, + 0x21, 0x43, 0xfd, 0x77, 0x0d, 0x38, 0xdf, 0x9f, 0x44, 0x8d, 0x4d, 0x32, 0x0e, 0x89, 0x4d, 0x7a, + 0x21, 0xed, 0xf7, 0x44, 0x34, 0xe1, 0xf7, 0x4c, 0xbc, 0x9d, 0x35, 0x0c, 0x0d, 0x6b, 0xc4, 0x6f, + 0x49, 0x5c, 0x3c, 0xa4, 0xcd, 0x88, 0xc8, 0x3f, 0x73, 0x84, 0x34, 0x96, 0xa0, 0x35, 0xff, 0x59, + 0x1e, 0xce, 0xf5, 0xa5, 0x20, 0x0b, 0xda, 0x3b, 0x9a, 0x57, 0x8e, 0xaa, 0xe1, 0x2a, 0xfe, 0x9b, + 0xf9, 0xb2, 0xe6, 0x4a, 0x9c, 0x3e, 0x8b, 0xbf, 0xad, 0xf9, 0xf2, 0x91, 0xbc, 0x38, 0x3a, 0x32, + 0x83, 0xde, 0x4c, 0x5a, 0x18, 0x21, 0x4d, 0x23, 0xc7, 0x13, 0x0f, 0x59, 0xca, 0x08, 0x69, 0x0e, + 0xb2, 0x64, 0x59, 0x12, 0x30, 0x56, 0xc8, 0x0e, 0x18, 0x33, 0x7f, 0xc6, 0x80, 0xe1, 0xb8, 0xd9, + 0xe4, 0x3c, 0x9c, 0x59, 0xb3, 0x2a, 0x73, 0xf3, 0xf6, 0xda, 0x7b, 0xab, 0xf3, 0xf6, 0xfa, 0x72, + 0x7d, 0x75, 0x7e, 0x6e, 0xf1, 0xd6, 0xe2, 0x7c, 0xad, 0x7c, 0x8a, 0x4c, 0xc0, 0xe8, 0xfa, 0xf2, + 0x9d, 0xe5, 0x95, 0xcd, 0x65, 0x7b, 0xde, 0xb2, 0x56, 0xac, 0xb2, 0x41, 0x46, 0x61, 0xd8, 0xaa, + 0x56, 0xe6, 0xec, 0xe5, 0x95, 0xda, 0x7c, 0x39, 0x47, 0xca, 0x50, 0x9a, 0x5b, 0x59, 0x5e, 0x9e, + 0x9f, 0x5b, 0x5b, 0xdc, 0x58, 0x5c, 0x7b, 0xaf, 0x9c, 0x27, 0x04, 0xc6, 0x10, 0x61, 0xd5, 0x5a, + 0x5c, 0x9e, 0x5b, 0x5c, 0xad, 0x2c, 0x95, 0x0b, 0x0c, 0xc6, 0xf0, 0x15, 0xd8, 0x80, 0xf9, 0x16, + 0x8f, 0x80, 0xe6, 0xfd, 0x25, 0x67, 0x80, 0xd4, 0xd7, 0x2a, 0x6b, 0xeb, 0xf5, 0x54, 0x0b, 0x46, + 0x60, 0xa8, 0xbe, 0x3e, 0x37, 0x37, 0x5f, 0xaf, 0x97, 0x0d, 0x02, 0x30, 0x78, 0xab, 0xb2, 0xb8, + 0x34, 0x5f, 0x2b, 0xe7, 0xcc, 0x9f, 0x35, 0xa0, 0x24, 0x8c, 0x87, 0x4a, 0x93, 0x06, 0xd1, 0xa3, + 0xcd, 0x85, 0xd7, 0xb5, 0xfd, 0x43, 0x1c, 0x10, 0xa7, 0xf0, 0x67, 0xc5, 0x99, 0x33, 0xe0, 0xdf, + 0x1a, 0x50, 0x4e, 0x23, 0x92, 0xb7, 0xa1, 0x58, 0xa7, 0xf7, 0x68, 0xe0, 0x45, 0xfb, 0x42, 0x92, + 0xe4, 0xa3, 0xc8, 0x1c, 0x47, 0x94, 0x71, 0xff, 0x56, 0x28, 0x7e, 0x59, 0x31, 0xcd, 0x71, 0x27, + 0x84, 0x62, 0xfe, 0xe7, 0x1f, 0x97, 0xf9, 0x6f, 0xfe, 0xb1, 0x01, 0x67, 0x6f, 0xd3, 0x48, 0xed, + 0x53, 0x9c, 0xc5, 0xe5, 0x13, 0xc7, 0xeb, 0x97, 0xd2, 0x93, 0x69, 0x18, 0xc2, 0x22, 0x79, 0xe1, + 0xcc, 0x92, 0x3f, 0x49, 0x15, 0x06, 0xb5, 0xf4, 0x65, 0x72, 0xae, 0xf5, 0xa9, 0xfb, 0xaa, 0x92, + 0x2b, 0xca, 0x12, 0x94, 0xe7, 0x5f, 0x87, 0x91, 0x0f, 0x99, 0x8e, 0xec, 0xca, 0x3b, 0x30, 0x2e, + 0xad, 0xb5, 0xb5, 0xa5, 0x3a, 0x2e, 0xcb, 0xe3, 0x30, 0xb2, 0x31, 0x6f, 0x2d, 0xde, 0x7a, 0xcf, + 0xbe, 0xb5, 0xbe, 0xb4, 0x54, 0x3e, 0xc5, 0x84, 0x5d, 0x00, 0xe6, 0x2a, 0x65, 0x83, 0x94, 0xa0, + 0xb8, 0xb8, 0x5c, 0x9f, 0x9f, 0x5b, 0xb7, 0xe6, 0xcb, 0xb9, 0x2b, 0x2f, 0xc0, 0x58, 0x72, 0xa9, + 0x06, 0x85, 0x78, 0x08, 0xf2, 0x56, 0x65, 0xb3, 0x7c, 0x8a, 0x09, 0xea, 0xea, 0x9d, 0xb9, 0xfa, + 0xf5, 0xeb, 0x65, 0xe3, 0xca, 0x27, 0x60, 0x02, 0x3d, 0x90, 0x6c, 0x3d, 0xa1, 0x6d, 0x1a, 0x60, + 0x4d, 0x25, 0x36, 0x8e, 0x1d, 0x27, 0x70, 0x22, 0xca, 0xab, 0xb9, 0xdb, 0x6d, 0x46, 0x5e, 0xa7, + 0x49, 0x1f, 0x94, 0x8d, 0x2b, 0xaf, 0xc3, 0xb8, 0xe5, 0x77, 0x23, 0xaf, 0xbd, 0x23, 0x1f, 0x4b, + 0x27, 0xa7, 0x61, 0x62, 0x7d, 0xb9, 0x72, 0xb7, 0xba, 0x78, 0x7b, 0x7d, 0x65, 0xbd, 0x6e, 0xdf, + 0xad, 0xac, 0xcd, 0x2d, 0x94, 0x4f, 0xb1, 0x06, 0xdf, 0x5d, 0xa9, 0xaf, 0xd9, 0xd6, 0xfc, 0xdc, + 0xfc, 0xf2, 0x5a, 0xd9, 0xb8, 0xf2, 0x73, 0x06, 0x8c, 0x31, 0x4b, 0x04, 0x7d, 0x59, 0xeb, 0x28, + 0x23, 0x17, 0xe1, 0xc2, 0x7a, 0x7d, 0xde, 0xb2, 0xd7, 0x56, 0xee, 0xcc, 0x2f, 0xdb, 0xeb, 0xf5, + 0xca, 0xed, 0xf4, 0x2c, 0x9f, 0x81, 0xa7, 0x14, 0x0c, 0x6b, 0x7e, 0x6e, 0x65, 0x63, 0xde, 0xb2, + 0x57, 0x2b, 0xf5, 0xfa, 0xe6, 0x8a, 0x55, 0x2b, 0x1b, 0x4c, 0x45, 0x64, 0x20, 0xdc, 0xbd, 0x55, + 0x29, 0xe7, 0x7a, 0xca, 0x96, 0xe7, 0x37, 0x2b, 0x4b, 0x76, 0x75, 0x65, 0xad, 0x9c, 0xbf, 0xf2, + 0x0e, 0x94, 0xe2, 0x57, 0xdf, 0xd9, 0x6e, 0xb5, 0x08, 0x85, 0xe5, 0x95, 0xe5, 0x79, 0x3e, 0xad, + 0x57, 0xe7, 0x97, 0x6b, 0x8b, 0xcb, 0xb7, 0xf9, 0xb0, 0x56, 0x56, 0x57, 0xad, 0x95, 0x0d, 0x36, + 0xb1, 0xd9, 0xd8, 0xd5, 0xe6, 0x97, 0x59, 0xcb, 0xf2, 0x57, 0x4c, 0x98, 0xe8, 0x79, 0x89, 0x98, + 0x8d, 0xd6, 0xfc, 0xe7, 0xd6, 0xe6, 0x97, 0xeb, 0x8b, 0x2b, 0xcb, 0xe5, 0x53, 0x57, 0x2e, 0xa4, + 0x70, 0xe4, 0x97, 0xa8, 0xd7, 0x17, 0xca, 0xa7, 0xae, 0x7c, 0x01, 0x4a, 0xea, 0x66, 0x9a, 0x9c, + 0x85, 0x49, 0xf5, 0xf7, 0x2a, 0x6d, 0xbb, 0x5e, 0x7b, 0xa7, 0x7c, 0x2a, 0x5d, 0x60, 0x75, 0xdb, + 0x6d, 0x56, 0x80, 0x9d, 0x57, 0x0b, 0xd6, 0x68, 0xd0, 0xf2, 0xda, 0x6c, 0xa2, 0x94, 0x73, 0x57, + 0xae, 0xc2, 0xa8, 0x26, 0xf7, 0xac, 0xde, 0xa5, 0x15, 0x21, 0x01, 0x77, 0xe7, 0x6b, 0x8b, 0xeb, + 0x77, 0xcb, 0x03, 0xac, 0xdb, 0x0b, 0x8b, 0xb7, 0x17, 0xca, 0x50, 0x7d, 0xeb, 0xbb, 0x7f, 0xf4, + 0xcc, 0xa9, 0xef, 0x7e, 0xff, 0x19, 0xe3, 0x0f, 0xbf, 0xff, 0x8c, 0xf1, 0x5f, 0xbf, 0xff, 0x8c, + 0xf1, 0xa3, 0x2f, 0x9f, 0x20, 0x40, 0x64, 0x6b, 0x10, 0x67, 0xf5, 0x8d, 0xff, 0x1d, 0x00, 0x00, + 0xff, 0xff, 0xdb, 0xa0, 0xe7, 0x9a, 0x69, 0xe8, 0x00, 0x00, } func (m *KeepAlive) Marshal() (dAtA []byte, err error) { @@ -11810,6 +12501,16 @@ func (m *DatabaseStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + { + size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a if len(m.ManagedUsers) > 0 { for iNdEx := len(m.ManagedUsers) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.ManagedUsers[iNdEx]) @@ -12256,6 +12957,13 @@ func (m *Azure) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ResourceID) > 0 { + i -= len(m.ResourceID) + copy(dAtA[i:], m.ResourceID) + i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceID))) + i-- + dAtA[i] = 0x12 + } if len(m.Name) > 0 { i -= len(m.Name) copy(dAtA[i:], m.Name) @@ -12933,6 +13641,18 @@ func (m *AppSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.AWS != nil { + { + size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 + } if m.Rewrite != nil { { size, err := m.Rewrite.MarshalToSizedBuffer(dAtA[:i]) @@ -13255,6 +13975,40 @@ func (m *CommandLabelV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *AppAWS) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AppAWS) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AppAWS) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.ExternalID) > 0 { + i -= len(m.ExternalID) + copy(dAtA[i:], m.ExternalID) + i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalID))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *SSHKeyPair) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -13751,12 +14505,12 @@ func (m *ProvisionTokenV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x1a } - n53, err53 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err53 != nil { - return 0, err53 + n55, err55 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err55 != nil { + return 0, err55 } - i -= n53 - i = encodeVarintTypes(dAtA, i, uint64(n53)) + i -= n55 + i = encodeVarintTypes(dAtA, i, uint64(n55)) i-- dAtA[i] = 0x12 if len(m.Roles) > 0 { @@ -13961,6 +14715,16 @@ func (m *ProvisionTokenSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + { + size := m.SuggestedLabels.Size() + i -= size + if _, err := m.SuggestedLabels.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 if len(m.BotName) > 0 { i -= len(m.BotName) copy(dAtA[i:], m.BotName) @@ -14316,6 +15080,11 @@ func (m *ClusterAuditConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.UseFIPSEndpoint != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.UseFIPSEndpoint)) + i-- + dAtA[i] = 0x78 + } if m.RetentionPeriod != 0 { i = encodeVarintTypes(dAtA, i, uint64(m.RetentionPeriod)) i-- @@ -14499,6 +15268,11 @@ func (m *ClusterNetworkingConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.ProxyPingInterval != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.ProxyPingInterval)) + i-- + dAtA[i] = 0x50 + } if m.TunnelStrategy != nil { { size, err := m.TunnelStrategy.MarshalToSizedBuffer(dAtA[:i]) @@ -15298,12 +16072,12 @@ func (m *UserTokenSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n82, err82 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err82 != nil { - return 0, err82 + n85, err85 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err85 != nil { + return 0, err85 } - i -= n82 - i = encodeVarintTypes(dAtA, i, uint64(n82)) + i -= n85 + i = encodeVarintTypes(dAtA, i, uint64(n85)) i-- dAtA[i] = 0x22 if m.Usage != 0 { @@ -15420,12 +16194,12 @@ func (m *UserTokenSecretsSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n85, err85 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err85 != nil { - return 0, err85 + n88, err88 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err88 != nil { + return 0, err88 } - i -= n85 - i = encodeVarintTypes(dAtA, i, uint64(n85)) + i -= n88 + i = encodeVarintTypes(dAtA, i, uint64(n88)) i-- dAtA[i] = 0x1a if len(m.QRCode) > 0 { @@ -15589,20 +16363,20 @@ func (m *AccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } if len(m.ThresholdIndexes) > 0 { - dAtA89 := make([]byte, len(m.ThresholdIndexes)*10) - var j88 int + dAtA92 := make([]byte, len(m.ThresholdIndexes)*10) + var j91 int for _, num := range m.ThresholdIndexes { for num >= 1<<7 { - dAtA89[j88] = uint8(uint64(num)&0x7f | 0x80) + dAtA92[j91] = uint8(uint64(num)&0x7f | 0x80) num >>= 7 - j88++ + j91++ } - dAtA89[j88] = uint8(num) - j88++ + dAtA92[j91] = uint8(num) + j91++ } - i -= j88 - copy(dAtA[i:], dAtA89[:j88]) - i = encodeVarintTypes(dAtA, i, uint64(j88)) + i -= j91 + copy(dAtA[i:], dAtA92[:j91]) + i = encodeVarintTypes(dAtA, i, uint64(j91)) i-- dAtA[i] = 0x3a } @@ -15616,12 +16390,12 @@ func (m *AccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { } i-- dAtA[i] = 0x32 - n91, err91 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err91 != nil { - return 0, err91 + n94, err94 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err94 != nil { + return 0, err94 } - i -= n91 - i = encodeVarintTypes(dAtA, i, uint64(n91)) + i -= n94 + i = encodeVarintTypes(dAtA, i, uint64(n94)) i-- dAtA[i] = 0x2a if len(m.Reason) > 0 { @@ -15724,20 +16498,20 @@ func (m *ThresholdIndexSet) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } if len(m.Indexes) > 0 { - dAtA94 := make([]byte, len(m.Indexes)*10) - var j93 int + dAtA97 := make([]byte, len(m.Indexes)*10) + var j96 int for _, num := range m.Indexes { for num >= 1<<7 { - dAtA94[j93] = uint8(uint64(num)&0x7f | 0x80) + dAtA97[j96] = uint8(uint64(num)&0x7f | 0x80) num >>= 7 - j93++ + j96++ } - dAtA94[j93] = uint8(num) - j93++ + dAtA97[j96] = uint8(num) + j96++ } - i -= j93 - copy(dAtA[i:], dAtA94[:j93]) - i = encodeVarintTypes(dAtA, i, uint64(j93)) + i -= j96 + copy(dAtA[i:], dAtA97[:j96]) + i = encodeVarintTypes(dAtA, i, uint64(j96)) i-- dAtA[i] = 0xa } @@ -15809,6 +16583,18 @@ func (m *AccessRequestSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.DryRun { + i-- + if m.DryRun { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x80 + } if len(m.LoginHint) > 0 { i -= len(m.LoginHint) copy(dAtA[i:], m.LoginHint) @@ -15925,20 +16711,20 @@ func (m *AccessRequestSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x32 } - n98, err98 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err98 != nil { - return 0, err98 + n101, err101 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err101 != nil { + return 0, err101 } - i -= n98 - i = encodeVarintTypes(dAtA, i, uint64(n98)) + i -= n101 + i = encodeVarintTypes(dAtA, i, uint64(n101)) i-- dAtA[i] = 0x2a - n99, err99 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err99 != nil { - return 0, err99 + n102, err102 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err102 != nil { + return 0, err102 } - i -= n99 - i = encodeVarintTypes(dAtA, i, uint64(n99)) + i -= n102 + i = encodeVarintTypes(dAtA, i, uint64(n102)) i-- dAtA[i] = 0x22 if m.State != 0 { @@ -16608,6 +17394,20 @@ func (m *RoleOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.SSHFileCopy != nil { + { + size := m.SSHFileCopy.Size() + i -= size + if _, err := m.SSHFileCopy.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xb2 + } if m.PinSourceIP { i-- if m.PinSourceIP { @@ -17827,12 +18627,12 @@ func (m *UserSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { } i-- dAtA[i] = 0x42 - n128, err128 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err128 != nil { - return 0, err128 + n132, err132 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err132 != nil { + return 0, err132 } - i -= n128 - i = encodeVarintTypes(dAtA, i, uint64(n128)) + i -= n132 + i = encodeVarintTypes(dAtA, i, uint64(n132)) i-- dAtA[i] = 0x3a { @@ -17974,28 +18774,28 @@ func (m *LoginStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n131, err131 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.RecoveryAttemptLockExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.RecoveryAttemptLockExpires):]) - if err131 != nil { - return 0, err131 + n135, err135 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.RecoveryAttemptLockExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.RecoveryAttemptLockExpires):]) + if err135 != nil { + return 0, err135 } - i -= n131 - i = encodeVarintTypes(dAtA, i, uint64(n131)) + i -= n135 + i = encodeVarintTypes(dAtA, i, uint64(n135)) i-- dAtA[i] = 0x2a - n132, err132 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockExpires):]) - if err132 != nil { - return 0, err132 + n136, err136 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockExpires):]) + if err136 != nil { + return 0, err136 } - i -= n132 - i = encodeVarintTypes(dAtA, i, uint64(n132)) + i -= n136 + i = encodeVarintTypes(dAtA, i, uint64(n136)) i-- dAtA[i] = 0x22 - n133, err133 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockedTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockedTime):]) - if err133 != nil { - return 0, err133 + n137, err137 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockedTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockedTime):]) + if err137 != nil { + return 0, err137 } - i -= n133 - i = encodeVarintTypes(dAtA, i, uint64(n133)) + i -= n137 + i = encodeVarintTypes(dAtA, i, uint64(n137)) i-- dAtA[i] = 0x1a if len(m.LockedMessage) > 0 { @@ -18052,12 +18852,12 @@ func (m *CreatedBy) MarshalToSizedBuffer(dAtA []byte) (int, error) { } i-- dAtA[i] = 0x1a - n135, err135 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Time, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Time):]) - if err135 != nil { - return 0, err135 + n139, err139 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Time, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Time):]) + if err139 != nil { + return 0, err139 } - i -= n135 - i = encodeVarintTypes(dAtA, i, uint64(n135)) + i -= n139 + i = encodeVarintTypes(dAtA, i, uint64(n139)) i-- dAtA[i] = 0x12 if m.Connector != nil { @@ -18175,20 +18975,20 @@ func (m *MFADevice) MarshalToSizedBuffer(dAtA []byte) (int, error) { } } } - n138, err138 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastUsed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUsed):]) - if err138 != nil { - return 0, err138 + n142, err142 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastUsed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUsed):]) + if err142 != nil { + return 0, err142 } - i -= n138 - i = encodeVarintTypes(dAtA, i, uint64(n138)) + i -= n142 + i = encodeVarintTypes(dAtA, i, uint64(n142)) i-- dAtA[i] = 0x3a - n139, err139 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.AddedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.AddedAt):]) - if err139 != nil { - return 0, err139 + n143, err143 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.AddedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.AddedAt):]) + if err143 != nil { + return 0, err143 } - i -= n139 - i = encodeVarintTypes(dAtA, i, uint64(n139)) + i -= n143 + i = encodeVarintTypes(dAtA, i, uint64(n143)) i-- dAtA[i] = 0x32 if len(m.Id) > 0 { @@ -18785,12 +19585,12 @@ func (m *TunnelConnectionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) i-- dAtA[i] = 0x22 } - n148, err148 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):]) - if err148 != nil { - return 0, err148 + n152, err152 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):]) + if err152 != nil { + return 0, err152 } - i -= n148 - i = encodeVarintTypes(dAtA, i, uint64(n148)) + i -= n152 + i = encodeVarintTypes(dAtA, i, uint64(n152)) i-- dAtA[i] = 0x1a if len(m.ProxyName) > 0 { @@ -18882,12 +19682,12 @@ func (m *AcquireSemaphoreRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i-- dAtA[i] = 0x2a } - n149, err149 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err149 != nil { - return 0, err149 + n153, err153 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err153 != nil { + return 0, err153 } - i -= n149 - i = encodeVarintTypes(dAtA, i, uint64(n149)) + i -= n153 + i = encodeVarintTypes(dAtA, i, uint64(n153)) i-- dAtA[i] = 0x22 if m.MaxLeases != 0 { @@ -18936,12 +19736,12 @@ func (m *SemaphoreLease) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n150, err150 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err150 != nil { - return 0, err150 + n154, err154 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err154 != nil { + return 0, err154 } - i -= n150 - i = encodeVarintTypes(dAtA, i, uint64(n150)) + i -= n154 + i = encodeVarintTypes(dAtA, i, uint64(n154)) i-- dAtA[i] = 0x2a if len(m.LeaseID) > 0 { @@ -18999,12 +19799,12 @@ func (m *SemaphoreLeaseRef) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x1a } - n151, err151 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err151 != nil { - return 0, err151 + n155, err155 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err155 != nil { + return 0, err155 } - i -= n151 - i = encodeVarintTypes(dAtA, i, uint64(n151)) + i -= n155 + i = encodeVarintTypes(dAtA, i, uint64(n155)) i-- dAtA[i] = 0x12 if len(m.LeaseID) > 0 { @@ -19218,33 +20018,40 @@ func (m *WebSessionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ConsumedAccessRequestID) > 0 { + i -= len(m.ConsumedAccessRequestID) + copy(dAtA[i:], m.ConsumedAccessRequestID) + i = encodeVarintTypes(dAtA, i, uint64(len(m.ConsumedAccessRequestID))) + i-- + dAtA[i] = 0x52 + } if m.IdleTimeout != 0 { i = encodeVarintTypes(dAtA, i, uint64(m.IdleTimeout)) i-- dAtA[i] = 0x48 } - n156, err156 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LoginTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LoginTime):]) - if err156 != nil { - return 0, err156 + n160, err160 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LoginTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LoginTime):]) + if err160 != nil { + return 0, err160 } - i -= n156 - i = encodeVarintTypes(dAtA, i, uint64(n156)) + i -= n160 + i = encodeVarintTypes(dAtA, i, uint64(n160)) i-- dAtA[i] = 0x42 - n157, err157 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err157 != nil { - return 0, err157 + n161, err161 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err161 != nil { + return 0, err161 } - i -= n157 - i = encodeVarintTypes(dAtA, i, uint64(n157)) + i -= n161 + i = encodeVarintTypes(dAtA, i, uint64(n161)) i-- dAtA[i] = 0x3a - n158, err158 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.BearerTokenExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.BearerTokenExpires):]) - if err158 != nil { - return 0, err158 + n162, err162 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.BearerTokenExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.BearerTokenExpires):]) + if err162 != nil { + return 0, err162 } - i -= n158 - i = encodeVarintTypes(dAtA, i, uint64(n158)) + i -= n162 + i = encodeVarintTypes(dAtA, i, uint64(n162)) i-- dAtA[i] = 0x32 if len(m.BearerToken) > 0 { @@ -19411,12 +20218,12 @@ func (m *RemoteClusterStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n161, err161 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):]) - if err161 != nil { - return 0, err161 + n165, err165 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):]) + if err165 != nil { + return 0, err165 } - i -= n161 - i = encodeVarintTypes(dAtA, i, uint64(n161)) + i -= n165 + i = encodeVarintTypes(dAtA, i, uint64(n165)) i-- dAtA[i] = 0x12 if len(m.Connection) > 0 { @@ -20221,6 +21028,25 @@ func (m *OIDCConnectorSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.UsernameClaim) > 0 { + i -= len(m.UsernameClaim) + copy(dAtA[i:], m.UsernameClaim) + i = encodeVarintTypes(dAtA, i, uint64(len(m.UsernameClaim))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + } + if m.AllowUnverifiedEmail { + i-- + if m.AllowUnverifiedEmail { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x78 + } { size := m.RedirectURLs.Size() i -= size @@ -20620,6 +21446,16 @@ func (m *SAMLConnectorSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.AllowIDPInitiated { + i-- + if m.AllowIDPInitiated { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x70 + } if m.EncryptionKeyPair != nil { { size, err := m.EncryptionKeyPair.MarshalToSizedBuffer(dAtA[:i]) @@ -21219,12 +22055,12 @@ func (m *GithubAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x62 } if m.Expires != nil { - n180, err180 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) - if err180 != nil { - return 0, err180 + n184, err184 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) + if err184 != nil { + return 0, err184 } - i -= n180 - i = encodeVarintTypes(dAtA, i, uint64(n180)) + i -= n184 + i = encodeVarintTypes(dAtA, i, uint64(n184)) i-- dAtA[i] = 0x5a } @@ -22219,12 +23055,12 @@ func (m *LockSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } if m.Expires != nil { - n198, err198 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) - if err198 != nil { - return 0, err198 + n202, err202 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) + if err202 != nil { + return 0, err202 } - i -= n198 - i = encodeVarintTypes(dAtA, i, uint64(n198)) + i -= n202 + i = encodeVarintTypes(dAtA, i, uint64(n202)) i-- dAtA[i] = 0x1a } @@ -22914,12 +23750,12 @@ func (m *RecoveryCodesSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n208, err208 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err208 != nil { - return 0, err208 + n212, err212 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err212 != nil { + return 0, err212 } - i -= n208 - i = encodeVarintTypes(dAtA, i, uint64(n208)) + i -= n212 + i = encodeVarintTypes(dAtA, i, uint64(n212)) i-- dAtA[i] = 0x12 if len(m.Codes) > 0 { @@ -23185,20 +24021,20 @@ func (m *SessionTrackerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x32 } - n211, err211 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err211 != nil { - return 0, err211 + n215, err215 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err215 != nil { + return 0, err215 } - i -= n211 - i = encodeVarintTypes(dAtA, i, uint64(n211)) + i -= n215 + i = encodeVarintTypes(dAtA, i, uint64(n215)) i-- dAtA[i] = 0x2a - n212, err212 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err212 != nil { - return 0, err212 + n216, err216 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err216 != nil { + return 0, err216 } - i -= n212 - i = encodeVarintTypes(dAtA, i, uint64(n212)) + i -= n216 + i = encodeVarintTypes(dAtA, i, uint64(n216)) i-- dAtA[i] = 0x22 if m.State != 0 { @@ -23302,12 +24138,12 @@ func (m *Participant) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n213, err213 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastActive, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastActive):]) - if err213 != nil { - return 0, err213 + n217, err217 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastActive, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastActive):]) + if err217 != nil { + return 0, err217 } - i -= n213 - i = encodeVarintTypes(dAtA, i, uint64(n213)) + i -= n217 + i = encodeVarintTypes(dAtA, i, uint64(n217)) i-- dAtA[i] = 0x22 if len(m.Mode) > 0 { @@ -23334,6 +24170,149 @@ func (m *Participant) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *InstallerV1) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *InstallerV1) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *InstallerV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + { + size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + if len(m.Version) > 0 { + i -= len(m.Version) + copy(dAtA[i:], m.Version) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Version))) + i-- + dAtA[i] = 0x1a + } + if len(m.SubKind) > 0 { + i -= len(m.SubKind) + copy(dAtA[i:], m.SubKind) + i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind))) + i-- + dAtA[i] = 0x12 + } + if len(m.Kind) > 0 { + i -= len(m.Kind) + copy(dAtA[i:], m.Kind) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *InstallerSpecV1) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *InstallerSpecV1) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *InstallerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Script) > 0 { + i -= len(m.Script) + copy(dAtA[i:], m.Script) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Script))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *InstallerV1List) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *InstallerV1List) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *InstallerV1List) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Installers) > 0 { + for iNdEx := len(m.Installers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Installers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *SortBy) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -23378,6 +24357,314 @@ func (m *SortBy) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *ConnectionDiagnosticV1) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConnectionDiagnosticV1) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ConnectionDiagnosticV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + { + size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *ConnectionDiagnosticSpecV1) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConnectionDiagnosticSpecV1) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ConnectionDiagnosticSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Traces) > 0 { + for iNdEx := len(m.Traces) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Traces[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } + if len(m.Message) > 0 { + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x12 + } + if m.Success { + i-- + if m.Success { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *ConnectionDiagnosticTrace) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConnectionDiagnosticTrace) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ConnectionDiagnosticTrace) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Error) > 0 { + i -= len(m.Error) + copy(dAtA[i:], m.Error) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Error))) + i-- + dAtA[i] = 0x22 + } + if len(m.Details) > 0 { + i -= len(m.Details) + copy(dAtA[i:], m.Details) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Details))) + i-- + dAtA[i] = 0x1a + } + if m.Status != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.Status)) + i-- + dAtA[i] = 0x10 + } + if m.Type != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.Type)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *ClusterAlert) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ClusterAlert) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ClusterAlert) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *ClusterAlertSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ClusterAlertSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ClusterAlertSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + n224, err224 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err224 != nil { + return 0, err224 + } + i -= n224 + i = encodeVarintTypes(dAtA, i, uint64(n224)) + i-- + dAtA[i] = 0x1a + if len(m.Message) > 0 { + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintTypes(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x12 + } + if m.Severity != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.Severity)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *GetClusterAlertsRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GetClusterAlertsRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GetClusterAlertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Labels) > 0 { + for k := range m.Labels { + v := m.Labels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintTypes(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintTypes(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintTypes(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x1a + } + } + if len(m.AlertID) > 0 { + i -= len(m.AlertID) + copy(dAtA[i:], m.AlertID) + i = encodeVarintTypes(dAtA, i, uint64(len(m.AlertID))) + i-- + dAtA[i] = 0x12 + } + if m.Severity != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.Severity)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + func encodeVarintTypes(dAtA []byte, offset int, v uint64) int { offset -= sovTypes(v) base := offset @@ -23747,6 +25034,8 @@ func (m *DatabaseStatusV3) Size() (n int) { n += 1 + l + sovTypes(uint64(l)) } } + l = m.Azure.Size() + n += 1 + l + sovTypes(uint64(l)) if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -23932,6 +25221,10 @@ func (m *Azure) Size() (n int) { if l > 0 { n += 1 + l + sovTypes(uint64(l)) } + l = len(m.ResourceID) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -24255,6 +25548,10 @@ func (m *AppSpecV3) Size() (n int) { l = m.Rewrite.Size() n += 1 + l + sovTypes(uint64(l)) } + if m.AWS != nil { + l = m.AWS.Size() + n += 1 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -24382,6 +25679,22 @@ func (m *CommandLabelV2) Size() (n int) { return n } +func (m *AppAWS) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ExternalID) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *SSHKeyPair) Size() (n int) { if m == nil { return 0 @@ -24727,6 +26040,8 @@ func (m *ProvisionTokenSpecV2) Size() (n int) { if l > 0 { n += 1 + l + sovTypes(uint64(l)) } + l = m.SuggestedLabels.Size() + n += 1 + l + sovTypes(uint64(l)) if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -24902,6 +26217,9 @@ func (m *ClusterAuditConfigSpecV2) Size() (n int) { if m.RetentionPeriod != 0 { n += 1 + sovTypes(uint64(m.RetentionPeriod)) } + if m.UseFIPSEndpoint != 0 { + n += 1 + sovTypes(uint64(m.UseFIPSEndpoint)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -24971,6 +26289,9 @@ func (m *ClusterNetworkingConfigSpecV2) Size() (n int) { l = m.TunnelStrategy.Size() n += 1 + l + sovTypes(uint64(l)) } + if m.ProxyPingInterval != 0 { + n += 1 + sovTypes(uint64(m.ProxyPingInterval)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -25594,6 +26915,9 @@ func (m *AccessRequestSpecV3) Size() (n int) { if l > 0 { n += 1 + l + sovTypes(uint64(l)) } + if m.DryRun { + n += 3 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -25960,6 +27284,10 @@ func (m *RoleOptions) Size() (n int) { if m.PinSourceIP { n += 3 } + if m.SSHFileCopy != nil { + l = m.SSHFileCopy.Size() + n += 2 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -27095,6 +28423,10 @@ func (m *WebSessionSpecV2) Size() (n int) { if m.IdleTimeout != 0 { n += 1 + sovTypes(uint64(m.IdleTimeout)) } + l = len(m.ConsumedAccessRequestID) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -27569,6 +28901,13 @@ func (m *OIDCConnectorSpecV3) Size() (n int) { } l = m.RedirectURLs.Size() n += 1 + l + sovTypes(uint64(l)) + if m.AllowUnverifiedEmail { + n += 2 + } + l = len(m.UsernameClaim) + if l > 0 { + n += 2 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -27753,6 +29092,9 @@ func (m *SAMLConnectorSpecV2) Size() (n int) { l = m.EncryptionKeyPair.Size() n += 1 + l + sovTypes(uint64(l)) } + if m.AllowIDPInitiated { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -28937,6 +30279,68 @@ func (m *Participant) Size() (n int) { return n } +func (m *InstallerV1) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Kind) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = len(m.SubKind) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = len(m.Version) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = m.Metadata.Size() + n += 1 + l + sovTypes(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovTypes(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InstallerSpecV1) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Script) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *InstallerV1List) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Installers) > 0 { + for _, e := range m.Installers { + l = e.Size() + n += 1 + l + sovTypes(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *SortBy) Size() (n int) { if m == nil { return 0 @@ -28956,6 +30360,137 @@ func (m *SortBy) Size() (n int) { return n } +func (m *ConnectionDiagnosticV1) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ResourceHeader.Size() + n += 1 + l + sovTypes(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovTypes(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ConnectionDiagnosticSpecV1) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Success { + n += 2 + } + l = len(m.Message) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if len(m.Traces) > 0 { + for _, e := range m.Traces { + l = e.Size() + n += 1 + l + sovTypes(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ConnectionDiagnosticTrace) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Type != 0 { + n += 1 + sovTypes(uint64(m.Type)) + } + if m.Status != 0 { + n += 1 + sovTypes(uint64(m.Status)) + } + l = len(m.Details) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = len(m.Error) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ClusterAlert) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ResourceHeader.Size() + n += 1 + l + sovTypes(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovTypes(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ClusterAlertSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Severity != 0 { + n += 1 + sovTypes(uint64(m.Severity)) + } + l = len(m.Message) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Created) + n += 1 + l + sovTypes(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *GetClusterAlertsRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Severity != 0 { + n += 1 + sovTypes(uint64(m.Severity)) + } + l = len(m.AlertID) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if len(m.Labels) > 0 { + for k, v := range m.Labels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v))) + n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func sovTypes(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -31886,6 +33421,39 @@ func (m *DatabaseStatusV3) Unmarshal(dAtA []byte) error { } m.ManagedUsers = append(m.ManagedUsers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Azure", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Azure.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -33063,6 +34631,38 @@ func (m *Azure) Unmarshal(dAtA []byte) error { } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ResourceID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -35309,6 +36909,42 @@ func (m *AppSpecV3) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AWS", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AWS == nil { + m.AWS = &AppAWS{} + } + if err := m.AWS.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -36188,6 +37824,89 @@ func (m *CommandLabelV2) Unmarshal(dAtA []byte) error { } return nil } +func (m *AppAWS) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AppAWS: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AppAWS: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExternalID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ExternalID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *SSHKeyPair) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -38320,156 +40039,189 @@ func (m *ProvisionTokenSpecV2) Unmarshal(dAtA []byte) error { } m.BotName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipTypes(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *StaticTokensV2) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: StaticTokensV2: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: StaticTokensV2: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Kind = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SubKind = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Version = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SuggestedLabels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SuggestedLabels.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *StaticTokensV2) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: StaticTokensV2: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: StaticTokensV2: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubKind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Version = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39496,6 +41248,25 @@ func (m *ClusterAuditConfigSpecV2) Unmarshal(dAtA []byte) error { break } } + case 15: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseFIPSEndpoint", wireType) + } + m.UseFIPSEndpoint = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.UseFIPSEndpoint |= ClusterAuditConfigSpecV2_FIPSEndpointState(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -39961,6 +41732,25 @@ func (m *ClusterNetworkingConfigSpecV2) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ProxyPingInterval", wireType) + } + m.ProxyPingInterval = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ProxyPingInterval |= Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -44085,6 +45875,26 @@ func (m *AccessRequestSpecV3) Unmarshal(dAtA []byte) error { } m.LoginHint = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 16: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DryRun", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.DryRun = bool(v != 0) default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -46706,6 +48516,42 @@ func (m *RoleOptions) Unmarshal(dAtA []byte) error { } } m.PinSourceIP = Bool(v != 0) + case 22: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SSHFileCopy", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SSHFileCopy == nil { + m.SSHFileCopy = &BoolOption{} + } + if err := m.SSHFileCopy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -53927,6 +55773,38 @@ func (m *WebSessionSpecV2) Unmarshal(dAtA []byte) error { break } } + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConsumedAccessRequestID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConsumedAccessRequestID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -57114,124 +58992,9 @@ func (m *OIDCConnectorSpecV3) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipTypes(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *OIDCAuthRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: OIDCAuthRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: OIDCAuthRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConnectorID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ConnectorID = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Type = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + case 15: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CheckUser", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AllowUnverifiedEmail", wireType) } var v int for shift := uint(0); ; shift += 7 { @@ -57248,42 +59011,10 @@ func (m *OIDCAuthRequest) Unmarshal(dAtA []byte) error { break } } - m.CheckUser = bool(v != 0) - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.StateToken = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: + m.AllowUnverifiedEmail = bool(v != 0) + case 16: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CSRFToken", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UsernameClaim", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -57311,116 +59042,315 @@ func (m *OIDCAuthRequest) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.CSRFToken = string(dAtA[iNdEx:postIndex]) + m.UsernameClaim = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RedirectURL", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthTypes + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err } - postIndex := iNdEx + intStringLen - if postIndex < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTypes } - if postIndex > l { + if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } - m.RedirectURL = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthTypes + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *OIDCAuthRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes } - if postIndex > l { + if iNdEx >= l { return io.ErrUnexpectedEOF } - m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) - if m.PublicKey == nil { - m.PublicKey = []byte{} - } - iNdEx = postIndex - case 8: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CertTTL", wireType) - } - m.CertTTL = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.CertTTL |= Duration(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field CreateWebSession", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break } - m.CreateWebSession = bool(v != 0) - case 10: + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: OIDCAuthRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: OIDCAuthRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClientRedirectURL", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ConnectorID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConnectorID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CheckUser", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.CheckUser = bool(v != 0) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StateToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.StateToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CSRFToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CSRFToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RedirectURL", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RedirectURL = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...) + if m.PublicKey == nil { + m.PublicKey = []byte{} + } + iNdEx = postIndex + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CertTTL", wireType) + } + m.CertTTL = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.CertTTL |= time.Duration(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CreateWebSession", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.CreateWebSession = bool(v != 0) + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClientRedirectURL", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -58409,6 +60339,26 @@ func (m *SAMLConnectorSpecV2) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 14: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AllowIDPInitiated", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.AllowIDPInitiated = bool(v != 0) default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -58656,7 +60606,7 @@ func (m *SAMLAuthRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.CertTTL |= Duration(b&0x7F) << shift + m.CertTTL |= time.Duration(b&0x7F) << shift if b < 0x80 { break } @@ -59931,7 +61881,7 @@ func (m *GithubAuthRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.CertTTL |= Duration(b&0x7F) << shift + m.CertTTL |= time.Duration(b&0x7F) << shift if b < 0x80 { break } @@ -66195,6 +68145,387 @@ func (m *Participant) Unmarshal(dAtA []byte) error { } return nil } +func (m *InstallerV1) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: InstallerV1: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: InstallerV1: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubKind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Version = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *InstallerSpecV1) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: InstallerSpecV1: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: InstallerSpecV1: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Script", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Script = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *InstallerV1List) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: InstallerV1List: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: InstallerV1List: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Installers", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Installers = append(m.Installers, &InstallerV1{}) + if err := m.Installers[len(m.Installers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *SortBy) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -66298,6 +68629,894 @@ func (m *SortBy) Unmarshal(dAtA []byte) error { } return nil } +func (m *ConnectionDiagnosticV1) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConnectionDiagnosticV1: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConnectionDiagnosticV1: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceHeader", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ResourceHeader.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ConnectionDiagnosticSpecV1) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConnectionDiagnosticSpecV1: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConnectionDiagnosticSpecV1: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Success", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Success = bool(v != 0) + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Traces", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Traces = append(m.Traces, &ConnectionDiagnosticTrace{}) + if err := m.Traces[len(m.Traces)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ConnectionDiagnosticTrace) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConnectionDiagnosticTrace: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConnectionDiagnosticTrace: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + m.Type = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Type |= ConnectionDiagnosticTrace_TraceType(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + m.Status = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Status |= ConnectionDiagnosticTrace_StatusType(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Details", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Details = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Error = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ClusterAlert) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ClusterAlert: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ClusterAlert: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceHeader", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ResourceHeader.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ClusterAlertSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ClusterAlertSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ClusterAlertSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Severity", wireType) + } + m.Severity = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Severity |= AlertSeverity(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Created, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GetClusterAlertsRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GetClusterAlertsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GetClusterAlertsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Severity", wireType) + } + m.Severity = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Severity |= AlertSeverity(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AlertID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AlertID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Labels == nil { + m.Labels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthTypes + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthTypes + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthTypes + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthTypes + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Labels[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipTypes(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/api/types/user.go b/api/types/user.go index 01e524ed3a6c4..95cf9588145a5 100644 --- a/api/types/user.go +++ b/api/types/user.go @@ -20,6 +20,7 @@ import ( "fmt" "time" + "github.com/gravitational/teleport/api/constants" "github.com/gravitational/teleport/api/utils" "github.com/gravitational/trace" @@ -43,6 +44,20 @@ type User interface { SetLocalAuth(auth *LocalAuthSecrets) // GetRoles returns a list of roles assigned to user GetRoles() []string + // GetLogins gets the list of server logins/principals for the user + GetLogins() []string + // GetDatabaseUsers gets the list of Database Users for the user + GetDatabaseUsers() []string + // GetDatabaseNames gets the list of Database Names for the user + GetDatabaseNames() []string + // GetKubeUsers gets the list of Kubernetes Users for the user + GetKubeUsers() []string + // GetKubeGroups gets the list of Kubernetes Groups for the user + GetKubeGroups() []string + // GetWindowsLogins gets the list of Windows Logins for the user + GetWindowsLogins() []string + // GetAWSRoleARNs gets the list of AWS role ARNs for the user + GetAWSRoleARNs() []string // String returns user String() string // GetStatus return user login status @@ -57,6 +72,20 @@ type User interface { SetRoles(roles []string) // AddRole adds role to the users' role list AddRole(name string) + // SetLogins sets a list of server logins/principals for user + SetLogins(logins []string) + // SetDatabaseUsers sets a list of Database Users for user + SetDatabaseUsers(databaseUsers []string) + // SetDatabaseNames sets a list of Database Names for user + SetDatabaseNames(databaseNames []string) + // SetKubeUsers sets a list of Kubernetes Users for user + SetKubeUsers(kubeUsers []string) + // SetKubeGroups sets a list of Kubernetes Groups for user + SetKubeGroups(kubeGroups []string) + // SetWindowsLogins sets a list of Windows Logins for user + SetWindowsLogins(logins []string) + // SetAWSRoleARNs sets a list of AWS role ARNs for user + SetAWSRoleARNs(awsRoleARNs []string) // GetCreatedBy returns information about user GetCreatedBy() CreatedBy // SetCreatedBy sets created by information @@ -207,6 +236,48 @@ func (u *UserV2) SetRoles(roles []string) { u.Spec.Roles = utils.Deduplicate(roles) } +func (u *UserV2) setTrait(trait string, list []string) { + if u.Spec.Traits == nil { + u.Spec.Traits = make(map[string][]string) + } + u.Spec.Traits[trait] = utils.Deduplicate(list) +} + +// SetLogins sets the Logins trait for the user +func (u *UserV2) SetLogins(logins []string) { + u.setTrait(constants.TraitLogins, logins) +} + +// SetDatabaseUsers sets the DatabaseUsers trait for the user +func (u *UserV2) SetDatabaseUsers(databaseUsers []string) { + u.setTrait(constants.TraitDBUsers, databaseUsers) +} + +// SetDatabaseNames sets the DatabaseNames trait for the user +func (u *UserV2) SetDatabaseNames(databaseNames []string) { + u.setTrait(constants.TraitDBNames, databaseNames) +} + +// SetKubeUsers sets the KubeUsers trait for the user +func (u *UserV2) SetKubeUsers(kubeUsers []string) { + u.setTrait(constants.TraitKubeUsers, kubeUsers) +} + +// SetKubeGroups sets the KubeGroups trait for the user +func (u *UserV2) SetKubeGroups(kubeGroups []string) { + u.setTrait(constants.TraitKubeGroups, kubeGroups) +} + +// SetWindowsLogins sets the WindowsLogins trait for the user +func (u *UserV2) SetWindowsLogins(logins []string) { + u.setTrait(constants.TraitWindowsLogins, logins) +} + +// SetAWSRoleARNs sets the AWSRoleARNs trait for the user +func (u *UserV2) SetAWSRoleARNs(awsRoleARNs []string) { + u.setTrait(constants.TraitAWSRoleARNs, awsRoleARNs) +} + // GetStatus returns login status of the user func (u *UserV2) GetStatus() LoginStatus { return u.Spec.Status @@ -252,6 +323,48 @@ func (u *UserV2) AddRole(name string) { u.Spec.Roles = append(u.Spec.Roles, name) } +func (u UserV2) getTrait(trait string) []string { + if u.Spec.Traits == nil { + return []string{} + } + return u.Spec.Traits[trait] +} + +// GetLogins gets the list of server logins/principals for the user +func (u UserV2) GetLogins() []string { + return u.getTrait(constants.TraitLogins) +} + +// GetDatabaseUsers gets the list of DB Users for the user +func (u UserV2) GetDatabaseUsers() []string { + return u.getTrait(constants.TraitDBUsers) +} + +// GetDatabaseNames gets the list of DB Names for the user +func (u UserV2) GetDatabaseNames() []string { + return u.getTrait(constants.TraitDBNames) +} + +// GetKubeUsers gets the list of Kubernetes Users for the user +func (u UserV2) GetKubeUsers() []string { + return u.getTrait(constants.TraitKubeUsers) +} + +// GetKubeGroups gets the list of Kubernetes Groups for the user +func (u UserV2) GetKubeGroups() []string { + return u.getTrait(constants.TraitKubeGroups) +} + +// GetWindowsLogins gets the list of Windows Logins for the user +func (u UserV2) GetWindowsLogins() []string { + return u.getTrait(constants.TraitWindowsLogins) +} + +// GetAWSRoleARNs gets the list of AWS role ARNs for the user +func (u UserV2) GetAWSRoleARNs() []string { + return u.getTrait(constants.TraitAWSRoleARNs) +} + func (u *UserV2) String() string { return fmt.Sprintf("User(name=%v, roles=%v, identities=%v)", u.Metadata.Name, u.Spec.Roles, u.Spec.OIDCIdentities) } diff --git a/api/types/webauthn/webauthn.pb.go b/api/types/webauthn/webauthn.pb.go index f29edf945ac6f..7b2c87d4681fc 100644 --- a/api/types/webauthn/webauthn.pb.go +++ b/api/types/webauthn/webauthn.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: webauthn.proto +// source: teleport/legacy/types/webauthn/webauthn.proto // Package WebAuthn maps WebAuthn messages to protocol buffers. // @@ -63,7 +63,7 @@ func (m *SessionData) Reset() { *m = SessionData{} } func (m *SessionData) String() string { return proto.CompactTextString(m) } func (*SessionData) ProtoMessage() {} func (*SessionData) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{0} + return fileDescriptor_0d490a6db28e8798, []int{0} } func (m *SessionData) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -141,7 +141,7 @@ func (m *User) Reset() { *m = User{} } func (m *User) String() string { return proto.CompactTextString(m) } func (*User) ProtoMessage() {} func (*User) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{1} + return fileDescriptor_0d490a6db28e8798, []int{1} } func (m *User) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -189,7 +189,7 @@ func (m *CredentialAssertion) Reset() { *m = CredentialAssertion{} } func (m *CredentialAssertion) String() string { return proto.CompactTextString(m) } func (*CredentialAssertion) ProtoMessage() {} func (*CredentialAssertion) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{2} + return fileDescriptor_0d490a6db28e8798, []int{2} } func (m *CredentialAssertion) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -250,7 +250,7 @@ func (m *PublicKeyCredentialRequestOptions) Reset() { *m = PublicKeyCred func (m *PublicKeyCredentialRequestOptions) String() string { return proto.CompactTextString(m) } func (*PublicKeyCredentialRequestOptions) ProtoMessage() {} func (*PublicKeyCredentialRequestOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{3} + return fileDescriptor_0d490a6db28e8798, []int{3} } func (m *PublicKeyCredentialRequestOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -341,7 +341,7 @@ func (m *CredentialAssertionResponse) Reset() { *m = CredentialAssertion func (m *CredentialAssertionResponse) String() string { return proto.CompactTextString(m) } func (*CredentialAssertionResponse) ProtoMessage() {} func (*CredentialAssertionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{4} + return fileDescriptor_0d490a6db28e8798, []int{4} } func (m *CredentialAssertionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -421,7 +421,7 @@ func (m *AuthenticatorAssertionResponse) Reset() { *m = AuthenticatorAss func (m *AuthenticatorAssertionResponse) String() string { return proto.CompactTextString(m) } func (*AuthenticatorAssertionResponse) ProtoMessage() {} func (*AuthenticatorAssertionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{5} + return fileDescriptor_0d490a6db28e8798, []int{5} } func (m *AuthenticatorAssertionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -490,7 +490,7 @@ func (m *CredentialCreation) Reset() { *m = CredentialCreation{} } func (m *CredentialCreation) String() string { return proto.CompactTextString(m) } func (*CredentialCreation) ProtoMessage() {} func (*CredentialCreation) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{6} + return fileDescriptor_0d490a6db28e8798, []int{6} } func (m *CredentialCreation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -561,7 +561,7 @@ func (m *PublicKeyCredentialCreationOptions) Reset() { *m = PublicKeyCre func (m *PublicKeyCredentialCreationOptions) String() string { return proto.CompactTextString(m) } func (*PublicKeyCredentialCreationOptions) ProtoMessage() {} func (*PublicKeyCredentialCreationOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{7} + return fileDescriptor_0d490a6db28e8798, []int{7} } func (m *PublicKeyCredentialCreationOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -673,7 +673,7 @@ func (m *CredentialCreationResponse) Reset() { *m = CredentialCreationRe func (m *CredentialCreationResponse) String() string { return proto.CompactTextString(m) } func (*CredentialCreationResponse) ProtoMessage() {} func (*CredentialCreationResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{8} + return fileDescriptor_0d490a6db28e8798, []int{8} } func (m *CredentialCreationResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -749,7 +749,7 @@ func (m *AuthenticatorAttestationResponse) Reset() { *m = AuthenticatorA func (m *AuthenticatorAttestationResponse) String() string { return proto.CompactTextString(m) } func (*AuthenticatorAttestationResponse) ProtoMessage() {} func (*AuthenticatorAttestationResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{9} + return fileDescriptor_0d490a6db28e8798, []int{9} } func (m *AuthenticatorAttestationResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -809,7 +809,7 @@ func (m *AuthenticationExtensionsClientInputs) Reset() { *m = Authentica func (m *AuthenticationExtensionsClientInputs) String() string { return proto.CompactTextString(m) } func (*AuthenticationExtensionsClientInputs) ProtoMessage() {} func (*AuthenticationExtensionsClientInputs) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{10} + return fileDescriptor_0d490a6db28e8798, []int{10} } func (m *AuthenticationExtensionsClientInputs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -862,7 +862,7 @@ func (m *AuthenticationExtensionsClientOutputs) Reset() { *m = Authentic func (m *AuthenticationExtensionsClientOutputs) String() string { return proto.CompactTextString(m) } func (*AuthenticationExtensionsClientOutputs) ProtoMessage() {} func (*AuthenticationExtensionsClientOutputs) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{11} + return fileDescriptor_0d490a6db28e8798, []int{11} } func (m *AuthenticationExtensionsClientOutputs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -918,7 +918,7 @@ func (m *AuthenticatorSelection) Reset() { *m = AuthenticatorSelection{} func (m *AuthenticatorSelection) String() string { return proto.CompactTextString(m) } func (*AuthenticatorSelection) ProtoMessage() {} func (*AuthenticatorSelection) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{12} + return fileDescriptor_0d490a6db28e8798, []int{12} } func (m *AuthenticatorSelection) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -984,7 +984,7 @@ func (m *CredentialDescriptor) Reset() { *m = CredentialDescriptor{} } func (m *CredentialDescriptor) String() string { return proto.CompactTextString(m) } func (*CredentialDescriptor) ProtoMessage() {} func (*CredentialDescriptor) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{13} + return fileDescriptor_0d490a6db28e8798, []int{13} } func (m *CredentialDescriptor) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1046,7 +1046,7 @@ func (m *CredentialParameter) Reset() { *m = CredentialParameter{} } func (m *CredentialParameter) String() string { return proto.CompactTextString(m) } func (*CredentialParameter) ProtoMessage() {} func (*CredentialParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{14} + return fileDescriptor_0d490a6db28e8798, []int{14} } func (m *CredentialParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1106,7 +1106,7 @@ func (m *RelyingPartyEntity) Reset() { *m = RelyingPartyEntity{} } func (m *RelyingPartyEntity) String() string { return proto.CompactTextString(m) } func (*RelyingPartyEntity) ProtoMessage() {} func (*RelyingPartyEntity) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{15} + return fileDescriptor_0d490a6db28e8798, []int{15} } func (m *RelyingPartyEntity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1180,7 +1180,7 @@ func (m *UserEntity) Reset() { *m = UserEntity{} } func (m *UserEntity) String() string { return proto.CompactTextString(m) } func (*UserEntity) ProtoMessage() {} func (*UserEntity) Descriptor() ([]byte, []int) { - return fileDescriptor_ef16125abd047465, []int{16} + return fileDescriptor_0d490a6db28e8798, []int{16} } func (m *UserEntity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1257,74 +1257,79 @@ func init() { proto.RegisterType((*UserEntity)(nil), "webauthn.UserEntity") } -func init() { proto.RegisterFile("webauthn.proto", fileDescriptor_ef16125abd047465) } - -var fileDescriptor_ef16125abd047465 = []byte{ - // 1021 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x5b, 0x6f, 0xe3, 0x44, - 0x14, 0x96, 0x73, 0xe9, 0x36, 0xc7, 0x61, 0xd5, 0x9d, 0xa6, 0xbb, 0xa1, 0x74, 0xd3, 0xac, 0x01, - 0x29, 0xa2, 0xdd, 0x2e, 0x0a, 0xe2, 0x81, 0xab, 0xd4, 0xcb, 0x22, 0xba, 0x85, 0x4d, 0xe5, 0x15, - 0x48, 0x3c, 0x59, 0x53, 0xfb, 0x90, 0xcc, 0xe2, 0xd8, 0xde, 0x99, 0x31, 0xdd, 0x88, 0x9f, 0xc4, - 0x1b, 0x4f, 0xbc, 0xf1, 0x8a, 0xc4, 0x0b, 0xbf, 0xa0, 0xac, 0xfa, 0xd8, 0x5f, 0x81, 0x66, 0xec, - 0xd8, 0x4e, 0xe2, 0x6c, 0x0b, 0x48, 0xbc, 0x4d, 0xbe, 0x73, 0xbe, 0x33, 0x73, 0x2e, 0xdf, 0x89, - 0xe1, 0xf6, 0x39, 0x9e, 0xd1, 0x58, 0x8e, 0x82, 0xbd, 0x88, 0x87, 0x32, 0x24, 0xab, 0xd3, 0xdf, - 0x9b, 0xad, 0x61, 0x38, 0x0c, 0x35, 0xf8, 0x48, 0x9d, 0x12, 0xbb, 0xf5, 0x47, 0x05, 0xcc, 0x67, - 0x28, 0x04, 0x0b, 0x83, 0x23, 0x2a, 0x29, 0xf9, 0x10, 0x1a, 0xee, 0x88, 0xfa, 0x3e, 0x06, 0x43, - 0x6c, 0x1b, 0x5d, 0xa3, 0xd7, 0x3c, 0xb8, 0x77, 0x75, 0xb1, 0xbd, 0x9e, 0x81, 0xbb, 0xe1, 0x98, - 0x49, 0x1c, 0x47, 0x72, 0x62, 0xe7, 0x9e, 0xe4, 0x21, 0xdc, 0x8a, 0x05, 0x72, 0x87, 0x79, 0xed, - 0x8a, 0x26, 0xb5, 0xae, 0x2e, 0xb6, 0xd7, 0x14, 0x74, 0xec, 0x15, 0x18, 0x2b, 0x09, 0x42, 0x4e, - 0xe0, 0x0e, 0xf5, 0xfd, 0xf0, 0xdc, 0x71, 0x39, 0x7a, 0x18, 0x48, 0x46, 0x7d, 0xd1, 0xae, 0x76, - 0xab, 0xbd, 0xe6, 0x41, 0xe7, 0xea, 0x62, 0x7b, 0x53, 0x1b, 0x0f, 0x73, 0x5b, 0x21, 0xc4, 0xda, - 0xbc, 0x8d, 0x7c, 0x0a, 0x4d, 0x8e, 0x82, 0xa9, 0xdf, 0xce, 0x0f, 0x38, 0x69, 0xd7, 0xba, 0x46, - 0x6f, 0xf5, 0xe0, 0xcd, 0xab, 0x8b, 0xed, 0x8d, 0x29, 0x7e, 0x82, 0x93, 0x42, 0x08, 0xb3, 0x00, - 0xab, 0xa7, 0xe8, 0x97, 0xff, 0x88, 0x9c, 0x7d, 0xcf, 0x5c, 0x2a, 0x59, 0x18, 0xb4, 0xeb, 0x5d, - 0xa3, 0xd7, 0x48, 0x9e, 0xa2, 0x8c, 0xdf, 0x16, 0x6c, 0xc5, 0xa7, 0xcc, 0xdb, 0xac, 0x1d, 0xa8, - 0x7d, 0x23, 0x90, 0x93, 0xb7, 0xe1, 0x0d, 0x89, 0x3e, 0x46, 0x21, 0x97, 0x8e, 0x72, 0xd2, 0x95, - 0x6c, 0xd8, 0xcd, 0x29, 0xa8, 0x9c, 0x2c, 0x0a, 0xeb, 0x79, 0x1a, 0xfb, 0x42, 0x20, 0x57, 0x31, - 0xc8, 0x13, 0x80, 0x28, 0x3e, 0xf3, 0x99, 0xab, 0x93, 0x51, 0x44, 0xb3, 0xbf, 0xb3, 0x97, 0xb5, - 0xf5, 0x54, 0xdb, 0x4e, 0x70, 0x92, 0x73, 0x6d, 0x7c, 0x11, 0xa3, 0x90, 0x83, 0x48, 0xf1, 0x85, - 0xdd, 0x88, 0xa6, 0x2e, 0xd6, 0x6f, 0x15, 0x78, 0x70, 0x2d, 0x81, 0x6c, 0x2d, 0xf4, 0xbc, 0xd8, - 0xda, 0xfb, 0x00, 0x92, 0x8d, 0x31, 0x8c, 0xa5, 0x33, 0x16, 0xba, 0xbb, 0x55, 0xbb, 0x91, 0x22, - 0x5f, 0x0b, 0xb2, 0x0e, 0x75, 0x1e, 0xa9, 0xbe, 0x57, 0x75, 0x8a, 0x35, 0x1e, 0x2d, 0xeb, 0x6f, - 0xad, 0x5b, 0xed, 0x99, 0xfd, 0x4e, 0x9e, 0x4a, 0xfe, 0xa0, 0x23, 0x14, 0x2e, 0x67, 0x91, 0x0c, - 0x79, 0x49, 0x7f, 0x9f, 0x02, 0xe0, 0x4b, 0x89, 0x81, 0x9a, 0x51, 0xa1, 0x5b, 0x63, 0xf6, 0xf7, - 0xf2, 0x28, 0xfb, 0xb1, 0x1c, 0x29, 0xd7, 0xa4, 0x05, 0x8f, 0x33, 0xcf, 0x43, 0x9f, 0x61, 0x20, - 0x8f, 0x83, 0x28, 0x96, 0xc2, 0x2e, 0x44, 0x20, 0x3b, 0x65, 0x1d, 0x5f, 0xd1, 0xaf, 0x5f, 0xec, - 0xe8, 0x5f, 0x06, 0xbc, 0x55, 0xd2, 0x25, 0x1b, 0x45, 0x14, 0x06, 0x02, 0x09, 0x81, 0x9a, 0x9c, - 0x44, 0x98, 0x36, 0x58, 0x9f, 0xc9, 0x06, 0xac, 0x70, 0x7a, 0x9e, 0x69, 0xc1, 0xae, 0x73, 0x7a, - 0x7e, 0xec, 0x91, 0x23, 0x58, 0xe5, 0x29, 0x4d, 0x17, 0xcb, 0xec, 0xf7, 0x4a, 0xb3, 0x08, 0xf9, - 0xc2, 0x35, 0x76, 0xc6, 0x24, 0x83, 0x99, 0x6a, 0xd4, 0x74, 0x9c, 0x47, 0x37, 0xad, 0xc6, 0x20, - 0x96, 0xf3, 0xe5, 0xb0, 0x7e, 0x35, 0xa0, 0xf3, 0xfa, 0xdb, 0x49, 0x0f, 0xd6, 0x5c, 0xcd, 0x77, - 0x3c, 0x2a, 0xa9, 0xf3, 0x5c, 0x84, 0x41, 0x3a, 0x27, 0xb7, 0x13, 0x5c, 0xad, 0x8e, 0x27, 0x22, - 0x0c, 0xc8, 0x43, 0x20, 0xb4, 0x18, 0x4b, 0x13, 0xd2, 0x32, 0xdc, 0x99, 0xb1, 0xe8, 0x6d, 0xb3, - 0x05, 0x0d, 0xc1, 0x86, 0x01, 0x95, 0x31, 0x4f, 0x6a, 0xd2, 0xb4, 0x73, 0x80, 0x6c, 0x83, 0xa9, - 0x1b, 0x35, 0xa2, 0x81, 0xe7, 0xa3, 0xce, 0xb5, 0x69, 0x83, 0x82, 0xbe, 0xd4, 0x88, 0x45, 0x81, - 0xe4, 0xbd, 0x39, 0xe4, 0xa8, 0x73, 0x26, 0x27, 0x25, 0x02, 0xda, 0x7d, 0xad, 0x80, 0xa6, 0xd4, - 0x12, 0x05, 0xfd, 0x5c, 0x03, 0xeb, 0x7a, 0xc6, 0x35, 0x12, 0xda, 0x85, 0x0a, 0x8f, 0x74, 0x15, - 0xcc, 0xfe, 0x56, 0xfe, 0x12, 0x1b, 0xfd, 0x09, 0x0b, 0x86, 0xa7, 0x94, 0xcb, 0xc9, 0xe3, 0x40, - 0x32, 0x39, 0xb1, 0x2b, 0x3c, 0x22, 0x3d, 0xa8, 0xe9, 0x9d, 0x91, 0xcc, 0x48, 0x2b, 0xf7, 0x57, - 0x5b, 0x23, 0xf5, 0xd3, 0x1e, 0xc4, 0x86, 0x8d, 0x5c, 0x60, 0x4e, 0x44, 0x39, 0x1d, 0xa3, 0x44, - 0x3e, 0x95, 0xda, 0xfd, 0x32, 0xa9, 0x9d, 0x4e, 0xbd, 0xec, 0x96, 0xbb, 0x08, 0x8a, 0x39, 0xb9, - 0xd7, 0xe7, 0xe5, 0x3e, 0x80, 0x75, 0x7c, 0xe9, 0xfa, 0xb1, 0x87, 0x33, 0xda, 0x5e, 0xb9, 0x91, - 0xb6, 0x49, 0x4a, 0x2d, 0xaa, 0xbb, 0x0b, 0x26, 0x95, 0x12, 0x85, 0x4c, 0x74, 0x78, 0x4b, 0xeb, - 0xa8, 0x08, 0xcd, 0xe9, 0x7f, 0xf5, 0x3f, 0xeb, 0xff, 0x3b, 0xb8, 0x37, 0x3b, 0xa3, 0x02, 0x7d, - 0x74, 0xf5, 0xed, 0x0d, 0x1d, 0xbc, 0xbb, 0x44, 0x96, 0xcf, 0xa6, 0x7e, 0xf6, 0x5d, 0x5a, 0x8a, - 0x5b, 0xaf, 0x0c, 0xd8, 0x5c, 0x1c, 0x92, 0x7f, 0xb3, 0x2c, 0xbe, 0x58, 0x58, 0x16, 0xef, 0x2d, - 0x5b, 0x16, 0x79, 0xa9, 0xfe, 0x8f, 0x75, 0xf1, 0x13, 0x74, 0xaf, 0xbb, 0xfe, 0x1f, 0xee, 0x8b, - 0x3c, 0x80, 0x13, 0x9e, 0x3d, 0x47, 0x57, 0x66, 0xfb, 0x22, 0xb7, 0x0c, 0xb4, 0xc1, 0xfa, 0x0c, - 0xde, 0xb9, 0x49, 0xbb, 0x55, 0x51, 0x69, 0xa4, 0xff, 0x95, 0x92, 0x52, 0xd7, 0x69, 0x14, 0x1d, - 0x7b, 0xd6, 0xe7, 0xf0, 0xee, 0x8d, 0x12, 0x9e, 0xe3, 0xaf, 0x4e, 0xf9, 0xbf, 0x18, 0x70, 0xb7, - 0x7c, 0x22, 0xc8, 0x47, 0xd0, 0x9e, 0x1d, 0x2a, 0x2a, 0x25, 0x75, 0x47, 0x63, 0x0c, 0x64, 0xfa, - 0x86, 0xd9, 0xa1, 0xdb, 0xcf, 0xcc, 0xe4, 0x7d, 0x68, 0x71, 0x7c, 0x11, 0x33, 0x8e, 0xce, 0xcc, - 0x77, 0x4c, 0x45, 0x5f, 0x4d, 0x52, 0x9b, 0x5d, 0xf8, 0x66, 0x29, 0xfd, 0x07, 0xab, 0x2e, 0xf9, - 0x07, 0xfb, 0x18, 0x5a, 0x65, 0x62, 0x2c, 0x1d, 0xc6, 0xdb, 0x50, 0xc9, 0x06, 0xb1, 0xc2, 0x3c, - 0xeb, 0x93, 0xe2, 0x27, 0x4a, 0xb6, 0x24, 0x4a, 0xa9, 0x6b, 0x50, 0xa5, 0xfe, 0x50, 0x73, 0xeb, - 0xb6, 0x3a, 0x5a, 0x5f, 0x01, 0x59, 0xdc, 0x70, 0xe9, 0x15, 0x09, 0xb3, 0xc2, 0x3c, 0x15, 0x2b, - 0xa0, 0x63, 0xd4, 0xc4, 0x86, 0xad, 0xcf, 0x0a, 0x63, 0x6e, 0x96, 0x92, 0x3e, 0x5b, 0x43, 0x80, - 0x7c, 0xff, 0x15, 0xa2, 0x34, 0x97, 0x46, 0x79, 0x00, 0x4d, 0x8f, 0x89, 0xc8, 0xa7, 0x13, 0x47, - 0xdb, 0x92, 0x68, 0x66, 0x8a, 0x3d, 0x2d, 0x5e, 0x54, 0xcb, 0x2f, 0x3a, 0x68, 0xfe, 0x7e, 0xd9, - 0x31, 0xfe, 0xbc, 0xec, 0x18, 0xaf, 0x2e, 0x3b, 0xc6, 0xd9, 0x8a, 0xfe, 0x4c, 0xfe, 0xe0, 0xef, - 0x00, 0x00, 0x00, 0xff, 0xff, 0xed, 0x8b, 0x65, 0xf3, 0x58, 0x0b, 0x00, 0x00, +func init() { + proto.RegisterFile("teleport/legacy/types/webauthn/webauthn.proto", fileDescriptor_0d490a6db28e8798) +} + +var fileDescriptor_0d490a6db28e8798 = []byte{ + // 1062 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4b, 0x6f, 0x1c, 0x45, + 0x10, 0xd6, 0xec, 0xc3, 0xf1, 0xd6, 0x2e, 0x91, 0xd3, 0x5e, 0x27, 0x8b, 0x71, 0xd6, 0x9b, 0x01, + 0xa4, 0x15, 0x7e, 0x2c, 0x32, 0x70, 0xe0, 0x29, 0xf9, 0x11, 0x84, 0x63, 0x88, 0xad, 0x89, 0x40, + 0x82, 0xcb, 0xa8, 0x3d, 0x53, 0xec, 0x76, 0x98, 0x9d, 0x99, 0x74, 0xf7, 0xc4, 0x59, 0xf1, 0x93, + 0xb8, 0x71, 0xe2, 0xc6, 0x15, 0x89, 0x0b, 0xbf, 0xc0, 0x44, 0x3e, 0xfa, 0x57, 0xa0, 0xee, 0x79, + 0xee, 0xee, 0x38, 0x36, 0x20, 0xe5, 0xd6, 0x53, 0x55, 0x5f, 0x75, 0x77, 0x7d, 0xf5, 0xd5, 0x34, + 0x6c, 0x49, 0xf4, 0x30, 0x0c, 0xb8, 0x1c, 0x78, 0x38, 0xa4, 0xce, 0x64, 0x20, 0x27, 0x21, 0x8a, + 0xc1, 0x19, 0x9e, 0xd2, 0x48, 0x8e, 0xfc, 0x6c, 0xb1, 0x1d, 0xf2, 0x40, 0x06, 0x64, 0x31, 0xfd, + 0x5e, 0x6d, 0x0f, 0x83, 0x61, 0xa0, 0x8d, 0x03, 0xb5, 0x8a, 0xfd, 0xe6, 0x9f, 0x15, 0x68, 0x3e, + 0x41, 0x21, 0x58, 0xe0, 0x1f, 0x50, 0x49, 0xc9, 0x47, 0xd0, 0x70, 0x46, 0xd4, 0xf3, 0xd0, 0x1f, + 0x62, 0xc7, 0xe8, 0x19, 0xfd, 0xd6, 0xde, 0xbd, 0xcb, 0xf3, 0xf5, 0xe5, 0xcc, 0xb8, 0x19, 0x8c, + 0x99, 0xc4, 0x71, 0x28, 0x27, 0x56, 0x1e, 0x49, 0xb6, 0xe0, 0x56, 0x24, 0x90, 0xdb, 0xcc, 0xed, + 0x54, 0x34, 0xa8, 0x7d, 0x79, 0xbe, 0xbe, 0xa4, 0x4c, 0x87, 0x6e, 0x01, 0xb1, 0x10, 0x5b, 0xc8, + 0x11, 0xdc, 0xa1, 0x9e, 0x17, 0x9c, 0xd9, 0x0e, 0x47, 0x17, 0x7d, 0xc9, 0xa8, 0x27, 0x3a, 0xd5, + 0x5e, 0xb5, 0xdf, 0xda, 0xeb, 0x5e, 0x9e, 0xaf, 0xaf, 0x6a, 0xe7, 0x7e, 0xee, 0x2b, 0xa4, 0x58, + 0x9a, 0xf5, 0x91, 0xcf, 0xa0, 0xc5, 0x51, 0x30, 0xf5, 0x6d, 0xff, 0x84, 0x93, 0x4e, 0xad, 0x67, + 0xf4, 0x17, 0xf7, 0xde, 0xbc, 0x3c, 0x5f, 0x5f, 0x49, 0xed, 0x47, 0x38, 0x29, 0xa4, 0x68, 0x16, + 0xcc, 0xea, 0x28, 0xfa, 0xe4, 0xcf, 0x91, 0xb3, 0x1f, 0x99, 0x43, 0x25, 0x0b, 0xfc, 0x4e, 0xbd, + 0x67, 0xf4, 0x1b, 0xf1, 0x51, 0x94, 0xf3, 0xbb, 0x82, 0xaf, 0x78, 0x94, 0x59, 0x9f, 0xb9, 0x01, + 0xb5, 0x6f, 0x05, 0x72, 0xf2, 0x36, 0xbc, 0x91, 0xd2, 0x64, 0xab, 0x20, 0x5d, 0xc9, 0x86, 0xd5, + 0x4a, 0x8d, 0x2a, 0xc8, 0xa4, 0xb0, 0x9c, 0x5f, 0x63, 0x57, 0x08, 0xe4, 0x2a, 0x07, 0x79, 0x04, + 0x10, 0x46, 0xa7, 0x1e, 0x73, 0xf4, 0x65, 0x14, 0xb0, 0xb9, 0xb3, 0xb1, 0x9d, 0xd1, 0x7a, 0xa2, + 0x7d, 0x47, 0x38, 0xc9, 0xb1, 0x16, 0x3e, 0x8b, 0x50, 0xc8, 0xe3, 0x50, 0xe1, 0x85, 0xd5, 0x08, + 0xd3, 0x10, 0xf3, 0xf7, 0x0a, 0x3c, 0xb8, 0x16, 0x40, 0xd6, 0xe6, 0x38, 0x2f, 0x52, 0x7b, 0x1f, + 0x40, 0xb2, 0x31, 0x06, 0x91, 0xb4, 0xc7, 0x42, 0xb3, 0x5b, 0xb5, 0x1a, 0x89, 0xe5, 0x1b, 0x41, + 0x96, 0xa1, 0xce, 0x43, 0xc5, 0x7b, 0x55, 0x5f, 0xb1, 0xc6, 0xc3, 0xab, 0xf8, 0xad, 0xf5, 0xaa, + 0xfd, 0xe6, 0x4e, 0x37, 0xbf, 0x4a, 0x7e, 0xa0, 0x03, 0x14, 0x0e, 0x67, 0xa1, 0x0c, 0x78, 0x09, + 0xbf, 0x8f, 0x01, 0xf0, 0x85, 0x44, 0x5f, 0xf5, 0xa8, 0xd0, 0xd4, 0x34, 0x77, 0xb6, 0xf3, 0x2c, + 0xbb, 0x91, 0x1c, 0xa9, 0xd0, 0x98, 0x82, 0x87, 0x59, 0xe4, 0xbe, 0xc7, 0xd0, 0x97, 0x87, 0x7e, + 0x18, 0x49, 0x61, 0x15, 0x32, 0x90, 0x8d, 0x32, 0xc6, 0x17, 0xf4, 0xe9, 0xe7, 0x19, 0xfd, 0xdb, + 0x80, 0xb7, 0x4a, 0x58, 0xb2, 0x50, 0x84, 0x81, 0x2f, 0x90, 0x10, 0xa8, 0x29, 0x01, 0x26, 0x04, + 0xeb, 0x35, 0x59, 0x81, 0x05, 0x4e, 0xcf, 0x32, 0x2d, 0x58, 0x75, 0x4e, 0xcf, 0x0e, 0x5d, 0x72, + 0x00, 0x8b, 0x3c, 0x81, 0xe9, 0x62, 0x35, 0x77, 0xfa, 0xa5, 0xb7, 0x08, 0xf8, 0xdc, 0x36, 0x56, + 0x86, 0x24, 0xc7, 0x53, 0xd5, 0xa8, 0xe9, 0x3c, 0x83, 0x9b, 0x56, 0xe3, 0x38, 0x92, 0xb3, 0xe5, + 0x30, 0x7f, 0x33, 0xa0, 0xfb, 0xea, 0xdd, 0x49, 0x1f, 0x96, 0x1c, 0x8d, 0xb7, 0x5d, 0x2a, 0xa9, + 0xfd, 0x54, 0x04, 0x7e, 0xd2, 0x27, 0xb7, 0x63, 0xbb, 0x1a, 0x1d, 0x8f, 0x44, 0xe0, 0x93, 0x2d, + 0x20, 0xb4, 0x98, 0x4b, 0x03, 0x92, 0x32, 0xdc, 0x99, 0xf2, 0xe8, 0x69, 0xb3, 0x06, 0x0d, 0xc1, + 0x86, 0x3e, 0x95, 0x11, 0x8f, 0x6b, 0xd2, 0xb2, 0x72, 0x03, 0x59, 0x87, 0xa6, 0x26, 0x6a, 0x44, + 0x7d, 0xd7, 0x43, 0x7d, 0xd7, 0x96, 0x05, 0xca, 0xf4, 0x95, 0xb6, 0x98, 0x14, 0x48, 0xce, 0xcd, + 0x3e, 0x47, 0x7d, 0x67, 0x72, 0x54, 0x22, 0xa0, 0xcd, 0x57, 0x0a, 0x28, 0x85, 0x96, 0x28, 0xe8, + 0x97, 0x1a, 0x98, 0xd7, 0x23, 0xae, 0x91, 0xd0, 0x26, 0x54, 0x78, 0xa8, 0xab, 0xd0, 0xdc, 0x59, + 0xcb, 0x4f, 0x62, 0xa1, 0x37, 0x61, 0xfe, 0xf0, 0x84, 0x72, 0x39, 0x79, 0xe8, 0x4b, 0x26, 0x27, + 0x56, 0x85, 0x87, 0xa4, 0x0f, 0x35, 0x3d, 0x33, 0xe2, 0x1e, 0x69, 0xe7, 0xf1, 0x6a, 0x6a, 0x24, + 0x71, 0x3a, 0x82, 0x58, 0xb0, 0x92, 0x0b, 0xcc, 0x0e, 0x29, 0xa7, 0x63, 0x94, 0xc8, 0x53, 0xa9, + 0xdd, 0x2f, 0x93, 0xda, 0x49, 0x1a, 0x65, 0xb5, 0x9d, 0x79, 0xa3, 0x98, 0x91, 0x7b, 0x7d, 0x56, + 0xee, 0xc7, 0xb0, 0x8c, 0x2f, 0x1c, 0x2f, 0x72, 0x71, 0x4a, 0xdb, 0x0b, 0x37, 0xd2, 0x36, 0x49, + 0xa0, 0x45, 0x75, 0xf7, 0xa0, 0x49, 0xa5, 0x44, 0x21, 0x63, 0x1d, 0xde, 0xd2, 0x3a, 0x2a, 0x9a, + 0x66, 0xf4, 0xbf, 0xf8, 0xbf, 0xf5, 0xff, 0x3d, 0xdc, 0x9b, 0xee, 0x51, 0x81, 0x1e, 0x3a, 0x7a, + 0xf7, 0x86, 0x4e, 0xde, 0xbb, 0x42, 0x96, 0x4f, 0xd2, 0x38, 0xeb, 0x2e, 0x2d, 0xb5, 0x9b, 0x2f, + 0x0d, 0x58, 0x9d, 0x6f, 0x92, 0xff, 0x32, 0x2c, 0xbe, 0x9c, 0x1b, 0x16, 0xef, 0x5d, 0x35, 0x2c, + 0xf2, 0x52, 0xbd, 0x8e, 0x71, 0xf1, 0x33, 0xf4, 0xae, 0xdb, 0xfe, 0x5f, 0xce, 0x8b, 0x3c, 0x81, + 0x1d, 0x9c, 0x3e, 0x45, 0x47, 0x66, 0xf3, 0x22, 0xf7, 0x1c, 0x6b, 0x87, 0xf9, 0x39, 0xbc, 0x73, + 0x13, 0xba, 0x55, 0x51, 0x69, 0xa8, 0xff, 0x4a, 0x71, 0xa9, 0xeb, 0x34, 0x0c, 0x0f, 0x5d, 0xf3, + 0x0b, 0x78, 0xf7, 0x46, 0x17, 0x9e, 0xc1, 0x2f, 0xa6, 0xf8, 0x5f, 0x0d, 0xb8, 0x5b, 0xde, 0x11, + 0xe4, 0x63, 0xe8, 0x4c, 0x37, 0x15, 0x95, 0x92, 0x3a, 0xa3, 0x31, 0xfa, 0x32, 0x39, 0xc3, 0x74, + 0xd3, 0xed, 0x66, 0x6e, 0xf2, 0x3e, 0xb4, 0x39, 0x3e, 0x8b, 0x18, 0x47, 0x7b, 0xea, 0x1d, 0x53, + 0xd1, 0x5b, 0x93, 0xc4, 0x67, 0x15, 0xde, 0x2c, 0xa5, 0x7f, 0xb0, 0xea, 0x15, 0x7f, 0xb0, 0x4f, + 0xa0, 0x5d, 0x26, 0xc6, 0xd2, 0x66, 0xbc, 0x0d, 0x95, 0xac, 0x11, 0x2b, 0xcc, 0x35, 0x3f, 0x2d, + 0x3e, 0x51, 0xb2, 0x21, 0x51, 0x0a, 0x5d, 0x82, 0x2a, 0xf5, 0x86, 0x1a, 0x5b, 0xb7, 0xd4, 0xd2, + 0xfc, 0x1a, 0xc8, 0xfc, 0x84, 0x4b, 0xb6, 0x88, 0x91, 0x15, 0xe6, 0xaa, 0x5c, 0x3e, 0x1d, 0xa3, + 0x06, 0x36, 0x2c, 0xbd, 0x56, 0x36, 0xe6, 0x64, 0x57, 0xd2, 0x6b, 0x73, 0x08, 0x90, 0xcf, 0xbf, + 0x42, 0x96, 0xd6, 0x95, 0x59, 0x1e, 0x40, 0xcb, 0x65, 0x22, 0xf4, 0xe8, 0xc4, 0xd6, 0xbe, 0x38, + 0x5b, 0x33, 0xb1, 0x3d, 0x2e, 0x6e, 0x54, 0xcb, 0x37, 0xda, 0xdb, 0xfb, 0xe3, 0xa2, 0x6b, 0xfc, + 0x75, 0xd1, 0x35, 0x5e, 0x5e, 0x74, 0x8d, 0x1f, 0x3e, 0x1c, 0x32, 0x39, 0x8a, 0x4e, 0xb7, 0x9d, + 0x60, 0x3c, 0x18, 0x72, 0xfa, 0x9c, 0xc5, 0xfd, 0x48, 0xbd, 0x41, 0xf6, 0x0e, 0xa7, 0x21, 0x9b, + 0x79, 0x84, 0x9f, 0x2e, 0xe8, 0xc7, 0xf5, 0x07, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x8f, 0xff, + 0x0d, 0xa1, 0xad, 0x0b, 0x00, 0x00, } func (m *SessionData) Marshal() (dAtA []byte, err error) { diff --git a/api/types/webauthn/webauthn.proto b/api/types/webauthn/webauthn.proto deleted file mode 100644 index a2552e3190fd9..0000000000000 --- a/api/types/webauthn/webauthn.proto +++ /dev/null @@ -1,273 +0,0 @@ -// Copyright 2021 Gravitational, Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -// Package WebAuthn maps WebAuthn messages to protocol buffers. -// -// The mapping is designed to match both the WebAuthn specification and the -// capabilities of current browser implementations. -// -// REST-based Teleport APIs will make an effort to transmit or embed JSON -// messages matching the github.com/duo-labs/webauthn reference implementation, -// to allow for easy browser integration. gRPC APIs are not meant for REST use -// and thus make no such promises, although the correspondence should be -// obvious. -// -// Note that, ordinarily, various fields in WebAuthn messages are encoded using -// "RawURLEncoding" (aka, base64 URL encoding without padding). This is not the -// case for _any_ of the fields mapped here, all bytes fields are transmitted -// raw/unencoded. -package webauthn; - -import "gogoproto/gogo.proto"; - -option (gogoproto.marshaler_all) = true; -option (gogoproto.unmarshaler_all) = true; - -// ----------------------------------------------------------------------------- -// WebAuthn messages used by server storage. -// ----------------------------------------------------------------------------- - -// SessionData stored by the Relying Party during authentication ceremonies. -// Mirrors https://pkg.go.dev/github.com/duo-labs/webauthn/webauthn#SessionData. -message SessionData { - // Raw challenge used for the ceremony. - bytes challenge = 1 [ (gogoproto.jsontag) = "challenge,omitempty" ]; - // Raw User ID. - bytes user_id = 2 [ (gogoproto.jsontag) = "userId,omitempty" ]; - // Raw Credential IDs of the credentials allowed for the ceremony. - repeated bytes allow_credentials = 3 [ (gogoproto.jsontag) = "allowCredentials,omitempty" ]; - // True if resident keys were required by the server / Relying Party. - bool resident_key = 4 [ (gogoproto.jsontag) = "residentKey,omitempty" ]; - // Requested user verification requirement, either "discouraged" or - // "required". - // An empty value is treated equivalently to "discouraged". - string user_verification = 5 [ (gogoproto.jsontag) = "userVerification,omitempty" ]; -} - -// User represents a WebAuthn user. -// Used mainly to correlated a WebAuthn user handle with a Teleport user. -message User { - // Teleport user ID. - string teleport_user = 1; -} - -// ----------------------------------------------------------------------------- -// Assertion (aka login). -// ----------------------------------------------------------------------------- - -// Credential assertion used for login ceremonies. -message CredentialAssertion { PublicKeyCredentialRequestOptions public_key = 1; } - -// Request options necessary for credential assertions, aka login ceremonies. -// See https://www.w3.org/TR/webauthn-2/#dictionary-assertion-options or -// refer to navigator.credentials.get in your browser. -message PublicKeyCredentialRequestOptions { - // Raw challenge used for assertion. - bytes challenge = 1; - // Timeout in milliseconds. - int64 timeout_ms = 2; - // Relying Party ID. - string rp_id = 3; - // Allowed credentials for assertion. - repeated CredentialDescriptor allow_credentials = 4; - // Extensions supplied by the Relying Party. - AuthenticationExtensionsClientInputs extensions = 5; - // User verification requirement. - string user_verification = 6; -} - -// Assertion response returned by the authenticator. -// Refer to navigator.credentials.get in your browser. -message CredentialAssertionResponse { - // Note: assertion responses return both "rawId" and "id" (RawURLEncoding of - // "id"), but it seemed pointless to have both here. - - // Type of the credential, usually "public-key". - string type = 1; - // Raw Credential ID. - bytes raw_id = 2; - // Assertion response from the authenticator. - AuthenticatorAssertionResponse response = 3; - // Extensions supplied by the authenticator. - AuthenticationExtensionsClientOutputs extensions = 4; -} - -// Authenticator assertion response. -// https://www.w3.org/TR/webauthn-2/#authenticatorassertionresponse -message AuthenticatorAssertionResponse { - // Raw client data JSON, exactly as signed by the authenticator. - // https://www.w3.org/TR/webauthn-2/#dictdef-collectedclientdata. - bytes client_data_json = 1; - // Raw authenticator data, exactly as signed by the authenticator. - // https://www.w3.org/TR/webauthn-2/#sctn-authenticator-data. - bytes authenticator_data = 2; - // Raw assertion signature performed authenticatorData|clientDataJSON. - // https://www.w3.org/TR/webauthn-2/#assertion-signature. - bytes signature = 3; - // Raw user handle returned by the authenticator, if any. - bytes user_handle = 4; -} - -// ----------------------------------------------------------------------------- -// Creation (aka registration). -// ----------------------------------------------------------------------------- - -// Credential creation used for registration ceremonies. -message CredentialCreation { PublicKeyCredentialCreationOptions public_key = 1; } - -// Request options necessary for credential creation, aka registration -// ceremonies. -// See -// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions -// or refer to navigator.credentials.create in your browser. -message PublicKeyCredentialCreationOptions { - // Raw challenge used for creation. - bytes challenge = 1; - // Relying party information. - RelyingPartyEntity rp = 2; - // User information. - UserEntity user = 3; - // Desired properties for the credential to be created, from most to least - // preferred. - repeated CredentialParameter credential_parameters = 4; - // Timeout in milliseconds. - int64 timeout_ms = 5; - // Credentials excluded from the ceremony. - repeated CredentialDescriptor exclude_credentials = 6; - // Attestation requested, defaulting to "none". - // https://www.w3.org/TR/webauthn-2/#enumdef-attestationconveyancepreference. - string attestation = 7; - // Extensions supplied by the Relying Party. - AuthenticationExtensionsClientInputs extensions = 8; - // Authenticator selection criteria for the new credential. - AuthenticatorSelection authenticator_selection = 9; -} - -// Credential creation response returned by the authenticator. -// Refer to navigator.credentials.create in your browser. -message CredentialCreationResponse { - // Note: creation responses return both "rawId" and "id" (RawURLEncoding of - // "id"), but it seemed pointless to have both here. - - // Type of the credential, usually "public-key". - string type = 1; - // Raw Credential ID. - bytes raw_id = 2; - // Attestation response from the authenticator. - AuthenticatorAttestationResponse response = 3; - // Extensions supplied by the authenticator. - AuthenticationExtensionsClientOutputs extensions = 4; -} - -// Attestation response from the authentication, ie, the response to a -// credential creation request. -// https://www.w3.org/TR/webauthn-2/#authenticatorattestationresponse. -message AuthenticatorAttestationResponse { - // Raw client data JSON, exactly as signed by the authenticator. - // https://www.w3.org/TR/webauthn-2/#dictdef-collectedclientdata. - bytes client_data_json = 1; - // Raw attestation object. - // https://www.w3.org/TR/webauthn-2/#attestation-object - bytes attestation_object = 2; -} - -// ----------------------------------------------------------------------------- -// Common WebAuthn objects. -// ----------------------------------------------------------------------------- - -// Extensions supplied by the Relying Party during credential assertion or -// creation. -// https://www.w3.org/TR/webauthn-2/#client-extension-input -message AuthenticationExtensionsClientInputs { - // U2F application ID to be used by the authenticator, if any. - // Only available if using U2F compatibility mode. - // https://www.w3.org/TR/webauthn-2/#sctn-appid-extension. - string app_id = 1; -} - -// Extensions supplied by the authenticator to the Relying Party, during -// credential assertion or creation. -// https://www.w3.org/TR/webauthn-2/#client-extension-output. -message AuthenticationExtensionsClientOutputs { - // If true, the AppID extension was used by the authenticator, which changes - // the rpIdHash accordingly. - // https://www.w3.org/TR/webauthn-2/#sctn-appid-extension. - bool app_id = 1; -} - -// Authenticator selection criteria. -// Restricts the choice of authenticator for credential creation. -message AuthenticatorSelection { - // Authenticator attachment, empty means no particular attachment is - // required. - string authenticator_attachment = 1; - // Resident key requirement, if true the authenticator must create a resident - // key. - bool require_resident_key = 2; - // User verification requirement for authenticators. - string user_verification = 3; -} - -// Public key credential descriptor. -// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialdescriptor. -message CredentialDescriptor { - // Type of the credential, usually "public-key". - string type = 1; - // Raw Credential ID. - bytes id = 2; - - // Notes: - // * Transport hints omitted (assume no restrictions). -} - -// Parameters for credential creation. -// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialparameters. -message CredentialParameter { - // Credential type, usually "public-key". - // https://www.w3.org/TR/webauthn-2/#enumdef-publickeycredentialtype. - string type = 1; - // COSE algorithm specifier. - // Most authenticators support exclusively ES256(-7). - // https://www.w3.org/TR/webauthn-2/#typedefdef-cosealgorithmidentifier. - int32 alg = 2; -} - -// Relying Party information. -// See https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrpentity and -// https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions/rp. -message RelyingPartyEntity { - string id = 1; - string name = 2; - // URL to the icon of the Relying Party. - string icon = 3; -} - -// User information. -// See https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialuserentity -// and -// https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions/user. -message UserEntity { - // Raw ID of the user. - bytes id = 1; - // Human-palatable name for a user account. - // The Relying Party _may_ let the user choose this value. - string name = 2; - // Human-palatable name for the user account, intended only for display. - // The Relying Party _should_ let the user choose this value. - string display_name = 3; - // URL to a resource which can be the avatar image for the user. - string icon = 4; -} diff --git a/api/types/wrappers/wrappers.pb.go b/api/types/wrappers/wrappers.pb.go index e5ec463dc6074..c61a4031b5306 100644 --- a/api/types/wrappers/wrappers.pb.go +++ b/api/types/wrappers/wrappers.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: wrappers.proto +// source: teleport/legacy/types/wrappers/wrappers.proto package wrappers @@ -35,7 +35,7 @@ func (m *StringValues) Reset() { *m = StringValues{} } func (m *StringValues) String() string { return proto.CompactTextString(m) } func (*StringValues) ProtoMessage() {} func (*StringValues) Descriptor() ([]byte, []int) { - return fileDescriptor_a39c3deb4e5b8cc3, []int{0} + return fileDescriptor_3c19e1bba76a2eab, []int{0} } func (m *StringValues) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -78,7 +78,7 @@ func (m *LabelValues) Reset() { *m = LabelValues{} } func (m *LabelValues) String() string { return proto.CompactTextString(m) } func (*LabelValues) ProtoMessage() {} func (*LabelValues) Descriptor() ([]byte, []int) { - return fileDescriptor_a39c3deb4e5b8cc3, []int{1} + return fileDescriptor_3c19e1bba76a2eab, []int{1} } func (m *LabelValues) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -121,7 +121,7 @@ func (m *CustomType) Reset() { *m = CustomType{} } func (m *CustomType) String() string { return proto.CompactTextString(m) } func (*CustomType) ProtoMessage() {} func (*CustomType) Descriptor() ([]byte, []int) { - return fileDescriptor_a39c3deb4e5b8cc3, []int{2} + return fileDescriptor_3c19e1bba76a2eab, []int{2} } func (m *CustomType) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -157,26 +157,31 @@ func init() { proto.RegisterType((*CustomType)(nil), "wrappers.CustomType") } -func init() { proto.RegisterFile("wrappers.proto", fileDescriptor_a39c3deb4e5b8cc3) } - -var fileDescriptor_a39c3deb4e5b8cc3 = []byte{ - // 247 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2b, 0x2f, 0x4a, 0x2c, - 0x28, 0x48, 0x2d, 0x2a, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x80, 0xf1, 0xa5, 0x44, - 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x82, 0xfa, 0x20, 0x16, 0x44, 0x5e, 0x49, 0x8d, 0x8b, 0x27, 0xb8, - 0xa4, 0x28, 0x33, 0x2f, 0x3d, 0x2c, 0x31, 0xa7, 0x34, 0xb5, 0x58, 0x48, 0x8c, 0x8b, 0x0d, 0xc2, - 0x92, 0x60, 0x54, 0x60, 0xd6, 0xe0, 0x0c, 0x82, 0xf2, 0x94, 0x56, 0x33, 0x72, 0x71, 0xfb, 0x24, - 0x26, 0xa5, 0xe6, 0x40, 0xd5, 0x79, 0xa2, 0xa8, 0xe3, 0x36, 0x52, 0xd4, 0x83, 0x5b, 0x8c, 0xa4, - 0x4c, 0x0f, 0x42, 0xb9, 0xe6, 0x95, 0x14, 0x55, 0x3a, 0xf1, 0x9d, 0xb8, 0x27, 0xcf, 0xf0, 0xea, - 0x9e, 0x3c, 0x5b, 0x0e, 0x48, 0x41, 0x31, 0xcc, 0x68, 0xa9, 0x40, 0x2e, 0x6e, 0x24, 0x65, 0x42, - 0x02, 0x5c, 0xcc, 0xd9, 0xa9, 0x95, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0x9c, 0x41, 0x20, 0xa6, 0x90, - 0x0e, 0x17, 0x6b, 0x19, 0x48, 0x81, 0x04, 0x93, 0x02, 0xa3, 0x06, 0xb7, 0x91, 0x18, 0xc2, 0x2a, - 0x64, 0xa7, 0x07, 0x41, 0x14, 0x59, 0x31, 0x59, 0x30, 0x2a, 0xe9, 0x70, 0x71, 0x39, 0x97, 0x16, - 0x97, 0xe4, 0xe7, 0x86, 0x54, 0x16, 0xa4, 0x0a, 0xc9, 0x71, 0xb1, 0x3a, 0x55, 0x96, 0x80, 0x9d, - 0xca, 0xa8, 0xc1, 0xe3, 0xc4, 0xf1, 0xea, 0x9e, 0x3c, 0x4b, 0x56, 0x71, 0x7e, 0x5e, 0x10, 0x44, - 0xd8, 0x49, 0xe0, 0xc4, 0x43, 0x39, 0x86, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, - 0xf0, 0x48, 0x8e, 0x31, 0x89, 0x0d, 0x1c, 0x38, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9f, - 0xe7, 0xc8, 0xd6, 0x4e, 0x01, 0x00, 0x00, +func init() { + proto.RegisterFile("teleport/legacy/types/wrappers/wrappers.proto", fileDescriptor_3c19e1bba76a2eab) +} + +var fileDescriptor_3c19e1bba76a2eab = []byte{ + // 304 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x90, 0x4f, 0x4b, 0xc3, 0x30, + 0x18, 0x87, 0x97, 0xcd, 0x8d, 0x2d, 0x1d, 0x22, 0x45, 0xc6, 0xd8, 0xa1, 0xab, 0x3d, 0x48, 0x0f, + 0xb3, 0x81, 0xe9, 0x41, 0x3c, 0x56, 0x14, 0x04, 0x2f, 0x56, 0xf1, 0xe0, 0x2d, 0x1d, 0x21, 0x56, + 0xb3, 0x26, 0xa4, 0xe9, 0x24, 0x9f, 0xc9, 0x2f, 0xd2, 0xa3, 0x9f, 0xa0, 0x68, 0x8f, 0xfb, 0x14, + 0xd2, 0x76, 0x7f, 0xaa, 0xa7, 0x3c, 0xef, 0x9b, 0x87, 0xf7, 0x7d, 0xf9, 0xc1, 0x33, 0x45, 0x18, + 0x11, 0x5c, 0x2a, 0xc4, 0x08, 0xc5, 0x0b, 0x8d, 0x94, 0x16, 0x24, 0x41, 0x1f, 0x12, 0x0b, 0x41, + 0xe4, 0x1e, 0x3c, 0x21, 0xb9, 0xe2, 0x66, 0x7f, 0x5b, 0x4f, 0x8e, 0x29, 0xa7, 0xbc, 0x6a, 0xa2, + 0x92, 0xea, 0x7f, 0xe7, 0x14, 0x0e, 0x1f, 0x95, 0x8c, 0x62, 0xfa, 0x8c, 0x59, 0x4a, 0x12, 0x73, + 0x04, 0x7b, 0x35, 0x8d, 0x81, 0xdd, 0x71, 0x07, 0xc1, 0xa6, 0x72, 0x3e, 0x01, 0x34, 0xee, 0x71, + 0x48, 0xd8, 0xc6, 0xbb, 0xfb, 0xe3, 0x19, 0xf3, 0x13, 0x6f, 0xb7, 0xb8, 0xa1, 0x79, 0xf5, 0x73, + 0x13, 0x2b, 0xa9, 0xfd, 0xc3, 0x2c, 0x9f, 0xb6, 0xd6, 0xf9, 0xb4, 0xc7, 0x4a, 0x21, 0xd9, 0x8e, + 0x9e, 0x3c, 0x40, 0xa3, 0xa1, 0x99, 0x47, 0xb0, 0xf3, 0x4e, 0xf4, 0x18, 0xd8, 0xc0, 0x1d, 0x04, + 0x25, 0x9a, 0x33, 0xd8, 0x5d, 0x95, 0xc2, 0xb8, 0x6d, 0x03, 0xd7, 0x98, 0x8f, 0xf6, 0xab, 0x9a, + 0xa7, 0x07, 0xb5, 0x74, 0xd5, 0xbe, 0x04, 0xce, 0x0c, 0xc2, 0xeb, 0x34, 0x51, 0x7c, 0xf9, 0xa4, + 0x05, 0x31, 0x2d, 0xd8, 0xf5, 0xb5, 0xaa, 0x4e, 0x05, 0xee, 0xd0, 0xef, 0xaf, 0xf3, 0xe9, 0xc1, + 0x5b, 0xc2, 0xe3, 0xa0, 0x6e, 0xfb, 0xb7, 0xd9, 0x8f, 0xd5, 0xca, 0x0a, 0x0b, 0x7c, 0x15, 0x16, + 0xf8, 0x2e, 0x2c, 0xf0, 0x72, 0x41, 0x23, 0xf5, 0x9a, 0x86, 0xde, 0x82, 0x2f, 0x11, 0x95, 0x78, + 0x15, 0x29, 0xac, 0x22, 0x1e, 0x63, 0x86, 0x76, 0xe9, 0x63, 0x11, 0xfd, 0x8b, 0x3e, 0xec, 0x55, + 0x91, 0x9e, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0xe1, 0xab, 0xc5, 0xab, 0xa3, 0x01, 0x00, 0x00, } func (m *StringValues) Marshal() (dAtA []byte, err error) { diff --git a/api/utils/aws/partition.go b/api/utils/aws/partition.go new file mode 100644 index 0000000000000..13e7aca13f4db --- /dev/null +++ b/api/utils/aws/partition.go @@ -0,0 +1,44 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aws + +// GetPartitionFromRegion get aws partition from region +// example, region "us-east-1" corresponds to partition "aws" +// region "cn-north-1" corresponds to partition "aws-cn" +func GetPartitionFromRegion(region string) string { + var partition string + switch { + case IsCNRegion(region): + partition = CNPartition + case IsUSGovRegion(region): + partition = USGovPartition + default: + partition = StandardPartition + } + return partition +} + +const ( + // StandardPartition is the partition ID of the AWS Standard partition. + StandardPartition = "aws" + + // CNPartition is the partition ID of the AWS China partition. + CNPartition = "aws-cn" + + // USGovPartition is the partition ID of the AWS GovCloud partition. + USGovPartition = "aws-us-gov" +) diff --git a/api/utils/aws/partition_test.go b/api/utils/aws/partition_test.go new file mode 100644 index 0000000000000..350315d21ae74 --- /dev/null +++ b/api/utils/aws/partition_test.go @@ -0,0 +1,67 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aws + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGetPartitionFromRegion(t *testing.T) { + t.Parallel() + + tests := []struct { + region string + expectPartition string + }{ + { + region: "cn-north-1", + expectPartition: "aws-cn", + }, + { + region: "cn-northwest-1", + expectPartition: "aws-cn", + }, + { + region: "us-gov-east-1", + expectPartition: "aws-us-gov", + }, + { + region: "us-gov-west-1", + expectPartition: "aws-us-gov", + }, + { + region: "us-east-1", + expectPartition: "aws", + }, + { + region: "us-west-1", + expectPartition: "aws", + }, + { + region: "", + expectPartition: "aws", + }, + } + + for _, test := range tests { + t.Run(test.region, func(t *testing.T) { + require.Equal(t, test.expectPartition, GetPartitionFromRegion(test.region)) + }) + } +} diff --git a/api/utils/keypaths/keypaths.go b/api/utils/keypaths/keypaths.go index 7fe657653ee04..365848bb8f0a0 100644 --- a/api/utils/keypaths/keypaths.go +++ b/api/utils/keypaths/keypaths.go @@ -38,6 +38,8 @@ const ( fileNameTLSCerts = "certs.pem" // fileExtCert is the suffix/extension of a file where an SSH Cert is stored. fileExtSSHCert = "-cert.pub" + // fileExtPPK is the suffix/extension of a file where an SSH keypair is stored in PuTTY PPK format. + fileExtPPK = ".ppk" // fileExtPub is the extension of a file where a public key is stored. fileExtPub = ".pub" // fileExtLocalCA is the extension of a file where a self-signed localhost CA cert is stored. @@ -62,8 +64,9 @@ const ( // └── keys --> session keys directory // ├── one.example.com --> Proxy hostname // │ ├── certs.pem --> TLS CA certs for the Teleport CA -// │ ├── foo --> RSA Private Key for user "foo" +// │ ├── foo --> Private Key for user "foo" // │ ├── foo.pub --> Public Key +// │ ├── foo.ppk --> PuTTY PPK-formatted keypair for user "foo" // │ ├── foo-x509.pem --> TLS client certificate for Auth Server // │ ├── foo-ssh --> SSH certs for user "foo" // │ │ ├── root-cert.pub --> SSH cert for Teleport cluster "root" @@ -134,11 +137,11 @@ func TLSCertPath(baseDir, proxy, username string) string { return filepath.Join(ProxyKeyDir(baseDir, proxy), username+fileExtTLSCert) } -// SSHCAsPath returns the path to the users's SSH CA's certificates +// PublicKeyPath returns the path to the users's public key // for the given proxy. // // /keys//.pub -func SSHCAsPath(baseDir, proxy, username string) string { +func PublicKeyPath(baseDir, proxy, username string) string { return filepath.Join(ProxyKeyDir(baseDir, proxy), username+fileExtPub) } @@ -171,6 +174,14 @@ func SSHDir(baseDir, proxy, username string) string { return filepath.Join(ProxyKeyDir(baseDir, proxy), username+sshDirSuffix) } +// PPKFilePath returns the path to the user's PuTTY PPK-formatted keypair +// for the given proxy and cluster. +// +// /keys//.ppk +func PPKFilePath(baseDir, proxy, username string) string { + return filepath.Join(ProxyKeyDir(baseDir, proxy), username+fileExtPPK) +} + // SSHCertPath returns the path to the users's SSH certificate // for the given proxy and cluster. // diff --git a/api/utils/keys/privatekey.go b/api/utils/keys/privatekey.go new file mode 100644 index 0000000000000..109c329c35a73 --- /dev/null +++ b/api/utils/keys/privatekey.go @@ -0,0 +1,266 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package keys defines common interfaces for Teleport client keys. +package keys + +import ( + "bytes" + "crypto" + "crypto/rsa" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "fmt" + "os" + + "github.com/gravitational/teleport/api/utils/sshutils/ppk" + "github.com/gravitational/trace" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/agent" +) + +const ( + PKCS1PrivateKeyType = "RSA PRIVATE KEY" + PKCS8PrivateKeyType = "PRIVATE KEY" + ECPrivateKeyType = "EC PRIVATE KEY" +) + +// PrivateKey implements crypto.Signer with additional helper methods. The underlying +// private key may be a standard crypto.Signer implemented in the standard library +// (aka *rsa.PrivateKey, *ecdsa.PrivateKey, or ed25519.PrivateKey), or it may be a +// custom implementation for a non-standard private key, such as a hardware key. +type PrivateKey struct { + Signer + sshPub ssh.PublicKey +} + +// NewPrivateKey returns a new PrivateKey for the given crypto.Signer. +func NewPrivateKey(signer Signer) (*PrivateKey, error) { + sshPub, err := ssh.NewPublicKey(signer.Public()) + if err != nil { + return nil, trace.Wrap(err) + } + + return &PrivateKey{ + Signer: signer, + sshPub: sshPub, + }, nil +} + +// SSHPublicKey returns the ssh.PublicKey representiation of the public key. +func (k *PrivateKey) SSHPublicKey() ssh.PublicKey { + return k.sshPub +} + +// SSHPublicKey returns the ssh.PublicKey representiation of the public key. +func (k *PrivateKey) MarshalSSHPublicKey() []byte { + return ssh.MarshalAuthorizedKey(k.sshPub) +} + +// agentKeyComment is used to generate an agent key comment. +type agentKeyComment struct { + user string +} + +func (a *agentKeyComment) String() string { + return fmt.Sprintf("teleport:%s", a.user) +} + +// AsAgentKey converts PrivateKey to a agent.AddedKey. If the given PrivateKey is not +// supported as an agent key, a trace.NotImplemented error is returned. +func (k *PrivateKey) AsAgentKey(sshCert *ssh.Certificate) (agent.AddedKey, error) { + signer, ok := k.Signer.(*StandardSigner) + if !ok { + // We return a not implemented error because agent.AddedKey only + // supports plain RSA, ECDSA, and ED25519 keys. Non-standard private + // keys, like hardware-based private keys, will require custom solutions + // which may not be included in their initial implementation. This will + // only affect functionality related to agent forwarding, so we give the + // caller the ability to handle the error gracefully. + return agent.AddedKey{}, trace.NotImplemented("cannot create an agent key using private key signer of type %T", k.Signer) + } + + // put a teleport identifier along with the teleport user into the comment field + comment := agentKeyComment{user: sshCert.KeyId} + return agent.AddedKey{ + PrivateKey: signer.Signer, + Certificate: sshCert, + Comment: comment.String(), + LifetimeSecs: 0, + ConfirmBeforeUse: false, + }, nil +} + +// PPKFile returns a PuTTY PPK-formatted keypair +func (k *PrivateKey) PPKFile() ([]byte, error) { + signer, ok := k.Signer.(*StandardSigner) + if !ok { + return nil, trace.BadParameter("cannot use private key of type %T as rsa.PrivateKey", k) + } + rsaKey, ok := signer.Signer.(*rsa.PrivateKey) + if !ok { + return nil, trace.BadParameter("cannot use private key of type %T as rsa.PrivateKey", k) + } + ppkFile, err := ppk.ConvertToPPK(rsaKey, k.MarshalSSHPublicKey()) + if err != nil { + return nil, trace.Wrap(err) + } + return ppkFile, nil +} + +// RSAPrivateKeyPEM returns a PEM encoded RSA private key for the given key. +// If the given key is not an RSA key, then an error will be returned. +// +// This is used by some integrations which currently only support raw RSA private keys, +// like Kubernetes, MongoDB, and PPK files for windows. +func (k *PrivateKey) RSAPrivateKeyPEM() ([]byte, error) { + signer := k.GetBaseSigner() + if _, ok := signer.(*rsa.PrivateKey); !ok { + return nil, trace.BadParameter("cannot get rsa key PEM for private key of type %T", signer) + } + return k.PrivateKeyPEM(), nil +} + +// GetBaseSigner is a helper method to return the actual nested crypto.Signer for this PrivateKey. +func (k *PrivateKey) GetBaseSigner() crypto.Signer { + switch signer := k.Signer.(type) { + case *StandardSigner: + return signer.Signer + default: + return signer + } +} + +// LoadPrivateKey returns the PrivateKey for the given key file. +func LoadPrivateKey(keyFile string) (*PrivateKey, error) { + keyPEM, err := os.ReadFile(keyFile) + if err != nil { + return nil, trace.ConvertSystemError(err) + } + + priv, err := ParsePrivateKey(keyPEM) + if err != nil { + return nil, trace.Wrap(err) + } + return priv, nil +} + +// ParsePrivateKey returns the PrivateKey for the given key PEM block. +func ParsePrivateKey(keyPEM []byte) (*PrivateKey, error) { + block, _ := pem.Decode(keyPEM) + if block == nil { + return nil, trace.BadParameter("expected PEM encoded private key") + } + + switch block.Type { + case PKCS1PrivateKeyType: + cryptoSigner, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, trace.Wrap(err) + } + return NewPrivateKey(newStandardSigner(cryptoSigner, keyPEM)) + case ECPrivateKeyType: + cryptoSigner, err := x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return nil, trace.Wrap(err) + } + return NewPrivateKey(newStandardSigner(cryptoSigner, keyPEM)) + case PKCS8PrivateKeyType: + priv, err := x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + return nil, trace.Wrap(err) + } + cryptoSigner, ok := priv.(crypto.Signer) + if !ok { + return nil, trace.BadParameter("x509.ParsePKCS8PrivateKey returned an invalid private key of type %T", priv) + } + return NewPrivateKey(newStandardSigner(cryptoSigner, keyPEM)) + default: + return nil, trace.BadParameter("unexpected private key PEM type %q", block.Type) + } +} + +// LoadKeyPair returns the PrivateKey for the given private and public key files. +func LoadKeyPair(privFile, sshPubFile string) (*PrivateKey, error) { + privPEM, err := os.ReadFile(privFile) + if err != nil { + return nil, trace.ConvertSystemError(err) + } + + marshalledSSHPub, err := os.ReadFile(sshPubFile) + if err != nil { + return nil, trace.ConvertSystemError(err) + } + + priv, err := ParseKeyPair(privPEM, marshalledSSHPub) + if err != nil { + return nil, trace.Wrap(err) + } + return priv, nil +} + +// ParseKeyPair returns the PrivateKey for the given private and public key PEM blocks. +func ParseKeyPair(privPEM, marshalledSSHPub []byte) (*PrivateKey, error) { + priv, err := ParsePrivateKey(privPEM) + if err != nil { + return nil, trace.Wrap(err) + } + + // Verify that the private key's public key matches the expected public key. + if !bytes.Equal(ssh.MarshalAuthorizedKey(priv.SSHPublicKey()), marshalledSSHPub) { + return nil, trace.CompareFailed("the given private and public keys do not form a valid keypair") + } + + return priv, nil +} + +// LoadX509KeyPair parse a tls.Certificate from a private key file and certificate file. +// This should be used instead of tls.LoadX509KeyPair to support non-raw private keys, like PIV keys. +func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) { + keyPEMBlock, err := os.ReadFile(keyFile) + if err != nil { + return tls.Certificate{}, trace.ConvertSystemError(err) + } + + certPEMBlock, err := os.ReadFile(certFile) + if err != nil { + return tls.Certificate{}, trace.ConvertSystemError(err) + } + + tlsCert, err := X509KeyPair(certPEMBlock, keyPEMBlock) + if err != nil { + return tls.Certificate{}, trace.Wrap(err) + } + + return tlsCert, nil +} + +// X509KeyPair parse a tls.Certificate from a private key PEM and certificate PEM. +// This should be used instead of tls.X509KeyPair to support non-raw private keys, like PIV keys. +func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) { + priv, err := ParsePrivateKey(keyPEMBlock) + if err != nil { + return tls.Certificate{}, trace.Wrap(err) + } + + tlsCert, err := priv.TLSCertificate(certPEMBlock) + if err != nil { + return tls.Certificate{}, trace.Wrap(err) + } + + return tlsCert, nil +} diff --git a/api/utils/keys/privatekey_test.go b/api/utils/keys/privatekey_test.go new file mode 100644 index 0000000000000..c21cacc6dd361 --- /dev/null +++ b/api/utils/keys/privatekey_test.go @@ -0,0 +1,170 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package keys + +import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/rsa" + "crypto/tls" + "testing" + + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" +) + +// TestParsePrivateKey tests that ParsePrivateKey successfully parses private key PEM. +func TestParsePrivateKey(t *testing.T) { + for _, tt := range []struct { + desc string + keyPEM []byte + assertError require.ErrorAssertionFunc + assertKey require.ValueAssertionFunc + }{ + { + desc: "invalid PEM", + keyPEM: []byte(`non-pem data`), + assertError: func(t require.TestingT, err error, i ...interface{}) { + require.True(t, trace.IsBadParameter(err), "expected trace.BadParameter, got %T", err) + }, + assertKey: require.Nil, + }, + { + desc: "invalid key", + keyPEM: invalidKeyPEM, + assertError: func(t require.TestingT, err error, i ...interface{}) { + require.True(t, trace.IsBadParameter(err), "expected trace.BadParameter, got %T", err) + }, + assertKey: require.Nil, + }, + { + desc: "rsa key", + keyPEM: rsaKeyPEM, + assertError: require.NoError, + assertKey: func(tt require.TestingT, key interface{}, i2 ...interface{}) { + privateKey, ok := key.(*PrivateKey) + require.True(t, ok) + require.IsType(t, &rsa.PrivateKey{}, privateKey.GetBaseSigner()) + }, + }, + { + desc: "ecdsa key", + keyPEM: ecdsaKeyPEM, + assertError: require.NoError, + assertKey: func(tt require.TestingT, key interface{}, i2 ...interface{}) { + privateKey, ok := key.(*PrivateKey) + require.True(t, ok) + require.IsType(t, &ecdsa.PrivateKey{}, privateKey.GetBaseSigner()) + }, + }, + { + desc: "ed25519 key", + keyPEM: ed25519KeyPEM, + assertError: require.NoError, + assertKey: func(tt require.TestingT, key interface{}, i2 ...interface{}) { + privateKey, ok := key.(*PrivateKey) + require.True(t, ok) + require.IsType(t, ed25519.PrivateKey{}, privateKey.GetBaseSigner()) + }, + }, + } { + t.Run(tt.desc, func(t *testing.T) { + priv, err := ParsePrivateKey(tt.keyPEM) + tt.assertError(t, err) + tt.assertKey(t, priv) + }) + } +} + +// TestX509KeyPair tests that X509KeyPair returns the same value as tls.X509KeyPair. +func TestX509KeyPair(t *testing.T) { + expectCert, err := tls.X509KeyPair(rsaCertPEM, rsaKeyPEM) + require.NoError(t, err) + + tlsCert, err := X509KeyPair(rsaCertPEM, rsaKeyPEM) + require.NoError(t, err) + + require.Equal(t, expectCert, tlsCert) +} + +var ( + invalidKeyPEM = []byte(`-----BEGIN INVALID KEY----- +-----END INVALID KEY----- +`) + // generated with `openssl req -x509 -out rsa.crt -keyout rsa.key -newkey rsa:2048 -nodes -sha256` + rsaKeyPEM = []byte(`-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCudYRUc0u2xdQi +wzEckPP9lVnXmC2b8vkstKhwZPwoffUDZ6tbS/IjaMAIPaL5Vh6B1oyN8M0qYtQ8 +L6IVTN8f3MnTrqHulGWfx6PnSOjgLQ640Z/SY9KMNnZvs66Ag7ka+2v7BDPYv3Ik +eUyPPQbrxDYs37vfa+iFKU/5CgYKQFbFmeiP6C/jaExSz+up+ImwUyaVJWZjTWlh +9z4dp7Z3C+avY4HzOEu/DlaPDAOSKnlHRRaeX3Fyv41cva0CHxaJsbdeF/UrkTef +ClhOxvl+ZEFGqgbBvU/5nAUKk/1Ai/iPQ7Rfw/lKMc0/aLE3wx4WVxy2cVPlmxmQ +2u3RwwRFAgMBAAECggEAb7XmV2FAkTeZ/+x3DTCwW6d/0PKr+dkavwqrdNTlNlR5 +SIXgjuRRl2Ti2iQFsJz5ifBFLjqMVWDVP/jMU9FWaoOpZPfEzw2NCUP/6wCfxbR0 +Ydow+bpbvta8/gfTbI1sQR/PY/ur61WjlEFryaitPtj0S8Wz+nuRd3sdr31AotzD +HV/oxjZffZrVkq3gKvu9v9KX96ExXitZQ4zk9bh5As8pwbdOcOni6kFjr3OXZ0nC +agPsLwGvL+t+Nq6md/MwvU8t0GdCoBX4IuS/gC9BAuCE0S1F5nJUZ2W4iqsCUbQA +/BCIkRv30DSgHgLSxKp6KZt+VVgNIlV5URrJ1A+h3QKBgQDbXkMNdSfowI6UusMr +xoG8J1KoHFp2QhT5gyMNK/sNYPHpMvQJQWSaEaqzGaeNAvuzfAoDbEs2S5i0BhU0 +UzNpZ/PkREBaBaIk0lNMoiVv7yk6CQIz12CVVgd7iD9xPDX6BiTrtrpNfod1zySF +zzqV0qJ8RD7ipB/n5/1fpuwJDwKBgQDLl3CvCPe+anXMhWFNC3PFy+h9lHA7eo4n +9FAwducgq1IHxy6qspf0Y7nZPv6CY3kQbTRWyaFP4M4HCPJpmYEkZWmxvzcjDI2L +1kTSHkNgr8EXP/w+6tMO0zkU3MtvqhX2CybLuY9u7O2Cnmvze9PAE2fDV0YjLngK +0Lr8N9MVawKBgCPiwrNT5Ah2X5zDBKSHn7eI80OfB8lqvAWpRzWjaTliD5DnjfZp +pSxzEWqlGry9rTFKbFTtBUzHhx6EFDnwFmv63nIMHD7dxw2g/pF9wQQTqrncuWiD +pkAnx6eUvVQn1milUqrgxI9i0IQcM8xT/zB9Oal8fJEU6kdEszVPmDNPAoGBAL4d +kfVxq1+eLJiq6Py4OAk568XxKojwXfVDeOp47kYclYJ75sEx+yIVSkRrReFeoHvN +bnWo3cEozVvWaABify0MopGAXS2WmEs/8I5CAms0VFywvI3IXQTYC9LGiBajPtS+ +/yB5DE7qYrR52ZbKSCdyN5A7XFyYFTMMTcAfJTc3AoGADyQ5MTQVcQHKtTULy5/6 +RCqu3NBv4fj237N7FPiBJv/aAhz/nNSi98CPUESJ++5KtIrbLmm02Gm2Bi+WGU92 +gn3QD885jR7bH2kvUg1NSrjoAYqb3AwnGduILus/MbsoizSIgEJZeTUQFJ/sr5Q1 +k4M8rcOBNRgCFpwDm9DC+fI= +-----END PRIVATE KEY-----`) + rsaCertPEM = []byte(`-----BEGIN CERTIFICATE----- +MIIDazCCAlOgAwIBAgIUWKKpMWB8DhGCOtOKV41eBwhLo60wDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjA4MjIxOTAxMDFaFw0yMjA5 +MjExOTAxMDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCudYRUc0u2xdQiwzEckPP9lVnXmC2b8vkstKhwZPwo +ffUDZ6tbS/IjaMAIPaL5Vh6B1oyN8M0qYtQ8L6IVTN8f3MnTrqHulGWfx6PnSOjg +LQ640Z/SY9KMNnZvs66Ag7ka+2v7BDPYv3IkeUyPPQbrxDYs37vfa+iFKU/5CgYK +QFbFmeiP6C/jaExSz+up+ImwUyaVJWZjTWlh9z4dp7Z3C+avY4HzOEu/DlaPDAOS +KnlHRRaeX3Fyv41cva0CHxaJsbdeF/UrkTefClhOxvl+ZEFGqgbBvU/5nAUKk/1A +i/iPQ7Rfw/lKMc0/aLE3wx4WVxy2cVPlmxmQ2u3RwwRFAgMBAAGjUzBRMB0GA1Ud +DgQWBBTqyM9oMkpwxREibsYlOhq3gs+3yTAfBgNVHSMEGDAWgBTqyM9oMkpwxREi +bsYlOhq3gs+3yTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCf +mdUw76V5pyMt+2wIurGDdItl6OZDmNOh7HGR6Nh7Y9pRe1cjzdRweIbH5CA+NLuv +J1rQB1pdt1Jk6fnH2hk8U8rpGFoZgHFHEVaIo5sge4HCL2qlnBPU5skDH7D891HK +qEzAKNJRsJTqzmItzBDQzjZ185BijcM/X3NZjTfiOGJwcMehH/F85syXQLODrXgp +mg0exCUFW40aXpfm0z0dNNwoN+FPSefKMYMQ1LV87I6zGnmVTYH9Nix3REiuliIQ +7XXnJc7A6tsc6yXdVG6IpGnKXuTvl/r4iIbH+JDv3MDSvZSCE5kzAPFjgB3zMAZ8 +Z0+424ERgom0Zdy75Y8I +-----END CERTIFICATE-----`) + // generated with `openssl ecparam -genkey -name prime256v1 -noout -out ecdsa.key` + ecdsaKeyPEM = []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMDaz87Hngva0Wm+QkhCJ0Nz5o958+dsyH0DzsCe6Fl6oAoGCCqGSM49 +AwEHoUQDQgAEI06FHb4RKoYKcj+51w6WcN7kNI9OVSTp6H8BlljYYs2zxuIh6LQ3 +hXIC6UT+IOGQBnvq86SAbnPEWMLowtQc/Q== +-----END EC PRIVATE KEY----- +`) + // generated with `openssl genpkey -algorithm ed25519 -out ed25519.key` + ed25519KeyPEM = []byte(`-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIGf81V4UAiKXFehNALvwlSlB8ZYb/RbRUMSdTG3mSZLN +-----END PRIVATE KEY----- +`) +) diff --git a/api/utils/keys/signer.go b/api/utils/keys/signer.go new file mode 100644 index 0000000000000..8e7b5dfb8367f --- /dev/null +++ b/api/utils/keys/signer.go @@ -0,0 +1,86 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package keys + +import ( + "crypto" + "crypto/rsa" + "crypto/tls" + "crypto/x509" + "encoding/pem" + + "github.com/gravitational/trace" +) + +// Signer implements crypto.Signer with additional helper methods. +type Signer interface { + crypto.Signer + + // PrivateKeyPEM returns PEM encoded private key data. This may be data necessary + // to retrieve the key, such as a Yubikey serial number and slot, or it can be a + // PKCS marshaled private key. + // + // The resulting PEM encoded data should only be decoded with ParsePrivateKey to + // prevent errors from parsing non PKCS marshaled keys, such as a PIV key. + PrivateKeyPEM() []byte + + // TLSCertificate parses the given TLS certificate paired with the private key + // to rerturn a tls.Certificate, ready to be used in a TLS handshake. + TLSCertificate(tlsCert []byte) (tls.Certificate, error) +} + +// StandardSigner is a shared Signer implementation for standard crypto.PrivateKey +// implemenations, which are *rsa.PrivateKey, *ecdsa.PrivateKey, and ed25519.PrivateKey. +type StandardSigner struct { + // Signer is an *rsa.PrivateKey, *ecdsa.PrivateKey, or ed25519.PrivateKey. + crypto.Signer + // keyPEM is the PEM-encoded private key. + keyPEM []byte +} + +// NewStandardSigner creates a new StandardSigner from the given *rsa.PrivateKey. +func NewRSASigner(rsaKey *rsa.PrivateKey) (*StandardSigner, error) { + // We encode the private key in PKCS #1, ASN.1 DER form + // instead of PKCS #8 to maintain compatibility with some + // third party clients. + keyPEM := pem.EncodeToMemory(&pem.Block{ + Type: PKCS1PrivateKeyType, + Headers: nil, + Bytes: x509.MarshalPKCS1PrivateKey(rsaKey), + }) + + return newStandardSigner(rsaKey, keyPEM), nil +} + +func newStandardSigner(signer crypto.Signer, keyPEM []byte) *StandardSigner { + return &StandardSigner{ + Signer: signer, + keyPEM: keyPEM, + } +} + +// PrivateKeyPEM returns the PEM-encoded private key. +func (s *StandardSigner) PrivateKeyPEM() []byte { + return s.keyPEM +} + +// TLSCertificate parses the given TLS certificate paired with the private key +// to return a tls.Certificate, ready to be used in a TLS handshake. +func (s *StandardSigner) TLSCertificate(certRaw []byte) (tls.Certificate, error) { + cert, err := tls.X509KeyPair(certRaw, s.keyPEM) + return cert, trace.Wrap(err) +} diff --git a/api/utils/sshutils/chconn.go b/api/utils/sshutils/chconn.go index ecd647b63ae6d..0de68696a5f0b 100644 --- a/api/utils/sshutils/chconn.go +++ b/api/utils/sshutils/chconn.go @@ -28,19 +28,27 @@ import ( "golang.org/x/crypto/ssh" ) +type Conn interface { + io.Closer + // RemoteAddr returns the remote address for this connection. + RemoteAddr() net.Addr + // LocalAddr returns the local address for this connection. + LocalAddr() net.Addr +} + // NewChConn returns a new net.Conn implemented over // SSH channel -func NewChConn(conn ssh.Conn, ch ssh.Channel) *ChConn { +func NewChConn(conn Conn, ch ssh.Channel) *ChConn { return newChConn(conn, ch, false) } // NewExclusiveChConn returns a new net.Conn implemented over // SSH channel, whenever this connection closes -func NewExclusiveChConn(conn ssh.Conn, ch ssh.Channel) *ChConn { +func NewExclusiveChConn(conn Conn, ch ssh.Channel) *ChConn { return newChConn(conn, ch, true) } -func newChConn(conn ssh.Conn, ch ssh.Channel, exclusive bool) *ChConn { +func newChConn(conn Conn, ch ssh.Channel, exclusive bool) *ChConn { reader, writer := net.Pipe() c := &ChConn{ Channel: ch, @@ -68,7 +76,7 @@ type ChConn struct { mu sync.Mutex ssh.Channel - conn ssh.Conn + conn Conn // exclusive indicates that whenever this channel connection // is getting closed, the underlying connection is closed as well exclusive bool diff --git a/api/utils/sshutils/ppk/ppk.go b/api/utils/sshutils/ppk/ppk.go new file mode 100644 index 0000000000000..2a2f022432d1a --- /dev/null +++ b/api/utils/sshutils/ppk/ppk.go @@ -0,0 +1,202 @@ +/* +Copyright 2021 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package ppk provides functions implementing conversion between Teleport's native RSA +// keypairs and PuTTY's PPK format. It also provides functions for working with RFC4251-formatted +// mpints and strings. +package ppk + +import ( + "bytes" + "crypto/hmac" + "crypto/rsa" + "crypto/sha256" + "encoding/base64" + "encoding/binary" + "encoding/hex" + "fmt" + "math/big" + + "github.com/gravitational/teleport/api/constants" + "github.com/gravitational/trace" +) + +// ConvertToPPK takes a regular RSA-formatted keypair and converts it into the PPK file format used by the PuTTY SSH client. +// The file format is described here: https://the.earth.li/~sgtatham/putty/0.76/htmldoc/AppendixC.html#ppk +func ConvertToPPK(privateKey *rsa.PrivateKey, pub []byte) ([]byte, error) { + // https://the.earth.li/~sgtatham/putty/0.76/htmldoc/AppendixC.html#ppk + // RSA keys are stored using an algorithm-name of 'ssh-rsa'. (Keys stored like this are also used by the updated RSA signature schemes that use + // hashes other than SHA-1. The public key data has already provided the key modulus and the public encoding exponent. The private data stores: + // mpint: the private decoding exponent of the key. + // mpint: one prime factor p of the key. + // mpint: the other prime factor q of the key. (RSA keys stored in this format are expected to have exactly two prime factors.) + // mpint: the multiplicative inverse of q modulo p. + ppkPrivateKey := new(bytes.Buffer) + + // mpint: the private decoding exponent of the key. + // this is known as 'D' + binary.Write(ppkPrivateKey, binary.BigEndian, getRFC4251Mpint(privateKey.D)) + + // mpint: one prime factor p of the key. + // this is known as 'P' + // the RSA standard dictates that P > Q + // for some reason what PuTTY names 'P' is Primes[1] to Go, and what PuTTY names 'Q' is Primes[0] to Go + P, Q := privateKey.Primes[1], privateKey.Primes[0] + binary.Write(ppkPrivateKey, binary.BigEndian, getRFC4251Mpint(P)) + + // mpint: the other prime factor q of the key. (RSA keys stored in this format are expected to have exactly two prime factors.) + // this is known as 'Q' + binary.Write(ppkPrivateKey, binary.BigEndian, getRFC4251Mpint(Q)) + + // mpint: the multiplicative inverse of q modulo p. + // this is known as 'iqmp' + iqmp := new(big.Int).ModInverse(Q, P) + binary.Write(ppkPrivateKey, binary.BigEndian, getRFC4251Mpint(iqmp)) + + // now we need to base64-encode the PPK-formatted private key which is made up of the above values + ppkPrivateKeyBase64 := make([]byte, base64.StdEncoding.EncodedLen(ppkPrivateKey.Len())) + base64.StdEncoding.Encode(ppkPrivateKeyBase64, ppkPrivateKey.Bytes()) + + // read Teleport public key + // fortunately, this is the one thing that's in exactly the same format that the PPK file uses, so we can just copy it verbatim + // remove ssh-rsa plus additional space from beginning of string if present + if !bytes.HasPrefix(pub, []byte(constants.SSHRSAType+" ")) { + return nil, trace.BadParameter("pub does not appear to be an ssh-rsa public key") + } + pub = bytes.TrimSuffix(bytes.TrimPrefix(pub, []byte(constants.SSHRSAType+" ")), []byte("\n")) + + // the PPK file contains an anti-tampering MAC which is made up of various values which appear in the file. + // copied from Section C.3 of https://the.earth.li/~sgtatham/putty/0.76/htmldoc/AppendixC.html#ppk: + // hex-mac-data is a hexadecimal-encoded value, 64 digits long (i.e. 32 bytes), generated using the HMAC-SHA-256 algorithm with the following binary data as input: + // string: the algorithm-name header field. + // string: the encryption-type header field. + // string: the key-comment-string header field. + // string: the binary public key data, as decoded from the base64 lines after the 'Public-Lines' header. + // string: the plaintext of the binary private key data, as decoded from the base64 lines after the 'Private-Lines' header. + + // these values are also used in the MAC generation, so we declare them as variables + keyType := constants.SSHRSAType + encryptionType := "none" + // as work for the future, it'd be nice to get the proxy/user pair name in here to make the name more + // of a unique identifier. this has to be done at generation time because the comment is part of the MAC + fileComment := "teleport-generated-ppk" + + // string: the algorithm-name header field. + macKeyType := getRFC4251String([]byte(keyType)) + // create a buffer to hold the elements needed to generate the MAC + macInput := new(bytes.Buffer) + binary.Write(macInput, binary.LittleEndian, macKeyType) + + // string: the encryption-type header field. + macEncryptionType := getRFC4251String([]byte(encryptionType)) + binary.Write(macInput, binary.BigEndian, macEncryptionType) + + // string: the key-comment-string header field. + macComment := getRFC4251String([]byte(fileComment)) + binary.Write(macInput, binary.BigEndian, macComment) + + // base64-decode the Teleport public key, as we need its binary representation to generate the MAC + decoded := make([]byte, base64.StdEncoding.EncodedLen(len(pub))) + n, err := base64.StdEncoding.Decode(decoded, pub) + if err != nil { + return nil, trace.Errorf("could not base64-decode public key: %v, got %v bytes successfully", err, n) + } + decoded = decoded[:n] + // append the decoded public key bytes to the MAC buffer + macPublicKeyData := getRFC4251String(decoded) + binary.Write(macInput, binary.BigEndian, macPublicKeyData) + + // append our PPK-formatted private key bytes to the MAC buffer + macPrivateKeyData := getRFC4251String(ppkPrivateKey.Bytes()) + binary.Write(macInput, binary.BigEndian, macPrivateKeyData) + + // as per the PPK spec, the key for the MAC is blank when the PPK file is unencrypted. + // therefore, the key is a zero-length byte slice. + hmacHash := hmac.New(sha256.New, []byte{}) + // generate the MAC using HMAC-SHA-256 + hmacHash.Write(macInput.Bytes()) + macString := hex.EncodeToString(hmacHash.Sum(nil)) + + // build the string-formatted output PPK file + ppk := new(bytes.Buffer) + fmt.Fprintf(ppk, "PuTTY-User-Key-File-3: %v\n", keyType) + fmt.Fprintf(ppk, "Encryption: %v\n", encryptionType) + fmt.Fprintf(ppk, "Comment: %v\n", fileComment) + // chunk the Teleport-formatted public key into 64-character length lines + chunkedPublicKey := chunk(string(pub), 64) + fmt.Fprintf(ppk, "Public-Lines: %v\n", len(chunkedPublicKey)) + for _, r := range chunkedPublicKey { + fmt.Fprintf(ppk, "%s\n", r) + } + // chunk the PPK-formatted private key into 64-character length lines + chunkedPrivateKey := chunk(string(ppkPrivateKeyBase64), 64) + fmt.Fprintf(ppk, "Private-Lines: %v\n", len(chunkedPrivateKey)) + for _, r := range chunkedPrivateKey { + fmt.Fprintf(ppk, "%s\n", r) + } + fmt.Fprintf(ppk, "Private-MAC: %v\n", macString) + + return ppk.Bytes(), nil +} + +// chunk converts a string into a []string with chunks of size chunkSize; +// used to split base64-encoded strings across multiple lines with an even width. +// note: this function operates on Unicode code points rather than bytes, therefore +// using it with multi-byte characters will result in unevenly chunked strings. +// it's intended usage is only for chunking base64-encoded strings. +func chunk(s string, size int) []string { + var chunks []string + for b := []byte(s); len(b) > 0; { + n := size + if n > len(b) { + n = len(b) + } + chunks = append(chunks, string(b[:n])) + b = b[n:] + } + return chunks +} + +// getRFC4251Mpint returns a stream of bytes representing a mixed-precision integer (a big.Int in Go) +// prepended with a big-endian uint32 expressing the length of the data following. +// This is the 'mpint' format in RFC4251 Section 5 (https://datatracker.ietf.org/doc/html/rfc4251#section-5) +func getRFC4251Mpint(n *big.Int) []byte { + buf := new(bytes.Buffer) + b := n.Bytes() + // RFC4251: If the most significant bit would be set for a positive number, the number MUST be preceded by a zero byte. + if b[0]&0x80 > 0 { + b = append([]byte{0}, b...) + } + // write a uint32 with the length of the byte stream to the buffer + binary.Write(buf, binary.BigEndian, uint32(len(b))) + // write the byte stream representing of the rest of the integer to the buffer + binary.Write(buf, binary.BigEndian, b) + return buf.Bytes() +} + +// getRFC4251String returns a stream of bytes representing a string prepended with a big-endian unit32 +// expressing the length of the data following. +// This is the 'string' format in RFC4251 Section 5 (https://datatracker.ietf.org/doc/html/rfc4251#section-5) +func getRFC4251String(data []byte) []byte { + buf := new(bytes.Buffer) + // write a uint32 with the length of the byte stream to the buffer + binary.Write(buf, binary.BigEndian, uint32(len(data))) + // write the byte stream representing of the rest of the data to the buffer + for _, v := range data { + binary.Write(buf, binary.BigEndian, v) + } + return buf.Bytes() +} diff --git a/api/utils/sshutils/ppk/ppk_test.go b/api/utils/sshutils/ppk/ppk_test.go new file mode 100644 index 0000000000000..5f950353b83c8 --- /dev/null +++ b/api/utils/sshutils/ppk/ppk_test.go @@ -0,0 +1,228 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package ppk_test provides tests for the ppk package +package ppk_test + +import ( + "crypto/rsa" + "testing" + + "github.com/gravitational/teleport/api/utils/keys" + "github.com/gravitational/teleport/api/utils/sshutils/ppk" + "github.com/stretchr/testify/require" +) + +func TestConvertToPPK(t *testing.T) { + tests := []struct { + desc string + priv []byte + pub []byte + output []byte + }{ + { + desc: "valid private and public keys 1", + priv: []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3U4OOAi+F1Ct1n8HZIs1P39CWB0mKLvshouuklenZug27SuI +14rjE+hOTNHYz/Pkvk5mmKuIdegMCe8FHAF6chygcEC9BDkowLO+2+f3sazGsu4A +9H4pDuUkuIM9MwmZV7A4TJ19rRAgha+6JKKR5KeEosfiLvAtOu2Pjqz8ZrOrUUqQ +1AJ71SkWMPTJFksTNmgaH7a0SgJ4vVYMlYIAeyoAgqn6Qvu5Kez5ROfeKD4zys/+ +iFenrgbJrC38GNe2rxtb8/gfy03023FlPAQjGd1VLjxm8jhcJFqgM+uHTGRckgjv +d+VIkCbvTwpPWvvZxQcRtk073P9G8xpiNz2qbwIDAQABAoIBAQCFv37obqA0BxaI +5AzbvyZXUdoO1s8RH0I7rn+7Ai6yCvXnMMBrRA0pIuTvmIOoaoZ8XXW0HzdByxQ7 +jLFR07Lk9Fgif328566xh/B5hyAzyW/tA9qf6P93eRVQTkDWb561WFMuOqCRz4VY +RnQBYB88SeHnX1Zbd9xeGOUCHZoNlrilVpgjscGcFNxyDP72qvI79z1vV+R6dhaf +YI2v1D6aqx9qM988ytOokNi79wYvSUxqitz3IOD5nBd9ZNBC0fDeVmHqqbHSvLrr +LouF7PiUuVA2LaWfVCy5dVtLkS16qbsfqzUA4B8Eg/oF0vPpJ7QMVxKI5j2//ScL +lQ9h6gUBAoGBAOQ0t9gGuHKOMcp3H9C2fzNVbbWTubJoUyzFGyx+U2aJ4byRbxS3 +5d9cVu1GpS2ZgW6izCmxTG61Q0qQd4iT8e5cnFRU1Q3aK29TTK5hptthknXwKkVN +vUtlYKRM3TPYeTJ3WMQCY/Lzm2uVhT2ZGkpu0NaA5qiWllyPm7HlyQA/AoGBAPhC +KzioaPlqzwNKtHCsDSyeXsxU1aJCuMCIcgOB1yzmaaeL95CwMouMgouFyQ/CtLtO +pQEjymGzVynwC15s1vh1nCOWlQCx6Cjs9ko9bmecqziyyWg94gn82yLU7gClQH6v ++ezQ1n7/pb1DO/8dytO3+BZKSQH9lobzravGTcnRAoGAL8nKZfaiUXrtelSP2Qke +ggV1v/x7epzWLh3ontylYmelWfOqq1AHV0ri+TU+CdqHfD+jOWfjdZuHx+mQ3oz8 +sMm8Avzw0MHLLrjm6e2RH4fDP+dXMsQgy9Ui88UU3XKLjsHnWMSXYZ0aAuGA0XFq +TAQAv6qmos9GFYQNOqe/+8kCgYEAv88H69eae5J9bTKr5R3Zc+7MmZy2Do70hbUm +OfV4lbVUTmJDHWQ1OUKPnlL4fJfX4Zwquo23kPLqVnmjnwoCsabUw15Vs1rBX9Vt +mQCLq7wNQlpIaKTfXw4hFXFkjdUf1oIKXGEiSK8mk+s9kKepDRlnsXklnUcbpRri +xQQLF/ECgYAmKBSQtPuyA9d3dAZj96HhYZzDjD2EtAhSUyx31vgqr8C7mmShQXLh +kFap4eAldBxySXp/5af7H1Xf4BIfbbc1prMM1vIRFTN6l6rbircak7bb9a/dgWmX +iukFsFq0G0Y2zt9oHOB7pKV/Kff4o1WQ0hcCBD6pZGhbsVxXBi4Oaw== +-----END RSA PRIVATE KEY----- +`), + pub: []byte(`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdTg44CL4XUK3WfwdkizU/f0JYHSYou+yGi66SV6dm6DbtK4jXiuMT6E5M0djP8+S+TmaYq4h16AwJ7wUcAXpyHKBwQL0EOSjAs77b5/exrMay7gD0fikO5SS4gz0zCZlXsDhMnX2tECCFr7okopHkp4Six+Iu8C067Y+OrPxms6tRSpDUAnvVKRYw9MkWSxM2aBoftrRKAni9VgyVggB7KgCCqfpC+7kp7PlE594oPjPKz/6IV6euBsmsLfwY17avG1vz+B/LTfTbcWU8BCMZ3VUuPGbyOFwkWqAz64dMZFySCO935UiQJu9PCk9a+9nFBxG2TTvc/0bzGmI3Papv`), + output: []byte(`PuTTY-User-Key-File-3: ssh-rsa +Encryption: none +Comment: teleport-generated-ppk +Public-Lines: 6 +AAAAB3NzaC1yc2EAAAADAQABAAABAQDdTg44CL4XUK3WfwdkizU/f0JYHSYou+yG +i66SV6dm6DbtK4jXiuMT6E5M0djP8+S+TmaYq4h16AwJ7wUcAXpyHKBwQL0EOSjA +s77b5/exrMay7gD0fikO5SS4gz0zCZlXsDhMnX2tECCFr7okopHkp4Six+Iu8C06 +7Y+OrPxms6tRSpDUAnvVKRYw9MkWSxM2aBoftrRKAni9VgyVggB7KgCCqfpC+7kp +7PlE594oPjPKz/6IV6euBsmsLfwY17avG1vz+B/LTfTbcWU8BCMZ3VUuPGbyOFwk +WqAz64dMZFySCO935UiQJu9PCk9a+9nFBxG2TTvc/0bzGmI3Papv +Private-Lines: 14 +AAABAQCFv37obqA0BxaI5AzbvyZXUdoO1s8RH0I7rn+7Ai6yCvXnMMBrRA0pIuTv +mIOoaoZ8XXW0HzdByxQ7jLFR07Lk9Fgif328566xh/B5hyAzyW/tA9qf6P93eRVQ +TkDWb561WFMuOqCRz4VYRnQBYB88SeHnX1Zbd9xeGOUCHZoNlrilVpgjscGcFNxy +DP72qvI79z1vV+R6dhafYI2v1D6aqx9qM988ytOokNi79wYvSUxqitz3IOD5nBd9 +ZNBC0fDeVmHqqbHSvLrrLouF7PiUuVA2LaWfVCy5dVtLkS16qbsfqzUA4B8Eg/oF +0vPpJ7QMVxKI5j2//ScLlQ9h6gUBAAAAgQD4Qis4qGj5as8DSrRwrA0snl7MVNWi +QrjAiHIDgdcs5mmni/eQsDKLjIKLhckPwrS7TqUBI8phs1cp8AtebNb4dZwjlpUA +sego7PZKPW5nnKs4ssloPeIJ/Nsi1O4ApUB+r/ns0NZ+/6W9Qzv/HcrTt/gWSkkB +/ZaG862rxk3J0QAAAIEA5DS32Aa4co4xyncf0LZ/M1VttZO5smhTLMUbLH5TZonh +vJFvFLfl31xW7UalLZmBbqLMKbFMbrVDSpB3iJPx7lycVFTVDdorb1NMrmGm22GS +dfAqRU29S2VgpEzdM9h5MndYxAJj8vOba5WFPZkaSm7Q1oDmqJaWXI+bseXJAD8A +AACBAM6/w3llPMNA/ZRm8wIXXssPgAZCN79zYtVu6n4KMqBzi7qj1er4gzsLZpKS +hpfdO/mDPhA3eFwU3XjYCKlHiJJYk53mc5sWwvbsfibAZSZAII/V4xWvRUUPE9EX +INDa/8cd4YSy3PiZnUTNLVb2SmRFhnlB8ZBk3CyGEvcHskir +Private-MAC: 2697903ac84b70273afc7adaa4e3ebb14536cdaf69654d40e3d46a5ba997ffb0 +`), + }, + { + desc: "valid private and public keys 2", + priv: []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAve2um90K1SkpJD1vcjm2zUYUh5ZU7q1cmO7F0J/6MCEcq3vH +fDPpPZ4uGLB9jPKzs6FYWhwFNW2oAsDvWSrwwxy5gl1dAdqp1wIm86gafShR0se5 +rSdhWKP40H2lHOysRC5Jr8cvVLgflvZ4PDMqr/63BKwwkT1vN2PuenYRAAIT77X9 +O0fumGQPKIxRGn5OPKEt1LzQ0+e/QlWrqZwzWDx5jqG3jbxibdcR/mHS60XdvusL +UqxxWPjhVlDsKfvh2lt5sqsjulWW/GyNtlCfaTn2uu0nV8nbT2OvEO+oM/uyHos5 +7aIyePcOzCVM4dug6xJinqYTaVUsskKjPGUV6QIDAQABAoIBAQCBfis9k6DOIukt +D0IL5DOxk2Vt6F5x+PsYPjva+SfwZrMQbC1fjlkpLM8LAFIpplRFVe1SSqZ2fhQ+ +BGNsLS3IKa6FprhCCl8f/BSoreWZjcLz7j63QxFJCUscg33u0aLGPbT5xtmLbpoD +KHpjuRMSuZz475mRfQx1/IldL2B52sIAD6XRTgFoRG+mLu2iNVvuE0RVbASiyOUs +lVwrGRI+5GuH8G6fDCJqpYzcm/S8VXmQc2jrbo/gQ76MkFxULqEMzadjN+XMXms7 +pGZLX6Hatubn1kmhl8l6+1GYLf1HVmWXoL+hgWwbfIn6WV9y/xpnoeoJfWcFLJli +yABDx/mBAoGBAPhw3thyEP+5jdH2n1vz4X76yUbNJXaJGXozdoNfFKNOrYjFCLnD +CzHJEQmDJoFCtF6TwgvFb90HNvtNLkbC81yotQ8rfDzNTlixUhycaSsCJBqw0loU +wXoYQZiXpbfqT9Y7x7pwMxzRtkQYvyaowc7qF1xwJHhyCjDx38jAGnZxAoGBAMO1 +DXUpca09h+FujJkziyJStYq0YKqsuKXW7CuAq2iY70lzhv+SIPErqcYIWwi8JNv9 +EwBlEmSltFyGtxpeIVl6MJTil3vQ6eOSBCwt/E1YKvZoLv6mDf52Lc/wKtlecRPG +Q7G2C1ioTD9lDiYysUDmkpfitiatFwEj+y606wL5AoGBAMlQJLM9Ets1D19QuWb4 +YwPS0aBGgZHgnD1yUBk5xW5jRajrCBwGmR6Zb+3GUUAyvhdZIccKEJAI1Zuiudnr +BOpTZovJT92w+0hRP1khwPJxxLHAEGOgJ/r4hsbQMx+phVHylPBVFIXIxSm+5726 +x3kUJSPpVxQmTG3GwPBaAddxAoGALq+4QCTc22j8S0jl/X4QSOXWLPqOvOhrPBSj +TlVpjpA9NRZ8M+eWODIkU/uWS+UmHdyndcamtp/ZAOGaOI4QApplkH7liEH0Kbeh +izCFKaZIyXNdEp5mZDepAhvW/PfMnd0ENRaqakHrvovK7k3VfxgCDH2m2l8cR8df +mmrKTXECgYEA300gTnT46pMU1Wr1Zq4vGauWzk3U4J9HUu3vNy+sg4EEZ9CoiNTw +0a3f8u8gNQjB30koGW/5jYex3fUcnjTPqEGaiiGjI4oxMhquzqkVQ8FwnBAXJgT8 +nQVO8MZw8iFeSap0ILum8t60sp1/u9aCWJbjPtb/fhx0q7SLdjFEw8s= +-----END RSA PRIVATE KEY----- +`), + pub: []byte(`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC97a6b3QrVKSkkPW9yObbNRhSHllTurVyY7sXQn/owIRyre8d8M+k9ni4YsH2M8rOzoVhaHAU1bagCwO9ZKvDDHLmCXV0B2qnXAibzqBp9KFHSx7mtJ2FYo/jQfaUc7KxELkmvxy9UuB+W9ng8Myqv/rcErDCRPW83Y+56dhEAAhPvtf07R+6YZA8ojFEafk48oS3UvNDT579CVaupnDNYPHmOobeNvGJt1xH+YdLrRd2+6wtSrHFY+OFWUOwp++HaW3myqyO6VZb8bI22UJ9pOfa67SdXydtPY68Q76gz+7IeizntojJ49w7MJUzh26DrEmKephNpVSyyQqM8ZRXp`), + output: []byte(`PuTTY-User-Key-File-3: ssh-rsa +Encryption: none +Comment: teleport-generated-ppk +Public-Lines: 6 +AAAAB3NzaC1yc2EAAAADAQABAAABAQC97a6b3QrVKSkkPW9yObbNRhSHllTurVyY +7sXQn/owIRyre8d8M+k9ni4YsH2M8rOzoVhaHAU1bagCwO9ZKvDDHLmCXV0B2qnX +AibzqBp9KFHSx7mtJ2FYo/jQfaUc7KxELkmvxy9UuB+W9ng8Myqv/rcErDCRPW83 +Y+56dhEAAhPvtf07R+6YZA8ojFEafk48oS3UvNDT579CVaupnDNYPHmOobeNvGJt +1xH+YdLrRd2+6wtSrHFY+OFWUOwp++HaW3myqyO6VZb8bI22UJ9pOfa67SdXydtP +Y68Q76gz+7IeizntojJ49w7MJUzh26DrEmKephNpVSyyQqM8ZRXp +Private-Lines: 14 +AAABAQCBfis9k6DOIuktD0IL5DOxk2Vt6F5x+PsYPjva+SfwZrMQbC1fjlkpLM8L +AFIpplRFVe1SSqZ2fhQ+BGNsLS3IKa6FprhCCl8f/BSoreWZjcLz7j63QxFJCUsc +g33u0aLGPbT5xtmLbpoDKHpjuRMSuZz475mRfQx1/IldL2B52sIAD6XRTgFoRG+m +Lu2iNVvuE0RVbASiyOUslVwrGRI+5GuH8G6fDCJqpYzcm/S8VXmQc2jrbo/gQ76M +kFxULqEMzadjN+XMXms7pGZLX6Hatubn1kmhl8l6+1GYLf1HVmWXoL+hgWwbfIn6 +WV9y/xpnoeoJfWcFLJliyABDx/mBAAAAgQDDtQ11KXGtPYfhboyZM4siUrWKtGCq +rLil1uwrgKtomO9Jc4b/kiDxK6nGCFsIvCTb/RMAZRJkpbRchrcaXiFZejCU4pd7 +0OnjkgQsLfxNWCr2aC7+pg3+di3P8CrZXnETxkOxtgtYqEw/ZQ4mMrFA5pKX4rYm +rRcBI/sutOsC+QAAAIEA+HDe2HIQ/7mN0fafW/PhfvrJRs0ldokZejN2g18Uo06t +iMUIucMLMckRCYMmgUK0XpPCC8Vv3Qc2+00uRsLzXKi1Dyt8PM1OWLFSHJxpKwIk +GrDSWhTBehhBmJelt+pP1jvHunAzHNG2RBi/JqjBzuoXXHAkeHIKMPHfyMAadnEA +AACAE820IDiCymxsVqgmBSNJttApBaSl3ljTzWWeJQR7ksIm9kBvy30j1682v0yq +RyPuY1EmQ3DJ3LqXbFq4qK12R/tALasyYyDYsJTt1xh+peFv23OSF8kDlG4MOdUp +3WPivAMSPR0QR192Emb0caXEkyAhvQLHKGoi8/TgbfMG6Gc= +Private-MAC: b5ede95d052e23815c8e8d816c758fb16370fc3178e1613fee61ec158900fd64 +`), + }, + { + desc: "valid public and private keys 3", + priv: []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAz5J/f572H95c9DDZLrXT0kmjytznkvntSOjxmJM44fL8DQz2 +NINFi4awTNYD1eIIzaO4LLw+uXFWKD2P9LgtJ/Cxdb9LRi1OZ5Qrw/jj173zf/g+ +wpItjoakgAzerHxKAPj3DB8iHFfPq+3MfdY36SZHT0GOU7QIhnYULKWWuVfexx25 +VtgdGsmL9jwfAftzh00aCIej9zi2eSfGYfcIeRlSh9wvoYldrZbRvLTeMbW+YznW +kH4W9taCGofrq/t8tN0beh9B7z2hMGxOLLnsxu3gQc2KIUqU5l1myL0rVncvSwZw +ppQudZYtRyzmLOOm9PEvJHWvgu6KQBj5F24xrwIDAQABAoIBAQC0BgOMJMqjkxAd +POxvhYUjoXhr7bDuGNKB5H38bNrto/aUPwSdQKilPPhUe1yyOCqYZwDJ06222aP2 +nIXooX+QX0EZtQHM6GhSjwByI78/kl/IQf30dCEMtpue7wqEn/ry4vooSiwkVsgm +/cPX811kWS2JgHq2/7JRI8GVgzu4m/wLtOVUIUiSG/zNZWx/ThEvvE/528z5MZG5 +zGuQobHH+zfGYqk9IABcpNMH+4S353oPXAej2bCsQU6x+alM5z0fi+PuWIWtaDIb +e/Va9WN2fghXF5lxu/+sCv8QkoPotbRfh0nLO0nTt4MUIFR0X/mVXbVWn+5SBhWC +YUgcjychAoGBAOtLKKqkYzuOIyB2E3b7dPJ1XuzHOXj0Co5DoVNNs8TyEggoQPuj +cTLUQaIN+M+MyNmtLi4GaF1dXRrJg7qZoJ681Vz0P+w+pso1UTQcja5G8iOwiKAD +MIkyH9t9iW8yDN+J0dEzTqAgOPIDxkwDWuvwvsBleJ2EAV6qdecjLpIRAoGBAOHW +0NGHYe4GCbt/gA5UVUYXehx9mckcLwyZJJThjTZXYr1kglRYa4de5YRMk9oPCHUu +ODKqxL8CTcKyIijj1fJGDVcqTPFXlS4UZ31RLMvVnDaMID7V2zx+wxJ9onwhj798 +1k3fVahH2vXOFH9AogeHKDNyD1RdwDNOhBy95Me/AoGALV+bAf0dXbi1MWdTrZgk +HzVfDs4EWTzGZFTKYWQUjKAZthT9IwmLpL+lwHhtSKjfeoqY4ys9KPP+JlJB4tQJ +U1Ma2ggH46jZRRkvBZuT/s2TmCpMzn6O94YA+rSkshq2vMy491yrhtlv4cu0i6gB ++om8XyGyNr3j/btlbSMtseECgYB66UL1Bk2SEc8yMI4tPlC6uQRIhUMxZRlmLeLu +9GK6dIzUruMPrJ+5KTiY7GR7hTsBK4qCaNZzbnmLwQ8+WeGS3fVcvzTpFNWoIorA +dXF/7l36ggD6scGEByl74syP6mQlv3eTIj2oPJM6vFIDf9WvayvB9A3LyMpWIiFc +0yy0WQKBgQDCPCUvQhiOJyQ63n3pjFl5/YOtadl9KUD/CmdyUkCt69QoFgG0wTAV +qalC9sysLQ1QI8A8GHNoNPjqMi7SWvzSgYN9TDRjS5GRlH13EALzP7AhWJWDoLYU +9DXNAEQrPMtX4Lzre7FmrYqEYqwdcac+vyXVgDA7ti1LhDhj8mm3Sg== +-----END RSA PRIVATE KEY----- +`), + pub: []byte(`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPkn9/nvYf3lz0MNkutdPSSaPK3OeS+e1I6PGYkzjh8vwNDPY0g0WLhrBM1gPV4gjNo7gsvD65cVYoPY/0uC0n8LF1v0tGLU5nlCvD+OPXvfN/+D7Cki2OhqSADN6sfEoA+PcMHyIcV8+r7cx91jfpJkdPQY5TtAiGdhQspZa5V97HHblW2B0ayYv2PB8B+3OHTRoIh6P3OLZ5J8Zh9wh5GVKH3C+hiV2tltG8tN4xtb5jOdaQfhb21oIah+ur+3y03Rt6H0HvPaEwbE4suezG7eBBzYohSpTmXWbIvStWdy9LBnCmlC51li1HLOYs46b08S8kda+C7opAGPkXbjGv`), + output: []byte(`PuTTY-User-Key-File-3: ssh-rsa +Encryption: none +Comment: teleport-generated-ppk +Public-Lines: 6 +AAAAB3NzaC1yc2EAAAADAQABAAABAQDPkn9/nvYf3lz0MNkutdPSSaPK3OeS+e1I +6PGYkzjh8vwNDPY0g0WLhrBM1gPV4gjNo7gsvD65cVYoPY/0uC0n8LF1v0tGLU5n +lCvD+OPXvfN/+D7Cki2OhqSADN6sfEoA+PcMHyIcV8+r7cx91jfpJkdPQY5TtAiG +dhQspZa5V97HHblW2B0ayYv2PB8B+3OHTRoIh6P3OLZ5J8Zh9wh5GVKH3C+hiV2t +ltG8tN4xtb5jOdaQfhb21oIah+ur+3y03Rt6H0HvPaEwbE4suezG7eBBzYohSpTm +XWbIvStWdy9LBnCmlC51li1HLOYs46b08S8kda+C7opAGPkXbjGv +Private-Lines: 14 +AAABAQC0BgOMJMqjkxAdPOxvhYUjoXhr7bDuGNKB5H38bNrto/aUPwSdQKilPPhU +e1yyOCqYZwDJ06222aP2nIXooX+QX0EZtQHM6GhSjwByI78/kl/IQf30dCEMtpue +7wqEn/ry4vooSiwkVsgm/cPX811kWS2JgHq2/7JRI8GVgzu4m/wLtOVUIUiSG/zN +ZWx/ThEvvE/528z5MZG5zGuQobHH+zfGYqk9IABcpNMH+4S353oPXAej2bCsQU6x ++alM5z0fi+PuWIWtaDIbe/Va9WN2fghXF5lxu/+sCv8QkoPotbRfh0nLO0nTt4MU +IFR0X/mVXbVWn+5SBhWCYUgcjychAAAAgQDh1tDRh2HuBgm7f4AOVFVGF3ocfZnJ +HC8MmSSU4Y02V2K9ZIJUWGuHXuWETJPaDwh1LjgyqsS/Ak3CsiIo49XyRg1XKkzx +V5UuFGd9USzL1Zw2jCA+1ds8fsMSfaJ8IY+/fNZN31WoR9r1zhR/QKIHhygzcg9U +XcAzToQcveTHvwAAAIEA60soqqRjO44jIHYTdvt08nVe7Mc5ePQKjkOhU02zxPIS +CChA+6NxMtRBog34z4zI2a0uLgZoXV1dGsmDupmgnrzVXPQ/7D6myjVRNByNrkby +I7CIoAMwiTIf232JbzIM34nR0TNOoCA48gPGTANa6/C+wGV4nYQBXqp15yMukhEA +AACAJ2iqIoXMYc0w3sXBQJ2BJyRYFBlZ0Czrz7xZEaBXrK5BcZjCARnmAp2Hfuvx +i0lz0PHAz9f6hpjZuLEGLO7f3kGMcyEquYd89FHvP1yLxggYiXGKNDYSDZRK8Yy7 +MipqcnT4j5zDuFi744aO5fIchKp02z+ttGVt/i5zuGNh+do= +Private-MAC: a9b12c6450e46fd7abbaaff5841f8a64f9597c7b2b59bd69d6fd3ceee0ca61ea +`), + }, + } + + for _, tc := range tests { + t.Run(tc.desc, func(t *testing.T) { + priv, err := keys.ParsePrivateKey(tc.priv) + require.NoError(t, err) + + rsaPriv, ok := priv.GetBaseSigner().(*rsa.PrivateKey) + require.True(t, ok) + + output, err := ppk.ConvertToPPK(rsaPriv, tc.pub) + require.NoError(t, err) + require.Equal(t, output, tc.output) + }) + } +} diff --git a/api/utils/sshutils/ssh.go b/api/utils/sshutils/ssh.go index e5d651b29b26e..4481916798245 100644 --- a/api/utils/sshutils/ssh.go +++ b/api/utils/sshutils/ssh.go @@ -19,23 +19,23 @@ limitations under the License. package sshutils import ( + "crypto" "crypto/subtle" - "fmt" "io" "net" - "runtime" - "github.com/gravitational/teleport/api/constants" "github.com/gravitational/teleport/api/defaults" + "github.com/gravitational/trace" "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/agent" ) const ( // ProxyHelloSignature is a string which Teleport proxy will send // right after the initial SSH "handshake/version" message if it detects // talking to a Teleport server. + // + // This is also leveraged by tsh to propagate its tracing span ID. ProxyHelloSignature = "Teleport-Proxy" ) @@ -97,122 +97,60 @@ func ParseAuthorizedKeys(authorizedKeys [][]byte) ([]ssh.PublicKey, error) { return keys, nil } -// ProxyClientSSHConfig returns an ssh.ClientConfig with SSH credentials from this -// Key and HostKeyCallback matching SSH CAs in the Key. +// ProxyClientSSHConfig returns an ssh.ClientConfig from the given ssh.AuthMethod. +// If sshCAs are provided, they will be used in the config's HostKeyCallback. // // The config is set up to authenticate to proxy with the first available principal. -// -func ProxyClientSSHConfig(sshCert, privKey []byte, caCerts [][]byte) (*ssh.ClientConfig, error) { - cert, err := ParseCertificate(sshCert) +func ProxyClientSSHConfig(sshCert *ssh.Certificate, priv crypto.Signer, sshCAs ...[]byte) (*ssh.ClientConfig, error) { + authMethod, err := AsAuthMethod(sshCert, priv) if err != nil { - return nil, trace.Wrap(err, "failed to extract username from SSH certificate") + return nil, trace.Wrap(err) } - authMethod, err := AsAuthMethod(cert, privKey) - if err != nil { - return nil, trace.Wrap(err, "failed to convert key pair to auth method") + cfg := &ssh.ClientConfig{ + Auth: []ssh.AuthMethod{authMethod}, + Timeout: defaults.DefaultDialTimeout, } - hostKeyCallback, err := HostKeyCallback(caCerts, false) - if err != nil { - return nil, trace.Wrap(err, "failed to convert certificate authorities to HostKeyCallback") + // The KeyId is not always a valid principal, so we use the first valid principal instead. + cfg.User = sshCert.KeyId + if len(sshCert.ValidPrincipals) > 0 { + cfg.User = sshCert.ValidPrincipals[0] } - // The KeyId is not always a valid principal, so we use the first valid principal instead. - user := cert.KeyId - if len(cert.ValidPrincipals) > 0 { - user = cert.ValidPrincipals[0] + if len(sshCAs) > 0 { + var err error + cfg.HostKeyCallback, err = HostKeyCallback(sshCAs, false) + if err != nil { + return nil, trace.Wrap(err, "failed to convert certificate authorities to HostKeyCallback") + } } - return &ssh.ClientConfig{ - User: user, - Auth: []ssh.AuthMethod{authMethod}, - HostKeyCallback: hostKeyCallback, - Timeout: defaults.DefaultDialTimeout, - }, nil + return cfg, nil } -// AsSigner returns an ssh.Signer from raw marshaled key and certificate. -func AsSigner(sshCert *ssh.Certificate, privKey []byte) (ssh.Signer, error) { - keys, err := AsAgentKeys(sshCert, privKey) - if err != nil { - return nil, trace.Wrap(err) - } - signer, err := ssh.NewSignerFromKey(keys[0].PrivateKey) +// SSHSigner returns an ssh.Signer from certificate and private key +func SSHSigner(sshCert *ssh.Certificate, signer crypto.Signer) (ssh.Signer, error) { + sshSigner, err := ssh.NewSignerFromKey(signer) if err != nil { return nil, trace.Wrap(err) } - signer, err = ssh.NewCertSigner(keys[0].Certificate, signer) + sshSigner, err = ssh.NewCertSigner(sshCert, sshSigner) if err != nil { return nil, trace.Wrap(err) } - return signer, nil + return sshSigner, nil } // AsAuthMethod returns an "auth method" interface, a common abstraction // used by Golang SSH library. This is how you actually use a Key to feed // it into the SSH lib. -func AsAuthMethod(sshCert *ssh.Certificate, privKey []byte) (ssh.AuthMethod, error) { - signer, err := AsSigner(sshCert, privKey) +func AsAuthMethod(sshCert *ssh.Certificate, signer crypto.Signer) (ssh.AuthMethod, error) { + sshSigner, err := SSHSigner(sshCert, signer) if err != nil { return nil, trace.Wrap(err) } - return ssh.PublicKeys(signer), nil -} - -// AsAgentKeys converts Key struct to a []*agent.AddedKey. All elements -// of the []*agent.AddedKey slice need to be loaded into the agent! -func AsAgentKeys(sshCert *ssh.Certificate, privKey []byte) ([]agent.AddedKey, error) { - // unmarshal private key bytes into a *rsa.PrivateKey - privateKey, err := ssh.ParseRawPrivateKey(privKey) - if err != nil { - return nil, trace.Wrap(err) - } - - // put a teleport identifier along with the teleport user into the comment field - comment := fmt.Sprintf("teleport:%v", sshCert.KeyId) - - // On Windows, return the certificate with the private key embedded. - if runtime.GOOS == constants.WindowsOS { - return []agent.AddedKey{ - { - PrivateKey: privateKey, - Certificate: sshCert, - Comment: comment, - LifetimeSecs: 0, - ConfirmBeforeUse: false, - }, - }, nil - } - - // On Unix, return the certificate (with embedded private key) as well as - // a private key. - // - // This is done because OpenSSH clients older than OpenSSH 7.3/7.3p1 - // (2016-08-01) have a bug in how they use certificates that have been loaded - // in an agent. Specifically when you add a certificate to an agent, you can't - // just embed the private key within the certificate, you have to add the - // certificate and private key to the agent separately. Teleport works around - // this behavior to ensure OpenSSH interoperability. - // - // For more details see the following: https://bugzilla.mindrot.org/show_bug.cgi?id=2550 - // WARNING: callers expect the returned slice to be __exactly as it is__ - return []agent.AddedKey{ - { - PrivateKey: privateKey, - Certificate: sshCert, - Comment: comment, - LifetimeSecs: 0, - ConfirmBeforeUse: false, - }, - { - PrivateKey: privateKey, - Certificate: nil, - Comment: comment, - LifetimeSecs: 0, - ConfirmBeforeUse: false, - }, - }, nil + return ssh.PublicKeys(sshSigner), nil } // HostKeyCallback returns an ssh.HostKeyCallback that validates host diff --git a/api/version.go b/api/version.go index 6757e1e81c6b7..185e984187fd5 100644 --- a/api/version.go +++ b/api/version.go @@ -3,7 +3,7 @@ package api const ( - Version = "10.0.0-dev" + Version = "10.3.1" ) // Gitref variable is automatically set to the output of git-describe diff --git a/assets/aws/files/bin/teleport-all-pre-start b/assets/aws/files/bin/teleport-all-pre-start index e5af3429be540..403572ed14cb5 100755 --- a/assets/aws/files/bin/teleport-all-pre-start +++ b/assets/aws/files/bin/teleport-all-pre-start @@ -1,7 +1,9 @@ #!/bin/bash # This script prepares a Letsencrypt certificate before all-in-one Teleport starts for the first time (if needed) set -e -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data (if present) if [ -f /etc/teleport.d/conf ]; then @@ -15,4 +17,4 @@ if [[ "${USE_LETSENCRYPT}" != "true" ]]; then fi # copy certificates into place -/bin/aws s3 sync s3://${TELEPORT_S3_BUCKET}/live/${TELEPORT_DOMAIN_NAME} /var/lib/teleport \ No newline at end of file +/bin/aws s3 sync --exact-timestamps s3://${TELEPORT_S3_BUCKET}/live/${TELEPORT_DOMAIN_NAME} /var/lib/teleport \ No newline at end of file diff --git a/assets/aws/files/bin/teleport-check-cert b/assets/aws/files/bin/teleport-check-cert index 2118a8d3d4fd5..2111c4b2731ce 100755 --- a/assets/aws/files/bin/teleport-check-cert +++ b/assets/aws/files/bin/teleport-check-cert @@ -2,8 +2,9 @@ # This script is called hourly to check if the certificate # has been renewed on S3 and if it has been renewed, restart teleport proxies - -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data . /etc/teleport.d/conf diff --git a/assets/aws/files/bin/teleport-generate-config b/assets/aws/files/bin/teleport-generate-config index a7a096876a2d6..142a34e459d9e 100755 --- a/assets/aws/files/bin/teleport-generate-config +++ b/assets/aws/files/bin/teleport-generate-config @@ -1,5 +1,5 @@ #!/bin/bash -if [[ "${DEBUG}" == "true" ]]; then +if [[ "${DEBUG:-false}" == "true" ]]; then set -x fi @@ -64,8 +64,8 @@ aws_metadata_get() { if ! is_test; then IMDS_TOKEN=$(curl -m5 -sS -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 300") - IMDS_TOKEN_HEADER="-H \"X-aws-ec2-metadata-token: ${IMDS_TOKEN}\"" - curl -m5 -sS "${IMDS_TOKEN_HEADER}" ${CURL_EXTRA_ARGS} http://169.254.169.254/latest/${REQUEST_PATH} + IMDS_TOKEN_HEADER="X-aws-ec2-metadata-token: ${IMDS_TOKEN}" + curl -m5 -sS -H "${IMDS_TOKEN_HEADER}" ${CURL_EXTRA_ARGS} http://169.254.169.254/latest/${REQUEST_PATH} else # return a pre-calculated value VARIABLE="TELEPORT_TESTVAR_${REQUEST}" diff --git a/assets/aws/files/bin/teleport-get-cert b/assets/aws/files/bin/teleport-get-cert index 2ddbeac816729..59f8897c90ebd 100755 --- a/assets/aws/files/bin/teleport-get-cert +++ b/assets/aws/files/bin/teleport-get-cert @@ -4,7 +4,9 @@ # to prove to letsencrypt that they own the domain. set -e -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data . /etc/teleport.d/conf @@ -27,4 +29,4 @@ echo "No certs/keys found in ${TELEPORT_S3_BUCKET}. Going to request certificate /usr/local/bin/certbot certonly -n --agree-tos --email ${TELEPORT_DOMAIN_ADMIN_EMAIL} --dns-route53 -d "${TELEPORT_DOMAIN_NAME}" -d "*.${TELEPORT_DOMAIN_NAME}" echo "Got wildcard certificate for ${TELEPORT_DOMAIN_NAME}. Syncing to S3." -aws s3 sync /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256 +aws s3 sync --exact-timestamps /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256 diff --git a/assets/aws/files/bin/teleport-lock b/assets/aws/files/bin/teleport-lock index 334e771af7855..34d4d293934ec 100755 --- a/assets/aws/files/bin/teleport-lock +++ b/assets/aws/files/bin/teleport-lock @@ -2,8 +2,10 @@ # Locking service makes sure that there is only one auth server performing certain action, # for example renewing or getting letsencrypt certificates -set -x set -e +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data . /etc/teleport.d/conf diff --git a/assets/aws/files/bin/teleport-renew-cert b/assets/aws/files/bin/teleport-renew-cert index 9ec035cc2e30d..b0d3ec9824a0a 100755 --- a/assets/aws/files/bin/teleport-renew-cert +++ b/assets/aws/files/bin/teleport-renew-cert @@ -4,7 +4,9 @@ # needs renewal, and renews the cert after that set -e -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data . /etc/teleport.d/conf @@ -14,6 +16,27 @@ if [ ! -f /etc/teleport.d/role.auth ] && [ ! -f /etc/teleport.d/role.all ]; then exit 0 fi +# Fetching certbot state +aws s3 sync --exact-timestamps "s3://${TELEPORT_S3_BUCKET}" /etc/letsencrypt/ --sse=AES256 + +# s3 does not support symlinks, we have to create them after the sync, else certbot will fail. +# live/ symlinks point to the latest archive//XX.pem where XX is incremented at each cert-renewal. +# The last iteration is retrieved by listing all fullchains, sorting them by iteration (this is not alphabetical order +# because fullchain10.pem should be greater than fullchain2.pem). We finally strip the id from the filename. +ARCHIVE_NUMBER="$( + find "/etc/letsencrypt/archive/${TELEPORT_DOMAIN_NAME}/" -iname "fullchain*.pem" \ + | sort -V \ + | tail -n 1 \ + | sed 's@.\+fullchain\([[:digit:]]\+\)\.pem@\1@' + )" + +PEM_FILES="cert chain fullchain privkey" + +for PEM_FILE in $PEM_FILES; do + rm "/etc/letsencrypt/live/${TELEPORT_DOMAIN_NAME}/${PEM_FILE}.pem" + ln -sf "/etc/letsencrypt/archive/${TELEPORT_DOMAIN_NAME}/${PEM_FILE}${ARCHIVE_NUMBER}.pem" "/etc/letsencrypt/live/${TELEPORT_DOMAIN_NAME}/${PEM_FILE}.pem" +done + # This is called periodically, if renewal is successful # certs are uploaded to the S3 Bucket /usr/local/bin/certbot renew --deploy-hook=/usr/local/bin/teleport-upload-cert diff --git a/assets/aws/files/bin/teleport-upload-cert b/assets/aws/files/bin/teleport-upload-cert index 819e5277173bc..c6c94900fc589 100755 --- a/assets/aws/files/bin/teleport-upload-cert +++ b/assets/aws/files/bin/teleport-upload-cert @@ -2,9 +2,11 @@ # This script is called to upload renewed cert # to the S3 bucket set -e -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Source variables from user-data . /etc/teleport.d/conf -aws s3 sync /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256 +aws s3 sync --exact-timestamps /etc/letsencrypt/ s3://${TELEPORT_S3_BUCKET} --sse=AES256 diff --git a/assets/aws/files/install.sh b/assets/aws/files/install.sh index 5b6f8c155b2f2..4e274c713ce37 100644 --- a/assets/aws/files/install.sh +++ b/assets/aws/files/install.sh @@ -1,5 +1,7 @@ #!/bin/bash -set -x +if [[ "${DEBUG:-false}" == "true" ]]; then + set -x +fi # Update packages yum -y update diff --git a/assets/backport/go.mod b/assets/backport/go.mod index a072cbcd89bd8..9b1fb72b1bec9 100644 --- a/assets/backport/go.mod +++ b/assets/backport/go.mod @@ -1,6 +1,6 @@ module github.com/teleport/assets/backport -go 1.17 +go 1.18 require ( github.com/google/go-github/v41 v41.0.0 diff --git a/assets/loadtest/.gitignore b/assets/loadtest/.gitignore index 249797b7fd965..7bf02cfaf4c25 100644 --- a/assets/loadtest/.gitignore +++ b/assets/loadtest/.gitignore @@ -2,6 +2,7 @@ etcd/certs/*.pem teleport/oidc.yaml k8s/*certificate*.yaml +k8s/tls.yaml k8s/secrets/** !k8s/secrets/Makefile diff --git a/assets/loadtest/Makefile b/assets/loadtest/Makefile index 244612c156012..f9bd2d0632248 100644 --- a/assets/loadtest/Makefile +++ b/assets/loadtest/Makefile @@ -1,6 +1,6 @@ SOAK_TEST_DURATION ?= 30m USE_CERT_MANAGER ?= yes -TELEPORT_IMAGE ?= quay.io/gravitational/teleport-ent:9.0.0 +TELEPORT_IMAGE ?= public.ecr.aws/gravitational/teleport-ent:10.0.0 NAMESPACE ?= loadtest .PHONY: reserve-ips diff --git a/assets/loadtest/k8s/Makefile b/assets/loadtest/k8s/Makefile index 68355e2db6382..beb4a40d338f3 100644 --- a/assets/loadtest/k8s/Makefile +++ b/assets/loadtest/k8s/Makefile @@ -3,12 +3,13 @@ CERT_MANAGER_VERSION ?= v1.7.1 SOAK_TEST_DURATION ?= 30m BACKEND ?= etcd USE_CERT_MANAGER ?= yes -TELEPORT_IMAGE ?= quay.io/gravitational/teleport-ent:9.0.0 +TELEPORT_IMAGE ?= public.ecr.aws/gravitational/teleport-ent:10.0.0 NAMESPACE ?= loadtest +NODE ?= # performs initialization needed for cluster # 1) generates etcd certs -# 2) creates loadtest namespace +# 2) creates namespace # 3) installs cert-manager # 4) creates and applies secrets .PHONY: setup @@ -94,6 +95,7 @@ generate-certificates: else .PHONY: generate-certificates generate-certificates: + kubectl apply -f tls.yaml endif # installs teleport auth, proxy, one IoT node and one non-IoT node @@ -118,12 +120,19 @@ delete-monitor: # installs an etcd cluster .PHONY: install-etcd install-etcd: - kubectl apply -f etcd.yaml + kubectl create configmap etcd-config -n $(NAMESPACE) \ + --from-file=etcd.sh=./etcd.sh \ + --dry-run=client -o yaml | kubectl apply -f - + + + @make expand-yaml FILENAME=etcd NAMESPACE=$(NAMESPACE) + kubectl apply -f etcd-gen.yaml # deletes etcd deployment, services, and configmaps .PHONY: delete-etcd delete-etcd: - kubectl delete -f etcd.yaml --ignore-not-found + kubectl delete -f etcd-gen.yaml --ignore-not-found + kubectl delete configmap etcd-config -n $(NAMESPACE) --ignore-not-found # install auth and applies required teleport resources for loadtests @@ -355,10 +364,10 @@ install-soaktest: # deploys a job to run the soak tests .PHONY: run-soak-tests run-soak-tests: - kubectl -n $(NAMESPACE) exec $$(kubectl get pod -n $(NAMESPACE) -l teleport-role="auth" -o jsonpath="{.items[0].metadata.name}") -c teleport -it \ + kubectl -n $(NAMESPACE) exec $$(kubectl get pod -n $(NAMESPACE) -l teleport-role="auth" -o jsonpath="{.items[0].metadata.name}") -it \ -- tctl auth sign --overwrite --user=soaktest-runner --out=/data/soaktest-auth --ttl=8760h --config /etc/teleport/teleport.yaml - kubectl cp -c teleport loadtest/$$(kubectl get pod -n $(NAMESPACE) -l teleport-role="auth" -o jsonpath="{.items[0].metadata.name}"):/data/soaktest-auth ./secrets/soaktest-auth + kubectl cp $(NAMESPACE)/$$(kubectl get pod -n $(NAMESPACE) -l teleport-role="auth" -o jsonpath="{.items[0].metadata.name}"):/data/soaktest-auth ./secrets/soaktest-auth kubectl wait --for=condition=available --timeout=600s deploy/node -n $(NAMESPACE) kubectl wait --for=condition=available --timeout=600s deploy/iot-node -n $(NAMESPACE) @@ -411,7 +420,7 @@ run-tc-scaling-test: @sleep 120 @make setup-tc - @sleep 1200 + @sleep 300 @make delete-tc @@ -423,32 +432,42 @@ run-tc-scaling-test: @sleep 120 @make setup-tc - @sleep 1200 + @sleep 300 @make delete-tc # collect goroutine and heap go profiles from the auth deployment .PHONY: collect-profiles -collect-profiles: - kubectl port-forward service/auth 3434:3434 -n $(NAMESPACE) > /dev/null 2>&1 & - - @echo "waiting for auth to be available..." +collect-profiles: collect-auth collect-proxy collect-node +.PHONY: collect-proxy +collect-proxy: + kubectl port-forward service/proxy 3434:3434 -n $(NAMESPACE) > /dev/null 2>&1 & + @echo "waiting for proxy to be available..." @timeout 30 sh -c 'until nc -z localhost 3434; do sleep 0.5; done' + @make fetch-profiles LOCATION=proxy-$(shell date +%s) + kill -s kill $$(pgrep -f 3434:3434) +.PHONY: collect-auth +collect-auth: + kubectl port-forward service/auth 3434:3434 -n $(NAMESPACE) > /dev/null 2>&1 & + @echo "waiting for auth to be available..." + @timeout 30 sh -c 'until nc -z localhost 3434; do sleep 0.5; done' @make fetch-profiles LOCATION=auth-$(shell date +%s) - kill -s kill $$(pgrep -f 3434:3434) - kubectl port-forward service/proxy 3434:3434 -n $(NAMESPACE) > /dev/null 2>&1 & - - @echo "waiting for proxy to be available..." - +ifeq ($(NODE),) +.PHONY: collect-node +collect-node: +else +.PHONY: collect-node +collect-node: + kubectl port-forward pod/$(NODE) 3434:3434 -n $(NAMESPACE) > /dev/null 2>&1 & + @echo "waiting for $(NODE) to be available..." @timeout 30 sh -c 'until nc -z localhost 3434; do sleep 0.5; done' - - @make fetch-profiles LOCATION=proxy-$(shell date +%s) - + @make fetch-profiles LOCATION=$(NODE)-$(shell date +%s) kill -s kill $$(pgrep -f 3434:3434) +endif # downloads the remote profiles .PHONY: fetch-profiles @@ -456,6 +475,7 @@ fetch-profiles: mkdir -p $(shell pwd)/profiles/$(LOCATION)/ curl -o $(shell pwd)/profiles/$(LOCATION)/goroutine.profile http://127.0.0.1:3434/debug/pprof/goroutine curl -o $(shell pwd)/profiles/$(LOCATION)/heap.profile http://127.0.0.1:3434/debug/pprof/heap + curl -o $(shell pwd)/profiles/$(LOCATION)/trace.profile http://127.0.0.1:3434/debug/pprof/trace # expands any placeholders in the provided yaml file with the value in the matching environment variable. the # output file will be named the same with a -gen suffix, i.e input = test then output will be test-gen.yaml diff --git a/assets/loadtest/k8s/etcd.sh b/assets/loadtest/k8s/etcd.sh new file mode 100644 index 0000000000000..9e7b9446f7667 --- /dev/null +++ b/assets/loadtest/k8s/etcd.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# This script runs etcd. +set -e +set -x + +PEERS="etcd-0=https://etcd-0.etcd:2380,etcd-1=https://etcd-1.etcd:2380,etcd-2=https://etcd-2.etcd:2380" +exec etcd \ + --name ${POD_NAME} \ + --advertise-client-urls https://${POD_NAME}.etcd:2379 \ + --listen-client-urls https://0.0.0.0:2379 \ + --initial-advertise-peer-urls https://${POD_NAME}.etcd:2380 \ + --listen-peer-urls https://0.0.0.0:2380 \ + --initial-cluster ${PEERS} \ + --trusted-ca-file=/etc/etcd/certs/ca-cert.pem \ + --cert-file=/etc/etcd/certs/server-cert.pem \ + --key-file=/etc/etcd/certs/server-key.pem \ + --peer-cert-file=/etc/etcd/certs/server-cert.pem \ + --peer-key-file=/etc/etcd/certs/server-key.pem \ + --peer-trusted-ca-file=/etc/etcd/certs/ca-cert.pem \ + --client-cert-auth \ + --peer-client-cert-auth \ + --auto-compaction-retention=1 \ No newline at end of file diff --git a/assets/loadtest/k8s/etcd.yaml b/assets/loadtest/k8s/etcd.yaml index 3a35bc04ca4bd..83c936bec4e7f 100644 --- a/assets/loadtest/k8s/etcd.yaml +++ b/assets/loadtest/k8s/etcd.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: etcd - namespace: loadtest + namespace: ${NAMESPACE} labels: app: etcd spec: @@ -18,6 +18,10 @@ spec: app: etcd spec: volumes: + - name: config + configMap: + name: etcd-config + defaultMode: 0777 - name: server-certs secret: secretName: etcd-server-certs @@ -33,36 +37,30 @@ spec: - containerPort: 2380 name: peer volumeMounts: + - mountPath: /scripts + name: config + readOnly: true - name: server-certs mountPath: /etc/etcd/certs/ readOnly: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name command: - /bin/sh - -c - | - PEERS="etcd-0=https://etcd-0.etcd:2380,etcd-1=https://etcd-1.etcd:2380,etcd-2=https://etcd-2.etcd:2380" - exec etcd \ - --name ${HOSTNAME} \ - --advertise-client-urls https://${HOSTNAME}.etcd:2379 \ - --listen-client-urls https://0.0.0.0:2379 \ - --initial-advertise-peer-urls https://${HOSTNAME}.etcd:2380 \ - --listen-peer-urls https://0.0.0.0:2380 \ - --initial-cluster ${PEERS} \ - --trusted-ca-file=/etc/etcd/certs/ca-cert.pem \ - --cert-file=/etc/etcd/certs/server-cert.pem \ - --key-file=/etc/etcd/certs/server-key.pem \ - --peer-cert-file=/etc/etcd/certs/server-cert.pem \ - --peer-key-file=/etc/etcd/certs/server-key.pem \ - --peer-trusted-ca-file=/etc/etcd/certs/ca-cert.pem \ - --client-cert-auth \ - --peer-client-cert-auth \ - --auto-compaction-retention=1 + cp /scripts/etcd.sh /tmp + chmod +x /tmp/etcd.sh + /tmp/etcd.sh --- apiVersion: v1 kind: Service metadata: name: etcd - namespace: loadtest + namespace: ${NAMESPACE} labels: app: etcd spec: diff --git a/assets/loadtest/network/main.tf b/assets/loadtest/network/main.tf index 6411b6b5be462..c12391b297034 100644 --- a/assets/loadtest/network/main.tf +++ b/assets/loadtest/network/main.tf @@ -16,10 +16,4 @@ resource "google_compute_address" "proxy_ip" { name = "proxy-ip" address_type = "EXTERNAL" network_tier = "PREMIUM" -} - -resource "google_compute_address" "grafana_ip" { - name = "grafana-ip" - address_type = "EXTERNAL" - network_tier = "PREMIUM" -} +} \ No newline at end of file diff --git a/assets/loadtest/network/outputs.tf b/assets/loadtest/network/outputs.tf index f907e364250f6..1b4b436a62242 100644 --- a/assets/loadtest/network/outputs.tf +++ b/assets/loadtest/network/outputs.tf @@ -1,9 +1,4 @@ output "proxy_ip" { description = "The static proxy ip address" value = google_compute_address.proxy_ip.address -} - -output "grafana_ip" { - description = "The static grafana ip address" - value = google_compute_address.grafana_ip.address } \ No newline at end of file diff --git a/assets/loadtest/teleport/soaktest.sh b/assets/loadtest/teleport/soaktest.sh index 0753f330d6e58..cb28bf6e7f614 100755 --- a/assets/loadtest/teleport/soaktest.sh +++ b/assets/loadtest/teleport/soaktest.sh @@ -3,28 +3,28 @@ set -e set -x -node=$(tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth -l root ls -f names | grep -v iot) -iot_node=$(tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth -l root ls -f names | grep iot) +direct_node=$(tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth -l root ls -f names | grep -v iot) +tunnel_node=$(tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth -l root ls -f names | grep iot) -echo "${node}" -echo "${iot_node}" +echo "${direct_node}" +echo "${tunnel_node}" -if [ -z "${node}" ]; then - echo "no regular nodes found to run soak test on."; +if [ -z "${direct_node}" ]; then + echo "no direct dial nodes found to run soak test on."; exit 1; fi -if [ -z "${iot_node}" ]; then - echo "no IoT nodes found to run soak test on."; +if [ -z "${tunnel_node}" ]; then + echo "no reverse tunnel nodes found to run soak test on."; exit 1; fi -echo "----Non-IoT Node Test----" -tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" root@"${node}" ls +echo "----Direct Dial Node Test----" +tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" root@"${direct_node}" ls -tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" --interactive root@"${node}" ps aux +tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" --interactive root@"${direct_node}" ps aux -echo "----IoT Node Test----" -tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" root@"${iot_node}" ls +echo "----Reverse Tunnel Node Test----" +tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" root@"${tunnel_node}" ls -tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" --interactive root@"${iot_node}" ps aux \ No newline at end of file +tsh --insecure --proxy="${PROXY_HOST}":3080 -i /etc/teleport/auth bench --duration="${DURATION}" --interactive root@"${tunnel_node}" ps aux \ No newline at end of file diff --git a/assets/loadtest/teleport/teleport-auth-etcd.yaml b/assets/loadtest/teleport/teleport-auth-etcd.yaml index 4e2857ba9617a..4ddc5db51ea07 100644 --- a/assets/loadtest/teleport/teleport-auth-etcd.yaml +++ b/assets/loadtest/teleport/teleport-auth-etcd.yaml @@ -1,6 +1,8 @@ teleport: log: severity: DEBUG + format: + output: json data_dir: /var/lib/teleport diff --git a/assets/loadtest/teleport/teleport-iot-node.yaml b/assets/loadtest/teleport/teleport-iot-node.yaml index 66a182079be96..6f0cf901dffbc 100644 --- a/assets/loadtest/teleport/teleport-iot-node.yaml +++ b/assets/loadtest/teleport/teleport-iot-node.yaml @@ -2,6 +2,8 @@ teleport: data_dir: /var/lib/teleport log: severity: DEBUG + format: + output: json storage: type: dir auth_servers: ["${PROXY_HOST}:3080"] diff --git a/assets/loadtest/teleport/teleport-node.yaml b/assets/loadtest/teleport/teleport-node.yaml index 7e497aebf1447..ebadb68dd5353 100644 --- a/assets/loadtest/teleport/teleport-node.yaml +++ b/assets/loadtest/teleport/teleport-node.yaml @@ -2,6 +2,8 @@ teleport: data_dir: /var/lib/teleport log: severity: DEBUG + format: + output: json storage: type: dir auth_servers: ["auth:3025"] diff --git a/assets/loadtest/teleport/teleport-proxy.yaml b/assets/loadtest/teleport/teleport-proxy.yaml index b0c4da055170f..ff50f5fa73e49 100644 --- a/assets/loadtest/teleport/teleport-proxy.yaml +++ b/assets/loadtest/teleport/teleport-proxy.yaml @@ -1,6 +1,8 @@ teleport: log: severity: DEBUG + format: + output: json data_dir: /var/lib/teleport auth_servers: ["auth:3025"] diff --git a/buf.gen.yaml b/buf.gen.yaml new file mode 100644 index 0000000000000..0f1a13f064c74 --- /dev/null +++ b/buf.gen.yaml @@ -0,0 +1,5 @@ +version: v1 +plugins: + - name: gogofast + out: . + opt: plugins=grpc diff --git a/buf.work.yaml b/buf.work.yaml new file mode 100644 index 0000000000000..ed56c80c50ae3 --- /dev/null +++ b/buf.work.yaml @@ -0,0 +1,4 @@ +version: v1 +directories: + - api/proto + - proto diff --git a/build.assets/Dockerfile b/build.assets/Dockerfile index c5eb42e9f8fc3..5cb2773212e77 100644 --- a/build.assets/Dockerfile +++ b/build.assets/Dockerfile @@ -80,7 +80,6 @@ RUN apt-get update -y --fix-missing && \ libpam-dev \ libsqlite3-0 \ libssl-dev \ - libudev-dev \ llvm-10 \ locales \ mingw-w64 \ @@ -166,8 +165,6 @@ RUN (curl -L https://github.com/bats-core/bats-core/archive/v1.2.1.tar.gz | tar ARG PROTOC_VER ARG GOGO_PROTO_TAG ENV GOGOPROTO_ROOT ${GOPATH}/src/github.com/gogo/protobuf -ENV PROTOC_NO_VENDOR true -ENV PROTOC /usr/local/bin/protoc RUN (export PROTOC_TARBALL=protoc-${PROTOC_VER}-linux-$(if [ "$BUILDARCH" = "amd64" ]; then echo "x86_64"; else echo "aarch_64"; fi).zip && \ curl -L -o /tmp/${PROTOC_TARBALL} https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VER}/${PROTOC_TARBALL} && \ @@ -180,6 +177,14 @@ RUN (git clone https://github.com/gogo/protobuf.git ${GOPATH}/src/github.com/gog git reset --hard ${GOGO_PROTO_TAG} && \ make install) +# Install buf +RUN BIN="/usr/local/bin" && \ + VERSION="1.7.0" && \ + curl -sSL \ + "https://github.com/bufbuild/buf/releases/download/v${VERSION}/buf-$(uname -s)-$(uname -m)" \ + -o "${BIN}/buf" && \ + chmod +x "${BIN}/buf" + ENV PROTO_INCLUDE "/usr/local/include":"/go/src":"/go/src/github.com/gogo/protobuf/protobuf":"${GOGOPROTO_ROOT}":"${GOGOPROTO_ROOT}/protobuf" # Install PAM module and policies for testing. @@ -208,8 +213,7 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --pr cargo --version && \ rustc --version && \ rustup component add rustfmt clippy && \ - if [ "$BUILDARCH" = "amd64" ]; then rustup target add i686-unknown-linux-gnu arm-unknown-linux-gnueabihf aarch64-unknown-linux-gnu; fi && \ - cargo install cbindgen + if [ "$BUILDARCH" = "amd64" ]; then rustup target add i686-unknown-linux-gnu arm-unknown-linux-gnueabihf aarch64-unknown-linux-gnu; fi # Switch back to root for the remaining instructions and keep it as the default # user. diff --git a/build.assets/Dockerfile-arm b/build.assets/Dockerfile-arm index b5bae88957071..08d99f276a631 100644 --- a/build.assets/Dockerfile-arm +++ b/build.assets/Dockerfile-arm @@ -1,5 +1,5 @@ ARG BUILDBOX_VERSION -FROM quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION +FROM public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION USER root diff --git a/build.assets/Dockerfile-arm-fips b/build.assets/Dockerfile-arm-fips index 571a02c398060..3096fc5bf0634 100644 --- a/build.assets/Dockerfile-arm-fips +++ b/build.assets/Dockerfile-arm-fips @@ -1,5 +1,5 @@ ARG BUILDBOX_VERSION -FROM quay.io/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION +FROM public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION RUN apt-get -y update && \ apt-get -y install gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu && \ diff --git a/build.assets/Dockerfile-centos7 b/build.assets/Dockerfile-centos7 index a187ad11e28b4..3139cd1bffc60 100644 --- a/build.assets/Dockerfile-centos7 +++ b/build.assets/Dockerfile-centos7 @@ -19,11 +19,12 @@ RUN git clone --depth=1 https://github.com/illiliti/libudev-zero.git -b 1.0.1 && # Instal openssl. # Pulled from source because repository versions are too old. +# install_sw install only binaries, skips docs. RUN git clone --depth=1 git://git.openssl.org/openssl.git -b OpenSSL_1_1_1o && \ cd openssl && \ ./config --release && \ make && \ - make install + make install_sw # Install libcbor. RUN git clone --depth=1 https://github.com/PJK/libcbor.git -b v0.9.0 && \ @@ -52,6 +53,35 @@ RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.11.0 && \ echo /usr/local/lib64 > /etc/ld.so.conf.d/libfido2.conf && \ ldconfig +FROM centos:7 AS libbpf + +# Install required dependencies. +RUN yum groupinstall -y 'Development Tools' && \ + yum install -y epel-release && \ + yum update -y && \ + yum -y install centos-release-scl-rh && \ + yum install -y \ + # required by libbpf + centos-release-scl \ + # required by libbpf + devtoolset-11-gcc* \ + # required by libbpf + devtoolset-11-make \ + # required by libbpf + elfutils-libelf-devel-static \ + git \ + # required by libbpf + scl-utils \ + yum clean all + +# Install libbpf - compile with a newer GCC. The one installed by default is not able to compile it. +# BUILD_STATIC_ONLY disables libbpf.so build as we don't need it. +ARG LIBBPF_VERSION +RUN mkdir -p /opt && cd /opt && \ + curl -L https://github.com/gravitational/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \ + cd /opt/libbpf-${LIBBPF_VERSION}/src && \ + scl enable devtoolset-11 "make && BUILD_STATIC_ONLY=y DESTDIR=/opt/libbpf make install" + FROM centos:7 AS buildbox ENV LANGUAGE=en_US.UTF-8 \ @@ -68,14 +98,27 @@ RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport) RUN yum groupinstall -y 'Development Tools' && \ + yum install -y epel-release && \ + yum update -y && \ + yum -y install centos-release-scl-rh && \ yum install -y \ - git \ - libatomic \ - net-tools \ - pam-devel \ - perl-IPC-Cmd \ - tree \ - zip \ + #required by libbpf + centos-release-scl \ + # required by libbpf + devtoolset-11-* \ + # required by libbpf + elfutils-libelf-devel-static \ + git \ + net-tools \ + # required by Teleport PAM support + pam-devel \ + perl-IPC-Cmd \ + tree \ + # used by our Makefile + which \ + zip \ + # required by libbpf + zlib-static && \ yum clean all # Install etcd. @@ -90,7 +133,11 @@ RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$GOLA /opt/go/bin/go version ENV GOPATH="/go" \ GOROOT="/opt/go" \ - PATH="/opt/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" + PATH="/opt/llvm/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" + +# BUILDARCH is automatically set by DOCKER when building the image with Build Kit (MacOS by deafult). +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG BUILDARCH # Install PAM module and policies for testing. COPY pam/ /opt/pam_teleport/ @@ -112,8 +159,7 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --pr rustup --version && \ cargo --version && \ rustc --version && \ - rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy && \ - cargo install cbindgen + rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy # Do a quick switch back to root and copy/setup libfido2 binaries. # Do this last to take better advantage of the multi-stage build. @@ -142,6 +188,11 @@ RUN cd /usr/local/lib64 && \ COPY pkgconfig/centos7/ / ENV PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" -USER ci +# Download pre-built CentOS 7 assets with clang needed to build BPF tools. +RUN cd / && curl -L https://s3.amazonaws.com/clientbuilds.gravitational.io/go/centos7-assets.tar.gz | tar -xz + +# Copy libbpf into the final image. +COPY --from=libbpf /opt/libbpf/usr /usr + VOLUME ["/go/src/github.com/gravitational/teleport"] EXPOSE 6600 2379 2380 diff --git a/build.assets/Dockerfile-centos7-fips b/build.assets/Dockerfile-centos7-fips index 9c44974b6631c..a6440ef88eb0e 100644 --- a/build.assets/Dockerfile-centos7-fips +++ b/build.assets/Dockerfile-centos7-fips @@ -1,3 +1,32 @@ +FROM centos:7 AS libbpf + +# Install required dependencies. +RUN yum groupinstall -y 'Development Tools' && \ + yum install -y epel-release && \ + yum update -y && \ + yum -y install centos-release-scl-rh && \ + yum install -y \ + # required by libbpf + centos-release-scl \ + # required by libbpf + devtoolset-11-gcc* \ + # required by libbpf + devtoolset-11-make \ + # required by libbpf + elfutils-libelf-devel-static \ + git \ + # required by libbpf + scl-utils \ + yum clean all + +# Install libbpf - compile with a newer GCC. The one installed by default is not able to compile it. +# BUILD_STATIC_ONLY disables libbpf.so build as we don't need it. +ARG LIBBPF_VERSION +RUN mkdir -p /opt && cd /opt && \ + curl -L https://github.com/gravitational/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz | tar xz && \ + cd /opt/libbpf-${LIBBPF_VERSION}/src && \ + scl enable devtoolset-11 "make && BUILD_STATIC_ONLY=y DESTDIR=/opt/libbpf make install" + FROM centos:7 ENV LANGUAGE=en_US.UTF-8 \ @@ -5,7 +34,6 @@ ENV LANGUAGE=en_US.UTF-8 \ LC_ALL=en_US.UTF-8 \ LC_CTYPE=en_US.UTF-8 -ARG RUST_VERSION ARG BORINGCRYPTO_RUNTIME ARG GO_BOOTSTRAP_RUNTIME=go1.9.7 @@ -14,9 +42,28 @@ ARG GID RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home --shell=/bin/sh && \ mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport) -# Install dev tools (make, etc) and a Perl package needed to build OpenSSL. -RUN yum groupinstall -y "Development Tools" -RUN yum install -y pam-devel net-tools tree git zip libatomic perl-IPC-Cmd && \ +RUN yum groupinstall -y 'Development Tools' && \ + yum install -y epel-release && \ + yum update -y && \ + yum -y install centos-release-scl-rh && \ + yum install -y \ + #required by libbpf + centos-release-scl \ + # required by libbpf + devtoolset-11-* \ + # required by libbpf + elfutils-libelf-devel-static \ + git \ + net-tools \ + # required by Teleport PAM support + pam-devel \ + perl-IPC-Cmd \ + tree \ + # used by our Makefile + which \ + zip \ + # required by libbpf + zlib-static && \ yum clean all # Install etcd. @@ -38,32 +85,22 @@ RUN mkdir -p /go-bootstrap && cd /go-bootstrap && curl https://dl.google.com/go/ chmod a-w / && \ /opt/go/bin/go version +ENV GOPATH="/go" \ + GOROOT="/opt/go" \ + PATH="/opt/llvm/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" + # Install PAM module and policies for testing. COPY pam/ /opt/pam_teleport/ RUN make -C /opt/pam_teleport install -# Install Rust. -ENV RUSTUP_HOME=/usr/local/rustup \ - CARGO_HOME=/usr/local/cargo \ - PATH=/usr/local/cargo/bin:$PATH \ - RUST_VERSION=$RUST_VERSION - -RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \ - mkdir -p $CARGO_HOME/registry && chmod -R a+w $CARGO_HOME - RUN chmod a-w / -USER ci -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \ - rustup --version && \ - cargo --version && \ - rustc --version && \ - rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy && \ - cargo install cbindgen +# Download pre-built CentOS 7 assets with clang needed to build BPF tools. +RUN cd / && curl -L https://s3.amazonaws.com/clientbuilds.gravitational.io/go/centos7-assets.tar.gz | tar -xz -ENV GOPATH="/go" \ - GOROOT="/opt/go" \ - PATH="/opt/bin:$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" +# Copy libbpf into the final image. +COPY --from=libbpf /opt/libbpf/usr /usr +USER ci VOLUME ["/go/src/github.com/gravitational/teleport"] EXPOSE 6600 2379 2380 diff --git a/build.assets/Dockerfile-cron b/build.assets/Dockerfile-cron index 80e48c82b35f7..e5230361bf696 100644 --- a/build.assets/Dockerfile-cron +++ b/build.assets/Dockerfile-cron @@ -16,7 +16,7 @@ RUN apk --update --no-cache add curl tar # a temporary directory for us to use in the second stage. RUN mkdir -p build && \ curl -Ls https://get.gravitational.com/${DOWNLOAD_TYPE}-${VERSION_TAG}-${OS}-${ARCH}${EXTRA_DOWNLOAD_ARGS}-bin.tar.gz | tar -xzf - && \ - cp $DOWNLOAD_TYPE/teleport $DOWNLOAD_TYPE/tctl $DOWNLOAD_TYPE/tsh build + cp $DOWNLOAD_TYPE/teleport $DOWNLOAD_TYPE/tctl $DOWNLOAD_TYPE/tsh $DOWNLOAD_TYPE/tbot build # Second stage builds final container with teleport binaries. FROM ubuntu:20.04 AS teleport @@ -29,10 +29,11 @@ RUN apt-get update && \ apt-get -y clean && \ rm -rf /var/lib/apt/lists/* -# Copy "teleport", "tctl", and "tsh" binaries from the previous stage. +# Copy "teleport", "tctl", "tbot", and "tsh" binaries from the previous stage. COPY --from=download /tmp/build/teleport /usr/local/bin/teleport COPY --from=download /tmp/build/tctl /usr/local/bin/tctl COPY --from=download /tmp/build/tsh /usr/local/bin/tsh +COPY --from=download /tmp/build/tbot /usr/local/bin/tbot # Run Teleport inside the image with a default config file location. ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] diff --git a/build.assets/Dockerfile-fips b/build.assets/Dockerfile-fips index 67a6b68c30efe..fdd4f00639b8d 100644 --- a/build.assets/Dockerfile-fips +++ b/build.assets/Dockerfile-fips @@ -62,6 +62,9 @@ RUN mkdir -p /opt && cd /opt && curl https://go-boringcrypto.storage.googleapis. chmod a+w /go && \ chmod a+w /var/lib && \ chmod a-w / +ENV GOPATH="/go" \ + GOROOT="/opt/go" \ + PATH="$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" # Install libbpf ARG LIBBPF_VERSION @@ -70,10 +73,6 @@ RUN mkdir -p /opt && cd /opt && curl -L https://github.com/gravitational/libbpf/ make && \ make install -ENV GOPATH="/go" \ - GOROOT="/opt/go" \ - PATH="$PATH:/opt/go/bin:/go/bin:/go/src/github.com/gravitational/teleport/build" - # Install PAM module and policies for testing. COPY pam/ /opt/pam_teleport/ RUN make -C /opt/pam_teleport install diff --git a/build.assets/Dockerfile-teleterm b/build.assets/Dockerfile-teleterm index da9da1d5cbae4..ea965e3d0f1ea 100644 --- a/build.assets/Dockerfile-teleterm +++ b/build.assets/Dockerfile-teleterm @@ -1,30 +1,31 @@ ARG BUILDBOX_VERSION # GRPC_NODE_PLUGIN_BINARY_TYPE can be "prebuilt" or "compiled" ARG GRPC_NODE_PLUGIN_BINARY_TYPE -FROM quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION as base +FROM public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION as base ARG BUILDARCH -# Install buf -RUN BIN="/usr/local/bin" && \ - VERSION="1.0.0-rc1" && \ - BINARY_NAME="buf" && \ - curl -sSL \ - "https://github.com/bufbuild/buf/releases/download/v${VERSION}/${BINARY_NAME}-$(uname -s)-$(uname -m)" \ - -o "${BIN}/${BINARY_NAME}" && \ - chmod +x "${BIN}/${BINARY_NAME}" - # Install node ARG NODE_VERSION ENV NODE_URL="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${BUILDARCH}.tar.xz" -ENV NODE_PATH="/usr/local/lib/node-v${NODE_VERSION}-linux-${BUILDARCH}" +ENV NODE_PATH="/usr/local/lib/nodejs-linux" ENV PATH="$PATH:${NODE_PATH}/bin" -RUN (curl -o /tmp/nodejs.tar.xz -L ${NODE_URL} && tar -xJf /tmp/nodejs.tar.xz -C /usr/local/lib) +RUN (export NODE_ARCH=$(if [ "$BUILDARCH" = "amd64" ]; then echo "x64"; else echo "arm64"; fi) && \ + export NODE_URL="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz" && \ + mkdir -p ${NODE_PATH} && \ + curl -o /tmp/nodejs.tar.xz -L ${NODE_URL} && \ + tar -xJf /tmp/nodejs.tar.xz -C /usr/local/lib/nodejs-linux --strip-components=1) +RUN corepack enable yarn # Install js proto tools RUN (npm install --global grpc_tools_node_protoc_ts@5.0.1) RUN go install github.com/golang/protobuf/protoc-gen-go@v1.4.3 +# Install rpm tools so we can build rpm packages +RUN apt-get update -y && apt-get install -q -y --no-install-recommends rpm && \ + apt-get clean -y && \ + rm -rf /var/lib/apt/lists/* + FROM base as grpc_node_plugin_binary_prebuilt ONBUILD RUN (npm install --global grpc-tools@1.11.2) diff --git a/build.assets/Makefile b/build.assets/Makefile index 0dea5197420f6..0ffdb5a391ffd 100644 --- a/build.assets/Makefile +++ b/build.assets/Makefile @@ -8,6 +8,11 @@ HOSTNAME=buildbox SRCDIR=/go/src/github.com/gravitational/teleport GOMODCACHE ?= /tmp/gomodcache DOCKERFLAGS := --rm=true -v "$$(pwd)/../":$(SRCDIR) -v /tmp:/tmp -w $(SRCDIR) -h $(HOSTNAME) -e GOMODCACHE=$(GOMODCACHE) + +# delete after webapps migration to teleport +WEBAPPSSRCDIR=/go/src/github.com/gravitational/webapps +WEBAPPSDOCKERFLAGS := $(DOCKERFLAGS) -v "$$(pwd)/../../webapps":$(WEBAPPSSRCDIR) + ADDFLAGS ?= BATSFLAGS := NOROOT=-u $$(id -u):$$(id -g) @@ -17,8 +22,8 @@ TEST_KUBE ?= OS ?= linux ARCH ?= amd64 BUILDBOX_VERSION ?= teleport10 -GOLANG_VERSION ?= go1.18.3 -RUST_VERSION ?= 1.61.0 +GOLANG_VERSION ?= go1.18.6 +RUST_VERSION ?= 1.63.0 # don't bump this without checking GLIBC compatibility NODE_VERSION ?= 16.13.2 BORINGCRYPTO_RUNTIME=$(GOLANG_VERSION)b7 LIBBPF_VERSION ?= 0.7.0-teleport @@ -34,15 +39,16 @@ RUNTIME_ARCH_aarch64 := arm64 RUNTIME_ARCH := $(RUNTIME_ARCH_$(HOST_ARCH)) PROTOC_VER ?= 3.13.0 +# Keep in sync with api/proto/buf.yaml (and buf.lock). GOGO_PROTO_TAG ?= v1.3.2 -BUILDBOX=quay.io/gravitational/teleport-buildbox:$(BUILDBOX_VERSION) -BUILDBOX_FIPS=quay.io/gravitational/teleport-buildbox-fips:$(BUILDBOX_VERSION) -BUILDBOX_CENTOS7=quay.io/gravitational/teleport-buildbox-centos7:$(BUILDBOX_VERSION) -BUILDBOX_CENTOS7_FIPS=quay.io/gravitational/teleport-buildbox-centos7-fips:$(BUILDBOX_VERSION) -BUILDBOX_ARM=quay.io/gravitational/teleport-buildbox-arm:$(BUILDBOX_VERSION) -BUILDBOX_ARM_FIPS=quay.io/gravitational/teleport-buildbox-arm-fips:$(BUILDBOX_VERSION) -BUILDBOX_TELETERM=quay.io/gravitational/teleport-buildbox-teleterm:$(BUILDBOX_VERSION) +BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:$(BUILDBOX_VERSION) +BUILDBOX_FIPS=public.ecr.aws/gravitational/teleport-buildbox-fips:$(BUILDBOX_VERSION) +BUILDBOX_CENTOS7=public.ecr.aws/gravitational/teleport-buildbox-centos7:$(BUILDBOX_VERSION) +BUILDBOX_CENTOS7_FIPS=public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$(BUILDBOX_VERSION) +BUILDBOX_ARM=public.ecr.aws/gravitational/teleport-buildbox-arm:$(BUILDBOX_VERSION) +BUILDBOX_ARM_FIPS=public.ecr.aws/gravitational/teleport-buildbox-arm-fips:$(BUILDBOX_VERSION) +BUILDBOX_TELETERM=public.ecr.aws/gravitational/teleport-buildbox-teleterm:$(BUILDBOX_VERSION) # These variables are used to dynamically change the name of the buildbox Docker image used by the 'release' # target. The other solution was to remove the 'buildbox' dependency from the 'release' target, but this would @@ -50,7 +56,7 @@ BUILDBOX_TELETERM=quay.io/gravitational/teleport-buildbox-teleterm:$(BUILDBOX_VE BUILDBOX_NAME=$(BUILDBOX) BUILDBOX_FIPS_NAME=$(BUILDBOX_FIPS) -DOCSBOX=quay.io/gravitational/next:main +DOCSBOX=public.ecr.aws/gravitational/docs ifneq ("$(KUBECONFIG)","") DOCKERFLAGS := $(DOCKERFLAGS) -v $(KUBECONFIG):/mnt/kube/config -e KUBECONFIG=/mnt/kube/config -e TEST_KUBE=$(TEST_KUBE) @@ -158,8 +164,11 @@ buildbox-centos7: docker build \ --build-arg UID=$(UID) \ --build-arg GID=$(GID) \ + --build-arg BUILDARCH=$(RUNTIME_ARCH) \ --build-arg GOLANG_VERSION=$(GOLANG_VERSION) \ --build-arg RUST_VERSION=$(RUST_VERSION) \ + --build-arg PROTOC_VER=$(PROTOC_VER) \ + --build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \ --cache-from $(BUILDBOX_CENTOS7) \ --tag $(BUILDBOX_CENTOS7) -f Dockerfile-centos7 . @@ -174,6 +183,7 @@ buildbox-centos7-fips: --build-arg GID=$(GID) \ --build-arg BORINGCRYPTO_RUNTIME=$(BORINGCRYPTO_RUNTIME) \ --build-arg RUST_VERSION=$(RUST_VERSION) \ + --build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \ --cache-from $(BUILDBOX_CENTOS7_FIPS) \ --tag $(BUILDBOX_CENTOS7_FIPS) -f Dockerfile-centos7-fips . @@ -221,19 +231,37 @@ buildbox-teleterm: buildbox --cache-from $(BUILDBOX_TELETERM) \ --tag $(BUILDBOX_TELETERM) -f Dockerfile-teleterm . + +CONNECT_VERSION ?= $(VERSION) +ifeq ($(CONNECT_VERSION),) +CONNECT_VERSION := $(BUILDBOX_VERSION)-dev +endif + +# +# Builds Teleport Connect inside the buildbox-teleterm container. +# +# Note: this assumes that gravitational/webapps already exists on the filesystem +# and is a sibling directory to Teleport. This is temporary and will be +# resolved when the webapps code is moved into this repository. +# +.PHONY:teleterm +teleterm: buildbox-teleterm + docker run $(WEBAPPSDOCKERFLAGS) $(NOROOT) $(BUILDBOX_TELETERM) \ + bash -c "cd ../webapps && export CONNECT_TSH_BIN_PATH=\$$PWD/../teleport/build/tsh && yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$(CONNECT_VERSION)" + # grpc generates GRPC stubs from inside the buildbox .PHONY: grpc grpc: buildbox docker run \ $(DOCKERFLAGS) -e CLANG_FORMAT=/usr/bin/clang-format-10 -t $(BUILDBOX) \ - make -C /go/src/github.com/gravitational/teleport buildbox-grpc + make -C /go/src/github.com/gravitational/teleport grpc/host # grpc-teleterm generates GRPC stubs for Teleterm from inside buildbox-teleterm .PHONY: grpc-teleterm grpc-teleterm: buildbox-teleterm docker run \ $(DOCKERFLAGS) -e CLANG_FORMAT=/usr/bin/clang-format-10 -t $(BUILDBOX_TELETERM) \ - make -C /go/src/github.com/gravitational/teleport buildbox-grpc-teleterm + make -C /go/src/github.com/gravitational/teleport grpc-teleterm/host # # Removes the docker image @@ -338,6 +366,15 @@ enter-root: buildbox enter/centos7: buildbox docker run $(DOCKERFLAGS) -ti $(NOROOT) \ -e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_CENTOS7) /bin/bash + +# +# Starts shell inside the teleterm container +# +.PHONY:enter/teleterm +enter/teleterm: buildbox-teleterm + docker run $(DOCKERFLAGS) -ti $(NOROOT) \ + -e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_TELETERM) /bin/bash + # # Create a Teleport package using the build container. # Don't use this target directly; call named Makefile targets like release-amd64. @@ -393,7 +430,7 @@ release-fips: buildbox-fips .PHONY:release-centos7 release-centos7: buildbox-centos7 docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7) \ - /usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) REPRODUCIBLE=no + /usr/bin/scl enable devtoolset-11 'make release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) REPRODUCIBLE=no' # # Create a Teleport FIPS package for CentOS 7 using the build container. @@ -402,7 +439,7 @@ release-centos7: buildbox-centos7 .PHONY:release-centos7-fips release-centos7-fips: docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7_FIPS) \ - /usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION) REPRODUCIBLE=no + /usr/bin/scl enable devtoolset-11 '/usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION) REPRODUCIBLE=no' # # Create a Windows Teleport package using the build container. @@ -410,15 +447,15 @@ release-centos7-fips: .PHONY:release-windows release-windows: buildbox docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX) \ - /usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=windows + /usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=windows RUNTIME=$(GOLANG_VERSION) REPRODUCIBLE=yes # -# Create a Windows Teleport package using the build container. +# Create an unsigned Windows Teleport package using the build container. # .PHONY:release-windows-unsigned release-windows-unsigned: buildbox docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX) \ - /usr/bin/make release-windows-unsigned -e ADDFLAGS="$(ADDFLAGS)" OS=windows + /usr/bin/make release-windows-unsigned -e ADDFLAGS="$(ADDFLAGS)" OS=windows RUNTIME=$(GOLANG_VERSION) REPRODUCIBLE=yes # # Run docs tester to detect problems. @@ -459,3 +496,11 @@ print-node-version: .PHONY:print-buildbox-version print-buildbox-version: @echo $(BUILDBOX_VERSION) + +# +# Build CentOS 7 assets such as clang. +# +.PHONY:build-centos7-assets +build-centos7-assets: + docker build --build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) -t buildbox-centos7-assets -f Dockerfile-centos7-assets . + docker run -v $$(pwd):/centos7.assets -it buildbox-centos7-assets cp /centos7-assets.tar.gz /centos7.assets diff --git a/build.assets/README.md b/build.assets/README.md index cc7b9a372d34b..f79703dde7028 100644 --- a/build.assets/README.md +++ b/build.assets/README.md @@ -26,3 +26,32 @@ Or simply copy the binary out of the image using a volume (it will be copied to ``` docker run -v $(pwd)/build:/builds -it teleportbuilder cp /gopath/src/github.com/gravitational/teleport/teleport.tgz /builds ``` + +# OS package repo migrations + +An OS package repo migration is semi-manually publishing specific releases to the new APT and YUM repos. This is required in several situations: +* A customer requests that we add an older version to the repos +* We add another OS package repo (for example APK) +* A OS package promotion fails (for example https://drone.platform.teleport.sh/gravitational/teleport/14666/1/3), requires a PR to fix, and we don't want to cut another minor version + +Multiple migrations can be performed at once. To run a migration do the following: +1. Clone https://github.com/gravitational/teleport.git. +2. Change to the directory the repo was cloned to. +3. Create a new branch from master. +4. Add the Teleport versions you wish to migration as demonstrated here: https://github.com/gravitational/teleport/commit/151a2f489e3116fc7ce8f55e056529361d3233a6#diff-2e3a64c97d186491e06fb2c7ead081b7ace2b67c4a4d974a563daf7c117a2c50. +5. Set the `migrationBranch` variable to the name of the branch you created in (3) as demonstrated here: https://github.com/gravitational/teleport/commit/151a2f489e3116fc7ce8f55e056529361d3233a6#diff-2e3a64c97d186491e06fb2c7ead081b7ace2b67c4a4d974a563daf7c117a2c50. +6. Get your Drone credentials from here: https://drone.platform.teleport.sh/account. +7. Export your drone credentials as shown under "Example CLI Usage" on the Drone account page +8. Open a new terminal. +9. Run `tsh app login drone` and follow any prompts. +10. Run `tsh proxy app drone` and copy the printed socket. This should look something like `127.0.0.1:60982` +11. Switch back to your previous terminal. +12. Run `export DRONE_SERVER=http://{host:port}`, replacing `{host:port}` with the data you copied in (10) +13. Run `make dronegen` +14. Commit the two changed files and push/publish the branch +15. Open a PR merging your changes into master via https://github.com/gravitational/teleport/compare +16. Under the "checks" section, click "details" on the check labeled "continuous-integration/drone/push" +17. Once the pipelines complete, comment out the versions you added and blank out the `migrationBranch` string set in (4, 5) as demonstrated here: https://github.com/gravitational/teleport/pull/15531/commits/9095880560cfe6c93e491e39a7604b1faf72c600#diff-2e3a64c97d186491e06fb2c7ead081b7ace2b67c4a4d974a563daf7c117a2c50 +18. Run `make dronegen` +19. Commit and push the changes. +20. Merge the PR and backport if required. \ No newline at end of file diff --git a/build.assets/build-common.sh b/build.assets/build-common.sh index 0593d132ba47a..841e2bffb8659 100644 --- a/build.assets/build-common.sh +++ b/build.assets/build-common.sh @@ -101,11 +101,14 @@ notarize() { fi # XCode 12. - local goncfg='' - goncfg="$(mktemp)" + local gondir='' + gondir="$(mktemp -d)" # Early expansion on purpose. #shellcheck disable=SC2064 - trap "rm -f '$goncfg'" EXIT + trap "rm -fr '$gondir'" EXIT + + # Gon configuration file needs a proper extension. + local goncfg="$gondir/gon.json" cat >"$goncfg" <"$toydir/toy.c" < + +int main() { + fido_init(0 /* flags */); + return 0; +} +EOF + + export PKG_CONFIG_PATH="$PKGFILE_DIR" + # Word splitting desired for pkg-config. + #shellcheck disable=SC2046 + gcc \ + $(pkg-config --cflags --libs libfido2-static) \ + -o "$toydir/toy.bin" \ + "$toydir/toy.c" +} + usage() { echo "Usage: $0 build|pkg_config_path" >&2 } build() { - local cbor_path="$LIB_CACHE/cbor-$CBOR_VERSION" - local crypto_path="$LIB_CACHE/crypto-$CRYPTO_VERSION" - local fido2_path="$LIB_CACHE/fido2-$FIDO2_VERSION" - - if [[ ! -d "$cbor_path" ]]; then + if [[ ! -d "$CBOR_PATH" ]]; then cbor_fetch_and_build fi - if [[ ! -d "$crypto_path" ]]; then + if [[ ! -d "$CRYPTO_PATH" ]]; then crypto_fetch_and_build fi - if [[ ! -d "$fido2_path" ]]; then + if [[ ! -d "$FIDO2_PATH" ]]; then fido2_fetch_and_build fi @@ -163,11 +189,8 @@ build() { trap "rm -f '$tmp'" EXIT # Write libfido2-static.pc to tmp. - local cbor="$LIB_CACHE/cbor-$CBOR_VERSION" - local crypto="$LIB_CACHE/crypto-$CRYPTO_VERSION" - local fido2="$LIB_CACHE/fido2-$FIDO2_VERSION" cat >"$tmp" <&2 + rm -fr "$CBOR_PATH" "$CRYPTO_PATH" "$FIDO2_PATH" + build + fi ;; pkg_config_path) echo "$PKGFILE_DIR" diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 07c2aa0126c12..5e89ce80dc9ce 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -122,9 +122,9 @@ else # set docker image appropriately if [[ "${PACKAGE_TYPE}" == "deb" ]]; then - DOCKER_IMAGE="quay.io/gravitational/fpm-debian:8" + DOCKER_IMAGE="public.ecr.aws/gravitational/fpm:debian8" elif [[ "${PACKAGE_TYPE}" == "rpm" ]]; then - DOCKER_IMAGE="quay.io/gravitational/fpm-centos:8" + DOCKER_IMAGE="public.ecr.aws/gravitational/fpm:centos8" fi fi diff --git a/build.assets/build-pkg-tsh.sh b/build.assets/build-pkg-tsh.sh index d01bfa791913e..3704a276980f3 100755 --- a/build.assets/build-pkg-tsh.sh +++ b/build.assets/build-pkg-tsh.sh @@ -10,6 +10,20 @@ usage() { log "Usage: $0 -t oss|eng -v version [-s tarball_directory] [-n]" } +# make_non_relocatable_plist changes the default component plist of the $root +# package to non-relocatable. +# This makes install paths consistent, which also facilitates pathing in +# pre/postscripts. +# Creates component_plist. +# See `man pkgbuild` for reference. +make_non_relocatable_plist() { + local root="$1" + local component_plist="$2" + + pkgbuild --analyze --root "$root" "$component_plist" + plutil -replace BundleIsRelocatable -bool NO "$component_plist" +} + main() { local buildassets='' buildassets="$(dirname "$0")" @@ -109,13 +123,9 @@ password created by APPLE_USERNAME" # We only care about the 'tsh' file for the script. tar xzf "$tarname" -C "$tmp" - # Copy and edit scripts, then write the correct VERSION variable. - cp -r "$buildassets/macos/scripts" "$tmp/" - sed -i '' "s/VERSION=''/VERSION='-v$TELEPORT_VERSION'/g" "$tmp/scripts"/* - # Prepare app shell. local skel="$buildassets/macos/$TSH_SKELETON" - local target="$tmp/root/tsh-v$TELEPORT_VERSION.app" + local target="$tmp/root/tsh.app" cp -r "$skel/tsh.app" "$target" mkdir -p "$target/Contents/MacOS/" cp "$tmp"/teleport*/tsh "$target/Contents/MacOS/" @@ -130,14 +140,21 @@ password created by APPLE_USERNAME" "$target" # Prepare and sign the installer package. - target="$tmp/tsh-v$TELEPORT_VERSION.pkg" # switches from app to pkg + # Note that the installer does __NOT__ have a `v` in the version number. + target="$tmp/tsh-$TELEPORT_VERSION.pkg" # switches from app to pkg + local pkg_root="$tmp/root" + local pkg_component_plist="$tmp/tsh-component.plist" + local pkg_scripts="$buildassets/macos/scripts" + make_non_relocatable_plist "$pkg_root" "$pkg_component_plist" pkgbuild \ - --root "$tmp/root/" \ + --root "$pkg_root" \ + --component-plist "$pkg_component_plist" \ --identifier "$TSH_BUNDLEID" \ --version "v$TELEPORT_VERSION" \ --install-location /Applications \ - --scripts "$tmp/scripts" \ + --scripts "$pkg_scripts" \ "$target.unsigned" + $DRY_RUN_PREFIX productsign \ --sign "$DEVELOPER_ID_INSTALLER" \ --timestamp \ @@ -155,7 +172,7 @@ password created by APPLE_USERNAME" mv "$target" . local bn='' bn="$(basename "$target")" - sha256sum "$bn" > "$bn.sha256" + shasum -a 256 "$bn" > "$bn.sha256" } main "$@" diff --git a/build.assets/build-test-compat.sh b/build.assets/build-test-compat.sh new file mode 100755 index 0000000000000..1f3a4bf6d1854 --- /dev/null +++ b/build.assets/build-test-compat.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +# +# /* +# Copyright 2022 Gravitational, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# */ +# + +# This script runs Teleport binaries using different Docker OS images +# to ensure compatibility. It mainly checks for missing library symbols, +# not shared libraries not installed by default in different OSes +# and ensure that Glibc version is sufficient. + +DISTROS=( + "ubuntu:14.04" + "ubuntu:16.04" + "ubuntu:18.04" + "ubuntu:20.04" + "ubuntu:22.04" + "centos:7" + "centos:8" + "debian:8" + "debian:9" + "debian:10" + "debian:11" + # Distroless Debian fails because of missing libgcc_s.so.1 + # https://github.com/gravitational/teleport/issues/14538 + #"gcr.io/distroless/base-debian11" + "gcr.io/distroless/cc" + "amazonlinux:1" + "amazonlinux:2" + "archlinux" + "oraclelinux:7" + "oraclelinux:8" + "fedora:34" + "fedora:latest" +) + +# Global variable to propagate error code from all commands. +# It will be set to non-zero value if any of run commands returns an error. +EXIT_CODE=0 + +# Run binary in a Docker container and propagate returned exit code. +# +# This will sometimes run under Google Cloud Build, which implies using Docker- +# out-of-Docker to interact with containers. This means that simply mounting +# the test targest into the test container won't work, as it would require +# knowledge of (and control over) the build container that we just don't have. +# +# In order to have a solution that works on both GCB and on a developer desktop, +# we instead jump through a lot of hoops that `docker run` normally takes care +# of (like manually creating the container, copying the test targets into it, +# manually starting it, etc). +# +# Arguments: +# $1 - distro name +# $2 - binary to run +# $3... - arguments to binary +function run_docker { + distro=$1 + binary=$(basename $2) + + container=$(docker create $distro /tmp/$binary "${@:3}") + # I *want* the variable below expanded now, so disabling lint + # shellcheck disable=SC2064 + trap "docker rm $container > /dev/null" RETURN + + docker cp $2 $container:/tmp/$binary + docker start $container > /dev/null + test_result=$(docker wait $container) + + EXIT_CODE=$((EXIT_CODE || test_result)) + if [ $test_result -ne 0 ] + then + echo "$binary failed on $distro:" + docker logs $container + fi + + return $test_result +} + +for DISTRO in "${DISTROS[@]}"; +do + echo "============ Checking ${DISTRO} ============" + docker pull "${DISTRO}" + + run_docker "$DISTRO" $PWD/build/teleport version + run_docker "$DISTRO" $PWD/build/tsh version + run_docker "$DISTRO" $PWD/build/tctl version + run_docker "$DISTRO" $PWD/build/tbot version +done + +exit $EXIT_CODE \ No newline at end of file diff --git a/build.assets/charts/Dockerfile b/build.assets/charts/Dockerfile index 0f2941254f93f..cbf32c8f1fa03 100644 --- a/build.assets/charts/Dockerfile +++ b/build.assets/charts/Dockerfile @@ -46,10 +46,11 @@ RUN apt-get update && \ apt-get -y clean && \ rm -rf /var/lib/apt/lists/* -# Bundle "teleport", "tctl", and "tsh" binaries into image. +# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. COPY teleport /usr/local/bin/teleport COPY tctl /usr/local/bin/tctl COPY tsh /usr/local/bin/tsh +COPY tbot /usr/local/bin/tbot # By setting this entry point, we expose make target as command. ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] diff --git a/build.assets/charts/Dockerfile-fips b/build.assets/charts/Dockerfile-fips index c989e5a4d38d1..46bf9d3a0aa15 100644 --- a/build.assets/charts/Dockerfile-fips +++ b/build.assets/charts/Dockerfile-fips @@ -46,10 +46,11 @@ RUN apt-get update && \ apt-get -y clean && \ rm -rf /var/lib/apt/lists/* -# Bundle "teleport", "tctl", and "tsh" binaries into image. +# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. COPY teleport /usr/local/bin/teleport COPY tctl /usr/local/bin/tctl COPY tsh /usr/local/bin/tsh +COPY tbot /usr/local/bin/tbot # By setting this entry point, we expose make target as command. ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/genproto.sh b/build.assets/genproto.sh new file mode 100755 index 0000000000000..e20a8d02deb10 --- /dev/null +++ b/build.assets/genproto.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Generates protos for Teleport and Teleport API. +set -eu + +main() { + cd "$(dirname "$0")" # ./build-assets/ + cd ../ # teleport root + + # Generated protos are written to + # /github.com/gravitational/teleport/..., so we copy them to + # the correct relative path. + trap 'rm -fr github.com' EXIT # don't leave github.com/ behind + rm -fr api/gen/proto gen/proto # cleanup gen/proto folders + buf generate + cp -r github.com/gravitational/teleport/* . +} + +main "$@" diff --git a/build.assets/macos/scripts/postinstall b/build.assets/macos/scripts/postinstall index abd404a3db420..6c81a42f16bec 100755 --- a/build.assets/macos/scripts/postinstall +++ b/build.assets/macos/scripts/postinstall @@ -1,10 +1,6 @@ #!/bin/sh set -eu -# VERSION is dynamically updated when the installer is created. -# Includes "-v" after edit, eg: "-v1.2.3". -VERSION='' - main() { BIN=/usr/local/bin/ [ ! -d "$BIN" ] && mkdir -p "$BIN" @@ -17,7 +13,7 @@ main() { # Link package to $BIN. rm -f "$BIN/tsh" # in case link exists - ln -s "/Applications/tsh$VERSION.app/Contents/MacOS/tsh" "$BIN/tsh" + ln -s "/Applications/tsh.app/Contents/MacOS/tsh" "$BIN/tsh" } main "$@" diff --git a/build.assets/tooling/cmd/build-apt-repos/config.go b/build.assets/tooling/cmd/build-apt-repos/config.go deleted file mode 100644 index e4ea43cfc7835..0000000000000 --- a/build.assets/tooling/cmd/build-apt-repos/config.go +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright 2022 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "os" - "strings" - - "github.com/gravitational/trace" - "github.com/sirupsen/logrus" - "golang.org/x/mod/semver" -) - -const StableChannelFlagValue string = "stable" - -type Config struct { - artifactPath string - artifactVersion string - bucketName string - localBucketPath string - releaseChannel string - aptlyPath string - logLevel uint - logJSON bool -} - -// Parses and validates the provided flags, returning the parsed arguments in a struct. -func ParseFlags() (*Config, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, trace.Wrap(err, "failed to get user's home directory path") - } - - config := &Config{} - flag.StringVar(&config.artifactPath, "artifact-path", "/artifacts", "Path to the filesystem tree containing the *.deb files to add to the APT repos") - flag.StringVar(&config.artifactVersion, "artifact-version", "", "The version of the artifacts that will be added to the APT repos") - flag.StringVar(&config.releaseChannel, "release-channel", "", "The release channel of the APT repos that the artifacts should be added to") - flag.StringVar(&config.bucketName, "bucket", "", "The name of the S3 bucket where the repo should be synced to/from") - flag.StringVar(&config.localBucketPath, "local-bucket-path", "/bucket", "The local path where the bucket should be synced to") - flag.StringVar(&config.aptlyPath, "aptly-root-dir", homeDir, "The Aptly \"rootDir\" (see https://www.aptly.info/doc/configuration/ for details)") - flag.UintVar(&config.logLevel, "log-level", uint(logrus.InfoLevel), "Log level from 0 to 6, 6 being the most verbose") - flag.BoolVar(&config.logJSON, "log-json", false, "True if the log entries should use JSON format, false for text logging") - - flag.Parse() - if err := Check(config); err != nil { - return nil, trace.Wrap(err, "failed to validate flags") - } - - return config, nil -} - -func Check(config *Config) error { - if err := validateArtifactPath(config.artifactPath); err != nil { - return trace.Wrap(err, "failed to validate the artifact path flag") - } - if err := validateBucketName(config.bucketName); err != nil { - return trace.Wrap(err, "failed to validate the bucket name flag") - } - if err := validateLocalBucketPath(config.localBucketPath); err != nil { - return trace.Wrap(err, "failed to validate the local bucket path flag") - } - if err := validateArtifactVersion(config.artifactVersion); err != nil { - return trace.Wrap(err, "failed to validate the artifact version flag") - } - if err := validateReleaseChannel(config.releaseChannel); err != nil { - return trace.Wrap(err, "failed to validate the release channel flag") - } - if err := validateLogLevel(config.logLevel); err != nil { - return trace.Wrap(err, "failed to validate the log level flag") - } - - return nil -} - -func validateArtifactPath(value string) error { - if value == "" { - return trace.BadParameter("the artifact-path flag should not be empty") - } - - if stat, err := os.Stat(value); os.IsNotExist(err) { - return trace.BadParameter("the artifact-path %q does not exist", value) - } else if !stat.IsDir() { - return trace.BadParameter("the artifact-path %q is not a directory", value) - } - - return nil -} - -func validateBucketName(value string) error { - if value == "" { - return trace.BadParameter("the bucket flag should not be empty") - } - - return nil -} - -func validateLocalBucketPath(value string) error { - if value == "" { - return trace.BadParameter("the local-bucket-path flag should not be empty") - } - - if stat, err := os.Stat(value); err == nil && !stat.IsDir() { - return trace.BadParameter("the local bucket path points to a file instead of a directory") - } - - return nil -} - -func validateArtifactVersion(value string) error { - if value == "" { - return trace.BadParameter("the artifact-version flag should not be empty") - } - - if !semver.IsValid(value) { - return trace.BadParameter("the artifact-version flag does not contain a valid semver version string") - } - - return nil -} - -func validateReleaseChannel(value string) error { - if value == "" { - return trace.BadParameter("the release-channel flag should not be empty") - } - - // Not sure what other channels we'd want to support, but they should be listed here - validReleaseChannels := []string{StableChannelFlagValue} - - for _, validReleaseChannel := range validReleaseChannels { - if value == validReleaseChannel { - return nil - } - } - - return trace.BadParameter("the release channel contains an invalid value. Valid values are: %s", strings.Join(validReleaseChannels, ",")) -} - -func validateLogLevel(value uint) error { - if value > 6 { - return trace.BadParameter("the log-level flag should be between 0 and 6") - } - - return nil -} diff --git a/build.assets/tooling/cmd/build-apt-repos/main.go b/build.assets/tooling/cmd/build-apt-repos/main.go deleted file mode 100644 index c4c08d03ef41d..0000000000000 --- a/build.assets/tooling/cmd/build-apt-repos/main.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2022 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "os" - - log "github.com/sirupsen/logrus" -) - -func main() { - supportedOSs := map[string][]string{ - "debian": { // See https://wiki.debian.org/DebianReleases#Production_Releases for details - "stretch", // 9 - "buster", // 10 - "bullseye", // 11 - "bookwork", // 12 - "trixie", // 13 - }, - "ubuntu": { // See https://wiki.ubuntu.com/Releases for details - "xenial", // 16.04 LTS - "yakkety", // 16.10 (EOL) - "zesty", // 17.04 (EOL) - "artful", // 17.10 (EOL) - "bionic", // 18.04 LTS - "cosmic", // 18.10 (EOL) - "disco", // 19.04 (EOL) - "eoan", // 19.10 (EOL) - "focal", // 20.04 LTS - "groovy", // 20.10 (EOL) - "hirsuite", // 21.04 (EOL) - "impish", // 21.10 (EOL on 7/14/22) - "jammy", // 22.04 LTS - }, - } - - config, err := ParseFlags() - if err != nil { - log.Fatal(err.Error()) - } - - setupLogger(config) - log.Debugf("Starting tool with config: %v", config) - - art, err := NewAptRepoTool(config, supportedOSs) - if err != nil { - log.Fatal(err.Error()) - } - - err = art.Run() - if err != nil { - log.Fatal(err.Error()) - } -} - -func setupLogger(config *Config) { - if config.logJSON { - log.SetFormatter(&log.JSONFormatter{}) - } else { - log.SetFormatter(&log.TextFormatter{}) - } - log.SetOutput(os.Stdout) - log.SetLevel(log.Level(config.logLevel)) -} diff --git a/build.assets/tooling/cmd/build-apt-repos/s3manager.go b/build.assets/tooling/cmd/build-apt-repos/s3manager.go deleted file mode 100644 index 3a060eb05e5dd..0000000000000 --- a/build.assets/tooling/cmd/build-apt-repos/s3manager.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2022 Gravitational, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "fmt" - "os" - - "github.com/aws/aws-sdk-go/aws/session" - "github.com/gravitational/trace" - "github.com/seqsense/s3sync" - "github.com/sirupsen/logrus" -) - -type S3manager struct { - syncManager *s3sync.Manager - bucketName string - bucketPath string -} - -func NewS3Manager(bucketName string) *S3manager { - // Right now the AWS session is only used by this manager, but if it ends - // up being needed elsewhere then it should probably be moved to an arg - awsSession := session.Must(session.NewSession()) - - manager := &S3manager{ - syncManager: s3sync.New(awsSession), - bucketName: bucketName, - bucketPath: fmt.Sprintf("s3://%s", bucketName), - } - - s3sync.SetLogger(&s3logger{}) - - return manager -} - -func (s *S3manager) DownloadExistingRepo(localPath string) error { - err := ensureDirectoryExists(localPath) - if err != nil { - return trace.Wrap(err, "failed to ensure path %q exists", localPath) - } - - err = s.sync(localPath, true) - if err != nil { - return trace.Wrap(err, "failed to download bucket") - } - - return nil -} - -func (s *S3manager) UploadBuiltRepo(localPath string) error { - err := s.sync(localPath, false) - - if err != nil { - return trace.Wrap(err, "failed to upload bucket") - } - - return nil -} - -func (s *S3manager) sync(localPath string, download bool) error { - var src, dest string - if download { - src = s.bucketPath - dest = localPath - } else { - src = localPath - dest = s.bucketPath - } - - logrus.Infof("Performing S3 sync from %q to %q...", src, dest) - err := s.syncManager.Sync(src, dest) - if err != nil { - return trace.Wrap(err, "failed to sync %q to %q", src, dest) - } - logrus.Infoln("S3 sync complete") - - return nil -} - -func ensureDirectoryExists(path string) error { - err := os.MkdirAll(path, 0660) - if err != nil { - return trace.Wrap(err, "failed to create directory %q", path) - } - - return nil -} diff --git a/build.assets/tooling/cmd/build-apt-repos/apt_repo_tool.go b/build.assets/tooling/cmd/build-os-package-repos/apt_repo_tool.go similarity index 82% rename from build.assets/tooling/cmd/build-apt-repos/apt_repo_tool.go rename to build.assets/tooling/cmd/build-os-package-repos/apt_repo_tool.go index 27ae11f1bd428..66e0e60ed9545 100644 --- a/build.assets/tooling/cmd/build-apt-repos/apt_repo_tool.go +++ b/build.assets/tooling/cmd/build-os-package-repos/apt_repo_tool.go @@ -22,40 +22,51 @@ import ( "strings" "time" + "github.com/davecgh/go-spew/spew" "github.com/gravitational/trace" "github.com/sirupsen/logrus" "golang.org/x/mod/semver" ) type AptRepoTool struct { - config *Config + config *AptConfig aptly *Aptly + gpg *GPG s3Manager *S3manager supportedOSs map[string][]string } // Instantiates a new apt repo tool instance and performs any required setup/config. -func NewAptRepoTool(config *Config, supportedOSs map[string][]string) (*AptRepoTool, error) { - art := &AptRepoTool{ - config: config, - s3Manager: NewS3Manager(config.bucketName), - supportedOSs: supportedOSs, - } - +func NewAptRepoTool(config *AptConfig, supportedOSs map[string][]string) (*AptRepoTool, error) { aptly, err := NewAptly(config.aptlyPath) if err != nil { return nil, trace.Wrap(err, "failed to create a new aptly instance") } - art.aptly = aptly + gpg, err := NewGPG() + if err != nil { + return nil, trace.Wrap(err, "failed to create a new GPG instance") + } + + s3Manager, err := NewS3Manager(config.S3Config) + if err != nil { + return nil, trace.Wrap(err, "failed to create a new s3manager instance") + } - return art, nil + return &AptRepoTool{ + aptly: aptly, + config: config, + gpg: gpg, + s3Manager: s3Manager, + supportedOSs: supportedOSs, + }, nil } // Runs the tool, creating and updating APT repos based upon the current configuration. func (art *AptRepoTool) Run() error { start := time.Now() logrus.Infoln("Starting APT repo build process...") + logrus.Debugf("Using config: %+v", spew.Sdump(art.config)) isFirstRun, err := art.aptly.IsFirstRun() if err != nil { @@ -65,7 +76,7 @@ func (art *AptRepoTool) Run() error { if isFirstRun { logrus.Warningln("First run or disaster recovery detected, attempting to rebuild existing repos from APT repository...") - err = art.s3Manager.DownloadExistingRepo(art.config.localBucketPath) + err = art.s3Manager.DownloadExistingRepo() if err != nil { return trace.Wrap(err, "failed to sync existing repo from S3 bucket") } @@ -74,6 +85,8 @@ func (art *AptRepoTool) Run() error { if err != nil { return trace.Wrap(err, "failed to recreate existing repos") } + } else { + logrus.Debugf("Not first run of tool, skipping Aptly repository rebuild process") } // Note: this logic will only push the artifact into the `art.supportedOSs` repos. @@ -94,11 +107,24 @@ func (art *AptRepoTool) Run() error { return trace.Wrap(err, "failed to publish repos") } - err = art.s3Manager.UploadBuiltRepo(filepath.Join(art.aptly.rootDir, "public")) + // Both Hashicorp and Docker publish their key to this path + err = art.gpg.WritePublicKeyToFile(filepath.Join(art.aptly.rootDir, "public", "gpg")) + if err != nil { + return trace.Wrap(err, "failed to write GPG public key") + } + + art.s3Manager.ChangeLocalBucketPath(filepath.Join(art.aptly.rootDir, "public")) + err = art.s3Manager.UploadBuiltRepo() if err != nil { return trace.Wrap(err, "failed to sync changes to S3 bucket") } + // Future work: add literals to config? + err = art.s3Manager.UploadRedirectURL("index.html", "https://goteleport.com/docs/installation/#linux") + if err != nil { + return trace.Wrap(err, "failed to redirect index page to Teleport docs") + } + logrus.Infof("APT repo build process completed in %s", time.Since(start).Round(time.Millisecond)) return nil } diff --git a/build.assets/tooling/cmd/build-apt-repos/aptly.go b/build.assets/tooling/cmd/build-os-package-repos/aptly.go similarity index 94% rename from build.assets/tooling/cmd/build-apt-repos/aptly.go rename to build.assets/tooling/cmd/build-os-package-repos/aptly.go index 26dcb5e9f7410..32255d105740d 100644 --- a/build.assets/tooling/cmd/build-apt-repos/aptly.go +++ b/build.assets/tooling/cmd/build-os-package-repos/aptly.go @@ -22,9 +22,7 @@ import ( "errors" "fmt" "io/fs" - "log" "os" - "os/exec" "path" "path/filepath" "regexp" @@ -66,7 +64,7 @@ func (*Aptly) ensureDefaultConfigExists() error { // ran, which messes up the output. // Note: it is important to not use any repo-related commands here as they have a side effect of // also creating the Aptly rootDir structure which is usually undesirable here - _, err := buildAndRunCommand("aptly", "config", "show") + _, err := BuildAndRunCommand("aptly", "config", "show") if err != nil { return trace.Wrap(err, "failed to create default Aptly config") } @@ -86,7 +84,7 @@ func (a *Aptly) updateConfiguration() error { logrus.Debugf("Built Aptly config: %v", aptlyConfigMap) saveAptlyConfigMap(aptlyConfigMap) - configOutput, err := buildAndRunCommand("aptly", "config", "show") + configOutput, err := BuildAndRunCommand("aptly", "config", "show") if err != nil { return trace.Wrap(err, "failed to check Aptly config") } @@ -192,7 +190,7 @@ func (a *Aptly) CreateRepoIfNotExists(r *Repo) (bool, error) { distributionArg := fmt.Sprintf("-distribution=%s", r.osVersion) componentArg := fmt.Sprintf("-component=%s/%s", r.releaseChannel, r.majorVersion) - _, err = buildAndRunCommand("aptly", "repo", "create", distributionArg, componentArg, r.Name()) + _, err = BuildAndRunCommand("aptly", "repo", "create", distributionArg, componentArg, r.Name()) if err != nil { return false, trace.Wrap(err, "failed to create repo %q", r.Name()) } @@ -222,7 +220,7 @@ func (a *Aptly) GetExistingRepoNames() ([]string, error) { // ... // // ``` - output, err := buildAndRunCommand("aptly", "repo", "list", "-raw") + output, err := BuildAndRunCommand("aptly", "repo", "list", "-raw") if err != nil { return nil, trace.Wrap(err, "failed to get a list of existing repos") } @@ -248,7 +246,7 @@ func (a *Aptly) GetExistingRepoNames() ([]string, error) { func (a *Aptly) ImportDeb(repoName string, debPath string) error { logrus.Infof("Importing deb(s) from %q into repo %q...", debPath, repoName) - _, err := buildAndRunCommand("aptly", "repo", "add", repoName, debPath) + _, err := BuildAndRunCommand("aptly", "repo", "add", repoName, debPath) if err != nil { return trace.Wrap(err, "failed to add %q to repo %q", debPath, repoName) } @@ -320,7 +318,7 @@ func parsePackagesFile(packagesPath string) ([]string, error) { logrus.Debugf("Parsing packages file %q", packagesPath) file, err := os.Open(packagesPath) if err != nil { - log.Fatal(err) + logrus.Fatal(err) } defer file.Close() @@ -394,7 +392,7 @@ func (a *Aptly) PublishRepos(repos []*Repo, repoOS string, repoOSVersion string) // If all repos have been published if areSomePublished && !areSomeUnpublished { // Update rather than republish - _, err := buildAndRunCommand("aptly", "publish", "update", repoOSVersion, repoOS) + _, err := BuildAndRunCommand("aptly", "publish", "update", repoOSVersion, repoOS) if err != nil { return trace.Wrap(err, "failed to update publish repos with OS %q and OS version %q", repoOS, repoOSVersion) } @@ -406,7 +404,7 @@ func (a *Aptly) PublishRepos(repos []*Repo, repoOS string, repoOSVersion string) // This will occur if there is a new major release, a OS version is supported, or a new release channel is added if areSomePublished && areSomeUnpublished { // Drop the currently published APT repo so that it can be rebuilt from scratch - _, err := buildAndRunCommand("aptly", "publish", "drop", repoOSVersion, repoOS) + _, err := BuildAndRunCommand("aptly", "publish", "drop", repoOSVersion, repoOS) if err != nil { return trace.Wrap(err, "failed to update publish repos with OS %q and OS version %q", repoOS, repoOSVersion) } @@ -423,7 +421,7 @@ func (a *Aptly) PublishRepos(repos []*Repo, repoOS string, repoOSVersion string) args = append(args, repoOS) // Full command is `aptly publish repo -component=<, repeating len(repos) - 1 times> ` - _, err = buildAndRunCommand("aptly", args...) + _, err = BuildAndRunCommand("aptly", args...) if err != nil { return trace.Wrap(err, "failed to publish repos") } @@ -501,7 +499,7 @@ func (a *Aptly) GetPublishedRepoNames() ([]string, error) { // No snapshots/local repos have been published. Publish a snapshot by running `aptly publish snapshot ...`. // ``` // Note that the `-raw` argument is not used here as it does not provide sufficient information - output, err := buildAndRunCommand("aptly", "publish", "list") + output, err := BuildAndRunCommand("aptly", "publish", "list") if err != nil { return nil, trace.Wrap(err, "failed to get a list of published repos") } @@ -675,26 +673,3 @@ func getSubdirectories(basePath string) ([]string, error) { return subdirectories, nil } - -func buildAndRunCommand(command string, args ...string) (string, error) { - cmd := exec.Command(command, args...) - logrus.Debugf("Running command \"%s '%s'\"", command, strings.Join(args, "' '")) - output, err := cmd.CombinedOutput() - - if output != nil { - logrus.Debugf("Command output: %s", string(output)) - } - - if err != nil { - if exitError, ok := err.(*exec.ExitError); ok { - exitCode := exitError.ExitCode() - logrus.Debugf("Command exited with exit code %d", exitCode) - } else { - logrus.Debugln("Command failed without an exit code") - } - return "", trace.Wrap(err, "Command failed, see debug output for additional details") - } - - logrus.Debugln("Command exited successfully") - return string(output), nil -} diff --git a/build.assets/tooling/cmd/build-os-package-repos/command_executor.go b/build.assets/tooling/cmd/build-os-package-repos/command_executor.go new file mode 100644 index 0000000000000..78a9bb8b7342d --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/command_executor.go @@ -0,0 +1,53 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "errors" + "os/exec" + "strings" + + "github.com/gravitational/trace" + "github.com/sirupsen/logrus" +) + +// Builds an runs a command with the provided arguments. Extensively logs command +// details to the debug log. Returns stdout and stderr combined, along with an +// error iff one occurred. +func BuildAndRunCommand(command string, args ...string) (string, error) { + cmd := exec.Command(command, args...) + logrus.Debugf("Running command \"%s '%s'\"", command, strings.Join(args, "' '")) + output, err := cmd.CombinedOutput() + + if output != nil { + logrus.Debugf("Command output: %s", string(output)) + } + + if err != nil { + var exitError *exec.ExitError + if errors.As(err, &exitError) { + exitCode := exitError.ExitCode() + logrus.Debugf("Command exited with exit code %d", exitCode) + } else { + logrus.Debugln("Command failed without an exit code") + } + return "", trace.Wrap(err, "Command failed, see debug output for additional details") + } + + logrus.Debugln("Command exited successfully") + return string(output), nil +} diff --git a/build.assets/tooling/cmd/build-os-package-repos/config.go b/build.assets/tooling/cmd/build-os-package-repos/config.go new file mode 100644 index 0000000000000..df3357f2dee57 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/config.go @@ -0,0 +1,282 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "flag" + "os" + "strings" + + "github.com/gravitational/trace" + "github.com/sirupsen/logrus" + "golang.org/x/mod/semver" +) + +const StableChannelFlagValue string = "stable" + +type LoggerConfig struct { + logLevel uint + logJSON bool +} + +func NewLoggerConfigWithFlagset(fs *flag.FlagSet) *LoggerConfig { + lc := &LoggerConfig{} + fs.UintVar(&lc.logLevel, "log-level", uint(logrus.InfoLevel), "Log level from 0 to 6, 6 being the most verbose") + fs.BoolVar(&lc.logJSON, "log-json", false, "True if the log entries should use JSON format, false for text logging") + + return lc +} + +func (lc *LoggerConfig) Check() error { + if err := lc.validateLogLevel(); err != nil { + return trace.Wrap(err, "failed to validate the log level flag") + } + + return nil +} + +func (lc *LoggerConfig) validateLogLevel() error { + if lc.logLevel > 6 { + return trace.BadParameter("the log-level flag should be between 0 and 6") + } + + return nil +} + +type S3Config struct { + bucketName string + localBucketPath string + maxConcurrentSyncs int +} + +func NewS3ConfigWithFlagset(fs *flag.FlagSet) *S3Config { + s3c := &S3Config{} + fs.StringVar(&s3c.bucketName, "bucket", "", "The name of the S3 bucket where the repo should be synced to/from") + fs.StringVar(&s3c.localBucketPath, "local-bucket-path", "/bucket", "The local path where the bucket should be synced to") + fs.IntVar(&s3c.maxConcurrentSyncs, "max-concurrent-syncs", 16, "The maximum number of S3 bucket syncs that may run in parallel (-1 for unlimited, 16 default)") + + return s3c +} + +func (s3c *S3Config) Check() error { + if err := s3c.validateBucketName(); err != nil { + return trace.Wrap(err, "failed to validate the bucket name flag") + } + if err := s3c.validateLocalBucketPath(); err != nil { + return trace.Wrap(err, "failed to validate the local bucket path flag") + } + if err := s3c.validateMaxConcurrentSyncs(); err != nil { + return trace.Wrap(err, "failed to validate the max concurrent syncs flag") + } + + return nil +} + +func (s3c *S3Config) validateBucketName() error { + if s3c.bucketName == "" { + return trace.BadParameter("the bucket flag should not be empty") + } + + return nil +} + +func (s3c *S3Config) validateLocalBucketPath() error { + if s3c.localBucketPath == "" { + return trace.BadParameter("the local-bucket-path flag should not be empty") + } + + if stat, err := os.Stat(s3c.localBucketPath); err == nil && !stat.IsDir() { + return trace.BadParameter("the local bucket path points to a file instead of a directory") + } + + return nil +} + +func (s3c *S3Config) validateMaxConcurrentSyncs() error { + if s3c.maxConcurrentSyncs < -1 { + return trace.BadParameter("the max-concurrent-syncs flag must be greater than -1") + } + + return nil +} + +// This type is common to all other config types +type Config struct { + *LoggerConfig + *S3Config + artifactPath string + artifactVersion string + printHelp bool + releaseChannel string +} + +func NewConfigWithFlagset(fs *flag.FlagSet) *Config { + c := &Config{} + c.LoggerConfig = NewLoggerConfigWithFlagset(fs) + c.S3Config = NewS3ConfigWithFlagset(fs) + + fs.StringVar(&c.artifactPath, "artifact-path", "/artifacts", "Path to the filesystem tree containing the *.deb or *.rpm files to add to the repos") + fs.StringVar(&c.artifactVersion, "artifact-version", "", "The version of the artifacts that will be added to the repos") + fs.Visit(func(f *flag.Flag) { + if f.Name == "-h" || f.Name == "--help" { + c.printHelp = true + } + }) + fs.StringVar(&c.releaseChannel, "release-channel", "", "The release channel of the repos that the artifacts should be added to") + + return c +} + +func (c *Config) Check() error { + if err := c.LoggerConfig.Check(); err != nil { + return trace.Wrap(err, "failed to validate logger config") + } + + if err := c.S3Config.Check(); err != nil { + return trace.Wrap(err, "failed to validate S3 config") + } + + if err := c.validateArtifactPath(); err != nil { + return trace.Wrap(err, "failed to validate the artifact path flag") + } + if err := c.validateArtifactVersion(); err != nil { + return trace.Wrap(err, "failed to validate the artifact version flag") + } + if err := c.validateReleaseChannel(); err != nil { + return trace.Wrap(err, "failed to validate the release channel flag") + } + + return nil +} + +func (c *Config) validateArtifactPath() error { + if c.artifactPath == "" { + return trace.BadParameter("the artifact-path flag should not be empty") + } + + if stat, err := os.Stat(c.artifactPath); os.IsNotExist(err) { + return trace.BadParameter("the artifact-path %q does not exist", c.artifactPath) + } else if !stat.IsDir() { + return trace.BadParameter("the artifact-path %q is not a directory", c.artifactPath) + } + + return nil +} + +func (c *Config) validateArtifactVersion() error { + if c.artifactVersion == "" { + return trace.BadParameter("the artifact-version flag should not be empty") + } + + if !semver.IsValid(c.artifactVersion) { + return trace.BadParameter("the artifact-version flag does not contain a valid semver version string") + } + + return nil +} + +func (c *Config) validateReleaseChannel() error { + if c.releaseChannel == "" { + return trace.BadParameter("the release-channel flag should not be empty") + } + + // Not sure what other channels we'd want to support, but they should be listed here + validReleaseChannels := []string{StableChannelFlagValue} + + for _, validReleaseChannel := range validReleaseChannels { + if c.releaseChannel == validReleaseChannel { + return nil + } + } + + return trace.BadParameter("the release channel contains an invalid value. Valid values are: %s", strings.Join(validReleaseChannels, ",")) +} + +// APT-specific config +type AptConfig struct { + *Config + aptlyPath string +} + +func NewAptConfigWithFlagSet(fs *flag.FlagSet) (*AptConfig, error) { + ac := &AptConfig{} + ac.Config = NewConfigWithFlagset(fs) + + homeDir, err := os.UserHomeDir() + if err != nil { + return nil, trace.Wrap(err, "failed to get user's home directory path") + } + + fs.StringVar(&ac.aptlyPath, "aptly-root-dir", homeDir, "The Aptly \"rootDir\" (see https://www.aptly.info/doc/configuration/ for details)") + + return ac, nil +} + +func (ac *AptConfig) validateAptlyPath() error { + if ac.aptlyPath == "" { + return trace.BadParameter("the aptly-root-dir flag should not be empty") + } + + return nil +} + +func (ac *AptConfig) Check() error { + if err := ac.Config.Check(); err != nil { + return trace.Wrap(err, "failed to validate common config") + } + + if err := ac.validateAptlyPath(); err != nil { + return trace.Wrap(err, "failed to validate the aptly-root-dir path flag") + } + + return nil +} + +// YUM-specific config +type YumConfig struct { + *Config + cacheDir string +} + +func NewYumConfigWithFlagSet(fs *flag.FlagSet) *YumConfig { + yc := &YumConfig{} + yc.Config = NewConfigWithFlagset(fs) + + fs.StringVar(&yc.cacheDir, "cache-dir", "/tmp/createrepo/cache", "The createrepo checksum caching directory (see https://linux.die.net/man/8/createrepo for details") + + return yc +} + +func (yc *YumConfig) validateCacheDir() error { + if yc.cacheDir == "" { + return trace.BadParameter("the cache-dir flag should not be empty") + } + + return nil +} + +func (yc *YumConfig) Check() error { + if err := yc.Config.Check(); err != nil { + return trace.Wrap(err, "failed to validate common config") + } + + if err := yc.validateCacheDir(); err != nil { + return trace.Wrap(err, "failed to validate the cache-dir path flag") + } + + return nil +} diff --git a/build.assets/tooling/cmd/build-os-package-repos/createrepo.go b/build.assets/tooling/cmd/build-os-package-repos/createrepo.go new file mode 100644 index 0000000000000..5c3a208926891 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/createrepo.go @@ -0,0 +1,83 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "os" + "os/exec" + + "github.com/gravitational/trace" + "github.com/sirupsen/logrus" +) + +type CreateRepo struct { + cacheDir string + binaryName string +} + +// Instantiates createrepo, ensuring all system requirements for performing createrepo operations +// have been met +func NewCreateRepo(cacheDir string) (*CreateRepo, error) { + cr := &CreateRepo{ + cacheDir: cacheDir, + // `createrepo_c` is the "new" (as in 9 years old) replacement for `createrepo` + // This can be replace with "createrepo" in the unlikely chance that there is + // a problem + binaryName: "createrepo_c", + } + + err := cr.ensureBinaryExists() + if err != nil { + return nil, trace.Wrap(err, "failed to ensure CreateRepo binary exists") + } + + // Ensure the cache dir exists + err = os.MkdirAll(cr.cacheDir, 0660) + if err != nil { + return nil, trace.Wrap(err, "failed to ensure %q exists", cr.cacheDir) + } + + return cr, nil +} + +func (cr *CreateRepo) ensureBinaryExists() error { + _, err := exec.LookPath(cr.binaryName) + if err != nil { + return trace.Wrap(err, "failed to verify that %q binary exists", cr.binaryName) + } + + return nil +} + +func (cr *CreateRepo) CreateOrUpdateRepo(repoPath string) error { + // --cachedir --update + logrus.Debugf("Updating repo metadata for repo at %q", repoPath) + + args := []string{ + "--cachedir", + cr.cacheDir, + "--update", + repoPath, + } + + _, err := BuildAndRunCommand(cr.binaryName, args...) + if err != nil { + return trace.Wrap(err, "createrepo create/update command failed on path %q with cache directory %q", repoPath, cr.cacheDir) + } + + return nil +} diff --git a/build.assets/tooling/cmd/build-os-package-repos/gpg.go b/build.assets/tooling/cmd/build-os-package-repos/gpg.go new file mode 100644 index 0000000000000..531649d4d45fc --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/gpg.go @@ -0,0 +1,119 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "os" + "strings" + + "github.com/gravitational/trace" + "github.com/sirupsen/logrus" +) + +type GPG struct{} + +// Instantiates GPG, ensuring all system requirements for using GPG are fulfilled +func NewGPG() (*GPG, error) { + g := &GPG{} + + err := g.ensureFirstRunHasOccurred() + if err != nil { + return nil, trace.Wrap(err, "failed to setup GPG") + } + + err = g.ensureSecretKeyExists() + if err != nil { + return nil, trace.Wrap(err, "failed to ensure a secret key exists") + } + + return g, nil +} + +// The first time GPG is run for a user with any "meaningful" arguments it will +// generate several files and log what it created to stdout. These logs can +// disrupt parsing of GPG command outputs, so we force it to happen here, once, +// rather than try and handle it on each GPG call. +func (*GPG) ensureFirstRunHasOccurred() error { + _, err := BuildAndRunCommand("gpg", "--fingerprint") + if err != nil { + return trace.Wrap(err, "failed to ensure GPG has been ran once") + } + + return nil +} + +func (*GPG) ensureSecretKeyExists() error { + output, err := BuildAndRunCommand("gpg", "--list-secret-keys", "--with-colons") + if err != nil { + return trace.Wrap(err, "failed to ensure GPG secret key exists") + } + + outputLineCount := strings.Count(output, "\n") + if outputLineCount < 1 { + return trace.Errorf("failed to find a GPG secret key") + } + + return nil +} + +// Creates a detached, armored signature for the provided file using the default GPG key +func (*GPG) SignFile(filePath string) error { + // While this could be done via a Go module, the x/crypto/openpgp library has been frozen + // and deprecated for almost 18 months. Others exist, but given the security implications of + // using a less reputable Go module I've decided to just call `gpg` via shell instead. + // Additionally this works and is just _so easy_ that it's probably not worth the effort to + // use another library that reinvents the wheel. + logrus.Debugf("Signing repo metadata at %q", filePath) + + // gpg --batch --yes --detach-sign --armor + _, err := BuildAndRunCommand("gpg", "--batch", "--yes", "--detach-sign", "--armor", filePath) + if err != nil { + return trace.Wrap(err, "failed to run GPG signing command on %q", filePath) + } + + return nil +} + +// Get the armored default public GPG key, ready to be written to a file +func (*GPG) GetPublicKey() (string, error) { + // For reference here is how another company formats their key: + // https://download.docker.com/linux/rhel/gpg + logrus.Debug("Attempting to get the default public GPG key") + + key, err := BuildAndRunCommand("gpg", "--export", "--armor", "--no-version") + if err != nil { + return "", trace.Wrap(err, "failed to export the default public GPG key") + } + + return key, nil +} + +func (g *GPG) WritePublicKeyToFile(filePath string) error { + logrus.Debugf("Writing the default armored public GPG key to %q", filePath) + + key, err := g.GetPublicKey() + if err != nil { + return trace.Wrap(err, "failed to retrieve public key") + } + + err = os.WriteFile(filePath, []byte(key), 0664) + if err != nil { + return trace.Wrap(err, "failed to write key to %q", filePath) + } + + return nil +} diff --git a/build.assets/tooling/cmd/build-os-package-repos/main.go b/build.assets/tooling/cmd/build-os-package-repos/main.go new file mode 100644 index 0000000000000..58f89f1dd1d16 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/main.go @@ -0,0 +1,119 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "os" + "strings" + + "github.com/gravitational/trace" + "github.com/sirupsen/logrus" +) + +func main() { + err := run() + if err != nil { + logrus.Fatal(err.Error()) + } +} + +func buildSubcommandRunners() ([]Runner, error) { + ar, err := NewAptRunner() + if err != nil { + return nil, trace.Wrap(err, "failed to instantiate new APT runner") + } + + yr, err := NewYumRunner() + if err != nil { + return nil, trace.Wrap(err, "failed to instantiate new YUM runner") + } + + // These should be sorted alphabetically by `Name()` + return []Runner{ + *ar, + *yr, + }, nil +} + +func run() error { + subcommands, err := buildSubcommandRunners() + if err != nil { + return trace.Wrap(err, "failed to build subcommand runners") + } + + // 2 = program name + subcommand + if len(os.Args) < 2 { + logHelp(subcommands) + return trace.Errorf("subcommand not provided") + } + + subcommandName := strings.ToLower(os.Args[1]) + for _, subcommand := range subcommands { + if strings.ToLower(subcommandName) != subcommand.Name() { + continue + } + + // 2 = program name + subcommand, skip them and get subcommand arguments + args := os.Args[2:] + err := subcommand.Init(args) + if err != nil { + return trace.Wrap(err, "failed to initialize runner for subcommand %q", subcommandName) + } + + setupLogger(subcommand.GetLoggerConfig()) + err = subcommand.Run() + if err != nil { + return trace.Wrap(err, "failed to run subcommand %q", subcommandName) + } + + return nil + } + + if subcommandName == "-h" { + logHelp(subcommands) + return nil + } + + logHelp(subcommands) + return trace.Errorf("no subcommands found matching %q", subcommandName) +} + +func logHelp(subcommands []Runner) { + executableName := os.Args[0] + fmt.Printf("%s - OS package repo builder/updater\n", executableName) + fmt.Println() + fmt.Println("Commands:") + fmt.Println() + for _, subcommand := range subcommands { + fmt.Printf("\t%s\t%s\n", subcommand.Name(), subcommand.Info()) + } + fmt.Println() + fmt.Printf("Use \"%s -h\" for more information about a command.\n", executableName) + fmt.Println() +} + +func setupLogger(config *LoggerConfig) { + if config.logJSON { + logrus.SetFormatter(&logrus.JSONFormatter{}) + } else { + logrus.SetFormatter(&logrus.TextFormatter{}) + } + logrus.SetOutput(os.Stdout) + logrus.SetLevel(logrus.Level(config.logLevel)) + logrus.Debugf("Setup logger with config: %+v", config) +} diff --git a/build.assets/tooling/cmd/build-apt-repos/repo.go b/build.assets/tooling/cmd/build-os-package-repos/repo.go similarity index 100% rename from build.assets/tooling/cmd/build-apt-repos/repo.go rename to build.assets/tooling/cmd/build-os-package-repos/repo.go diff --git a/build.assets/tooling/cmd/build-os-package-repos/runners.go b/build.assets/tooling/cmd/build-os-package-repos/runners.go new file mode 100644 index 0000000000000..9ecda55eea2c8 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/runners.go @@ -0,0 +1,199 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "flag" + + "github.com/gravitational/trace" +) + +// Pattern from https://www.digitalocean.com/community/tutorials/how-to-use-the-flag-package-in-go +type Runner interface { + Init([]string) error + Run() error + GetLoggerConfig() *LoggerConfig + Name() string + Info() string +} + +// APT implementation +type AptRunner struct { + flags *flag.FlagSet + config *AptConfig + supportedOSs map[string][]string +} + +func NewAptRunner() (*AptRunner, error) { + runner := &AptRunner{ + supportedOSs: map[string][]string{ + "debian": { // See https://wiki.debian.org/DebianReleases#Production_Releases for details + "stretch", // 9 + "buster", // 10 + "bullseye", // 11 + "bookwork", // 12 + "trixie", // 13 + }, + "ubuntu": { // See https://wiki.ubuntu.com/Releases for details + "xenial", // 16.04 LTS + "yakkety", // 16.10 (EOL) + "zesty", // 17.04 (EOL) + "artful", // 17.10 (EOL) + "bionic", // 18.04 LTS + "cosmic", // 18.10 (EOL) + "disco", // 19.04 (EOL) + "eoan", // 19.10 (EOL) + "focal", // 20.04 LTS + "groovy", // 20.10 (EOL) + "hirsuite", // 21.04 (EOL) + "impish", // 21.10 (EOL) + "jammy", // 22.04 LTS + }, + }, + } + + runner.flags = flag.NewFlagSet(runner.Name(), flag.ExitOnError) + config, err := NewAptConfigWithFlagSet(runner.flags) + if err != nil { + return nil, trace.Wrap(err, "failed to create a new APT config instance") + } + + runner.config = config + + return runner, nil +} + +func (ar AptRunner) Init(args []string) error { + err := ar.flags.Parse(args) + if err != nil { + return trace.Wrap(err, "failed to parse arguments") + } + + err = ar.config.Check() + if err != nil { + return trace.Wrap(err, "failed to validate APT config arguments") + } + + return nil +} + +func (ar AptRunner) Run() error { + if ar.config.printHelp { + ar.flags.Usage() + return nil + } + + art, err := NewAptRepoTool(ar.config, ar.supportedOSs) + if err != nil { + return trace.Wrap(err, "failed to create a new APT repo tool instance") + } + + err = art.Run() + if err != nil { + return trace.Wrap(err, "APT runner failed") + } + + return nil +} + +func (AptRunner) Name() string { + return "apt" +} + +func (AptRunner) Info() string { + return "builds APT repos" +} + +func (ar AptRunner) GetLoggerConfig() *LoggerConfig { + return ar.config.LoggerConfig +} + +// YUM implementation +type YumRunner struct { + flags *flag.FlagSet + config *YumConfig + supportedOSs map[string][]string +} + +func NewYumRunner() (*YumRunner, error) { + runner := &YumRunner{ + supportedOSs: map[string][]string{ + "rhel": { // See https://access.redhat.com/articles/3078 for details + "7", + "8", + "9", + }, + "centos": { // See https://endoflife.date/centos for details + "7", + "8", + "9", + }, + // "$releasever" is a hot mess for Amazon Linux. No good documentation on this outside of just running + // a container or EC2 instance and manually checking $releasever values + "amzn": { + // "latest" // 1, aka 2018.03.0.20201028.0 + "2", // 2, aka 2.0.20201111.0 + // "2022.0.20220531" // 2022 (new naming scheme, preview) aka 2022.0.20220531 + }, + }, + } + + runner.flags = flag.NewFlagSet(runner.Name(), flag.ExitOnError) + runner.config = NewYumConfigWithFlagSet(runner.flags) + + return runner, nil +} + +func (yr YumRunner) Init(args []string) error { + err := yr.flags.Parse(args) + if err != nil { + return trace.Wrap(err, "failed to parse arguments") + } + + err = yr.config.Check() + if err != nil { + return trace.Wrap(err, "failed to validate YUM config arguments") + } + + return nil +} + +func (yr YumRunner) Run() error { + yrt, err := NewYumRepoTool(yr.config, yr.supportedOSs) + if err != nil { + return trace.Wrap(err, "failed to create a new YUM repo tool instance") + } + + err = yrt.Run() + if err != nil { + return trace.Wrap(err, "YUM runner failed") + } + + return nil +} + +func (YumRunner) Name() string { + return "yum" +} + +func (YumRunner) Info() string { + return "builds YUM repos" +} + +func (yr YumRunner) GetLoggerConfig() *LoggerConfig { + return yr.config.LoggerConfig +} diff --git a/build.assets/tooling/cmd/build-apt-repos/s3logger.go b/build.assets/tooling/cmd/build-os-package-repos/s3logger.go similarity index 100% rename from build.assets/tooling/cmd/build-apt-repos/s3logger.go rename to build.assets/tooling/cmd/build-os-package-repos/s3logger.go diff --git a/build.assets/tooling/cmd/build-os-package-repos/s3manager.go b/build.assets/tooling/cmd/build-os-package-repos/s3manager.go new file mode 100644 index 0000000000000..00405efca9656 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/s3manager.go @@ -0,0 +1,511 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "bytes" + "fmt" + "io" + "io/fs" + "net/url" + "os" + "path/filepath" + "strings" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/s3" + "github.com/aws/aws-sdk-go/service/s3/s3manager" + "github.com/gravitational/trace" + "github.com/inhies/go-bytesize" + "github.com/seqsense/s3sync" + "github.com/sirupsen/logrus" + "golang.org/x/sync/errgroup" +) + +type S3manager struct { + syncManager *s3sync.Manager + uploader *s3manager.Uploader + downloader *s3manager.Downloader + bucketLocalPath string + bucketName string + bucketURL *url.URL + maxConcurrentSyncs int + downloadedBytes int64 +} + +func NewS3Manager(config *S3Config) (*S3manager, error) { + // Right now the AWS session is only used by this manager, but if it ends + // up being needed elsewhere then it should probably be moved to an arg + awsSession, err := session.NewSession() + if err != nil { + return nil, trace.Wrap(err, "failed to create a new AWS session") + } + + syncManagerMaxConcurrentSyncs := config.maxConcurrentSyncs + if syncManagerMaxConcurrentSyncs < 0 { + // This isn't unlimited but due to the s3sync library's parallelism implementation + // this must be limited to a "reasonable" number + syncManagerMaxConcurrentSyncs = 128 + } + + s := &S3manager{ + bucketName: config.bucketName, + bucketURL: &url.URL{ + Scheme: "s3", + Host: config.bucketName, + }, + syncManager: s3sync.New(awsSession, s3sync.WithParallel(syncManagerMaxConcurrentSyncs)), + uploader: s3manager.NewUploader(awsSession), + downloader: s3manager.NewDownloader(awsSession), + maxConcurrentSyncs: config.maxConcurrentSyncs, + } + s.ChangeLocalBucketPath(config.localBucketPath) + + s3sync.SetLogger(&s3logger{}) + + return s, nil +} + +func (s *S3manager) ChangeLocalBucketPath(newBucketPath string) error { + s.bucketLocalPath = newBucketPath + + // Ensure the local bucket path exists as it will be needed by all functions + err := os.MkdirAll(s.bucketLocalPath, 0660) + if err != nil { + return trace.Wrap(err, "failed to ensure path %q exists", s.bucketLocalPath) + } + + return nil +} + +func (s *S3manager) DownloadExistingRepo() error { + err := deleteAllFilesInDirectory(s.bucketLocalPath) + if err != nil { + return trace.Wrap(err, "failed to remove all filesystem entries in %q", s.bucketLocalPath) + } + + downloadGroup := &errgroup.Group{} + downloadGroup.SetLimit(s.maxConcurrentSyncs) + linkMap := make(map[string]string) + + var continuationToken *string + for { + listObjResponse, err := s.downloader.S3.ListObjectsV2(&s3.ListObjectsV2Input{ + Bucket: &s.bucketName, + ContinuationToken: continuationToken, + }) + if err != nil { + return trace.Wrap(err, "failed to list objects for bucket %q", s.bucketName) + } + + for _, s3object := range listObjResponse.Contents { + s.processS3ObjectDownload(s3object, downloadGroup, &linkMap) + } + + continuationToken = listObjResponse.NextContinuationToken + if continuationToken == nil { + break + } + } + + // Even if an error has occurred we should wait to exit until all running syncs have + // completed, even if not successful + logrus.Info("Waiting for download to complete...") + err = downloadGroup.Wait() + if err != nil { + return trace.Wrap(err, "failed to perform S3 sync from remote bucket %q to local bucket %q", s.bucketName, s.bucketLocalPath) + } + + // Links must be created after their target exists + err = createLinks(linkMap) + if err != nil { + return trace.Wrap(err, "failed to create filesystem links for bucket %q", s.bucketName) + } + + logrus.Infof("Downloaded %s bytes", bytesize.New(float64(s.downloadedBytes))) + return nil +} + +func (s *S3manager) processS3ObjectDownload(s3object *s3.Object, downloadGroup *errgroup.Group, linkMap *map[string]string) { + downloadGroup.Go(func() error { + objectLink, err := s.getObjectLink(s3object) + if err != nil { + return trace.Wrap(err, "failed to get object link for key %q in bucket %q", *s3object.Key, s.bucketName) + } + + // If the link does not start with a '/' then it is not a filesystem link + if objectLink != nil && len(*objectLink) > 0 && (*objectLink)[0] == '/' { + localObjectPath := filepath.Join(s.bucketLocalPath, *s3object.Key) + linkTarget := filepath.Join(s.bucketLocalPath, *objectLink) + (*linkMap)[localObjectPath] = linkTarget + return nil + } + + err = s.downloadFile(s3object) + if err != nil { + return trace.Wrap(err, "failed to download S3 file %q from bucket %q", *s3object.Key, s.bucketName) + } + + return nil + }) +} + +func createLinks(linkMap map[string]string) error { + for file, target := range linkMap { + logrus.Infof("Creating a symlink from %q to %q", file, target) + err := os.MkdirAll(filepath.Dir(file), 0660) + if err != nil { + return trace.Wrap(err, "failed to create directory structure for %q", file) + } + + err = os.Symlink(target, file) + if err != nil { + return trace.Wrap(err, "failed to symlink %q to %q", file, target) + } + } + + return nil +} + +// This could potentially be made more efficient by running `os.RemoveAll` in a goroutine +// as random access on storage devices performs better at a higher queue depth +func deleteAllFilesInDirectory(dir string) error { + // Note that os.ReadDir does not follow/eval links which is important here + dirEntries, err := os.ReadDir(dir) + if err != nil { + return trace.Wrap(err, "failed to list directory entries for directory %q", dir) + } + + for _, dirEntry := range dirEntries { + dirEntryPath := filepath.Join(dir, dirEntry.Name()) + err = os.RemoveAll(dirEntryPath) + if err != nil { + return trace.Wrap(err, "failed to remove directory entry %q", dirEntryPath) + } + } + + return nil +} + +func (s *S3manager) getObjectLink(s3object *s3.Object) (*string, error) { + s3HeadObjectOutput, err := s.downloader.S3.HeadObject(&s3.HeadObjectInput{ + Bucket: &s.bucketName, + Key: s3object.Key, + // Probably unnecessary but this will cause an error to be thrown if somebody is + // modifying the object while this program is running + IfMatch: s3object.ETag, + IfUnmodifiedSince: s3object.LastModified, + }) + if err != nil { + return nil, trace.Wrap(err, "failed to retrieve metadata for key %q in bucket %q", *s3object.Key, s.bucketName) + } + + return s3HeadObjectOutput.WebsiteRedirectLocation, nil +} + +// s3sync has a bug when downloading a single file so this call reimplements s3sync's download +func (s *S3manager) downloadFile(s3object *s3.Object) error { + logrus.Infof("Downloading %q...", *s3object.Key) + localObjectPath := filepath.Join(s.bucketLocalPath, *s3object.Key) + + err := os.MkdirAll(filepath.Dir(localObjectPath), 0660) + if err != nil { + return trace.Wrap(err, "failed to create directory structure for %q", localObjectPath) + } + + fileWriter, err := os.Create(localObjectPath) + if err != nil { + return trace.Wrap(err, "failed to open %q for writing", localObjectPath) + } + defer fileWriter.Close() + + fileDownloadByteCount, err := s.downloader.Download(fileWriter, &s3.GetObjectInput{ + Bucket: aws.String(s.bucketName), + Key: aws.String(*s3object.Key), + }) + if err != nil { + return trace.Wrap(err, "failed to download object %q from bucket %q to local path %q", *s3object.Key, s.bucketName, localObjectPath) + } + + s.downloadedBytes += fileDownloadByteCount + + err = os.Chtimes(localObjectPath, *s3object.LastModified, *s3object.LastModified) + if err != nil { + return trace.Wrap(err, "failed to update the access and modification time on file %q to %v", localObjectPath, *s3object.LastModified) + } + + logrus.Infof("Download %q complete", *s3object.Key) + return nil +} + +func (s *S3manager) UploadBuiltRepo() error { + err := s.sync(false) + if err != nil { + return trace.Wrap(err, "failed to upload bucket") + } + + return nil +} + +func (s *S3manager) UploadBuiltRepoWithRedirects(extensionToMatch, relativeRedirectDir string) error { + uploadGroup := &errgroup.Group{} + uploadGroup.SetLimit(s.maxConcurrentSyncs) + + walkErr := filepath.WalkDir(s.bucketLocalPath, func(absPath string, info fs.DirEntry, err error) error { + logrus.Debugf("Starting on %q...", absPath) + + if err != nil { + return trace.Wrap(err, "failed to walk over directory %q on path %q", s.bucketLocalPath) + } + + syncFunc, err := s.syncGenericFsObject(absPath, info) + if err != nil { + return trace.Wrap(err, "failed to get syncing function for %q", absPath) + } + + uploadGroup.Go(syncFunc) + logrus.Debugf("Upload for %q queued", absPath) + return nil + }) + + // Even if an error has occurred we should wait to exit until all running syncs have + // completed, even if not successful + logrus.Info("Waiting for sync to complete...") + syncErr := uploadGroup.Wait() + // Future work: add upload logging information once + // https://github.com/seqsense/s3sync/commit/29b3fcb259293d80634cb3916e0f28467d017087 has been released + logrus.Info("Sync has completed") + + errs := make([]error, 0, 2) + if walkErr != nil { + errs = append(errs, trace.Wrap(walkErr, "failed to walk over entries in %q", s.bucketLocalPath)) + } + + if syncErr != nil { + errs = append(errs, trace.Wrap(syncErr, "failed to perform S3 sync from local bucket %q to remote bucket %q", s.bucketLocalPath, s.bucketName)) + } + + if len(errs) > 0 { + return trace.Wrap(trace.NewAggregate(errs...), "one or more erros occurred while uploading built repo %q", s.bucketLocalPath) + } + + return nil +} + +func (s *S3manager) syncGenericFsObject(absPath string, dirEntryInfo fs.DirEntry) (func() error, error) { + // Don't do anything with non-empty directories as they will be caught later by their contents + if dirEntryInfo.IsDir() { + f, err := s.buildSyncDirFunc(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to build directory syncing function to sync %q", absPath) + } + + return f, nil + } else + // If symbolic link + if dirEntryInfo.Type()&fs.ModeSymlink != 0 { + f, err := s.buildSyncSymbolicLinkFunc(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to build symbolic link file syncing function to sync %q", absPath) + } + + return f, nil + } + + // sync a single file or directory + f, err := s.buildSyncSingleFsEntryFunc(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to build single file syncing function to sync %q", absPath) + } + + return f, nil +} + +func (s *S3manager) buildSyncDirFunc(absPath string) (func() error, error) { + isDirEmpty, err := isDirectoryEmpty(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to determine if directory %q is empty", absPath) + } + + if !isDirEmpty { + logrus.Debug("Skipping non-empty directory") + return func() error { return nil }, nil + } + + // If the directory has no contents, call sync normally which will create the directory remotely if not exists + f, err := s.buildSyncSingleFsEntryFunc(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to build single file syncing function to sync %q", absPath) + } + + return f, nil +} + +func (s *S3manager) buildSyncSymbolicLinkFunc(absPath string) (func() error, error) { + actualFilePath, err := filepath.EvalSymlinks(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to follow symlink for path %q", absPath) + } + + isInBucket, err := isPathChildOfAnother(s.bucketLocalPath, actualFilePath) + if err != nil { + return nil, trace.Wrap(err, "failed to determine if %q is a child of %q", actualFilePath, s.bucketLocalPath) + } + + if isInBucket { + // This will re-upload every redirect file ever created. Implementing "sync" functionality would + // require significantly more engineering effort and this cost is low so this shouldn't be a + // problem. + return func() error { + err := s.UploadRedirectFile(absPath, actualFilePath) + if err != nil { + return trace.Wrap(err, "failed to upload a redirect file to S3 for %q targeting %q", absPath, actualFilePath) + } + + return nil + }, nil + } + + // If not in bucket, call sync normally which will follow the symlink to the actual file and upload it + f, err := s.buildSyncSingleFsEntryFunc(absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to build single file syncing function to sync %q", absPath) + } + + return f, nil +} + +func (s *S3manager) buildSyncSingleFsEntryFunc(absPath string) (func() error, error) { + relPath, err := filepath.Rel(s.bucketLocalPath, absPath) + if err != nil { + return nil, trace.Wrap(err, "failed to get %q relative to %q", absPath, s.bucketLocalPath) + } + + remoteURL := getURLWithPath(*s.bucketURL, relPath) + return func() error { + err := s.syncManager.Sync(absPath, remoteURL) + if err != nil { + return trace.Wrap(err, "failed to sync from %q to %q", absPath, remoteURL) + } + + return nil + }, nil +} + +func getURLWithPath(baseURL url.URL, path string) string { + // Because this function is pass-by-value it should not modify `baseUrl`, where doing this directly on the + // provided parameter would modify it + baseURL.Path = path + return baseURL.String() +} + +func isPathChildOfAnother(baseAbsPath string, testAbsPath string) (bool, error) { + // General implementation from https://stackoverflow.com/questions/28024731/check-if-given-path-is-a-subdirectory-of-another-in-golang + relPath, err := filepath.Rel(baseAbsPath, testAbsPath) + if err != nil { + return false, trace.Wrap(err, "failed to get the path of %q relative to %q", testAbsPath, baseAbsPath) + } + + return !strings.HasPrefix(relPath, fmt.Sprintf("..%c", os.PathSeparator)) && relPath != "..", nil +} + +func (s *S3manager) UploadRedirectFile(localAbsSrcPath, localAbsRemoteTargetPath string) error { + relSrcPath, err := filepath.Rel(s.bucketLocalPath, localAbsSrcPath) + if err != nil { + return trace.Wrap(err, "failed to get %q relative to %q", localAbsSrcPath, s.bucketLocalPath) + } + + relTargetPath, err := filepath.Rel(s.bucketLocalPath, localAbsRemoteTargetPath) + if err != nil { + return trace.Wrap(err, "failed to get %q relative to %q", localAbsRemoteTargetPath, s.bucketLocalPath) + } + + logrus.Infof("Creating a redirect file from %q to %q", relSrcPath, relTargetPath) + // S3 requires a prepended "/" to inform the redirect metadata that the target is another S3 object + // in the same bucket + s3TargetPath := filepath.Join("/", relTargetPath) + // Upload an empty file that when requested will redirect to the real one + _, err = s.uploader.Upload(&s3manager.UploadInput{ + Bucket: &s.bucketName, + Key: &relSrcPath, + Body: bytes.NewReader([]byte{}), + WebsiteRedirectLocation: &s3TargetPath, + }) + if err != nil { + return trace.Wrap(err, "failed to upload an empty redirect file to %q in bucket %q", relSrcPath, s.bucketName) + } + + return nil +} + +func (s *S3manager) UploadRedirectURL(remoteAbsSourcePath, targetURL string) error { + logrus.Infof("Creating redirect from %q to %q", remoteAbsSourcePath, targetURL) + + _, err := s.uploader.Upload(&s3manager.UploadInput{ + Bucket: &s.bucketName, + Key: &remoteAbsSourcePath, + Body: bytes.NewReader([]byte{}), + WebsiteRedirectLocation: &targetURL, + }) + + if err != nil { + return trace.Wrap(err, "failed to upload URL redirect file targeting %q to %q", targetURL, remoteAbsSourcePath) + } + + return nil +} + +func isDirectoryEmpty(dirPath string) (bool, error) { + // Pulled from https://stackoverflow.com/questions/30697324/how-to-check-if-directory-on-path-is-empty + f, err := os.Open(dirPath) + if err != nil { + return false, trace.Wrap(err, "failed to open directory %q", dirPath) + } + defer f.Close() + + _, err = f.Readdirnames(1) + if err == io.EOF { + return true, nil + } + + if err != nil { + return false, trace.Wrap(err, "failed to read the name of directories in %q", dirPath) + } + + return false, nil +} + +func (s *S3manager) sync(download bool) error { + var src, dest string + if download { + src = s.bucketURL.String() + dest = s.bucketLocalPath + } else { + src = s.bucketLocalPath + dest = s.bucketURL.String() + } + + logrus.Infof("Performing S3 sync from %q to %q...", src, dest) + err := s.syncManager.Sync(src, dest) + if err != nil { + return trace.Wrap(err, "failed to sync %q to %q", src, dest) + } + logrus.Infoln("S3 sync complete") + + return nil +} diff --git a/build.assets/tooling/cmd/build-os-package-repos/test-rpm.sh b/build.assets/tooling/cmd/build-os-package-repos/test-rpm.sh new file mode 100755 index 0000000000000..813c4e53d7a23 --- /dev/null +++ b/build.assets/tooling/cmd/build-os-package-repos/test-rpm.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# shellcheck disable=SC2016,SC1004,SC2174,SC2155 + +set -xeu + +# These must be set for the script to run +: "$AWS_ACCESS_KEY_ID" +: "$AWS_SECRET_ACCESS_KEY" +: "$AWS_SESSION_TOKEN" + +ART_VERSION_TAG="8.3.15" +ARTIFACT_PATH="/go/artifacts" +CACHE_DIR="/mnt/createrepo_cache" +GNUPGHOME="/tmpfs/gnupg" +REPO_S3_BUCKET="fred-test1" +BUCKET_CACHE_PATH="/mnt/bucket" +export AWS_REGION="us-west-2" + +: ' +Run command: +docker run \ + --rm -it \ + -v "$(git rev-parse --show-toplevel)":/go/src/github.com/gravitational/teleport/ \ + -v "$HOME/.aws":"/root/.aws" \ + -e AWS_PROFILE="$AWS_PROFILE" \ + -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + -e AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \ + -e DEBIAN_FRONTEND="noninteractive" \ + golang:1.18.4-bullseye /go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/build-os-package-repos/test-rpm.sh +' + +# Download the artifacts +apt update +apt install -y wget +mkdir -pv "$ARTIFACT_PATH" +cd "$ARTIFACT_PATH" +wget "https://get.gravitational.com/teleport-${ART_VERSION_TAG}-1.x86_64.rpm" +wget "https://get.gravitational.com/teleport-${ART_VERSION_TAG}-1.arm64.rpm" +wget "https://get.gravitational.com/teleport-${ART_VERSION_TAG}-1.i386.rpm" +wget "https://get.gravitational.com/teleport-${ART_VERSION_TAG}-1.arm.rpm" + +apt install -y createrepo-c gnupg +mkdir -pv "$CACHE_DIR" +mkdir -pv -m0700 "$GNUPGHOME" +chown -R root:root "$GNUPGHOME" +export GPG_TTY=$(tty) +gpg --batch --gen-key < teleport-v10 +if ($Env:DRONE_TARGET_BRANCH -match '^branch/(.*)$') { + Write-Output "teleport-$($Matches[1])" + exit 0 +} + +# Otherwise, use master. +Write-Output "master" \ No newline at end of file diff --git a/build.assets/webapps/webapps-version.sh b/build.assets/webapps/webapps-version.sh new file mode 100755 index 0000000000000..ed18d3357aa41 --- /dev/null +++ b/build.assets/webapps/webapps-version.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +# If this build was triggered from a tag on the teleport repo, +# then assume we can use the same tag for the webapps repo. +if [ ! -z "$DRONE_TAG" ] +then + echo "$DRONE_TAG" + exit 0 +fi + +# If this build is on one of the teleport release branches, +# map to the equivalent release branch in webapps. +# +# branch/v10 ==> teleport-v10 +if echo "$DRONE_TARGET_BRANCH" | grep '^branch/' >/dev/null; +then + TRIMMED=$(echo $DRONE_TARGET_BRANCH | cut -c8-) + echo "teleport-$TRIMMED" + exit 0 +fi + +# Otherwise, use master. +echo "master" \ No newline at end of file diff --git a/build.assets/windows/build.ps1 b/build.assets/windows/build.ps1 new file mode 100644 index 0000000000000..15e6590df64e4 --- /dev/null +++ b/build.assets/windows/build.ps1 @@ -0,0 +1,281 @@ +# Copyright 2022 Gravitational, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ############################################################################# +# +# This file contains PowerShell snippets used in the Teleport and/or Teleport +# Connect builds on windows native builders. These snippets exist both as +# useful abstractions, and a way to avoid Drone attempting to echo back every +# command we execute. +# +# Sometimes avoiding command echoing is important because: +# 1. The PowerShell `echo` is not a built-in command, but an alias for +# `Write-Output` +# 2. Drone's output escaping is not perfect, and so +# 3. Sometimes arguments to commands get interpreted as arguments to +# `echo` when incorrectly escaped and echoed back, which crashes +# the build. +# +# Unfortunately there is currently no way to disable command echoing in the +# Windows Drone executor, so we hide the problematic scripts behind the +# cmdlets definmed in this file. +# +# ############################################################################# +# +# Usage: Source this file into your active shell +# +# PS> . build.assets/Windows/build.ps1 +# +# ############################################################################# + +function Enable-Git { + <# + .SYNOPSIS + Configures git for accessing (possibly private) repos, given a + private key + #> + [CmdletBinding()] + param( + [string] $Workspace, + [string] $PrivateKey + ) + begin { + $SSHDir = "$Workspace/.ssh" + New-Item -Path "$SSHDir" -ItemType Directory | Out-Null + $PrivateKey | Out-File -Encoding ascii "$SSHDir/id_rsa" + Invoke-WebRequest "https://api.github.com/meta" -UseBasicParsing ` + | ConvertFrom-JSON ` + | Select-Object -ExpandProperty "ssh_keys" ` + | ForEach-Object {"github.com $_"} ` + | Out-File -Encoding ASCII "$SSHDir/known_hosts" + $SSHCmd = "ssh -i $SSHDir/id_rsa -o UserKnownHostsFile=$SSHDir/known_hosts -F/dev/null" + $Env:GIT_SSH_COMMAND = $SSHCmd + } +} + +function Reset-Git { +[CmdletBinding()] +param( + <# + .SYNOPSIS + Cleans up private git access as configured with Enable-Git. + #> + [string] $Workspace +) + begin { + Remove-Item -Recurse -Path "$Workspace/.ssh" + } +} + +function Install-Go { + <# + .SYNOPSIS + Downloads ands installs Go into the supplied toolchain dir + #> + [CmdletBinding()] + param( + [string] $ToolchainDir, + [string] $GoVersion + ) + begin { + $GoDownloadUrl = "https://go.dev/dl/go$GoVersion.windows-amd64.zip" + $GoInstallZip = "go$GoVersion.windows-amd64.zip" + Invoke-WebRequest -Uri $GoDownloadUrl -OutFile $GoInstallZip + Expand-Archive -Path $GoInstallZip -DestinationPath $ToolchainDir + Enable-Go -ToolchainDir $ToolchainDir + } +} + +function Enable-Go { + <# + .SYNOPSIS + Adds the Go toolchaion to the system search path + #> + [CmdletBinding()] + param( + [string] $ToolchainDir + ) + begin { + # note we prepend the toolchain before the path, otherwise the build + # will just use the system Go. + $Env:Path = "$ToolchainDir/go/bin;$Env:Path" + } +} + +function Install-Node { + <# + .SYNOPSIS + Downloads ands installs Node into the supplied toolchain dir + #> + [CmdletBinding()] + param( + [string] $ToolchainDir, + [string] $NodeVersion + ) + begin { + $NodeZipfile = "node-$NodeVersion-win-x64.zip" + Invoke-WebRequest -Uri https://nodejs.org/download/release/v$NodeVersion/node-v$NodeVersion-win-x64.zip -OutFile $NodeZipfile + Expand-Archive -Path $NodeZipfile -DestinationPath $ToolchainDir + Rename-Item -Path "$ToolchainDir/node-v$NodeVersion-win-x64" -NewName "$ToolchainDir/node" + Enable-Node -ToolchainDir $ToolchainDir + npm config set msvs_version 2017 + corepack enable yarn + } +} + +function Enable-Node { + <# + .SYNOPSIS + Adds the Node toolchaion to the system search path + #> + [CmdletBinding()] + param( + [string] $ToolchainDir + ) + begin { + $Env:Path = "$ToolchainDir/node;$Env:Path" + } +} + + +function Format-FileHashes { + <# + .SYNOPSIS + Finds each file matching the supplied path glob and creates a sidecar + `*.sha256` file containing the file's hash + #> + [CmdletBinding()] + param( + [string] $PathGlob + ) + begin { + foreach ($file in $(Get-ChildItem $PathGlob)) { + Write-Output "Hashing $($file.Name)" + $Hash = (Get-FileHash $file.FullName).Hash + "$($Hash.ToLower()) $($file.Name)" ` + | Out-File -Encoding ASCII -FilePath "$($file.FullName).sha256" + } + } +} + +function Save-Role { + <# + .SYNOPSIS + Assume an AWS role and save the session to the supplied file + #> + [CmdletBinding()] + param( + [string] $RoleArn, + [string] $RoleSessionName, + [string] $FilePath + ) + begin { + $RoleCreds = (Use-STSRole -RoleArn $RoleArn -RoleSessionName $RoleSessionName).Credentials + "[default]`r`naws_access_key_id = {0}`r`naws_secret_access_key = {1}`r`naws_session_token = {2}" -f $RoleCreds.AccessKeyId, $RoleCreds.SecretAccessKey, $RoleCreds.SessionToken | Out-File -FilePath $FilePath + } +} + +function Copy-Artifacts { + <# + .SYNOPSIS + Copies all files in the supplied directory into an S3 bucket + #> + [CmdletBinding()] + param( + [string] $ProfileLocation, + [string] $Path, + [string] $Bucket, + [string] $DstRoot + ) + begin { + foreach ($file in $(Get-ChildItem $Path)) { + Write-Output "Uploading $($file.Name)" + $Key = "$DstRoot/$($file.Name)" + Write-S3Object -ProfileLocation $ProfileLocation -File $file.FullName -Bucket $Bucket -Key $Key + } + } +} + +function Convert-Base64 { + [CmdletBinding()] + param( + [string] $FilePath, + [string] $Data + ) + begin { + $bytes = [Convert]::FromBase64String($Data) + Set-Content -Encoding Byte -Path $FilePath -Value $bytes + } +} + +function Get-Relcli { + <# + .SYNOPSIS + Downloads relcli + #> + [CmdletBinding()] + param( + [string] $Url, + [string] $Sha256, + [string] $Workspace + ) + begin { + Invoke-WebRequest $url -UseBasicParsing -OutFile "$Workspace\relcli.exe" + $gotSha256 = (Get-FileHash "$Workspace\relcli.exe").hash + if ($gotSha256 -ne $Sha256) { + Write-Output "sha256 mismatch: $gotSha256 != $Sha256" + } + } +} + +function Register-Artifacts { + <# + .SYNOPSIS + Invokes relcli to automatically upload built artifacts + #> + [CmdletBinding()] + param( + [string] $Workspace, + [string] $OutputsDir + ) + begin { + $certPath = "$Workspace/releases.crt" + $keyPath = "$Workspace/releases.key" + Convert-Base64 -Data $Env:RELEASES_CERT -FilePath $certPath + Convert-Base64 -Data $Env:RELEASES_KEY -FilePath $keyPath + & "$Workspace\relcli.exe" --cert $certPath --key $keyPath auto_upload -f -v 6 $OutputsDir + } +} + +function Send-ErrorMessage { + <# + .SYNOPSIS + Formats and sends a build failure message to Slack + #> + [CmdletBinding()] + param () + + begin { + $BuildUrl = "$Env:DRONE_SYSTEM_PROTO`://$Env:DRONE_SYSTEM_HOSTNAME/$Env:DRONE_REPO_OWNER/$Env:DRONE_REPO_NAME/$Env:DRONE_BUILD_NUMBER" + $GoOS = $(go env GOOS) + $GoArch = $(go env GOARCH) + $Msg = @" +Warning: ``$GoOS-$GoArch`` artifact build failed for [``$Env:DRONE_REPO_NAME``] - please investigate immediately! +Branch: ``$Env:DRONE_BRANCH`` +Commit: ``$Env:DRONE_COMMIT_SHA`` +Link: $BuildUrl +"@ + Invoke-RestMethod -Method 'Post' -Uri $Env:SLACK_WEBHOOK_DEV_TELEPORT -Body $(@{"text"=$Msg} | ConvertTo-Json) + } +} diff --git a/constants.go b/constants.go index 750794a6fabe9..1fd6a68da3430 100644 --- a/constants.go +++ b/constants.go @@ -125,6 +125,9 @@ const ( // ComponentDatabase is the database proxy service. ComponentDatabase = "db:service" + // ComponentDiscovery is the Discovery service. + ComponentDiscovery = "discovery:service" + // ComponentAppProxy is the application handler within the web proxy service. ComponentAppProxy = "app:web" @@ -149,6 +152,9 @@ const ( // ComponentSubsystemProxy is the proxy subsystem. ComponentSubsystemProxy = "subsystem:proxy" + // ComponentSubsystemSFTP is the SFTP subsystem. + ComponentSubsystemSFTP = "subsystem:sftp" + // ComponentLocalTerm is a terminal on a regular SSH node. ComponentLocalTerm = "term:local" @@ -246,6 +252,12 @@ const ( // ComponentTracing is a tracing exporter ComponentTracing = "tracing" + // ComponentInstance is an abstract component common to all services. + ComponentInstance = "instance" + + // ComponentVersionControl is the component common to all version control operations. + ComponentVersionControl = "version-control" + // DebugEnvVar tells tests to use verbose debug output DebugEnvVar = "DEBUG" @@ -449,6 +461,9 @@ const ( // CertExtensionAllowedResources lists the resources which this certificate // should be allowed to access CertExtensionAllowedResources = "teleport-allowed-resources" + // CertExtensionConnectionDiagnosticID contains the ID of the ConnectionDiagnostic. + // The Node/Agent will append connection traces to this diagnostic instance. + CertExtensionConnectionDiagnosticID = "teleport-connection-diagnostic-id" ) // Note: when adding new providers to this list, consider updating the help message for --provider flag @@ -514,34 +529,6 @@ const ( // TraitExternalPrefix is the role variable prefix that indicates the data comes from an external identity provider. TraitExternalPrefix = "external" - // TraitLogins is the name of the role variable used to store - // allowed logins. - TraitLogins = "logins" - - // TraitWindowsLogins is the name of the role variable used - // to store allowed Windows logins. - TraitWindowsLogins = "windows_logins" - - // TraitKubeGroups is the name the role variable used to store - // allowed kubernetes groups - TraitKubeGroups = "kubernetes_groups" - - // TraitKubeUsers is the name the role variable used to store - // allowed kubernetes users - TraitKubeUsers = "kubernetes_users" - - // TraitDBNames is the name of the role variable used to store - // allowed database names. - TraitDBNames = "db_names" - - // TraitDBUsers is the name of the role variable used to store - // allowed database users. - TraitDBUsers = "db_users" - - // TraitAWSRoleARNs is the name of the role variable used to store - // allowed AWS role ARNs. - TraitAWSRoleARNs = "aws_role_arns" - // TraitTeams is the name of the role variable use to store team // membership information TraitTeams = "github_teams" @@ -744,6 +731,10 @@ const ( // specific UID to prevent the matching user from being deleted before // spawning the intended child process. ParkSubCommand = "park" + + // SFTPSubCommand is the sub-command Teleport uses to re-exec itself to + // handle SFTP connections. + SFTPSubCommand = "sftp" ) const ( @@ -789,3 +780,15 @@ const UserSingleUseCertTTL = time.Minute // StandardHTTPSPort is the default port used for the https URI scheme, // cf. RFC 7230 § 2.7.2. const StandardHTTPSPort = 443 + +const ( + // WebAPIConnUpgrade is the HTTP web API to make the connection upgrade + // call. + WebAPIConnUpgrade = "/webapi/connectionupgrade" + // WebAPIConnUpgradeHeader is the header used to indicate the requested + // connection upgrade types in the connection upgrade API. + WebAPIConnUpgradeHeader = "Upgrade" + // WebAPIConnUpgradeTypeALPN is a connection upgrade type that specifies + // the upgraded connection should be handled by the ALPN handler. + WebAPIConnUpgradeTypeALPN = "alpn" +) diff --git a/docker/Dockerfile b/docker/Dockerfile index e8cb11a28e042..d56065dd0f543 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,6 +1,6 @@ # The base image (buildbox:latest) is built by running `make -C build.assets` # from the base repo directory $GOPATH/gravitational.com/teleport -FROM quay.io/gravitational/teleport-buildbox:teleport10 +FROM public.ecr.aws/gravitational/teleport-buildbox:teleport10 # DEBUG=1 is needed for the Web UI to be loaded from static assets instead # of the binary diff --git a/docker/sshd/Dockerfile b/docker/sshd/Dockerfile index 65462514fe9ab..9be4c53ad22ba 100644 --- a/docker/sshd/Dockerfile +++ b/docker/sshd/Dockerfile @@ -1,5 +1,5 @@ ARG TELEPORT_TAG -FROM quay.io/gravitational/teleport:${TELEPORT_TAG} +FROM public.ecr.aws/gravitational/teleport:${TELEPORT_TAG} # Demo ansible, ssh, htop RUN apt-get update && apt-get install -y ansible ssh inetutils-syslogd htop diff --git a/docker/teleport-ent-quickstart.yml b/docker/teleport-ent-quickstart.yml index f6b25dde811d7..ef2594a7bd310 100644 --- a/docker/teleport-ent-quickstart.yml +++ b/docker/teleport-ent-quickstart.yml @@ -3,7 +3,7 @@ services: # The configure container starts, generates a config, writes it to # /etc/teleport/teleport.yaml and then immediately exits. configure: - image: quay.io/gravitational/teleport-ent:9 + image: public.ecr.aws/gravitational/teleport-ent:10 container_name: teleport-configure entrypoint: /bin/sh hostname: localhost @@ -14,7 +14,7 @@ services: # This container depends on the config written by the configure container above, so it # sleeps for a second on startup to allow the configure container to run first. teleport: - image: quay.io/gravitational/teleport-ent:9 + image: public.ecr.aws/gravitational/teleport-ent:10 container_name: teleport entrypoint: /bin/sh hostname: localhost diff --git a/docker/teleport-lab.yml b/docker/teleport-lab.yml index 3298d11034d5e..019262f33d833 100644 --- a/docker/teleport-lab.yml +++ b/docker/teleport-lab.yml @@ -3,7 +3,7 @@ services: # This container depends on the config written by the configure container above, so it # sleeps for a second on startup to allow the configure container to run first. teleport: - image: quay.io/gravitational/teleport-lab:9 + image: public.ecr.aws/gravitational/teleport-lab:10 container_name: teleport entrypoint: /bin/sh hostname: luna.teleport @@ -24,7 +24,7 @@ services: # The bootstrap container generates certificates and then immediately exits. bootstrap: - image: quay.io/gravitational/teleport-lab:9 + image: public.ecr.aws/gravitational/teleport-lab:10 container_name: teleport-bootstrap entrypoint: /bin/sh command: -c "/etc/teleport.d/scripts/generate-certs.sh" @@ -41,7 +41,7 @@ services: # openssh is a demo of openssh node # openssh: - image: quay.io/gravitational/teleport-lab:9 + image: public.ecr.aws/gravitational/teleport-lab:10 container_name: openssh hostname: mars.openssh.teleport entrypoint: /bin/sh @@ -60,7 +60,7 @@ services: # term is a container with a terminal to try things out # term: - image: quay.io/gravitational/teleport-lab:9 + image: public.ecr.aws/gravitational/teleport-lab:10 hostname: term container_name: term entrypoint: /bin/sh diff --git a/docker/teleport-quickstart.yml b/docker/teleport-quickstart.yml index a8e1a7a7075d7..5e251a0261e3e 100644 --- a/docker/teleport-quickstart.yml +++ b/docker/teleport-quickstart.yml @@ -3,7 +3,7 @@ services: # The configure container starts, generates a config, writes it to # /etc/teleport/teleport.yaml and then immediately exits. configure: - image: quay.io/gravitational/teleport:9 + image: public.ecr.aws/gravitational/teleport:10 container_name: teleport-configure entrypoint: /bin/sh hostname: localhost @@ -14,7 +14,7 @@ services: # This container depends on the config written by the configure container above, so it # sleeps for a second on startup to allow the configure container to run first. teleport: - image: quay.io/gravitational/teleport:9 + image: public.ecr.aws/gravitational/teleport:10 container_name: teleport entrypoint: /bin/sh hostname: localhost diff --git a/docs/config.json b/docs/config.json index 524fd0ae970f5..29dca1a5f5de9 100644 --- a/docs/config.json +++ b/docs/config.json @@ -1,7 +1,7 @@ { "navigation": [ { - "icon": "stack", + "icon": "home", "title": "Home", "entries": [ { @@ -12,32 +12,6 @@ "title": "Adopters", "slug": "/adopters/" }, - { - "title": "Getting Started", - "slug": "/getting-started/", - "entries": [ - { - "title": "Linux Server", - "slug": "/getting-started/linux-server/", - "hideInScopes": [ - "enterprise", - "cloud" - ] - }, - { - "title": "Docker Compose", - "slug": "/getting-started/docker-compose/" - }, - { - "title": "DigitalOcean", - "slug": "/getting-started/digitalocean/", - "hideInScopes": [ - "enterprise", - "cloud" - ] - } - ] - }, { "title": "Installation", "slug": "/installation/" @@ -53,194 +27,476 @@ ] }, { - "icon": "wrench", - "title": "Setup", + "icon": "play", + "title": "Try out Teleport", "entries": [ { - "title": "Admin Guides", - "slug": "/setup/admin/", + "title": "Browser Labs", + "slug": "/try-out-teleport/browser-labs/" + }, + { + "title": "Docker Compose", + "slug": "/try-out-teleport/docker-compose/", + "forScopes": ["oss"] + }, + { + "title": "Local Kubernetes Lab", + "slug": "/try-out-teleport/local-kubernetes/", + "forScopes": ["oss"] + } + ] + }, + { + "icon": "quickstart", + "title": "Deploy a Cluster", + "entries": [ + { + "title": "Open Source Teleport", + "slug": "/deploy-a-cluster/open-source/", + "forScopes": ["oss"] + }, + { + "title": "Teleport Cloud", + "slug": "/deploy-a-cluster/teleport-cloud/introduction/", + "forScopes": ["cloud"], "entries": [ { - "title": "GitHub SSO", - "slug": "/setup/admin/github-sso/" + "title": "Getting Started", + "slug": "/deploy-a-cluster/teleport-cloud/getting-started/", + "forScopes": ["cloud"] }, { - "title": "Adding Nodes", - "slug": "/setup/admin/adding-nodes/" + "title": "Architecture", + "slug": "/deploy-a-cluster/teleport-cloud/architecture/", + "forScopes": ["cloud"] }, { - "title": "Trusted Clusters", - "slug": "/setup/admin/trustedclusters/" + "title": "Downloads", + "slug": "/deploy-a-cluster/teleport-cloud/downloads/", + "forScopes": ["cloud"] }, { - "title": "Labels", - "slug": "/setup/admin/labels/" + "title": "FAQ", + "slug": "/deploy-a-cluster/teleport-cloud/faq/", + "forScopes": ["cloud"] + } + ] + }, + { + "title": "Teleport Enterprise", + "slug": "/deploy-a-cluster/teleport-enterprise/introduction/", + "forScopes": ["enterprise"], + "entries": [ + { + "title": "Getting Started", + "slug": "/deploy-a-cluster/teleport-enterprise/getting-started/", + "forScopes": ["enterprise"] }, { - "title": "Local Users", - "slug": "/setup/admin/users/" + "title": "HSM", + "slug": "/deploy-a-cluster/teleport-enterprise/hsm/", + "forScopes": ["enterprise"] }, { - "title": "Troubleshooting", - "slug": "/setup/admin/troubleshooting/" + "title": "Enterprise License File", + "slug": "/deploy-a-cluster/teleport-enterprise/license/", + "forScopes": ["enterprise"] + } + ] + }, + { + "title": "Deploy with Helm", + "slug": "/deploy-a-cluster/helm-deployments/", + "forScopes": ["oss", "enterprise"], + "entries": [ + { + "title": "Deploy Teleport on Kubernetes", + "slug": "/deploy-a-cluster/helm-deployments/kubernetes-cluster/", + "forScopes": ["oss", "enterprise"] }, { - "title": "Upgrading the Teleport Binary", - "slug": "/setup/admin/graceful-restarts/" + "title": "AWS EKS Cluster", + "slug": "/deploy-a-cluster/helm-deployments/aws/", + "forScopes": ["oss", "enterprise"] }, { - "title": "Run Teleport as a Daemon", - "slug": "/setup/admin/daemon/" + "title": "Google Cloud GKE Cluster", + "slug": "/deploy-a-cluster/helm-deployments/gcp/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "DigitalOcean Kubernetes Cluster", + "slug": "/deploy-a-cluster/helm-deployments/digitalocean/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "Customize Deployment Config", + "slug": "/deploy-a-cluster/helm-deployments/custom/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "Migrating From Older Charts", + "slug": "/deploy-a-cluster/helm-deployments/migration/", + "forScopes": ["oss", "enterprise"] } ] }, { - "title": "Deployments", - "slug": "/setup/deployments/", - "hideInScopes": "cloud", + "title": "Deploy to your Cloud", + "slug": "/deploy-a-cluster/deployments/", + "forScopes": ["oss", "enterprise"], "entries": [ { "title": "AWS Terraform", - "slug": "/setup/deployments/aws-terraform/", - "hideInScopes": "cloud" + "slug": "/deploy-a-cluster/deployments/aws-terraform/", + "forScopes": ["oss", "enterprise"] }, { "title": "GCP", - "slug": "/setup/deployments/gcp/", - "hideInScopes": "cloud" + "slug": "/deploy-a-cluster/deployments/gcp/", + "forScopes": ["oss", "enterprise"] }, { "title": "IBM", - "slug": "/setup/deployments/ibm/", - "hideInScopes": "cloud" + "slug": "/deploy-a-cluster/deployments/ibm/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "Digital Ocean", + "slug": "/deploy-a-cluster/deployments/digitalocean/", + "forScopes": ["oss", "enterprise"] } ] + } + ] + }, + { + "icon": "lock", + "title": "Configure Access", + "entries": [ + { + "title": "Introduction", + "slug": "/access-controls/introduction/" }, { - "title": "Operations", - "slug": "/setup/operations/", + "title": "Getting Started", + "slug": "/access-controls/getting-started/" + }, + { + "title": "Cluster Access and RBAC", + "slug": "/access-controls/guides/", "entries": [ { - "title": "Scaling", - "slug": "/setup/operations/scaling/", - "hideInScopes": "cloud" + "title": "Role Templates", + "slug": "/access-controls/guides/role-templates/" }, { - "title": "Upgrading a Cluster", - "slug": "/setup/operations/upgrading/" + "title": "Session Locking", + "slug": "/access-controls/guides/locking/" }, { - "title": "Backup and Restore", - "slug": "/setup/operations/backup-restore/" + "title": "Passwordless (Preview)", + "slug": "/access-controls/guides/passwordless/" }, { - "title": "Cert Authority Rotation", - "slug": "/setup/operations/ca-rotation/" + "title": "Second Factor - WebAuthn", + "slug": "/access-controls/guides/webauthn/" }, { - "title": "TLS Routing Migration", - "slug": "/setup/operations/tls-routing/" + "title": "Per-session MFA", + "slug": "/access-controls/guides/per-session-mfa/" + }, + { + "title": "Dual Authorization", + "slug": "/access-controls/guides/dual-authz/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "Impersonation", + "slug": "/access-controls/guides/impersonation/" + }, + { + "title": "Moderated Sessions", + "slug": "/access-controls/guides/moderated-sessions/", + "forScopes": ["enterprise", "cloud"] } ] }, { - "title": "Security", - "slug": "/setup/security/", + "title": "Single Sign-On (SSO)", + "slug": "/access-controls/sso/", "entries": [ { - "title": "Reducing the Blast Radius of Attacks", - "slug": "/setup/security/reduce-blast-radius/" + "title": "GitHub SSO", + "slug": "/access-controls/sso/github-sso/" + }, + { + "title": "Azure Active Directory (AD)", + "slug": "/access-controls/sso/azuread/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "Active Directory (ADFS)", + "slug": "/access-controls/sso/adfs/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "Google Workspace", + "slug": "/access-controls/sso/google-workspace/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "GitLab", + "slug": "/access-controls/sso/gitlab/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "OneLogin", + "slug": "/access-controls/sso/one-login/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "OIDC", + "slug": "/access-controls/sso/oidc/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "Okta", + "slug": "/access-controls/sso/okta/", + "forScopes": ["enterprise", "cloud"] } ] }, { - "title": "Integrations", - "slug": "/setup/guides/", + "title": "Access Requests", + "slug": "/access-controls/access-requests/", "entries": [ { - "title": "Terraform Provider", - "slug": "/setup/guides/terraform-provider/" + "title": "Role Requests", + "slug": "/access-controls/access-requests/role-requests/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Docker", - "slug": "/setup/guides/docker/" + "title": "Resource Requests", + "slug": "/access-controls/access-requests/resource-requests/", + "forScopes": ["enterprise", "cloud"] + } + ] + }, + { + "title": "Access Request Plugins", + "slug": "/access-controls/access-request-plugins/", + "forScopes": ["enterprise", "cloud"], + "entries": [ + { + "title": "Mattermost", + "slug": "/access-controls/access-request-plugins/ssh-approval-mattermost/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Fluentd", - "slug": "/setup/guides/fluentd/" + "title": "Microsoft Teams", + "slug": "/access-controls/access-request-plugins/ssh-approval-msteams/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "EC2 Tags", - "slug": "/setup/guides/ec2-tags/" + "title": "PagerDuty", + "slug": "/access-controls/access-request-plugins/ssh-approval-pagerduty/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Joining Nodes via AWS IAM", - "slug": "/setup/guides/joining-nodes-aws-iam/" + "title": "Jira Server", + "slug": "/access-controls/access-request-plugins/ssh-approval-jira-server/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Joining Nodes via AWS EC2", - "slug": "/setup/guides/joining-nodes-aws-ec2/", - "hideInScopes": "cloud" + "title": "Jira Cloud", + "slug": "/access-controls/access-request-plugins/ssh-approval-jira-cloud/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Using Teleport's CA with GitHub", - "slug": "/setup/guides/ssh-key-extensions/" + "title": "Slack", + "slug": "/access-controls/access-request-plugins/ssh-approval-slack/", + "forScopes": ["enterprise", "cloud"] + }, + { + "title": "Email", + "slug": "/access-controls/access-request-plugins/ssh-approval-email/", + "forScopes": ["enterprise", "cloud"] + } + ] + }, + { + "title": "Compliance Frameworks", + "slug": "/access-controls/compliance-frameworks/", + "forScopes": ["enterprise", "cloud"], + "entries": [ + { + "title": "FedRAMP", + "slug": "/access-controls/compliance-frameworks/fedramp/", + "forScopes": ["enterprise"] + }, + { + "title": "SOC 2", + "slug": "/access-controls/compliance-frameworks/soc2/", + "forScopes": ["enterprise", "cloud"] } ] }, + { "title": "Reference", - "slug": "/setup/reference/", + "slug": "/access-controls/reference/" + }, + { + "title": "FAQ", + "slug": "/access-controls/faq/" + } + ] + }, + { + "icon": "wrench", + "title": "Manage your Cluster", + "entries": [ + { + "title": "Admin Guides", + "slug": "/management/admin/", + "entries": [ + { + "title": "Adding Nodes", + "slug": "/management/admin/adding-nodes/" + }, + { + "title": "Trusted Clusters", + "slug": "/management/admin/trustedclusters/" + }, + { + "title": "Labels", + "slug": "/management/admin/labels/" + }, + { + "title": "Local Users", + "slug": "/management/admin/users/" + }, + { + "title": "Troubleshooting", + "slug": "/management/admin/troubleshooting/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "Upgrading the Teleport Binary", + "slug": "/management/admin/upgrading-the-teleport-binary/" + }, + { + "title": "Run Teleport as a Daemon", + "slug": "/management/admin/daemon/" + } + ] + }, + { + "title": "Operations", + "slug": "/management/operations/", "entries": [ { - "title": "Config File", - "slug": "/setup/reference/config/" + "title": "Scaling", + "slug": "/management/operations/scaling/", + "forScopes": ["oss", "enterprise"] + }, + { + "title": "Upgrading a Cluster", + "slug": "/management/operations/upgrading/" + }, + { + "title": "Backup and Restore", + "slug": "/management/operations/backup-restore/", + "forScopes": ["oss", "enterprise"] }, { - "title": "Config Resources", - "slug": "/setup/reference/resources/" + "title": "Cert Authority Rotation", + "slug": "/management/operations/ca-rotation/" }, { - "title": "Command Line", - "slug": "/setup/reference/cli/" + "title": "TLS Routing Migration", + "slug": "/management/operations/tls-routing/", + "forScopes": ["oss", "enterprise"] + } + ] + }, + { + "title": "Security", + "slug": "/management/security/", + "entries": [ + { + "title": "Reducing the Blast Radius of Attacks", + "slug": "/management/security/reduce-blast-radius/" + } + ] + }, + { + "title": "Integrations", + "slug": "/management/guides/", + "entries": [ + { + "title": "Kubernetes Operator (Preview)", + "slug": "/management/guides/teleport-operator/" }, { - "title": "Metrics", - "slug": "/setup/reference/metrics/" + "title": "Terraform Provider", + "slug": "/management/guides/terraform-provider/" }, { - "title": "Terraform Resources", - "slug": "/setup/reference/terraform-provider/" + "title": "Docker", + "slug": "/management/guides/docker/" }, { - "title": "Audit Events and Records", - "slug": "/setup/reference/audit/" + "title": "Fluentd", + "slug": "/management/guides/fluentd/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Authentication", - "slug": "/setup/reference/authentication/" + "title": "Monitor Audit Events with the Elastic Stack", + "slug": "/management/guides/elastic-stack/", + "forScopes": ["enterprise", "cloud"] }, { - "title": "Storage Backends", - "slug": "/setup/reference/backends/", - "hideInScopes": "cloud" + "title": "EC2 Tags", + "slug": "/management/guides/ec2-tags/" }, { - "title": "Networking", - "slug": "/setup/reference/networking/" + "title": "Joining Nodes via AWS IAM", + "slug": "/management/guides/joining-nodes-aws-iam/" }, { - "title": "Predicate Language", - "slug": "/setup/reference/predicate-language/" + "title": "Joining Nodes via AWS EC2", + "slug": "/management/guides/joining-nodes-aws-ec2/", + "forScopes": ["oss", "enterprise"] }, { - "title": "Signals", - "slug": "/setup/reference/signals/" + "title": "Using Teleport's CA with GitHub", + "slug": "/management/guides/ssh-key-extensions/" } ] } ] }, + { + "icon": "connect", + "title": "Connect your Client", + "entries": [ + { + "title": "Using tsh", + "slug": "/connect-your-client/tsh/" + }, + { + "title": "Using Teleport Connect", + "slug": "/connect-your-client/teleport-connect/" + }, + + { + "title": "Database GUI Clients", + "slug": "/connect-your-client/gui-clients/" + } + ] + }, { "icon": "window", "title": "Application Access", @@ -258,15 +514,19 @@ "slug": "/application-access/guides/", "entries": [ { - "title": "Connecting Apps", + "title": "Web App Access", "slug": "/application-access/guides/connecting-apps/" }, + { + "title": "TCP App Access (Preview)", + "slug": "/application-access/guides/tcp/" + }, { "title": "API Access", "slug": "/application-access/guides/api-access/" }, { - "title": "AWS Console Access", + "title": "AWS Access", "slug": "/application-access/guides/aws-console/" }, { @@ -319,10 +579,6 @@ "title": "Using Teleport with PAM", "slug": "/server-access/guides/ssh-pam/" }, - { - "title": "Using TSH", - "slug": "/server-access/guides/tsh/" - }, { "title": "OpenSSH Guide", "slug": "/server-access/guides/openssh/" @@ -330,7 +586,7 @@ { "title": "Recording Proxy Mode", "slug": "/server-access/guides/recording-proxy-mode/", - "hideInScopes": "cloud" + "forScopes": ["oss", "enterprise"] }, { "title": "BPF Session Recording", @@ -343,6 +599,10 @@ { "title": "Visual Studio Code", "slug": "/server-access/guides/vscode/" + }, + { + "title": "Host User Creation", + "slug": "/server-access/guides/host-user-creation/" } ] } @@ -358,22 +618,7 @@ }, { "title": "Getting Started", - "slug": "/kubernetes-access/getting-started/", - "entries": [ - { - "title": "Local Demo Cluster", - "slug": "/kubernetes-access/getting-started/local/" - }, - { - "title": "Cluster", - "slug": "/kubernetes-access/getting-started/cluster/", - "hideInScopes": "cloud" - }, - { - "title": "Agent", - "slug": "/kubernetes-access/getting-started/agent/" - } - ] + "slug": "/kubernetes-access/getting-started/" }, { "title": "Guides", @@ -393,53 +638,8 @@ }, { "title": "Standalone", - "slug": "/kubernetes-access/guides/standalone-teleport/" - } - ] - }, - { - "title": "Helm Guides", - "slug": "/kubernetes-access/helm/guides/", - "hideInScopes": "cloud", - "entries": [ - { - "title": "AWS EKS Cluster", - "slug": "/kubernetes-access/helm/guides/aws/", - "hideInScopes": "cloud" - }, - { - "title": "Google Cloud GKE Cluster", - "slug": "/kubernetes-access/helm/guides/gcp/", - "hideInScopes": "cloud" - }, - { - "title": "DigitalOcean Kubernetes Cluster", - "slug": "/kubernetes-access/helm/guides/digitalocean/", - "hideInScopes": "cloud" - }, - { - "title": "Customize Deployment Config", - "slug": "/kubernetes-access/helm/guides/custom/", - "hideInScopes": "cloud" - }, - { - "title": "Migrating From Older Charts", - "slug": "/kubernetes-access/helm/guides/migration/", - "hideInScopes": "cloud" - } - ] - }, - { - "title": "Helm Chart Reference", - "slug": "/kubernetes-access/helm/reference/", - "entries": [ - { - "title": "teleport-cluster", - "slug": "/kubernetes-access/helm/reference/teleport-cluster/" - }, - { - "title": "teleport-kube-agent", - "slug": "/kubernetes-access/helm/reference/teleport-kube-agent/" + "slug": "/kubernetes-access/guides/standalone-teleport/", + "forScopes": ["enterprise", "oss"] } ] }, @@ -473,6 +673,14 @@ "title": "AWS Redshift", "slug": "/database-access/guides/postgres-redshift/" }, + { + "title": "AWS ElastiCache & MemoryDB", + "slug": "/database-access/guides/redis-aws/" + }, + { + "title": "AWS DynamoDB", + "slug": "/database-access/guides/dynamodb/" + }, { "title": "GCP Cloud SQL PostgreSQL", "slug": "/database-access/guides/postgres-cloudsql/" @@ -518,8 +726,8 @@ "slug": "/database-access/guides/sql-server-ad/" }, { - "title": "Database GUI Clients", - "slug": "/database-access/guides/gui-clients/" + "title": "Snowflake (Preview)", + "slug": "/database-access/guides/snowflake/" }, { "title": "Dynamic Registration", @@ -583,6 +791,10 @@ "title": "Access Controls", "slug": "/desktop-access/rbac/" }, + { + "title": "Directory Sharing", + "slug": "/desktop-access/directory-sharing/" + }, { "title": "Reference", "slug": "/desktop-access/reference/", @@ -627,6 +839,18 @@ "title": "Getting Started", "slug": "/machine-id/getting-started/" }, + { + "title": "Architecture", + "slug": "/machine-id/architecture/" + }, + { + "title": "Troubleshooting", + "slug": "/machine-id/troubleshooting/" + }, + { + "title": "FAQ", + "slug": "/machine-id/faq/" + }, { "title": "Reference", "slug": "/machine-id/reference/", @@ -646,72 +870,26 @@ "slug": "/machine-id/guides/", "entries": [ { - "title": "Machine ID with Ansible", + "title": "Ansible", "slug": "/machine-id/guides/ansible/" }, { - "title": "Machine ID with Jenkins", + "title": "Jenkins", "slug": "/machine-id/guides/jenkins/" - } - ] - } - ] - }, - { - "icon": "lock", - "title": "Access Controls", - "entries": [ - { - "title": "Introduction", - "slug": "/access-controls/introduction/" - }, - { - "title": "Getting Started", - "slug": "/access-controls/getting-started/" - }, - { - "title": "Guides", - "slug": "/access-controls/guides/", - "entries": [ - { - "title": "Role Templates", - "slug": "/access-controls/guides/role-templates/" }, { - "title": "Session Locking", - "slug": "/access-controls/guides/locking/" + "title": "Databases", + "slug": "/machine-id/guides/databases/" }, { - "title": "Second Factor - WebAuthn", - "slug": "/access-controls/guides/webauthn/" + "title": "Kubernetes", + "slug": "/machine-id/guides/kubernetes/" }, { - "title": "Per-session MFA", - "slug": "/access-controls/guides/per-session-mfa/" - }, - { - "title": "Dual Authorization", - "slug": "/access-controls/guides/dual-authz/", - "hideInScopes": "oss" - }, - { - "title": "Impersonation", - "slug": "/access-controls/guides/impersonation/" - }, - { - "title": "Moderated Sessions", - "slug": "/access-controls/guides/moderated-sessions/", - "hideInScopes": "oss" + "title": "Applications", + "slug": "/machine-id/guides/applications/" } ] - }, - { - "title": "Reference", - "slug": "/access-controls/reference/" - }, - { - "title": "FAQ", - "slug": "/access-controls/faq/" } ] }, @@ -744,150 +922,83 @@ ] }, { - "icon": "building", - "title": "Teleport Enterprise", + "icon": "book", + "title": "Reference", "entries": [ { - "title": "Introduction", - "slug": "/enterprise/introduction/" + "title": "Config File", + "slug": "/reference/config/" }, { - "title": "Getting Started", - "slug": "/enterprise/getting-started/", - "hideInScopes": [ - "oss", - "cloud" - ] + "title": "Config Resources", + "slug": "/reference/resources/" }, { - "title": "Single Sign-On (SSO)", - "slug": "/enterprise/sso/", - "hideInScopes": [ - "oss" - ], - "entries": [ - { - "title": "Azure Active Directory (AD)", - "slug": "/enterprise/sso/azuread/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "Active Directory (ADFS)", - "slug": "/enterprise/sso/adfs/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "Google Workspace", - "slug": "/enterprise/sso/google-workspace/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "GitLab", - "slug": "/enterprise/sso/gitlab/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "OneLogin", - "slug": "/enterprise/sso/one-login/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "OIDC", - "slug": "/enterprise/sso/oidc/", - "hideInScopes": [ - "oss" - ] - }, - { - "title": "Okta", - "slug": "/enterprise/sso/okta/", - "hideInScopes": [ - "oss" - ] - } - ] + "title": "Command Line", + "slug": "/reference/cli/" }, { - "title": "Access Requests", - "slug": "/enterprise/workflow/", - "hideInScopes": [ - "oss" - ] + "title": "Metrics", + "slug": "/reference/metrics/" }, { - "title": "FedRAMP", - "slug": "/enterprise/fedramp/", - "hideInScopes": [ - "cloud", - "oss" - ] + "title": "Terraform Resources", + "slug": "/reference/terraform-provider/" }, { - "title": "SOC2", - "slug": "/enterprise/soc2/", - "hideInScopes": [ - "oss" - ] + "title": "Audit Events and Records", + "slug": "/reference/audit/" }, { - "title": "HSM", - "slug": "/enterprise/hsm/", - "hideInScopes": [ - "cloud", - "oss" - ] + "title": "Authentication", + "slug": "/reference/authentication/" }, { - "title": "Enterprise License File", - "slug": "/enterprise/license/", - "hideInScopes": [ - "cloud", - "oss" - ] - } - ] - }, - { - "icon": "cloud", - "title": "Cloud", - "entries": [ - { - "title": "Introduction", - "slug": "/cloud/introduction/" + "title": "Storage Backends", + "slug": "/reference/backends/", + "forScopes": ["oss", "enterprise"] }, { - "title": "Getting Started", - "slug": "/cloud/getting-started/", - "hideInScopes": [ - "oss", - "enterprise" - ] + "title": "Networking", + "slug": "/reference/networking/" }, { - "title": "Architecture", - "slug": "/cloud/architecture/" + "title": "Predicate Language", + "slug": "/reference/predicate-language/" }, { - "title": "Downloads", - "slug": "/cloud/downloads/", - "hideInScopes": [ - "oss", - "enterprise" - ] + "title": "Signals", + "slug": "/reference/signals/" }, { - "title": "FAQ", - "slug": "/cloud/faq/" + "title": "Helm Charts", + "slug": "/reference/helm-reference/", + "entries": [ + { + "title": "teleport-cluster", + "slug": "/reference/helm-reference/teleport-cluster/" + }, + { + "title": "teleport-kube-agent", + "slug": "/reference/helm-reference/teleport-kube-agent/" + }, + { + "title": "teleport-plugin-jira", + "slug": "/reference/helm-reference/teleport-plugin-jira/" + }, + { + "title": "teleport-plugin-event-handler", + "slug": "/reference/helm-reference/teleport-plugin-event-handler/" + }, + { + "title": "teleport-plugin-mattermost", + "slug": "/reference/helm-reference/teleport-plugin-mattermost/" + }, + { + "title": "teleport-plugin-pagerduty", + "slug": "/reference/helm-reference/teleport-plugin-pagerduty/" + } + ] } ] }, @@ -896,20 +1007,16 @@ "title": "Architecture", "entries": [ { - "title": "Architecture Overview", + "title": "Overview", "slug": "/architecture/overview/" }, { - "title": "Teleport Users", - "slug": "/architecture/users/" - }, - { - "title": "Teleport Nodes", - "slug": "/architecture/nodes/" + "title": "Authentication", + "slug": "/architecture/authentication/" }, { - "title": "Teleport Auth", - "slug": "/architecture/authentication/" + "title": "Authorization", + "slug": "/architecture/authorization/" }, { "title": "Teleport Proxy", @@ -917,7 +1024,11 @@ }, { "title": "Trusted Clusters", - "slug": "/trustedclusters/" + "slug": "/architecture/trustedclusters/" + }, + { + "title": "Teleport Nodes", + "slug": "/architecture/nodes/" }, { "title": "TLS Routing", @@ -955,7 +1066,7 @@ } ], "variables": { - "version": "7.0", + "version": "10.0", "terraform": { "version": "1.0.0" }, @@ -971,10 +1082,11 @@ "control_url": "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=" }, "soc2": { - "last_report": "April 12th, 2021" + "last_report": "August 9th, 2022" }, "cloud": { - "version": "8.3.4", + "version": "10.3.1", + "major_version": "10", "sla": { "monthly_percentage": "99.5%", "monthly_downtime": "3 hours 40 minutes" @@ -1003,35 +1115,36 @@ "min_version": "3.6" }, "teleport": { - "version": "9.0.4", - "golang": "1.17", + "major_version": "10", + "version": "10.3.1", + "golang": "1.18", "plugin": { - "version": "9.0.4" + "version": "10.3.1" }, "helm_repo_url": "https://charts.releases.teleport.dev", - "latest_oss_docker_image": "quay.io/gravitational/teleport:9.1.2", - "latest_ent_docker_image": "quay.io/gravitational/teleport-ent:9.1.2" + "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport:10.3.1", + "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent:10.3.1" } }, "redirects": [ { - "source": "/user-manual/", - "destination": "/server-access/guides/tsh/", + "source": "/architecture/users/", + "destination": "/architecture/authorization/", "permanent": true }, { "source": "/production/", - "destination": "/setup/deployments/", + "destination": "/deploy-a-cluster/deployments/", "permanent": true }, { "source": "/admin-guide/", - "destination": "/setup/admin/", + "destination": "/management/admin/", "permanent": true }, { "source": "/trustedclusters/", - "destination": "/setup/admin/trustedclusters/", + "destination": "/management/admin/trustedclusters/", "permanent": true }, { @@ -1051,87 +1164,87 @@ }, { "source": "/metrics-logs-reference/", - "destination": "/setup/reference/metrics/", + "destination": "/reference/metrics/", "permanent": true }, { "source": "/config-reference/", - "destination": "/setup/reference/config/", + "destination": "/reference/config/", "permanent": true }, { "source": "/cli-docs/", - "destination": "/setup/reference/cli/", + "destination": "/reference/cli/", "permanent": true }, { "source": "/enterprise/ssh-kubernetes-fedramp/", - "destination": "/enterprise/fedramp/", + "destination": "/access-controls/compliance-frameworks/fedramp/", "permanent": true }, { "source": "/enterprise/sso/ssh-one-login/", - "destination": "/enterprise/sso/one-login/", + "destination": "/access-controls/sso/one-login/", "permanent": true }, { "source": "/enterprise/sso/ssh-okta/", - "destination": "/enterprise/sso/okta/", + "destination": "/access-controls/sso/okta/", "permanent": true }, { "source": "/enterprise/sso/ssh-google-workspace/", - "destination": "/enterprise/sso/google-workspace/", + "destination": "/access-controls/sso/google-workspace/", "permanent": true }, { "source": "/enterprise/sso/ssh-azuread/", - "destination": "/enterprise/sso/azuread/", + "destination": "/access-controls/sso/azuread/", "permanent": true }, { "source": "/enterprise/sso/ssh-adfs/", - "destination": "/enterprise/sso/adfs/", + "destination": "/access-controls/sso/adfs/", "permanent": true }, { "source": "/enterprise/sso/ssh-sso/", - "destination": "/enterprise/sso/", + "destination": "/access-controls/sso/", "permanent": true }, { "source": "/enterprise/ssh_sso/", - "destination": "/enterprise/sso/", + "destination": "/access-controls/sso/", "permanent": true }, { "source": "/enterprise/quickstart-enterprise/", - "destination": "/enterprise/getting-started/", + "destination": "/deploy-a-cluster/teleport-enterprise/getting-started/", "permanent": true }, { "source": "/gcp-guide/", - "destination": "/setup/deployments/gcp/", + "destination": "/deploy-a-cluster/deployments/gcp/", "permanent": true }, { "source": "/ibm-cloud-guide/", - "destination": "/setup/deployments/ibm/", + "destination": "/deploy-a-cluster/deployments/ibm/", "permanent": true }, { "source": "/aws-terraform-guide/", - "destination": "/setup/deployments/aws-terraform/", + "destination": "/deploy-a-cluster/deployments/aws-terraform/", "permanent": true }, { "source": "/setup/guides/docker-compose/", - "destination": "/setup/guides/docker/", + "destination": "/management/guides/docker/", "permanent": true }, { "source": "/cloud/", - "destination": "/cloud/introduction/", + "destination": "/deploy-a-cluster/teleport-cloud/", "permanent": true }, { @@ -1166,7 +1279,7 @@ }, { "source": "/preview/cloud/", - "destination": "/cloud/", + "destination": "/deploy-a-cluster/teleport-cloud/", "permanent": true }, { @@ -1184,11 +1297,6 @@ "destination": "/server-access/guides/openssh/", "permanent": true }, - { - "source": "/enterprise/sso/ssh-gsuite/", - "destination": "/enterprise/sso/ssh-google-workspace/", - "permanent": true - }, { "source": "/features/enhanced-session-recording/", "destination": "/server-access/guides/bpf-session-recording/", @@ -1196,7 +1304,7 @@ }, { "source": "/quickstart-docker/", - "destination": "/setup/guides/docker/", + "destination": "/management/guides/docker/", "permanent": true }, { @@ -1226,12 +1334,12 @@ }, { "source": "/setup/guides/joining-nodes-aws/", - "destination": "/setup/guides/joining-nodes-aws-iam/", + "destination": "/management/guides/joining-nodes-aws-iam/", "permanent": true }, { - "source": "/docs/setup/reference/license/", - "destination": "/docs/enterprise/license/", + "source": "/setup/reference/license/", + "destination": "/deploy-a-cluster/teleport-enterprise/license/", "permanent": true }, { @@ -1254,6 +1362,11 @@ "destination": "/machine-id/guides/ansible/", "permanent": true }, + { + "source": "/server-access/guides/tsh/", + "destination": "/connect-your-client/tsh/", + "permanent": true + }, { "source": "/cluster/", "destination": "/kubernetes-access/guides/multiple-clusters/", @@ -1263,6 +1376,516 @@ "source": "/application-access/guides/jwt/", "destination": "/application-access/jwt/", "permanent": true + }, + { + "source": "/getting-started/digitalocean/", + "destination": "/deploy-a-cluster/deployments/digitalocean/", + "permanent": true + }, + { + "source": "/kubernetes-access/getting-started/agent/", + "destination": "/kubernetes-access/getting-started/", + "permanent": true + }, + { + "source": "/kubernetes-access/getting-started/cluster/", + "destination": "/deploy-a-cluster/helm-deployments/kubernetes-cluster/", + "permanent": true + }, + { + "source": "/kubernetes-access/getting-started/local/", + "destination": "/try-out-teleport/local-kubernetes/", + "permanent": true + }, + { + "source": "/access-controls/guides/u2f/", + "destination": "/access-controls/guides/webauthn/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/", + "destination": "/deploy-a-cluster/helm-deployments/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/aws/", + "destination": "/deploy-a-cluster/helm-deployments/aws/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/custom/", + "destination": "/deploy-a-cluster/helm-deployments/custom/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/digitalocean/", + "destination": "/deploy-a-cluster/helm-deployments/digitalocean/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/gcp/", + "destination": "/deploy-a-cluster/helm-deployments/gcp/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/guides/migration/", + "destination": "/deploy-a-cluster/helm-deployments/migration/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/reference/", + "destination": "/reference/helm-reference/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/reference/teleport-cluster/", + "destination": "/reference/helm-reference/teleport-cluster/", + "permanent": true + }, + { + "source": "/kubernetes-access/helm/reference/teleport-kube-agent/", + "destination": "/reference/helm-reference/teleport-kube-agent/", + "permanent": true + }, + { + "source": "/access-controls/guides/u2f/", + "destination": "/access-controls/guides/webauthn/", + "permanent": true + }, + { + "source": "/setup/admin/graceful-restarts/", + "destination": "/management/admin/upgrading-the-teleport-binary/", + "permanent": true + }, + { + "source": "/enterprise/workflow/", + "destination": "/access-controls/access-requests/", + "permanent": true + }, + { + "source": "/enterprise/workflow/ssh-approval-mattermost/", + "destination": "/access-controls/access-request-plugins/ssh-approval-mattermost/", + "permanent": true + }, + { + "source": "/enterprise/workflow/ssh-approval-pagerduty/", + "destination": "/access-controls/access-request-plugins/ssh-approval-pagerduty/", + "permanent": true + }, + { + "source": "/enterprise/workflow/ssh-approval-jira-server/", + "destination": "/access-controls/access-request-plugins/ssh-approval-jira-server/", + "permanent": true + }, + { + "source": "/enterprise/workflow/ssh-approval-jira-cloud/", + "destination": "/access-controls/access-request-plugins/ssh-approval-jira-cloud/", + "permanent": true + }, + { + "source": "/enterprise/workflow/ssh-approval-slack/", + "destination": "/access-controls/access-request-plugins/ssh-approval-slack/", + "permanent": true + }, + { + "source": "/enterprise/workflow/resource-requests/", + "destination": "/access-controls/access-requests/resource-requests/", + "permanent": true + }, + { + "source": "/enterprise/workflow/role-requests/", + "destination": "/access-controls/access-requests/role-requests/", + "permanent": true + }, + { + "source": "/user-manual/", + "destination": "/", + "permanent": true + }, + { + "source": "/enterprise/fedramp/", + "destination": "/access-controls/compliance-frameworks/fedramp/", + "permanent": true + }, + { + "source": "/enterprise/soc2/", + "destination": "/access-controls/compliance-frameworks/soc2/", + "permanent": true + }, + { + "source": "/enterprise/sso/", + "destination": "/access-controls/sso/", + "permanent": true + }, + { + "source": "/enterprise/sso/adfs/", + "destination": "/access-controls/sso/adfs/", + "permanent": true + }, + { + "source": "/enterprise/sso/azuread/", + "destination": "/access-controls/sso/azuread/", + "permanent": true + }, + { + "source": "/setup/admin/github-sso/", + "destination": "/access-controls/sso/github-sso/", + "permanent": true + }, + { + "source": "/enterprise/sso/gitlab/", + "destination": "/access-controls/sso/gitlab/", + "permanent": true + }, + { + "source": "/enterprise/sso/google-workspace/", + "destination": "/access-controls/sso/google-workspace/", + "permanent": true + }, + { + "source": "/enterprise/sso/oidc/", + "destination": "/access-controls/sso/oidc/", + "permanent": true + }, + { + "source": "/enterprise/sso/okta/", + "destination": "/access-controls/sso/okta/", + "permanent": true + }, + { + "source": "/enterprise/sso/one-login/", + "destination": "/access-controls/sso/one-login/", + "permanent": true + }, + { + "source": "/database-access/guides/gui-clients/", + "destination": "/connect-your-client/gui-clients/", + "permanent": true + }, + { + "source": "/use-teleport/teleport-connect/", + "destination": "/connect-your-client/teleport-connect/", + "permanent": true + }, + { + "source": "/use-teleport/tsh/", + "destination": "/connect-your-client/tsh/", + "permanent": true + }, + { + "source": "/setup/deployments/", + "destination": "/deploy-a-cluster/deployments/", + "permanent": true + }, + { + "source": "/setup/deployments/aws-terraform/", + "destination": "/deploy-a-cluster/deployments/aws-terraform/", + "permanent": true + }, + { + "source": "/setup/deployments/digitalocean/", + "destination": "/deploy-a-cluster/deployments/digitalocean/", + "permanent": true + }, + { + "source": "/setup/deployments/gcp/", + "destination": "/deploy-a-cluster/deployments/gcp/", + "permanent": true + }, + { + "source": "/setup/deployments/ibm/", + "destination": "/deploy-a-cluster/deployments/ibm/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/", + "destination": "/deploy-a-cluster/helm-deployments/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/aws/", + "destination": "/deploy-a-cluster/helm-deployments/aws/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/custom/", + "destination": "/deploy-a-cluster/helm-deployments/custom/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/digitalocean/", + "destination": "/deploy-a-cluster/helm-deployments/digitalocean/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/gcp/", + "destination": "/deploy-a-cluster/helm-deployments/gcp/", + "permanent": true + }, + { + "source": "/getting-started/kubernetes-cluster/", + "destination": "/deploy-a-cluster/helm-deployments/kubernetes-cluster/", + "permanent": true + }, + { + "source": "/setup/helm-deployments/migration/", + "destination": "/deploy-a-cluster/helm-deployments/migration/", + "permanent": true + }, + { + "source": "/getting-started/linux-server/", + "destination": "/deploy-a-cluster/open-source/", + "permanent": true + }, + { + "source": "/cloud/architecture/", + "destination": "/deploy-a-cluster/teleport-cloud/architecture/", + "permanent": true + }, + { + "source": "/cloud/downloads/", + "destination": "/deploy-a-cluster/teleport-cloud/downloads/", + "permanent": true + }, + { + "source": "/cloud/faq/", + "destination": "/deploy-a-cluster/teleport-cloud/faq/", + "permanent": true + }, + { + "source": "/cloud/getting-started/", + "destination": "/deploy-a-cluster/teleport-cloud/getting-started/", + "permanent": true + }, + { + "source": "/cloud/introduction/", + "destination": "/deploy-a-cluster/teleport-cloud/introduction/", + "permanent": true + }, + { + "source": "/enterprise/getting-started/", + "destination": "/deploy-a-cluster/teleport-enterprise/getting-started/", + "permanent": true + }, + { + "source": "/enterprise/hsm/", + "destination": "/deploy-a-cluster/teleport-enterprise/hsm/", + "permanent": true + }, + { + "source": "/enterprise/introduction/", + "destination": "/deploy-a-cluster/teleport-enterprise/introduction/", + "permanent": true + }, + { + "source": "/enterprise/license/", + "destination": "/deploy-a-cluster/teleport-enterprise/license/", + "permanent": true + }, + { + "source": "/setup/admin/", + "destination": "/management/admin/", + "permanent": true + }, + { + "source": "/setup/admin/adding-nodes/", + "destination": "/management/admin/adding-nodes/", + "permanent": true + }, + { + "source": "/setup/admin/daemon/", + "destination": "/management/admin/daemon/", + "permanent": true + }, + { + "source": "/setup/admin/labels/", + "destination": "/management/admin/labels/", + "permanent": true + }, + { + "source": "/setup/admin/troubleshooting/", + "destination": "/management/admin/troubleshooting/", + "permanent": true + }, + { + "source": "/setup/admin/trustedclusters/", + "destination": "/management/admin/trustedclusters/", + "permanent": true + }, + { + "source": "/setup/admin/upgrading-the-teleport-binary/", + "destination": "/management/admin/upgrading-the-teleport-binary/", + "permanent": true + }, + { + "source": "/setup/admin/users/", + "destination": "/management/admin/users/", + "permanent": true + }, + { + "source": "/setup/guides/", + "destination": "/management/guides/", + "permanent": true + }, + { + "source": "/setup/guides/docker/", + "destination": "/management/guides/docker/", + "permanent": true + }, + { + "source": "/setup/guides/ec2-tags/", + "destination": "/management/guides/ec2-tags/", + "permanent": true + }, + { + "source": "/setup/guides/fluentd/", + "destination": "/management/guides/fluentd/", + "permanent": true + }, + { + "source": "/setup/guides/joining-nodes-aws-ec2/", + "destination": "/management/guides/joining-nodes-aws-ec2/", + "permanent": true + }, + { + "source": "/setup/guides/joining-nodes-aws-iam/", + "destination": "/management/guides/joining-nodes-aws-iam/", + "permanent": true + }, + { + "source": "/setup/guides/ssh-key-extensions/", + "destination": "/management/guides/ssh-key-extensions/", + "permanent": true + }, + { + "source": "/setup/guides/teleport-operator/", + "destination": "/management/guides/teleport-operator/", + "permanent": true + }, + { + "source": "/setup/guides/terraform-provider/", + "destination": "/management/guides/terraform-provider/", + "permanent": true + }, + { + "source": "/setup/operations/", + "destination": "/management/operations/", + "permanent": true + }, + { + "source": "/setup/operations/backup-restore/", + "destination": "/management/operations/backup-restore/", + "permanent": true + }, + { + "source": "/setup/operations/ca-rotation/", + "destination": "/management/operations/ca-rotation/", + "permanent": true + }, + { + "source": "/setup/operations/scaling/", + "destination": "/management/operations/scaling/", + "permanent": true + }, + { + "source": "/setup/operations/tls-routing/", + "destination": "/management/operations/tls-routing/", + "permanent": true + }, + { + "source": "/setup/operations/upgrading/", + "destination": "/management/operations/upgrading/", + "permanent": true + }, + { + "source": "/setup/security/", + "destination": "/management/security/", + "permanent": true + }, + { + "source": "/setup/security/reduce-blast-radius/", + "destination": "/management/security/reduce-blast-radius/", + "permanent": true + }, + { + "source": "/setup/reference/audit/", + "destination": "/reference/audit/", + "permanent": true + }, + { + "source": "/setup/reference/authentication/", + "destination": "/reference/authentication/", + "permanent": true + }, + { + "source": "/setup/reference/backends/", + "destination": "/reference/backends/", + "permanent": true + }, + { + "source": "/setup/reference/cli/", + "destination": "/reference/cli/", + "permanent": true + }, + { + "source": "/setup/reference/config/", + "destination": "/reference/config/", + "permanent": true + }, + { + "source": "/setup/helm-reference/", + "destination": "/reference/helm-reference/", + "permanent": true + }, + { + "source": "/setup/helm-reference/teleport-cluster/", + "destination": "/reference/helm-reference/teleport-cluster/", + "permanent": true + }, + { + "source": "/setup/helm-reference/teleport-kube-agent/", + "destination": "/reference/helm-reference/teleport-kube-agent/", + "permanent": true + }, + { + "source": "/setup/reference/metrics/", + "destination": "/reference/metrics/", + "permanent": true + }, + { + "source": "/setup/reference/networking/", + "destination": "/reference/networking/", + "permanent": true + }, + { + "source": "/setup/reference/predicate-language/", + "destination": "/reference/predicate-language/", + "permanent": true + }, + { + "source": "/setup/reference/resources/", + "destination": "/reference/resources/", + "permanent": true + }, + { + "source": "/setup/reference/signals/", + "destination": "/reference/signals/", + "permanent": true + }, + { + "source": "/setup/reference/terraform-provider/", + "destination": "/reference/terraform-provider/", + "permanent": true + }, + { + "source": "/getting-started/docker-compose/", + "destination": "/try-out-teleport/docker-compose/", + "permanent": true + }, + { + "source": "/getting-started/local-kubernetes/", + "destination": "/try-out-teleport/local-kubernetes/", + "permanent": true } ] -} \ No newline at end of file +} diff --git a/docs/img/architecture/auth.png b/docs/img/architecture/auth.png new file mode 100644 index 0000000000000..dcc1dd90746d1 Binary files /dev/null and b/docs/img/architecture/auth.png differ diff --git a/docs/img/architecture/certs-machine-id@1.8x.svg b/docs/img/architecture/certs-machine-id@1.8x.svg new file mode 100644 index 0000000000000..adaa8e158ac45 --- /dev/null +++ b/docs/img/architecture/certs-machine-id@1.8x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/idp-sso-traits@1.5x.svg b/docs/img/architecture/idp-sso-traits@1.5x.svg new file mode 100644 index 0000000000000..0cb9efd7fb6ae --- /dev/null +++ b/docs/img/architecture/idp-sso-traits@1.5x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/node-registration@1.2x.svg b/docs/img/architecture/node-registration@1.2x.svg new file mode 100644 index 0000000000000..0251c72ac055b --- /dev/null +++ b/docs/img/architecture/node-registration@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/proxy-iap-to-resource@1.2x.svg b/docs/img/architecture/proxy-iap-to-resource@1.2x.svg new file mode 100644 index 0000000000000..764fe310c81f8 --- /dev/null +++ b/docs/img/architecture/proxy-iap-to-resource@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/proxy-tunnel@1.2x.svg b/docs/img/architecture/proxy-tunnel@1.2x.svg new file mode 100644 index 0000000000000..d19fa89e9ccf6 --- /dev/null +++ b/docs/img/architecture/proxy-tunnel@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/proxy-web-to-resource@1.2x.svg b/docs/img/architecture/proxy-web-to-resource@1.2x.svg new file mode 100644 index 0000000000000..97c962315601f --- /dev/null +++ b/docs/img/architecture/proxy-web-to-resource@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/proxy.png b/docs/img/architecture/proxy.png new file mode 100644 index 0000000000000..835cd8d19e8d3 Binary files /dev/null and b/docs/img/architecture/proxy.png differ diff --git a/docs/img/architecture/role-mapping@1.5x.svg b/docs/img/architecture/role-mapping@1.5x.svg new file mode 100644 index 0000000000000..54d1dc40f4d60 --- /dev/null +++ b/docs/img/architecture/role-mapping@1.5x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/ssh-cert-short-lived@1.5x.svg b/docs/img/architecture/ssh-cert-short-lived@1.5x.svg new file mode 100644 index 0000000000000..5c5c796ae5b01 --- /dev/null +++ b/docs/img/architecture/ssh-cert-short-lived@1.5x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/ssh-cert@2x.svg b/docs/img/architecture/ssh-cert@2x.svg new file mode 100644 index 0000000000000..bc38fe0347dae --- /dev/null +++ b/docs/img/architecture/ssh-cert@2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/ssh-certs-short-lived.png b/docs/img/architecture/ssh-certs-short-lived.png new file mode 100644 index 0000000000000..d9eeb429fc27c Binary files /dev/null and b/docs/img/architecture/ssh-certs-short-lived.png differ diff --git a/docs/img/architecture/ssh-certs-sso.png b/docs/img/architecture/ssh-certs-sso.png new file mode 100644 index 0000000000000..555fa5e120638 Binary files /dev/null and b/docs/img/architecture/ssh-certs-sso.png differ diff --git a/docs/img/architecture/ssh-direct-mode@1.2x.svg b/docs/img/architecture/ssh-direct-mode@1.2x.svg new file mode 100644 index 0000000000000..0220ed61a488e --- /dev/null +++ b/docs/img/architecture/ssh-direct-mode@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/ssh-host-cert@1.2x.svg b/docs/img/architecture/ssh-host-cert@1.2x.svg new file mode 100644 index 0000000000000..045f39095056f --- /dev/null +++ b/docs/img/architecture/ssh-host-cert@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/ssh-tunnel-mode@1.2x.svg b/docs/img/architecture/ssh-tunnel-mode@1.2x.svg new file mode 100644 index 0000000000000..7eb802c1c10e8 --- /dev/null +++ b/docs/img/architecture/ssh-tunnel-mode@1.2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/tc-role-mapping.svg b/docs/img/architecture/tc-role-mapping.svg new file mode 100644 index 0000000000000..ccef7a20e5405 --- /dev/null +++ b/docs/img/architecture/tc-role-mapping.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/trusted-clusters@1.5x.svg b/docs/img/architecture/trusted-clusters@1.5x.svg new file mode 100644 index 0000000000000..5b0c9549ae6a9 --- /dev/null +++ b/docs/img/architecture/trusted-clusters@1.5x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/architecture/x509-cert@2x.svg b/docs/img/architecture/x509-cert@2x.svg new file mode 100644 index 0000000000000..20c53330e7716 --- /dev/null +++ b/docs/img/architecture/x509-cert@2x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/authn_authz.svg b/docs/img/authn_authz.svg deleted file mode 100644 index c2fbd647b0ea6..0000000000000 --- a/docs/img/authn_authz.svg +++ /dev/null @@ -1 +0,0 @@ -grav-00 10.X.X.1 arch=debianTeleportAuth APITeleport User : loginjoe : root, joe tara : taraWeb client> sshOpenSSHclientjoe:password 2FA: 265176Authentication : joe proves that he isjoe since he has thepassword and 2FAtokenAuthorization : joe is allowed to accessgrav-00 \ No newline at end of file diff --git a/docs/img/azuread/azuread-5-turnoffuserassign.png b/docs/img/azuread/azuread-5-turnoffuserassign.png index 8c422fe269dae..b55319a41eb53 100644 Binary files a/docs/img/azuread/azuread-5-turnoffuserassign.png and b/docs/img/azuread/azuread-5-turnoffuserassign.png differ diff --git a/docs/img/azuread/azuread-8-entityandreplyurl.png b/docs/img/azuread/azuread-8-entityandreplyurl.png index 56144e4503433..b5763e14acf1c 100644 Binary files a/docs/img/azuread/azuread-8-entityandreplyurl.png and b/docs/img/azuread/azuread-8-entityandreplyurl.png differ diff --git a/docs/img/cert_invalid.svg b/docs/img/cert_invalid.svg deleted file mode 100644 index 519a762e0beae..0000000000000 --- a/docs/img/cert_invalid.svg +++ /dev/null @@ -1 +0,0 @@ -xCertificate has expired ornot signed, please log in1Auth returnsvalid certificateto client viaproxyjoe:password 2FA: 265176Web clientUser sends credentials Proxy forwards to auth> sshOpenSSHclient2joe:password 2FA: 2651763 \ No newline at end of file diff --git a/docs/img/cert_ok.svg b/docs/img/cert_ok.svg deleted file mode 100644 index 7087778ef2e24..0000000000000 --- a/docs/img/cert_ok.svg +++ /dev/null @@ -1 +0,0 @@ -Certificate has beensigned and is not expiredWeb client> sshOpenSSHclient \ No newline at end of file diff --git a/docs/img/cluster_state.svg b/docs/img/cluster_state.svg deleted file mode 100644 index 9a751de82a999..0000000000000 --- a/docs/img/cluster_state.svg +++ /dev/null @@ -1 +0,0 @@ -Teleport User: login joe : root, joe tara : taraNode : IP : Labels grav-00 : 10.X.X.1 : arch=ubuntu grav-01 : 10.X.X.2 : arch=debian grav-02 : 10.X.X.3 : arch=rhel Tokens: Expiry: Type fuzzywuzzywasabear : 2019-10-19 : Node BBBCDDDDBBBBBBBB : 2019-10-16 : UserCluster State is storedin a location configuredby the auth service,locally by defaultIP: 10.X.X.1 Labels: arch=ubuntuIP: 10.X.X.3 Labels: arch=rhelIP: 10.X.X.2 Labels: arch=debian \ No newline at end of file diff --git a/docs/img/database-access/guides/azure/add-custom-role@2x.png b/docs/img/database-access/guides/azure/add-custom-role@2x.png new file mode 100644 index 0000000000000..6d60ce3bbd4bf Binary files /dev/null and b/docs/img/database-access/guides/azure/add-custom-role@2x.png differ diff --git a/docs/img/database-access/guides/azure/create-role-assignment@2x.png b/docs/img/database-access/guides/azure/create-role-assignment@2x.png new file mode 100644 index 0000000000000..57e9018bae515 Binary files /dev/null and b/docs/img/database-access/guides/azure/create-role-assignment@2x.png differ diff --git a/docs/img/database-access/guides/azure/create-role-from-json@2x.png b/docs/img/database-access/guides/azure/create-role-from-json@2x.png new file mode 100644 index 0000000000000..1091cde4d0379 Binary files /dev/null and b/docs/img/database-access/guides/azure/create-role-from-json@2x.png differ diff --git a/docs/img/database-access/guides/azure/created-identity@2x.png b/docs/img/database-access/guides/azure/created-identity@2x.png index 536b0389b752d..002eca8c62555 100644 Binary files a/docs/img/database-access/guides/azure/created-identity@2x.png and b/docs/img/database-access/guides/azure/created-identity@2x.png differ diff --git a/docs/img/database-access/guides/azure/registered-app@2x.png b/docs/img/database-access/guides/azure/registered-app@2x.png index efb42160d43c1..6f9bcc0da1a28 100644 Binary files a/docs/img/database-access/guides/azure/registered-app@2x.png and b/docs/img/database-access/guides/azure/registered-app@2x.png differ diff --git a/docs/img/database-access/guides/cockroachdb_cloud.png b/docs/img/database-access/guides/cockroachdb_cloud.png index 1f60b3865be71..3cddd7b72e3e3 100644 Binary files a/docs/img/database-access/guides/cockroachdb_cloud.png and b/docs/img/database-access/guides/cockroachdb_cloud.png differ diff --git a/docs/img/database-access/guides/cockroachdb_selfhosted.png b/docs/img/database-access/guides/cockroachdb_selfhosted.png index 6071b4e1a6566..14c71e7d1d532 100644 Binary files a/docs/img/database-access/guides/cockroachdb_selfhosted.png and b/docs/img/database-access/guides/cockroachdb_selfhosted.png differ diff --git a/docs/img/database-access/guides/dynamodb-create-role-1.png b/docs/img/database-access/guides/dynamodb-create-role-1.png new file mode 100644 index 0000000000000..2cf1e7cd8ef74 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb-create-role-1.png differ diff --git a/docs/img/database-access/guides/dynamodb-create-role-2.png b/docs/img/database-access/guides/dynamodb-create-role-2.png new file mode 100644 index 0000000000000..e5de196665085 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb-create-role-2.png differ diff --git a/docs/img/database-access/guides/dynamodb-create-role-3.png b/docs/img/database-access/guides/dynamodb-create-role-3.png new file mode 100644 index 0000000000000..de6d6ee89959f Binary files /dev/null and b/docs/img/database-access/guides/dynamodb-create-role-3.png differ diff --git a/docs/img/database-access/guides/dynamodb-federated-login.png b/docs/img/database-access/guides/dynamodb-federated-login.png new file mode 100644 index 0000000000000..2bedcb182d9a2 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb-federated-login.png differ diff --git a/docs/img/database-access/guides/dynamodb-select-iam-role.png b/docs/img/database-access/guides/dynamodb-select-iam-role.png new file mode 100644 index 0000000000000..a3f44e6422b27 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb-select-iam-role.png differ diff --git a/docs/img/database-access/guides/dynamodb_cloud.png b/docs/img/database-access/guides/dynamodb_cloud.png new file mode 100644 index 0000000000000..9b2b4087c3bc1 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb_cloud.png differ diff --git a/docs/img/database-access/guides/dynamodb_selfhosted.png b/docs/img/database-access/guides/dynamodb_selfhosted.png new file mode 100644 index 0000000000000..c04d2ff863330 Binary files /dev/null and b/docs/img/database-access/guides/dynamodb_selfhosted.png differ diff --git a/docs/img/database-access/guides/redis/redis-aws-managed-user-tag.png b/docs/img/database-access/guides/redis/redis-aws-managed-user-tag.png new file mode 100644 index 0000000000000..ff684ba29985c Binary files /dev/null and b/docs/img/database-access/guides/redis/redis-aws-managed-user-tag.png differ diff --git a/docs/img/database-access/guides/redis_elasticache_cloud.png b/docs/img/database-access/guides/redis_elasticache_cloud.png new file mode 100644 index 0000000000000..c962bad2051a1 Binary files /dev/null and b/docs/img/database-access/guides/redis_elasticache_cloud.png differ diff --git a/docs/img/database-access/guides/redis_elasticache_selfhosted.png b/docs/img/database-access/guides/redis_elasticache_selfhosted.png new file mode 100644 index 0000000000000..15ad6a9147ed2 Binary files /dev/null and b/docs/img/database-access/guides/redis_elasticache_selfhosted.png differ diff --git a/docs/img/database-access/guides/snowflake/dbeaver-driver.png b/docs/img/database-access/guides/snowflake/dbeaver-driver.png new file mode 100644 index 0000000000000..aad3f911c3e50 Binary files /dev/null and b/docs/img/database-access/guides/snowflake/dbeaver-driver.png differ diff --git a/docs/img/database-access/guides/snowflake/dbeaver-main-screen.png b/docs/img/database-access/guides/snowflake/dbeaver-main-screen.png new file mode 100644 index 0000000000000..2a2a19ed334a9 Binary files /dev/null and b/docs/img/database-access/guides/snowflake/dbeaver-main-screen.png differ diff --git a/docs/img/database-access/guides/snowflake/dbeaver-main.png b/docs/img/database-access/guides/snowflake/dbeaver-main.png new file mode 100644 index 0000000000000..226244f6d2173 Binary files /dev/null and b/docs/img/database-access/guides/snowflake/dbeaver-main.png differ diff --git a/docs/img/database-access/guides/snowflake/dbeaver-select-database.png b/docs/img/database-access/guides/snowflake/dbeaver-select-database.png new file mode 100644 index 0000000000000..f741275f2e78e Binary files /dev/null and b/docs/img/database-access/guides/snowflake/dbeaver-select-database.png differ diff --git a/docs/img/database-access/guides/snowflake/dbeaver-success.png b/docs/img/database-access/guides/snowflake/dbeaver-success.png new file mode 100644 index 0000000000000..3fbeb3b6cc48b Binary files /dev/null and b/docs/img/database-access/guides/snowflake/dbeaver-success.png differ diff --git a/docs/img/database-access/guides/snowflake/jetbrains-add-database.png b/docs/img/database-access/guides/snowflake/jetbrains-add-database.png new file mode 100644 index 0000000000000..266c7e159f758 Binary files /dev/null and b/docs/img/database-access/guides/snowflake/jetbrains-add-database.png differ diff --git a/docs/img/database-access/guides/snowflake/jetbrains-advanced.png b/docs/img/database-access/guides/snowflake/jetbrains-advanced.png new file mode 100644 index 0000000000000..8074dd7de8295 Binary files /dev/null and b/docs/img/database-access/guides/snowflake/jetbrains-advanced.png differ diff --git a/docs/img/database-access/guides/snowflake/jetbrains-general.png b/docs/img/database-access/guides/snowflake/jetbrains-general.png new file mode 100644 index 0000000000000..348a96ab7264a Binary files /dev/null and b/docs/img/database-access/guides/snowflake/jetbrains-general.png differ diff --git a/docs/img/database-access/guides/snowflake/jetbrains-success.png b/docs/img/database-access/guides/snowflake/jetbrains-success.png new file mode 100644 index 0000000000000..246b0da46ea8c Binary files /dev/null and b/docs/img/database-access/guides/snowflake/jetbrains-success.png differ diff --git a/docs/img/database-access/guides/snowflake_cloud.png b/docs/img/database-access/guides/snowflake_cloud.png new file mode 100644 index 0000000000000..3f96e9a4d717b Binary files /dev/null and b/docs/img/database-access/guides/snowflake_cloud.png differ diff --git a/docs/img/database-access/guides/snowflake_selfhosted.png b/docs/img/database-access/guides/snowflake_selfhosted.png new file mode 100644 index 0000000000000..b2c9b4d3b994f Binary files /dev/null and b/docs/img/database-access/guides/snowflake_selfhosted.png differ diff --git a/docs/img/desktop-access/share.png b/docs/img/desktop-access/share.png new file mode 100644 index 0000000000000..8140632271676 Binary files /dev/null and b/docs/img/desktop-access/share.png differ diff --git a/docs/img/desktop-access/shared-dir.png b/docs/img/desktop-access/shared-dir.png new file mode 100644 index 0000000000000..a2f5939a924ff Binary files /dev/null and b/docs/img/desktop-access/shared-dir.png differ diff --git a/docs/img/enterprise/license.png b/docs/img/enterprise/license.png new file mode 100644 index 0000000000000..cc4c04af40a11 Binary files /dev/null and b/docs/img/enterprise/license.png differ diff --git a/docs/img/enterprise/plugins/elasticsearch/create-role.png b/docs/img/enterprise/plugins/elasticsearch/create-role.png new file mode 100644 index 0000000000000..fa407f3d13083 Binary files /dev/null and b/docs/img/enterprise/plugins/elasticsearch/create-role.png differ diff --git a/docs/img/enterprise/plugins/elasticsearch/data-view-create.png b/docs/img/enterprise/plugins/elasticsearch/data-view-create.png new file mode 100644 index 0000000000000..53ff9bb02b900 Binary files /dev/null and b/docs/img/enterprise/plugins/elasticsearch/data-view-create.png differ diff --git a/docs/img/enterprise/plugins/elasticsearch/data-view-explore.png b/docs/img/enterprise/plugins/elasticsearch/data-view-explore.png new file mode 100644 index 0000000000000..4735c820fd467 Binary files /dev/null and b/docs/img/enterprise/plugins/elasticsearch/data-view-explore.png differ diff --git a/docs/img/enterprise/plugins/elasticsearch/lens.png b/docs/img/enterprise/plugins/elasticsearch/lens.png new file mode 100644 index 0000000000000..f02868a184667 Binary files /dev/null and b/docs/img/enterprise/plugins/elasticsearch/lens.png differ diff --git a/docs/img/enterprise/plugins/mattermost/add-bot.png b/docs/img/enterprise/plugins/mattermost/add-bot.png new file mode 100644 index 0000000000000..d816ae6f62aab Binary files /dev/null and b/docs/img/enterprise/plugins/mattermost/add-bot.png differ diff --git a/docs/img/enterprise/plugins/msteams/add-bot-channel.png b/docs/img/enterprise/plugins/msteams/add-bot-channel.png new file mode 100644 index 0000000000000..a94c3a6281d04 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/add-bot-channel.png differ diff --git a/docs/img/enterprise/plugins/msteams/add-teams-app.png b/docs/img/enterprise/plugins/msteams/add-teams-app.png new file mode 100644 index 0000000000000..44d501a608e61 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/add-teams-app.png differ diff --git a/docs/img/enterprise/plugins/msteams/allowed-teams-app.png b/docs/img/enterprise/plugins/msteams/allowed-teams-app.png new file mode 100644 index 0000000000000..076ef03b48d56 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/allowed-teams-app.png differ diff --git a/docs/img/enterprise/plugins/msteams/copy-teams-channel.png b/docs/img/enterprise/plugins/msteams/copy-teams-channel.png new file mode 100644 index 0000000000000..f075d519e8547 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/copy-teams-channel.png differ diff --git a/docs/img/enterprise/plugins/msteams/create-azure-bot.png b/docs/img/enterprise/plugins/msteams/create-azure-bot.png new file mode 100644 index 0000000000000..1de6773e8c4cb Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/create-azure-bot.png differ diff --git a/docs/img/enterprise/plugins/msteams/granted-app-permissions.png b/docs/img/enterprise/plugins/msteams/granted-app-permissions.png new file mode 100644 index 0000000000000..6805504494cfb Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/granted-app-permissions.png differ diff --git a/docs/img/enterprise/plugins/msteams/manage-bot-app.png b/docs/img/enterprise/plugins/msteams/manage-bot-app.png new file mode 100644 index 0000000000000..6730046807fd6 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/manage-bot-app.png differ diff --git a/docs/img/enterprise/plugins/msteams/specify-app-permissions.png b/docs/img/enterprise/plugins/msteams/specify-app-permissions.png new file mode 100644 index 0000000000000..6d796d6502926 Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/specify-app-permissions.png differ diff --git a/docs/img/enterprise/plugins/msteams/upload-teams-app.png b/docs/img/enterprise/plugins/msteams/upload-teams-app.png new file mode 100644 index 0000000000000..6e43a54ceecae Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/upload-teams-app.png differ diff --git a/docs/img/enterprise/plugins/msteams/validate-bot-message.png b/docs/img/enterprise/plugins/msteams/validate-bot-message.png new file mode 100644 index 0000000000000..10749b7e5c92e Binary files /dev/null and b/docs/img/enterprise/plugins/msteams/validate-bot-message.png differ diff --git a/docs/img/enterprise/plugins/pagerduty/new-access-req-incident.png b/docs/img/enterprise/plugins/pagerduty/new-access-req-incident.png new file mode 100644 index 0000000000000..0ef6a8ed2dcd5 Binary files /dev/null and b/docs/img/enterprise/plugins/pagerduty/new-access-req-incident.png differ diff --git a/docs/img/enterprise/plugins/pagerduty/pagerduty-api-integration.png b/docs/img/enterprise/plugins/pagerduty/pagerduty-api-integration.png new file mode 100644 index 0000000000000..763d7184b2605 Binary files /dev/null and b/docs/img/enterprise/plugins/pagerduty/pagerduty-api-integration.png differ diff --git a/docs/img/enterprise/plugins/pagerduty/pagerduty-integrations.png b/docs/img/enterprise/plugins/pagerduty/pagerduty-integrations.png new file mode 100644 index 0000000000000..f3478c5a044e0 Binary files /dev/null and b/docs/img/enterprise/plugins/pagerduty/pagerduty-integrations.png differ diff --git a/docs/img/everything.svg b/docs/img/everything.svg deleted file mode 100644 index e3d72c4131e3f..0000000000000 --- a/docs/img/everything.svg +++ /dev/null @@ -1 +0,0 @@ -Web client> sshOpenSSHclient> tctlCLI admin132Nodes authenticate nodekeys signed by auth service45Generate and signauto-expiring keyAuthenticateusers via 2FACheck client’s auto-expiringkey for CA signature \ No newline at end of file diff --git a/docs/img/machine-id/machine-id-database-access.svg b/docs/img/machine-id/machine-id-database-access.svg new file mode 100644 index 0000000000000..c1d738c4d8cea --- /dev/null +++ b/docs/img/machine-id/machine-id-database-access.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/node_cluster_auth.svg b/docs/img/node_cluster_auth.svg deleted file mode 100644 index 86a24a9744faa..0000000000000 --- a/docs/img/node_cluster_auth.svg +++ /dev/null @@ -1 +0,0 @@ -Please prove that youare a member of thecluster2Node sends certificateto Auth Service forvalidation1TeleportAuth APIgrav-00 10.X.X.1 arch=debian \ No newline at end of file diff --git a/docs/img/node_join.svg b/docs/img/node_join.svg deleted file mode 100644 index 1a2a7edfec79b..0000000000000 --- a/docs/img/node_join.svg +++ /dev/null @@ -1 +0,0 @@ -1Node presents jointoken2Auth Servervalidates tokenand generatesnode certificateToken:fuzzywuzzywasabearToken:fuzzywuzzywasabearTokens: Expiry: Type fuzzywuzzywasabear : 2019-10-19 : Node BBBCDDDDBBBBBBBB : 2019-10-16 : User \ No newline at end of file diff --git a/docs/img/node_lookup.svg b/docs/img/node_lookup.svg deleted file mode 100644 index 28464d6bb2892..0000000000000 --- a/docs/img/node_lookup.svg +++ /dev/null @@ -1 +0,0 @@ -DNS ResolverNodename | IP | Labels grav-00 10.X.X.0 arch=ubuntu grav-01 10.X.X.1 arch=debianNodename | IP | Labels grav-00 10.X.X.0 arch=ubuntu grav-01 10.X.X.1 arch=debian1Please resolve “grav-00”to a node IP23Please lookfor “grav-00”in your list ofnodesPlease look for“arch=debian” inyour list of nodes \ No newline at end of file diff --git a/docs/img/overview.svg b/docs/img/overview.svg deleted file mode 100644 index f6713cb868340..0000000000000 --- a/docs/img/overview.svg +++ /dev/null @@ -1 +0,0 @@ -3Web Client124 \ No newline at end of file diff --git a/docs/img/proxy-ssh-1.svg b/docs/img/proxy-ssh-1.svg deleted file mode 100644 index deb1111d1d95a..0000000000000 --- a/docs/img/proxy-ssh-1.svg +++ /dev/null @@ -1 +0,0 @@ -1243 \ No newline at end of file diff --git a/docs/img/proxy-ssh-2.svg b/docs/img/proxy-ssh-2.svg deleted file mode 100644 index 3a05dc9548235..0000000000000 --- a/docs/img/proxy-ssh-2.svg +++ /dev/null @@ -1 +0,0 @@ -> sshOpenSSHclient123 \ No newline at end of file diff --git a/docs/img/proxy-web.svg b/docs/img/proxy-web.svg deleted file mode 100644 index 552b43e0dd0e5..0000000000000 --- a/docs/img/proxy-web.svg +++ /dev/null @@ -1 +0,0 @@ -Web client1423 \ No newline at end of file diff --git a/docs/img/proxy_client_connect.svg b/docs/img/proxy_client_connect.svg deleted file mode 100644 index 037d40746353b..0000000000000 --- a/docs/img/proxy_client_connect.svg +++ /dev/null @@ -1 +0,0 @@ -joe wants toaccessgrav-00234joe can accessgrav-00as“root” or “joe”Proxy opens SSH tunnel tograv-00Client uses existingSSH tunnel toconnect tograv-00 via the proxygrav-00 10.X.X.1 arch=debianTeleportAuth APITeleport User : loginjoe : root, joe tara :tara1Web client> sshOpenSSHclientjoe:password 2FA: 265176 \ No newline at end of file diff --git a/docs/img/quickstart/welcome.png b/docs/img/quickstart/welcome.png new file mode 100644 index 0000000000000..cd9aa1ba90ba1 Binary files /dev/null and b/docs/img/quickstart/welcome.png differ diff --git a/docs/img/request-access.png b/docs/img/request-access.png new file mode 100644 index 0000000000000..6938e77595cf0 Binary files /dev/null and b/docs/img/request-access.png differ diff --git a/docs/img/review-request.png b/docs/img/review-request.png new file mode 100644 index 0000000000000..3210b6344e994 Binary files /dev/null and b/docs/img/review-request.png differ diff --git a/docs/img/sso/okta/setup-redirection.png b/docs/img/sso/okta/setup-redirection.png index c3d14889be014..8794d431e2171 100644 Binary files a/docs/img/sso/okta/setup-redirection.png and b/docs/img/sso/okta/setup-redirection.png differ diff --git a/docs/img/trusted-clusters/TrustedClusters-MSP.svg b/docs/img/trusted-clusters/TrustedClusters-MSP.svg deleted file mode 100644 index 7697553c89a93..0000000000000 --- a/docs/img/trusted-clusters/TrustedClusters-MSP.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/docs/img/trusted-clusters/trusted-clusters@1.5x.svg b/docs/img/trusted-clusters/trusted-clusters@1.5x.svg new file mode 100644 index 0000000000000..526fb303ea510 --- /dev/null +++ b/docs/img/trusted-clusters/trusted-clusters@1.5x.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/tunnel.svg b/docs/img/tunnel.svg deleted file mode 100644 index 2110e68ca0922..0000000000000 --- a/docs/img/tunnel.svg +++ /dev/null @@ -1 +0,0 @@ -FirewallTunnel \ No newline at end of file diff --git a/docs/img/use-teleport/connect-cluster.png b/docs/img/use-teleport/connect-cluster.png new file mode 100644 index 0000000000000..8a4e4f58efc17 Binary files /dev/null and b/docs/img/use-teleport/connect-cluster.png differ diff --git a/docs/img/use-teleport/connect-ui-overview.png b/docs/img/use-teleport/connect-ui-overview.png new file mode 100644 index 0000000000000..6abdcb85e5711 Binary files /dev/null and b/docs/img/use-teleport/connect-ui-overview.png differ diff --git a/docs/img/user_auth.svg b/docs/img/user_auth.svg deleted file mode 100644 index 3c9354b6d6930..0000000000000 --- a/docs/img/user_auth.svg +++ /dev/null @@ -1 +0,0 @@ -Client offers certificate1Auth CAvalidatessignature ofcertificateWeb client> sshOpenSSHclient2 \ No newline at end of file diff --git a/docs/img/user_mappings.svg b/docs/img/user_mappings.svg deleted file mode 100644 index e19167696e762..0000000000000 --- a/docs/img/user_mappings.svg +++ /dev/null @@ -1 +0,0 @@ -root,teleport,opsroot,tara,joe,opsroot,tara,teleportTeleport User: loginjoe : root, joe tara : tara teleport : teleport sandra : opsgrav-00grav-01grav-02 \ No newline at end of file diff --git a/docs/img/user_node_access.svg b/docs/img/user_node_access.svg deleted file mode 100644 index b454182f35439..0000000000000 --- a/docs/img/user_node_access.svg +++ /dev/null @@ -1 +0,0 @@ -2Node requests list ofauthorized users andloginsjoe wants toaccessgrav-003Auth API sends list of UsersTeleportAuth API1Teleport User : loginjoe : root, joe tara :taragrav-00 10.X.X.1 arch=debian \ No newline at end of file diff --git a/docs/img/vscode/settings.png b/docs/img/vscode/settings.png new file mode 100644 index 0000000000000..b62225d710ce1 Binary files /dev/null and b/docs/img/vscode/settings.png differ diff --git a/docs/pages/access-controls/access-request-plugins/index.mdx b/docs/pages/access-controls/access-request-plugins/index.mdx new file mode 100644 index 0000000000000..43638ffa41051 --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/index.mdx @@ -0,0 +1,12 @@ +--- +title: Just-in-Time Access Request Plugins +description: "Use Teleport's Access Request plugins to least-privilege access without sacrificing productivity." +layout: tocless-doc +--- + +Teleport Just-in-Time Access Requests allow users to receive temporary elevated +privileges by seeking consent from one or more reviewers, depending on your +configuration. + +(!docs/pages/includes/access-request-integrations.mdx!) + diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-email.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-email.mdx new file mode 100644 index 0000000000000..ab3b33b531124 --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-email.mdx @@ -0,0 +1,360 @@ +--- +title: Teleport Access Requests with Email +description: How to set up the Teleport email plugin to notify users when another user requests elevated privileges. +--- + +This guide will explain how to set up Teleport to send Just-in-Time Access +Request notifications to users via email. Since all organizations use email for +at least some of their communications, Teleport's email plugin makes it +straightforward to integrate Access Requests into your existing workflows, +letting you implement security best practices without compromising productivity. + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- Access to an SMTP service. The Teleport email plugin supports either Mailgun + or a generic SMTP service that authenticates via username and password. + + + +The Teleport plugin needs to use a username and password to authenticate to your +SMTP service. To mitigate the risk of these credentials being leaked, you should +set up a dedicated email account for the Teleport plugin and rotate the password +regularly. + + + +(!/docs/pages/includes/tctl.mdx!) + +## Step 1/7. Define RBAC resources + +Before you set up the email plugin, you will need to enable Role Access Requests +in your Teleport cluster. + +(!/docs/pages/includes/plugins/editor-request-rbac.mdx!) + +## Step 2/7. Install the Teleport email plugin + + + +We recommend installing Teleport plugins on the same host as the Teleport Proxy +Service. This is an ideal location as plugins have a low memory footprint, and +will require both public internet access and Teleport Auth Service access. + + + + + +Install the Teleport email plugin on a host that can access both your +Teleport Cloud tenant and your SMTP service. + + + +
+ +If you are using a local SMTP server to test the plugin, you should install the +plugin on your local machine. This is because the plugin needs to dial out to +your SMTP server and perform any necessary DNS lookups in order to send email. + +Your Teleport cluster does *not* need to perform DNS lookups for your plugin, as +the plugin dials out to the Proxy Service or Auth Service. + +
+ +We currently only provide Linux amd64 binaries. You can also compile the plugin +from source. + + + + ```code + $ curl -L https://get.gravitational.com/teleport-access-email-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ tar -xzf teleport-access-email-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ cd teleport-access-email + $ ./install + ``` + + + + To install from source you need `git` and `go` installed. If you do not have + Go installed, visit the Go [downloads page](https://go.dev/dl/). + + ```code + # Checkout teleport-plugins + $ git clone https://github.com/gravitational/teleport-plugins.git + $ cd teleport-plugins/access/email + $ make + ``` + + Move the `teleport-email` binary from `teleport-plugins/access/email/build` + into a directory in your `PATH`. + + + + +Ensure that the plugin is installed correctly: + +```code +$ teleport-email version +``` + +## Step 3/7. Create a user and role for the plugin + +(!docs/pages/includes/plugins/rbac.mdx!) + +## Step 4/7. Export the access plugin identity + +(!docs/pages/includes/plugins/identity-export.mdx!) + +## Step 5/7. Configure the plugin + +At this point, you have generated credentials that the email plugin will use to +connect to Teleport. You will now configure the plugin to use these credentials +to receive Access Request notifications from Teleport and email them to your +chosen recipients. + +The Teleport email plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command: + +```code +$ teleport-email configure | sudo tee /etc/teleport-email.toml +``` + +Edit the configuration file for your environment. We will show you how to set +each value below. + +### `[teleport]` + + + + +**`addr`**: Include the hostname and HTTPS port of your Teleport Proxy Service +(e.g., `mytenant.teleport.sh:443`). If you are configuring your plugin to +connect directly to the Teleport Auth Service, use your Auth Service's gRPC +endpoint (e.g., `teleport.example.com:3025`). + +**`identity`**, **`client_key`**, **`client_crt`**, **`root_cas`**: The values +you will use for these fields depend on whether the email plugin will +connect to the Proxy Service or the Auth Service. + +If you exported an identity file earlier, fill in the `identity` field with the +path to the file and comment out the other fields. + +If you exported a client key, client certificate, and root CAs earlier, fill in +the `client_key`, `client_crt`, and `root_cas` fields with the paths to these +files and leave `identity` commented out. + + + + +**`addr`**: Include the hostname and HTTPS port of your Teleport Cloud tenant +(e.g., `mytenant.teleport.sh:443`). + +**`identity`**, **`client_key`**, **`client_crt`**, **`root_cas`**: Fill in the +`identity` field with the path to the identity file you exported earlier and +comment out the other fields. + + + + +### `[mailgun]` or `[smtp]` + +Provide the credentials for your SMTP service depending on whether you are using +Mailgun or SMTP service. + + + + +In the `mailgun` section, assign `domain` to the domain name and subdomain of +your Mailgun account. Assign `private_key` to your Mailgun private key. + + + + +Assign `host` to the fully qualified domain name of your SMTP service, omitting +the URL scheme and port. (If you're using a local SMTP server for testing, use +`"localhost"` for `host`.) Assign `port` to the port of your SMTP service, then +fill in `username` and `password`. + + + +You can also save your password to a separate file and assign `password_file` to +the file's path. The plugin reads the file and uses the file's content as the +password. + + + +
+ +If you are testing the email plugin against a trusted internal SMTP server where +you would rather not use TLS—e.g., a local SMTP server on your development +machine—you can assign the `starttls_policy` setting to `disabled` (always +disable TLS) or `opportunistic` (disable TLS if the server does not advertise +the `STARTTLS` extension). The default is to always enforce TLS, and you should +leave this setting unassigned unless you know what you are doing and understand +the risks. + +
+ + + + +### `[delivery]` + +Assign `sender` to the email address from which you would like the Teleport +plugin to send messages. + +### `[role_to_recipients]` + +The `role_to_recipients` map configure the recipients that the email plugin +will notify when a user requests access to a specific role. When the plugin +receives an Access Request from the Auth Service, it will look up the role being +requested and identify the recipients to notify. + +Here is an example of a `role_to_recipients` map: + +```toml +[role_to_recipients] +"*" = ["security@example.com", "executive-team@example.com"] +"dev" = "eng@example.com" +"dba" = "mallory@example.com" +``` + +In the `role_to_recipients` map, each key is the name of a Teleport role. Each +value configures the recipients the plugin will email when it recieves an Access +Request for that role. The value can be a single string or an array of strings. +Each string must be an email address. + +The `role_to_recipients` map must also include an entry for `"*"`, which the +plugin looks up if no other entry matches a given role name. In the example +above, requests for roles aside from `dev` and `dba` will notify +`security@example.com` and `executive-team@example.com`. + +
+ +Users can suggest reviewers when they create an Access Request, e.g.,: + +```code +$ tsh request create --roles=dbadmin --reviewers=alice@example.com,ivan@example.com +``` +If an Access Request includes suggested reviewers, the email plugin will add +these to the list of recipients to notify. If a suggested reviewer is an email +address, the plugin will send a message to that recipient in addition to those +configured in `role_to_recipients`. + +
+ +Configure the email plugin to notify you when a user requests the `editor` role +by adding the following to your `role_to_recipients` config, replacing +`YOUR_EMAIL_ADDRESS` with the appropriate address: + +```toml +[role_to_recipients] +"*" = "YOUR_EMAIL_ADDRESS" +"editor" = "YOUR_EMAIL_ADDRESS" +``` + +
+ +If you do not plan to use role-to-recipient mapping, you can configure the +Teleport email plugin to notify a static list of recipients for every Access +Request event by using the `delivery.recipients` field: + +```toml +[delivery] +recipients = ["eng@exmaple.com", "dev@example.com"] +``` + +If you use `delivery.recipients`, you must remove the `role_to_recipients` +configuration section. Behind the scenes, `delivery.recipients` assigns the +recipient list to a `role_to_recipients` mapping under the wildcard value `"*"`. + +
+ +You configuration should resemble the following: + +```toml +# /etc/teleport-email.toml +[teleport] +addr = "example.com:3025" +identity = "/var/lib/teleport/plugins/email/auth_id" + +[mailgun] +domain = "sandboxbd81caddef744a69be0e5b544ab0c3bd.mailgun.org" +private_key = "xoxb-fakekey62b0eac53565a38c8cc0316f6" + +# As an alternative, you can use SMTP server credentials: +# +# [smtp] +# host = "smtp.gmail.com" +# port = 587 +# username = "username@gmail.com" +# password = "" +# password_file = "/var/lib/teleport/plugins/email/smtp_password" + +[delivery] +sender = "noreply@example.com" + +[role_to_recipients] +"*" = "eng@example.com" +"editor" = ["admin@example.com", "execs@example.com"] + +[log] +output = "stderr" # Logger output. Could be "stdout", "stderr" or "/var/lib/teleport/email.log" +severity = "INFO" # Logger severity. Could be "INFO", "ERROR", "DEBUG" or "WARN". +``` + +## Step 7/7. Test the email plugin + +After finishing your configuration, you can now run the plugin and test your +email-based Access Request flow: + +```code +$ teleport-email start +``` + +If everything works as expected, the log output should look like this: + +```code +$ teleport-email start +INFO Starting Teleport Access Email Plugin (): email/app.go:80 +INFO Plugin is ready email/app.go:101 +``` + +### Create an Access Request + +(!docs/pages/includes/plugins/create-request.mdx!) + +The recipients you configured earlier should receive notifications of the +request by email. + +### Resolve the request + +(!docs/pages/includes/plugins/resolve-request.mdx!) + +## Step 8/8. Set up systemd + +In production, we recommend starting the Teleport plugin daemon via an init +system like systemd. Here's the recommended Teleport plugin service unit file +for systemd: + +```ini +(!/examples/systemd/plugins/teleport-email.service!) +``` + +Save this as `teleport-email.service` in either `/usr/lib/systemd/system/` or +another [unit file load +path](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Unit%20File%20Load%20Path) +supported by systemd. + +Enable and start the plugin: + +```code +$ sudo systemctl enable teleport-email +$ sudo systemctl start teleport-email +``` + +## Feedback + +If you have any issues with this plugin please create an [issue +on GitHub](https://github.com/gravitational/teleport-plugins/issues/new). diff --git a/docs/pages/enterprise/workflow/ssh-approval-jira-cloud.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-jira-cloud.mdx similarity index 72% rename from docs/pages/enterprise/workflow/ssh-approval-jira-cloud.mdx rename to docs/pages/access-controls/access-request-plugins/ssh-approval-jira-cloud.mdx index cc3676c13dfdd..6a4a1867e2d35 100644 --- a/docs/pages/enterprise/workflow/ssh-approval-jira-cloud.mdx +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-jira-cloud.mdx @@ -82,7 +82,7 @@ In the webhook settings page, make sure that the webhook will only send Issue Up We recommend installing Teleport plugins alongside the Teleport Proxy. This is an ideal location as plugins have a low memory footprint, and will require both public internet access -and Teleport Auth Service access. +and Teleport Auth Service access. @@ -106,32 +106,105 @@ Run `./install` from `teleport-jira` or place the executable in `/usr/bin` or `/ ```code - $ docker pull quay.io/gravitational/teleport-plugin-jira:(=teleport.plugin.version=) + $ docker pull public.ecr.aws/gravitational/teleport-plugin-jira:(=teleport.plugin.version=) + ``` + + + ```code + $ helm repo add teleport https://charts.releases.teleport.dev/ ``` -### Configuration file +## Configuration file + +Depending on whether you are running the plugin as an executable in a +non-containerized environment or on Kubernetes, follow the appropriate +instructions for your environment to configure the plugin: + + + -The Teleport Jira plugin uses a config file in TOML format. Generate a boilerplate config by -running the following command: +The Teleport Jira plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command: ```code $ teleport-jira configure > teleport-jira.toml $ sudo mv teleport-jira.toml /etc ``` -By default, the Jira Teleport plugin will use a config in `/etc/teleport-jira.toml`, and you can override it with `-c config/file/path.toml` flag. +By default, the Jira Teleport plugin will use a config in +`/etc/teleport-jira.toml`, and you can override it with `-c +config/file/path.toml` flag. + +The configuration file will resemble the following: - - ```toml -(!examples/resources/plugins/teleport-jira-self-hosted.toml!) +(!examples/resources/plugins/teleport-jira-cloud.toml!) ``` - + + +The Teleport Jira plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command: + +```code +$ teleport-jira configure > teleport-jira.toml +$ sudo mv teleport-jira.toml /etc +``` + +By default, the Jira Teleport plugin will use a config in +`/etc/teleport-jira.toml`, and you can override it with `-c +config/file/path.toml` flag. + +The configuration file will resemble the following: + ```toml -(!examples/resources/plugins/teleport-jira-cloud.toml!) +(!examples/resources/plugins/teleport-jira-self-hosted.toml!) +``` + + + +Create a file called `values.yaml` with the following content, which configures +the Helm chart for the plugin. It should resemble the following: + +```yaml +(!examples/resources/plugins/teleport-jira-helm-cloud.yaml!) +``` + +Use the following command to create the Kubernetes secret referenced in the +values file from the identity file you generated earlier: + +```console +kubectl create secret generic teleport-plugin-jira-identity --from-file=auth_id=auth.pem +``` + + + +Create a file called `values.yaml` with the following content, which configures +the Helm chart for the plugin. It should resemble the following: + +```yaml +(!examples/resources/plugins/teleport-jira-helm-self.yaml!) +``` + +Use the following command to create the Kubernetes secret referenced in the +values file from the identity file you generated earlier: + +```console +kubectl create secret generic teleport-plugin-jira-identity --from-file=auth_id=auth.pem ``` @@ -154,9 +227,19 @@ run the Jira plugin on the same server as the Teleport Proxy, so you can use the You should be able to run the Teleport plugin now! + + + ```code $ teleport-jira start ``` + + +```code +$ helm install teleport-plugin-jira teleport/teleport-plugin-jira --values teleport-jira-helm.yaml +``` + + The log output should look familiar to what Teleport service logs. You should see that it connected to Teleport, and is listening for new Teleport requests and Jira webhooks. diff --git a/docs/pages/enterprise/workflow/ssh-approval-jira-server.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-jira-server.mdx similarity index 75% rename from docs/pages/enterprise/workflow/ssh-approval-jira-server.mdx rename to docs/pages/access-controls/access-request-plugins/ssh-approval-jira-server.mdx index 5d3b747fd2b81..687a99ed4f5f6 100644 --- a/docs/pages/enterprise/workflow/ssh-approval-jira-server.mdx +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-jira-server.mdx @@ -29,7 +29,7 @@ This guide will talk through how to set up Teleport with Jira Server. Teleport's ### Prerequisites - A running Teleport Cluster -- Admin Privileges with access and control of [`tctl`](../../setup/reference/cli.mdx#tctl) +- Admin Privileges with access and control of [`tctl`](../../reference/cli.mdx#tctl) - A Jira Server installation with owner privileges, specifically to set up webhooks, issue types, and workflows. This plugin has been tested with Jira Software 8.8.0 Teleport Cloud requires that plugins connect through the Proxy Service (`mytenant.teleport.sh:443`). Open Source and Enterprise installations can connect to the Auth Service (`auth.example.com:3025`) directly. @@ -81,7 +81,7 @@ The rules of the workflow must meet these requirements: - It should be possible to move from Pending to Declined. - You can choose to make the workflow strict and restrict moving requests from Approved state to Declined state and vice versa, or leave that flexible. Teleport will only change the request status once, i.e. the first time the request is approved or denied on your Jira board. -With the Jira workflow editor, you can set up who can approve or deny an access reuqest based on their Jira user permissions. We won't cover that in this guide as it mostly relates to Jira settings. By default Teleport will allow anyone who can use the workflow to approve or deny the request. +With the Jira workflow editor, you can set up who can approve or deny an access request based on their Jira user permissions. We won't cover that in this guide as it mostly relates to Jira settings. By default Teleport will allow anyone who can use the workflow to approve or deny the request. Go to your Project Settings -> Workflows, and make sure that the workflow that you just created or edited is applied to the project you'll use for Teleport integration. @@ -94,7 +94,7 @@ Teleport Jira Plugin will listen for a webhook that Jira Server sends when a req We recommend installing Teleport plugins alongside the Teleport Proxy. This is an ideal location as plugins have a low memory footprint, and will require both public internet access -and Teleport Auth Service access. +and Teleport Auth Service access. @@ -118,32 +118,112 @@ Run `./install` from `teleport-jira` or place the executable in the appropriate ```code - $ docker pull quay.io/gravitational/teleport-plugin-jira:(=teleport.plugin.version=) + $ docker pull public.ecr.aws/gravitational/teleport-plugin-jira:(=teleport.plugin.version=) + ``` + + + ```code + $ helm repo add teleport https://charts.releases.teleport.dev/ ``` +
+ ```code + $ helm repo add teleport https://charts.releases.teleport.dev/ + $ helm install teleport-plugin-jira teleport/teleport-plugin-jira --values teleport-jira-helm.yaml + ``` +
+ ## Configuration file -Teleport Jira Plugin uses a config file in TOML format. Generate a boilerplate config by -running the following command: +Depending on whether you are running the plugin as an executable in a +non-containerized environment or on Kubernetes, follow the appropriate +instructions for your environment to configure the plugin: + + + + +The Teleport Jira plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command: ```code $ teleport-jira configure > teleport-jira.toml $ sudo mv teleport-jira.toml /etc ``` -By default, the Jira Teleport plugin will use a config in `/etc/teleport-jira.toml`, and you can override it with `-c config/file/path.toml` flag. +By default, the Jira Teleport plugin will use a config in +`/etc/teleport-jira.toml`, and you can override it with `-c +config/file/path.toml` flag. + +The configuration file will resemble the following: - - ```toml -(!examples/resources/plugins/teleport-jira-self-hosted.toml!) +(!examples/resources/plugins/teleport-jira-cloud.toml!) ``` - + + +The Teleport Jira plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command: + +```code +$ teleport-jira configure > teleport-jira.toml +$ sudo mv teleport-jira.toml /etc +``` + +By default, the Jira Teleport plugin will use a config in +`/etc/teleport-jira.toml`, and you can override it with `-c +config/file/path.toml` flag. + +The configuration file will resemble the following: + ```toml -(!examples/resources/plugins/teleport-jira-cloud.toml!) +(!examples/resources/plugins/teleport-jira-self-hosted.toml!) +``` + + + +Create a file called `values.yaml` with the following content, which configures +the Helm chart for the plugin. It should resemble the following: + +```yaml +(!examples/resources/plugins/teleport-jira-helm-cloud.yaml!) +``` + +Use the following command to create the Kubernetes secret referenced in the +values file from the identity file you generated earlier: + +```console +kubectl create secret generic teleport-plugin-jira-identity --from-file=auth_id=auth.pem +``` + + + +Create a file called `values.yaml` with the following content, which configures +the Helm chart for the plugin. It should resemble the following: + +```yaml +(!examples/resources/plugins/teleport-jira-helm-self.yaml!) +``` + +Use the following command to create the Kubernetes secret referenced in the +values file from the identity file you generated earlier: + +```console +kubectl create secret generic teleport-plugin-jira-identity --from-file=auth_id=auth.pem ``` diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx new file mode 100644 index 0000000000000..d3b65b04a92de --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx @@ -0,0 +1,477 @@ +--- +title: Access Requests with Mattermost +description: How to set up Teleport's Mattermost plugin for privilege elevation approvals. +--- + +This guide will explain how to set up Teleport with Mattermost, an open source +messaging platform. Teleport's Mattermost integration allows teams to approve or +deny Teleport Access Requests using Mattermost, making it easier to implement +security best practices without compromising productivity. + +Here is example of sending an Access Request via Teleport's Mattermost +plugin: + + + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- A Mattermost account with admin privileges. This plugin has been tested with + Mattermost v7.0.1. +- Either a Linux host or Kubernetes cluster where you will run the Mattermost plugin. + +(!docs/pages/includes/tctl.mdx!) + +## Step 1/8. Define RBAC resources + +Before you set up the Mattermost plugin, you will need to enable Role Access +Requests in the Proxy or Auth Service. + +(!/docs/pages/includes/plugins/editor-request-rbac.mdx!) + +## Step 2/8. Install the Teleport Mattermost plugin + + + +We recommend installing Teleport plugins on the same host as the Teleport Proxy +Service. This is an ideal location as plugins have a low memory footprint, and +will require both public internet access and Teleport Auth Service access. + + + + + +Install the Teleport Mattermost plugin on a host that can access both your +Teleport Proxy Service and your Mattermost deployment. + + + + + + ```code + $ curl -L -O https://get.gravitational.com/teleport-access-mattermost-v(=teleport.plugin.version=)-linux-amd64-bin.tar.gz + $ tar -xzf teleport-access-mattermost-v(=teleport.plugin.version=)-linux-amd64-bin.tar.gz + $ cd teleport-access-mattermost + $ ./install + ``` + + + To install from source you need `git` and `go` installed. If you do not have Go installed, visit the Go [downloads page](https://go.dev/dl/). + + ```code + # Checkout teleport-plugins + $ git clone https://github.com/gravitational/teleport-plugins.git + $ cd teleport-plugins/access/mattermost + $ make + ``` +Run `./install` from `teleport-mattermost` or place the executable in the appropriate `/usr/bin` or `/usr/local/bin` on the server installation. + + + ```code + $ docker pull public.ecr.aws/gravitational/teleport-plugin-mattermost:(=teleport.plugin.version=) + ``` + + + ```code + $ helm repo add teleport (=teleport.helm_repo_url=) + $ helm repo update + ``` + + + +## Step 3/8. Create a user and role for the plugin + +(!docs/pages/includes/plugins/rbac.mdx!) + +## Step 4/8. Export the access plugin identity + +(!docs/pages/includes/plugins/identity-export.mdx!) + +## Step 5/8. Register a Mattermost bot + +Now that you have generated the credentials your plugin needs to connect to your +Teleport cluster, register your plugin with Mattermost so it can send Access +Request messages to your workspace. + +In Mattermost, click the menu button in the upper left of the UI, then click +System Console → Integrations → Bot Accounts. + +Set "Enable Bot Account Creation" to "true". + +![Enable Mattermost bots](../../../img/enterprise/plugins/mattermost/mattermost_admin_console_integrations_bot_accounts.png) + +This will allow you to create a new bot account for the Mattermost plugin. + +Go back to your team. In the menu on the upper left of the UI, click +Integrations → Bot Accounts → Add Bot Account. + +Set the "Username", "Display Name", and "Description" fields according to how +you would like the Mattermost plugin bot to appear in your workspace. Set "Role" +to "Member". + +You can download our avatar to set as your Bot Icon. + +Set "post:all" to "Enabled". + +![Enable Mattermost Bots](../../../img/enterprise/plugins/mattermost/mattermost_bot.png) + +Click "Create Bot Account". We will use the resulting OAuth 2.0 token when we +configure the Mattermost plugin. + +## Step 6/8. Configure the Mattermost plugin + +At this point, you have generated credentials that the Mattermost plugin will use +to connect to Teleport and Mattermost. You will now configure the Mattermost +plugin to use these credentials and post messages in the right channels for your +workspace. + + + +The Mattermost plugin uses a config file in TOML format. On the host where you +will run the Mattermost plugin, generate a boilerplate config by running the +following commands: + +```code +$ teleport-mattermost configure > teleport-mattermost.toml +$ sudo mv teleport-mattermost.toml /etc +``` + + +The Mattermost Helm Chart uses a YAML values file to configure the plugin. On +the host where you have Helm installed, create a file called +`teleport-mattermost-helm.yaml` based on the following example: + +```yaml +(!examples/resources/plugins/teleport-mattermost-helm-self.yaml!) +``` + + +The Mattermost Helm Chart uses a YAML values file to configure the plugin. On +the host where you have Helm installed, create a file called +`teleport-mattermost-helm.yaml` based on the following example: + +```yaml +(!examples/resources/plugins/teleport-mattermost-helm-cloud.yaml!) +``` + + + +Edit the configuration as explained below: + +### `[teleport]` + + + + +**`addr`**: Include the hostname and HTTPS port of your Teleport Proxy Service +(e.g., `teleport.example.com:443`). If you are configuring your plugin to +connect directly to the Teleport Auth Service, use your Auth Service's gRPC +endpoint (e.g., `teleport.example.com:3025`). + +**`identity`**, **`client_key`**, **`client_crt`**, **`root_cas`**: The values +you will use for these fields depend on whether the Mattermost plugin will +connect to the Proxy Service or the Auth Service. + +If you exported an identity file earlier, fill in the `identity` field with the +path to the file and comment out the other fields. + +If you exported a client key, client certificate, and root CAs earlier, fill in +the `client_key`, `client_crt`, and `root_cas` fields with the paths to these +files and leave `identity` commented out. + + + + +**`addr`**: Include the hostname and HTTPS port of your Teleport Cloud tenant +(e.g., `teleport.example.com:443`). + +**`identity`**, **`client_key`**, **`client_crt`**, **`root_cas`**: Fill in the +`identity` field with the path to the identity file you exported earlier and +comment out the other fields. + + + + +**`address`**: Include the hostname and HTTPS port of your Teleport Cloud tenant +(e.g., `teleport.example.com:443`). + +**`identitySecretName`**: Fill in the `identitySecretName` field with the name +of the Kubernetes secret you created earlier. + + + + +**`address`**: Include the hostname and HTTPS port of your Teleport Cloud tenant +(e.g., `teleport.example.com:443`). + +**`identitySecretName`**: Fill in the `identitySecretName` field with the name +of the Kubernetes secret you created earlier. + + + + + +### `[mattermost]` + + + + +**`url`**: Include the scheme (`https://`) and fully qualified domain name of +your Mattermost deployment. + +**`token`**: Find your Mattermost bot's OAuth 2.0 token. To do so, visit +Mattermost. In the menu on the upper left of the UI, go to Integrations → Bot +Accounts. Find the listing for the Teleport plugin and click "Create New Token". +After you save the token, you will see a message with text in the format, +"Access Token: TOKEN". Copy the token and paste it here. + +**`recipients`**: This field configures the channels that the Mattermost plugin +will notify when it receives an Access Request message. The value is an array of +strings, where each element is either: + +- The email address of a Mattermost user to notify via a direct message when the + plugin receives an Access Request event +- A channel name in the format `team/channel`, where `/` separates the name + of the team and the name of the channel + +For example, this configuration will notify `first.last@example.com` and +the `Town Square` channel in the `myteam` team of any Access Request events: + +```toml +recipients = [ + "myteam/Town Square", + "first.last@example.com" +] +``` + + + + +**`url`**: Include the scheme (`https://`) and fully qualified domain name of +your Mattermost deployment. + +**`token`**: Find your Mattermost bot's OAuth 2.0 token. To do so, visit +Mattermost. In the menu on the upper left of the UI, go to Integrations → Bot +Accounts. Find the listing for the Teleport plugin and click "Create New Token". +After you save the token, you will see a message with text in the format, +"Access Token: TOKEN". Copy the token and paste it here. + +**`recipients`**: This field configures the channels that the Mattermost plugin +will notify when it receives an Access Request message. The value is an array of +strings, where each element is either: + +- The email address of a Mattermost user to notify via a direct message when the + plugin receives an Access Request event +- A channel name in the format `team/channel`, where `/` separates the name + of the team and the name of the channel + +For example, this configuration will notify `first.last@example.com` and +the `Town Square` channel in the `myteam` team of any Access Request events: + +```yaml +recipients: + - "myteam/Town Square" + - first.last@example.com +``` + + + + +You will need to invite your Teleport plugin to any channel you add to the +`recipients` list (aside from direct message channels). Visit Mattermost, +navigate to each channel you want to invite the plugin to, and enter `/invite +@teleport` (or the name of the bot you configured) into the message box. + +![Invite the bot](../../../img/enterprise/plugins/mattermost/add-bot.png) + +
+ +Users can also suggest reviewers when they create an Access Request, e.g.,: + +```code +$ tsh request create --roles=dbadmin --reviewers=alice@example.com,ivan@example.com +``` + +If an Access Request includes suggested reviewers, the Mattermost plugin will +add these to the list of channels to notify. If a suggested reviewer is an email +address, the plugin will look up the the direct message channel for that address +and post a message in that channel. + +If `recipients` is empty, and the user requesting elevated privileges has not +suggested any reviewers, the plugin will skip forwarding the Access Request to +Mattermost. + +
+ +The final configuration should look similar to this: + + + +```yaml +# example mattermost configuration TOML file +[teleport] +auth_server = "myinstance.teleport.sh:443" # Teleport Cloud proxy HTTPS address +identity = "/var/lib/teleport/plugins/mattermost/auth.pem" # Identity file path + +[mattermost] +url = "https://mattermost.example.com" # Mattermost Server URL +token = "api-token" # Mattermost Bot OAuth token +recipients = [ + "myteam/general", + "first.last@example.com" +] + +[log] +output = "stderr" # Logger output. Could be "stdout", "stderr" or "/var/lib/teleport/mattermost.log" +severity = "INFO" # Logger severity. Could be "INFO", "ERROR", "DEBUG" or "WARN". + +``` + + +```yaml +# example mattermost configuration TOML file +[teleport] +auth_server = "example.com:3025" # Teleport Auth Server GRPC API address +client_key = "/var/lib/teleport/plugins/mattermost/auth.key" # Teleport GRPC client secret key +client_crt = "/var/lib/teleport/plugins/mattermost/auth.crt" # Teleport GRPC client certificate +root_cas = "/var/lib/teleport/plugins/mattermost/auth.cas" # Teleport cluster CA certs + +[mattermost] +url = "https://mattermost.example.com" # Mattermost Server URL +token = "api-token" # Mattermost Bot OAuth token +recipients = [ + "myteam/general", + "first.last@example.com" +] + +[log] +output = "stderr" # Logger output. Could be "stdout", "stderr" or "/var/lib/teleport/mattermost.log" +severity = "INFO" # Logger severity. Could be "INFO", "ERROR", "DEBUG" or "WARN". +``` + + +```yaml +(!examples/resources/plugins/teleport-mattermost-helm-cloud.yaml!) +``` + + +```yaml +(!examples/resources/plugins/teleport-mattermost-helm-self.yaml!) +``` + + + +## Step 7/8. Test your Mattermost bot + + + + +After modifying your configuration, run the bot with the following command: + +```code +$ teleport-mattermost start -d +``` + +The `-d` flag provides debug information to make sure the bot can connect to +Mattermost, e.g.: + +```text +DEBU Checking Teleport server version mattermost/main.go:234 +DEBU Starting a request watcher... mattermost/main.go:296 +DEBU Starting Mattermost API health check... mattermost/main.go:186 +DEBU Starting secure HTTPS server on :8081 utils/http.go:146 +DEBU Watcher connected mattermost/main.go:260 +DEBU Mattermost API health check finished ok mattermost/main.go:19 +``` + + +After modifying your configuration, run the bot with the following command: + +```code +$ helm upgrade --install teleport-plugin-mattermost teleport/teleport-plugin-mattermost --values teleport-mattermost-helm.yaml +``` + +To inspect the plugin's logs, use the following command: + +```code +$ kubectl logs deploy/teleport-plugin-mattermost +``` + +Debug logs can be enabled by setting `log.severity` to `DEBUG` in +`teleport-mattermost-helm.yaml` and executing the `helm upgrade ...` command +above again. Then you can restart the plugin with the following command: + +```code +$ kubectl rollout restart deployment teleport-plugin-mattermost +``` + + + + +### Create an Access Request + +(!docs/pages/includes/plugins/create-request.mdx!) + +The users and channels you configured earlier to review the request should +receive a message from "Teleport" in Mattermost allowing them to visit a link in +the Teleport Web UI and either approve or deny the request. + +### Resolve the request + +(!docs/pages/includes/plugins/resolve-request.mdx!) + + + +When the Mattermost plugin posts an Access Request notification to a channel, +anyone with access to the channel can view the notification and follow the link. +While users must be authorized via their Teleport roles to review Access +Requests, you should still check the Teleport audit log to ensure that the right +users are reviewing the right requests. + +When auditing Access Request reviews, check for events with the type `Access +Request Reviewed` in the Teleport Web UI and `access_request.review` if reviewing the audit log on the +Auth Service host. + + + +## Step 8/8. Set up systemd + +In production, we recommend starting the Teleport plugin daemon via an init +system like systemd. Here's the recommended Teleport plugin service unit file +for systemd: + +```ini +(!examples/systemd/plugins/teleport-mattermost.service!) +``` + +Save this as `teleport-mattermost.service` in either `/usr/lib/systemd/system/` or +another [unit file load +path](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Unit%20File%20Load%20Path) +supported by systemd. + +Enable and start the plugin: + +```code +$ sudo systemctl enable teleport-mattermost +$ sudo systemctl start teleport-mattermost +``` + +## Feedback + +If you have any issues with this plugin, please create an [issue +on GitHub](https://github.com/gravitational/teleport-plugins/issues/new). diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-msteams.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-msteams.mdx new file mode 100644 index 0000000000000..010497dddc7ba --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-msteams.mdx @@ -0,0 +1,464 @@ +--- +title: Access Requests with Microsoft Teams +description: How to set up Teleport's Microsoft Teams plugin for privilege elevation approvals. +--- + +This guide will explain how to set up Microsoft Teams to receive Access Request messages +from Teleport. Teleport's Microsoft Teams integration notifies individuals of +Access Requests. Users can then approve and deny Access Requests by following the +message link, making it easier to implement security best practices without +compromising productivity. + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- A Microsoft Teams License (Microsoft 365 Business). +- Azure console access in the organization/directory holding the Microsoft Teams License. +- An Azure resource group in the same directory. This will host resources for the the Microsoft Teams Access Request plugin. + You should have enough permissions to create and edit Azure Bot Services in this resource group. +- Someone with Global Admin rights on the Azure Active Directory that will + grant permissions to the plugin. +- Someone with the `Teams administrator` role that can approve installation + requests for Microsoft Teams Apps. + +(!/docs/pages/includes/tctl.mdx!) + +## Step 1/9. Define RBAC resources + +Before you set up the Microsoft Teams plugin, you will need to enable Role Access Requests +in your Teleport cluster. + +(!/docs/pages/includes/plugins/editor-request-rbac.mdx!) + +## Step 2/9. Install the Teleport Microsoft Teams plugin + +We currently only provide `linux-amd64` binaries. You can also compile these +plugins from source. You can run the plugin from a remote host or your local +development machine. + + +We recommend installing Teleport plugins on the same host as the Teleport +Proxy Service. This is an ideal location as plugins have a low memory footprint +and will require access to both the public internet and the Teleport Auth Service. + + + + + ```code + $ curl -L -O https://get.gravitational.com/teleport-access-msteams-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ tar -xzf teleport-access-msteams-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ ./teleport-access-msteams/install + ``` + + + To install from source you need `git` and `go` >= (=teleport.golang=) + installed. + + ```code + # Check out the teleport-plugins repository + $ git clone https://github.com/gravitational/teleport-plugins.git + $ cd teleport-plugins/access/msteams + $ make + ``` + + Place the `teleport-msteams` binary into an appropriate location + within the system's `PATH`, e.g., `/usr/local/bin`: + + ```code + $ mv ./build/teleport-msteams /usr/local/bin + ``` + + + + + Make sure the binary is installed: + + ```code + $ teleport-msteams version + teleport-msteams v(=teleport.plugin.version=) git:teleport-msteams-v(=teleport.plugin.version=)-fffffffff go(=teleport.golang=) + ``` + +## Step 3/9. Create a user and role for the plugin + +(!docs/pages/includes/plugins/rbac.mdx!) + +## Step 4/9. Export the access plugin identity + +(!docs/pages/includes/plugins/identity-export.mdx!) + +The rest of this guide assumes that you have placed any files generated by this +command into `/var/lib/teleport/plugins/msteams` for later reference when +configuring the plugin: + +```code +# create a data directory to hold certificate files for the plugin. +$ sudo mkdir -p /var/lib/teleport/plugins/msteams +$ sudo mv auth.* /var/lib/teleport/plugins/msteams +``` + +## Step 5/9. Register an Azure Bot + +The Access Request plugin for Microsoft Teams receives Access Request events from the +Teleport Auth Service, formats them into Microsoft Teams messages, and sends them to the +Microsoft Teams API to post them in your workspace. For this to work, you must register a +new Azure Bot. Azure Bot is a managed service by Microsoft that allows to +develop bots that interact with users through different channels, including +Microsoft Teams. + +### Register a new Azure bot + +Visit [https://portal.azure.com/#create/Microsoft.AzureBot](https://portal.azure.com/#create/Microsoft.AzureBot) +to create a new bot. Choose the bot handle so you can find the bot later in the Azure console (the bot handle will +not be displayed to the user or used to configure the Microsoft Teams plugin). Also edit the Azure subscription, +the resource group and the bot pricing tier. + +In the "Microsoft App ID" section choose "Single Tenant" and "Create new +Microsoft App ID". + +![Create Azure Bot](../../../img/enterprise/plugins/msteams/create-azure-bot.png) + +### Connect the bot to Microsoft Teams + +Once the bot is created, open its resource page on the Azure console and +navigate to the "Channels" tab. Click "Microsoft Teams" and add the Microsoft Teams +channel. + +The result should be as follows: + +![Add Bot Channel](../../../img/enterprise/plugins/msteams/add-bot-channel.png) + +### Obtain information about your Microsoft App + +On the bot's "Configuration" tab, copy and keep in a safe place the values of +"Microsoft App ID" and "App Tenant ID". Those two UUIDs will be used in the +plugin configuration. + +Click the "Manage" link next to "Microsoft App ID". This will open the app management view. + +![Manage Bot App](../../../img/enterprise/plugins/msteams/manage-bot-app.png) + +Then, go to the "Certificates & Secrets" section and choose to create a "New client secret". +Use the "Copy" icon to copy the newly created secret and keep it with the +previously recovered App ID and Tenant ID. + +The client secret will be used by the Teleport plugin to authenticate as the bot's app when +searching users and posting messages. + +### Specify the permissions used by the app + +Still in the app management view ("Configuration", then "Manage" the Microsoft App ID), +go to the "API permissions" tab. + +Add the following Microsoft Graph Application permissions: + +| Permission name | Reason | +|---|---| +| `AppCatalog.Read.All` | Used to list Teams Apps and check the app is installed. | +| `User.Read.All` | Used to get notification recipients. | +| `TeamsAppInstallation.ReadWriteSelfForUser.All` | Used to initiate communication with a user that never interacted with the Teams App before. | +| `TeamsAppInstallation.ReadWriteSelfForTeam.All` | Used to discover if the app is installed in the Team. | + +At this point the app declares the required permissions but those have not been granted. + +If you are an admin, click "Grant admin consent for \". If you are not an admin, +contact an admin user to grant the permissions. + +![Specify App Permissions](../../../img/enterprise/plugins/msteams/specify-app-permissions.png) + +Once permissions have been approved, refresh the page and check the approval status. +The result should be as follows: + +![Granted App Permissions](../../../img/enterprise/plugins/msteams/granted-app-permissions.png) + +## Step 6/9. Configure the Teleport Microsoft Teams plugin + +At this point, the Teleport Microsoft Teams plugin has the credentials it needs to +communicate with your Teleport cluster and Azure APIs, but the app has not been +installed to Microsoft Teams yet. + +In this step, you will configure the Microsoft Teams plugin to use the Azure +credentials and generate the Teams App package that will be used to install the +Microsoft Teams App. You will also configure the plugin to notify +the right Microsoft Teams users when it receives an Access Request update. + +### Generate a config file and assets + +The Teleport Microsoft Teams plugin uses a config file in TOML format. The `configure` +subcommand generates the directory `/var/lib/teleport/plugins/msteams/assets` +containing the TOML configuration file and an `app.zip` file that will be used +later to add the Teams App into the organization catalog. + +```code +$ export AZURE_APPID="your-appid" +$ export AZURE_TENANTID="your-tenantid" +$ export AZURE_APPSECRET="your-appsecret" +$ teleport-msteams configure /var/lib/teleport/plugins/msteams/assets --appID "$AZURE_APPID" --tenantID "$AZURE_TENANTID" --appSecret "$AZURE_APPSECRET" +``` + +This should result in a config file like the one below: + +```toml +(!examples/resources/plugins/teleport-msteams.toml!) +``` + +Copy the `/var/lib/teleport/plugins/msteams/assets/app.zip` file to your local +computer. You will have to upload it to Microsoft Teams later. + + +The `configure` command is not idempotent. It generates a new Microsoft Teams +application UUID with each execution. It is not possible to use an `app.zip` and +a TOML configuration generated by two different executions. + + +### Edit the config file + +Copy the file `/var/lib/teleport/plugins/msteams/assets/teleport-msteams.toml` +to `/etc/teleport-msteams.toml`. You can then edit the copy located in `/etc/`. + +**`[teleport]`** + +The Microsoft Teams plugin uses this section to connect to the Teleport Auth Service. + + + +The address and credentials you configure depend on whether your plugin can +access the Auth Service directly: + + + + +Set `addr` to the address and port of your Auth Service. This address must be +reachable from the Teleport Microsoft Teams Plugin. + +Set `client_key`, `client_crt`, and `root_cas` to the identity files +generated earlier: + +```toml +[teleport] +addr = "localhost:3025" +client_key = "/var/lib/teleport/plugins/msteams/auth.key" # Teleport GRPC client secret key +client_crt = "/var/lib/teleport/plugins/msteams/auth.crt" # Teleport GRPC client certificate +root_cas = "/var/lib/teleport/plugins/msteams/auth.cas" # Teleport cluster CA certs +``` + + + +Set `addr` to your Proxy Service address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "mytenant.teleport.sh:443" +identity = "/var/lib/teleport/plugins/msteams/auth.pem" +``` + + + + + + +Set `addr` to your Teleport Cloud tenant address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "mytenant.teleport.sh:443" +identity = "/var/lib/teleport/plugins/msteams/auth.pem" +``` + + + +**`[role_to_recipients]`** + +The `role_to_recipients` map configure the users and channels that the +Microsoft Teams plugin will notify when a user requests access to a specific role. When +the Microsoft Teams plugin receives an Access Request from the Auth Service, it will +look up the role being requested and identify the Microsoft Teams users and channels to +notify. + +Here is an example of a `role_to_recipients` map: + +```toml +[role_to_recipients] +"*" = "alice@example.com" +"dev" = ["alice@example.com", "bob@example.com"] +"dba" = "https://teams.microsoft.com/l/channel/19%3somerandomid%40thread.tacv2/ChannelName?groupId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&tenantId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +``` + +In the `role_to_recipients` map, each key is the name of a Teleport role. Each +value configures the Teams user (or users) to notify. The value can be a single +string or an array of strings. Each string must be either the email address of +a Microsoft Teams user or a channel URL. + +You can find the URL of a channel by opening the channel and clicking the button +"Get link to channel": + +![Copy Teams Channel](../../../img/enterprise/plugins/msteams/copy-teams-channel.png) + +The `role_to_recipients` map must also include an entry for `"*"`, which the +plugin looks up if no other entry matches a given role name. In the example +above, requests for roles aside from `dev` and `dba` will notify `alice@example.com`. + +
+ +Users can suggest reviewers when they create an Access Request, e.g.,: + +```code +$ tsh request create --roles=dbadmin --reviewers=alice@example.com,ivan@example.com +``` + +If an Access Request includes suggested reviewers, the Microsoft Teams plugin will add +these to the list of channels to notify. If a suggested reviewer is an email +address, the plugin will look up the the direct message channel for that +address and post a message in that channel. + +
+ +Configure the Microsoft Teams plugin to notify you when a user requests the `editor` role +by adding the following to your `role_to_recipients` config (replace +`TELEPORT_USERNAME` with the email of the user you assigned the `editor-reviewer` +role earlier): + +```toml +[role_to_recipients] +"*" = "TELEPORT_USERNAME" +"editor" = "TELEPORT_USERNAME" +``` + +## Step 7/9. Add and configure the Teams App + +### Upload the Teams App + +Open Microsoft Teams and go to "Apps", "Manage your apps", then in the additional +choices menu choose "Upload an App". + +![Upload Teams App](../../../img/enterprise/plugins/msteams/upload-teams-app.png) + +If you're a Teams admin, choose "Upload an app to your org's app catalog". +This will allow you to skip the approval step. +If you're not a Microsoft Teams admin, choose "Submit an app to your org". + +Upload the `app.zip` file you generated earlier. + +### Approve the Teams App + +If you are not a Teams admin and chose "Submit an app to your org", +you will have to ask a Teams admin to approve it. + +They can do so by connecting to the +[Teams admin dashboard](https://admin.teams.microsoft.com/policies/manage-apps), +searching "TeleBot", selecting it and choosing "Allow". + +![Upload Teams App](../../../img/enterprise/plugins/msteams/allowed-teams-app.png) + +### Add the Teams App to a Team + +Once the app is approved it should appear in the "Apps built for your org" section. +Add the newly uploaded app to a team. Open the app, click "Add to a team", +choose the "General" channel of your team and click "Set up a bot". + +![Add Teams App](../../../img/enterprise/plugins/msteams/add-teams-app.png) + +Note: Once an app is added to a team, it can post on all channels. + +## Step 8/9. Test the Teams App + +Once Teleport is running, you've created the Teams App, and the plugin is +configured, you can now run the plugin and test the workflow. + +### Test Microsoft Teams connectivity + +Start the plugin in validation mode: + +```code +$ teleport-msteams validate +``` + +If everything works fine, the log output should look like this: + +```text +teleport-msteams v10.0.2 go1.18.1 + + - Checking application xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx status... + - Application found in the team app store (internal ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) + - User xxxxxx@xxxxxxxxx.xxx found: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + - Application installation ID for user: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + - Chat ID for user: 19:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@unq.gbl.spaces + - Chat web URL: https://teams.microsoft.com/l/chat/19%3Axxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx%40unq.gbl.spaces/0?tenantId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + - Hailing the user... + - Message sent, ID: XXXXXXXXXXXXX + +Check your MS Teams! +``` + +The plugin should exit and you should have received two messages through Microsoft Teams. + +![Validate Bot Message](../../../img/enterprise/plugins/msteams/validate-bot-message.png) + +### Create an Access Request + +Create an Access Request and check if the plugin works as expected with the +following steps. + +(!docs/pages/includes/plugins/create-request.mdx!) + +The user you configured earlier to review the request should receive a direct +message from "TeleBot" in Microsoft Teams allowing them to visit a link in the Teleport +Web UI and either approve or deny the request. + +### Resolve the request + +(!docs/pages/includes/plugins/resolve-request.mdx!) + +Once the request is resolved, the Microsoft Teams bot will update the Access Request message +to reflect its new status. + + + +When the Microsoft Teams plugin posts an Access Request notification to a channel, anyone +with access to the channel can view the notification and follow the link. While +users must be authorized via their Teleport roles to review Access Requests, you +should still check the Teleport audit log to ensure that the right users are +reviewing the right requests. + +When auditing Access Request reviews, check for events with the type `Access +Request Reviewed` in the Teleport Web UI and `access_request.review` if reviewing the audit log on the +Auth Service host. + + + +## Step 9/9. Set up systemd + +In production, we recommend starting the Teleport plugin daemon via an init +system like systemd. Here's the recommended Teleport plugin service unit file +for systemd: + +```ini +(!examples/systemd/plugins/teleport-msteams.service!) +``` + +Save this as `teleport-msteams.service` in either `/usr/lib/systemd/system/` or +another [unit file load +path](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Unit%20File%20Load%20Path) +supported by systemd. + +Enable and start the plugin: + +```code +$ sudo systemctl enable teleport-msteams +$ sudo systemctl start teleport-msteams +``` + +## Next steps + +- Read our guides to configuring [Resource Access + Requests](../access-requests/resource-requests.mdx) and [Role Access + Requests](../access-requests/role-requests.mdx) so you can get the most out + of your Access Request plugins. +## Feedback + +If you have any issues with this plugin, please create a GitHub issue in our [`gravitational/teleport-plugins`](https://github.com/gravitational/teleport-plugins/issues/new) repo. diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx new file mode 100644 index 0000000000000..c3dfd40589c68 --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx @@ -0,0 +1,739 @@ +--- +title: Access Requests with PagerDuty +description: How to set up Teleport's PagerDuty plugin for privilege elevation approvals. +--- + +With Teleport's PagerDuty integration, engineers can access the infrastructure +they need to resolve incidents quickly—without longstanding admin permissions +that can become a vector for attacks. + +Teleport's PagerDuty integration allows you to treat Teleport Role Access +Requests as PagerDuty incidents, notify the appropriate on-call team, and +approve or deny the requests via PagerDuty. You can also configure the plugin to +approve Role Access Requests automatically if the user making the request is on +the on-call team for a service affected by an incident. + +This guide will explain how to set up Teleport's Access Request plugin for +PagerDuty. + + + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- A PagerDuty account with the "Admin", "Global Admin", or "Account Owner" + roles. These roles are necessary for generating an API token that can list and + look up user profiles. + + You can see your role by visiting your user page in PagerDuty, navigating to + the "Permissions & Teams" tab, and checking the value of the "Base Role" + field. + +- Either a Linux host or Kubernetes cluster where you will run the PagerDuty plugin. + + + +We recommend installing Teleport plugins on the same host as the Teleport Proxy +Service. This is an ideal location as plugins have a low memory footprint, and +will require both public internet access and Teleport Auth Service access. + + + + + +Install the Teleport PagerDuty plugin on a host that can access both your +Teleport Cloud tenant and PagerDuty. + + + +(!docs/pages/includes/tctl.mdx!) + +## Step 1/8. Create services + +To demonstrate the PagerDuty plugin, create two services in PagerDuty. For each +service, fill in only the "Name" field and skip all other configuration screens, +leaving options as the defaults: + +- `Teleport Access Request Notifications` +- `My Critical Service` + +We will configure the PagerDuty plugin to create an incident in the `Teleport +Access Request Notifications` service when certain users create an Access +Request. + +For users on the on-call team for `My Critical Service` (in this case, your +PagerDuty user), we will configure the PagerDuy plugin to approve Access +Requests automatically, letting them investigate incidents on the service +quickly. + +## Step 2/8. Define RBAC resources + +The Teleport PagerDuty plugin works by receiving Access Request events from the +Teleport Auth Service and, based on these events, interacting with the PagerDuty +API. + +In this section, we will show you how to configure the PagerDuty plugin by +defining the following RBAC resources: + +- A role called `editor-requester`, which can request the built-in `editor` + role. We will configure this role to open a PagerDuty incident whenever a + user requests it, notifying the on-call team for the `Teleport Access Request + Notifications` service. +- A role called `demo-role-requester`, which can request a role called + `demo-role`. We will configure the PagerDuty plugin to auto-approve this + request whenever the user making it is on the on-call team for `My Critical + Service`. +- A user and role called `access-plugin` that the PagerDuty plugin will assume + in order to authenticate to the Teleport Auth Service. This role will have + permissions to approve Access Requests from users on the on-call team for `My + Critical Service` automatically. +- A role called `access-plugin-impersonator` that allows you to generate signed + credentials that the PagerDuty plugin can use to authenticate with your + Teleport cluster. + +### `editor-requester` + +Create a file called `editor-request-rbac.yaml` with the following content, +which defines a role called `editor-reviewer` that can review requests for the +`editor` role, plus an `editor-requester` role that can request this role. + +```yaml +kind: role +version: v5 +metadata: + name: editor-reviewer +spec: + allow: + review_requests: + roles: ['editor'] +--- +kind: role +version: v5 +metadata: + name: editor-requester +spec: + allow: + request: + roles: ['editor'] + thresholds: + - approve: 1 + deny: 1 + annotations: + pagerduty_notify_service: ["Teleport Access Request Notifications"] +``` + +The Teleport Auth Service *annotates* Access Request events with metadata based +on the roles of the Teleport user submitting the Access Request. The PagerDuty +plugin reads these annotations to determine how to respond to a new Access +Request event. + +Whenever a user with the `editor-requester` role requests the `editor` role, the +PagerDuty plugin will read the `pagerduty_notify_service` annotation and notify +PagerDuty to open an incident in the specified service, `Teleport Access Request +Notifications`, until someone with the `editor-reviewer` role approves or denies +the request. + +Create the roles you defined: + +```code +$ tctl create -f editor-request-rbac.yaml +role 'editor-reviewer' has been created +role 'editor-requester' has been created +``` + +### `demo-role-requester` + +Create a file called `demo-role-requester.yaml` with the following content: + +```yaml +kind: role +version: v5 +metadata: + name: demo-role +--- +kind: role +version: v5 +metadata: + name: demo-role-requester +spec: + allow: + request: + roles: ['demo-role'] + thresholds: + - approve: 1 + deny: 1 + annotations: + pagerduty_services: ["My Critical Service"] +``` + +Users with the `demo-role-requester` role can request the `demo-role` role. When +such a user makes this request, the PagerDuty plugin will read the +`pagerduty_services` annotation. If the user making the request is on the +on-call team for a service listed as a value for the annotation, the plugin will +approve the Access Request automatically. + +In this case, the PagerDuty plugin will approve any requests from users on the +on-call team for `My Critical Service`. + +Create the resources: + +```code +$ tctl create -f demo-role-requester.yaml; +``` + + + +For auto-approval to work, the user creating an Access Request must have a +Teleport username that is also the email address associated with a PagerDuty +account. In this guide, we will add the `demo-role-requester` role to your own +Teleport account—which we assume is also your email address for PagerDuty—so you +can request the `demo-role` role. + + + +### `access-plugin` + +Teleport's Access Request plugins authenticate to your Teleport cluster as a +user with permissions to list, read, and update Access Requests. This way, +plugins can retrieve Access Requests from the Teleport Auth Service, present +them to reviewers, and modify them after a review. + +Define a user and role called `access-plugin` by adding the following content to +a file called `access-plugin.yaml`: + +```yaml +kind: role +version: v5 +metadata: + name: access-plugin +spec: + allow: + rules: + - resources: ['access_request'] + verbs: ['list', 'read', 'update'] + - resources: ['access_plugin_data'] + verbs: ['update'] + review_requests: + roles: ['demo-role'] + where: 'contains(request.system_annotations["pagerduty_services"], "My Critical Service")' +--- +kind: user +metadata: + name: access-plugin +spec: + roles: ['access-plugin'] +version: v2 +``` + +Notice that the `access-plugin` role includes an `allow.review_requests.roles` +field with `demo-role` as a value. This allows the plugin to review requests for +the `demo-role` role. + +We are also restricting the `access-plugin` role to reviewing only Access +Requests associated with `My Critical Service`. To do so, we have defined a +*predicate expression* in the `review_requests.where` field. This expression +indicates that the plugin *cannot* review requests for `demo-role` unless the +request contains an annotation with the key `pagerduty_services` and the value +`My Critical Service`. + +
+ +The `where` field includes a predicate expression that determines whether a +reviewer is allowed to review a specific request. You can include two functions +in a predicate expression: + +|Function|Description|Example| +|---|---|---| +|`equals`|A field is equivalent to a value.|`equals(request.reason, "resolve an incident")` +|`contains`|A list of strings includes a value.|`contains(reviewer.traits["team"], "devops")`| + +When you use the `where` field, you can include the following fields in your +predicate expression: + +|Field|Type|Description| +|---|---|---| +|`reviewer.roles`|`[]string`|A list of the reviewer's Teleport role names| +|`reviewer.traits`|`map[string][]string`|A map of the reviewer's Teleport traits by the name of the trait| +|`request.roles`|`[]string`|A list of the Teleport roles a user is requesting| +|`request.reason`|`string`|The reason attached to the request| +|`request.system_annotations`| `map[string][]string`|A map of annotations for the request by annotation key, e.g., `pagerduty_services`| + +You can combine functions using the following operators: + +|Operator|Format|Description| +|---|---|---| +|`&&`|`function && function`|Evaluates to true if both functions evaluate to true| +|`\|\|`|`function \|\| function`|Evalutes to true if either one or both functions evaluate to true| +|`!`| `!function`|Evaluates to true if the function evaluates to false| + +An example of a function is `equals(request.reason, "resolve an incident")`. To +configure an `allow` condition to match any Access Request that does not include +the reason, "resolve an incident", you could use the function, +`!equals(request.reason, "resolve an incident")`. + +
+ +Create the user and role: + +```code +$ tctl create -f access-plugin.yaml +``` + +### `access-plugin-impersonator` + +As with all Teleport users, the Teleport Auth Service authenticates the +`access-plugin` user by issuing short-lived TLS credentials. In this case, we +will need to request the credentials manually by *impersonating* the +`access-plugin` role and user. + +If you are using `tctl` from the Auth +Service host, you will already have impersonation privileges. + +To grant your user impersonation privileges for `access-plugin`, define a role +called `access-plugin-impersonator` by pasting the following YAML document into +a file called `access-plugin-impersonator.yaml`: + +```yaml +kind: role +version: v5 +metadata: + name: access-plugin-impersonator +spec: + allow: + impersonate: + roles: + - access-plugin + users: + - access-plugin +``` + +Create the `access-plugin-impersonator` role: + +```code +$ tctl create -f access-plugin-impersonator.yaml +``` + +### Add roles to your user + +Later in this guide, your Teleport user will take three actions that require +additional permissions: + +- Generate signed credentials that the PagerDuty plugin will use to connect to + your Teleport Cluster +- Manually review an Access Request for the `editor` role +- Create an Access Request for the `demo-role` role + +To grant these permissions to your user, give your user the `editor-reviewer`, +`access-plugin-impersonator`, and `demo-role-requester` roles we defined +earlier. + +Retrieve your user definition: + +```code +$ TELEPORT_USER=$(tsh status --format=json | jq -r .active.username) +$ tctl get users/${TELEPORT_USER?} > myuser.yaml +``` + +Edit `myuser.yaml` to include the roles you just created: + +```diff + roles: + - access + - auditor + - editor ++ - editor-reviewer ++ - access-plugin-impersonator ++ - demo-role-requester +``` + +Apply your changes: + +```code +$ tctl create -f myuser.yaml +``` + +Log out of your Teleport cluster and log in again. You will now be able to +review requests for the `editor` role, request the `demo-role` role, and +generate signed certificates for the `access-plugin` role and user. + +### Create a user who will request access + +Create a user called `myuser` who has the `editor-requester` role. Later in this +guide, you will create an Access Request as this user to test the PagerDuty +plugin: + +```code +$ tctl users add myuser --roles=editor-requester +``` + +`tctl` will print an invitation URL to your terminal. Visit the URL and log in +as `myuser` for the first time, registering credentials as configured for your +Teleport cluster. + +## Step 3/8. Install the Teleport PagerDuty plugin + +We currently only provide `linux-amd64` binaries. You can also compile these +plugins from source. You can run the plugin from a remote host or your local +development machine. + + + + ```code + $ curl -L -O https://get.gravitational.com/teleport-access-pagerduty-v(=teleport.plugin.version=)-linux-amd64-bin.tar.gz + $ tar -xzf teleport-access-pagerduty-v(=teleport.plugin.version=)-linux-amd64-bin.tar.gz + $ cd teleport-access-pagerduty + $ sudo ./install + Teleport PagerDuty Plugin binaries have been copied to /usr/local/bin + You can run teleport-pagerduty configure > /etc/teleport-pagerduty.toml to + bootstrap your config file. + ``` + + + To install from source you need `git` and `go` installed. If you do not have + Go installed, visit the Go [downloads page](https://go.dev/dl/). + + ```code + # Checkout teleport-plugins + $ git clone https://github.com/gravitational/teleport-plugins.git + $ cd teleport-plugins/access/pagerduty + $ make + ``` + +Run `./install` from `teleport-pagerduty`. + + + + ```code + $ docker pull public.ecr.aws/gravitational/teleport-plugin-pagerduty:(=teleport.plugin.version=) + ``` + + + ```code + $ helm repo add teleport https://charts.releases.teleport.dev/ + $ helm repo update + ``` + + + +## Step 4/8. Export the access plugin identity + +(!docs/pages/includes/plugins/identity-export.mdx!) + +## Step 5/8. Set up a PagerDuty API key + +Generate an API key that the PagerDuty plugin will use to create and modify +incidents as well as list users, services, and on-call policies. + +In your PagerDuty dashboard, go to **Integrations → API Access Keys** and click +**Create New API Key**. Add a key description, e.g., "Teleport integration". +Leave "Read-only API Key" unchecked. Copy the key to a file on your local +machine. We'll use the key in the plugin config file later. + +![Create an API +key](../../../img/enterprise/plugins/pagerduty/pagerduty-integrations.png) + +## Step 6/8. Configure the PagerDuty plugin + +At this point, you have generated credentials that the PagerDuty plugin will use +to connect to Teleport and the PagerDuty API. You will now configure the +PagerDuty plugin to use these credentials, plus adjust any settings required for +your environment. + + + +Teleport's PagerDuty plugin has its own configuration file in TOML format. On +the host where you will run the PagerDuty plugin, generate a boilerplate config +by running the following commands: + +```code +$ teleport-pagerduty configure > teleport-pagerduty.toml +$ sudo mv teleport-pagerduty.toml /etc +``` + + +The Mattermost Helm Chart uses a YAML values file to configure the plugin. On +the host where you have Helm installed, create a file called +`teleport-pagerduty-values.yaml` based on the following example: + +```yaml +teleport: + address: "" # Teleport Auth Server GRPC API address + identitySecretName: "" # Identity file path + +pagerduty: + apiKey: "" # PagerDuty API Key + userEmail: "" # PagerDuty bot user email (Could be admin email) +``` + + + +
+ +The PagerDuty plugin expects the configuration to be in +`/etc/teleport-pagerduty.toml`, but you can override this with the `--config` +flag when you run the plugin binary later in this guide. + +
+ + +Edit the configuration file in `/etc/teleport-pagerduty.toml` as explained +below: + +### `[teleport]` + +The PagerDuty plugin uses this section to connect to your Teleport cluster: + + + +The address and credentials you configure depend on whether your plugin can +access the Auth Service directly: + + + + +Set `addr` to your Proxy Service address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "teleport.example.com:443" +identity = "/var/lib/teleport/plugins/pagerduty/auth.pem" +``` + + + +Set `addr` to the address and port of your Auth Service. This address must be +reachable from the Teleport PagerDuty plugin. + +Set `client_key`, `client_crt`, and `root_cas` to the identity files +generated earlier: + +```toml +[teleport] +addr = "localhost:3025" +client_key = "/var/lib/teleport/plugins/pagerduty/auth.key" # Teleport GRPC client secret key +client_crt = "/var/lib/teleport/plugins/pagerduty/auth.crt" # Teleport GRPC client certificate +root_cas = "/var/lib/teleport/plugins/pagerduty/auth.cas" # Teleport cluster CA certs +``` + + + +**`address`**: Include the hostname and HTTPS port of your Teleport Cloud tenant +(e.g., `teleport.example.com:443`). + +**`identitySecretName`**: Fill in the `identitySecretName` field with the name +of the Kubernetes secret you created earlier. + +```yaml +teleport: + address: "teleport.example.com:443" + identitySecretName: teleport-plugin-pagerduty-identity +``` + + + + + + + +Set `addr` to your Teleport Cloud tenant address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "teleport.example.com:443" +identity = "/var/lib/teleport/plugins/pagerduty/auth.pem" +``` + + + +### `[pagerduty]` + +Assign `api_key` to the PagerDuty API key you generated earlier. + +Assign `user_email` to the email address of a PagerDuty user on the account +associated with your API key. When the PagerDuty plugin creates a new incident, +PagerDuty will display this incident as created by that user. + +
+ +This guide has assumed that the Teleport PagerDuty plugin uses +`pagerduty_notify_service` annotation to determine which services to notify of +new Access Request events and the `pagerduty_services` annotation to configure +auto-approval. + +If you would like to use a different name for these annotations in your Teleport +roles, you can assign the `pagerduty.notify_service` and `pagerduty.services` +fields. + +
+ +The final configuration should resemble the following: + + + +```yaml +(!examples/resources/plugins/teleport-pagerduty-cloud.toml!) +``` + + +```yaml +(!examples/resources/plugins/teleport-pagerduty-self.toml!) +``` + + +```yaml +(!examples/resources/plugins/teleport-pagerduty-helm-self.yaml!) +``` + + + +## Step 7/8. Test the PagerDuty plugin + + + +After you configure the PagerDuty plugin, run the following command to start it. +The `-d` flag will provide debug information to ensure that the plugin can +connect to PagerDuty and your Teleport cluster: + +```code +$ teleport-pagerduty start -d +# DEBU DEBUG logging enabled logrus/exported.go:117 +# INFO Starting Teleport Access PagerDuty extension 0.1.0-dev.1: pagerduty/main.go:124 +# DEBU Checking Teleport server version pagerduty/main.go:226 +# DEBU Starting a request watcher... pagerduty/main.go:288 +# DEBU Starting PagerDuty API health check... pagerduty/main.go:170 +# DEBU Starting secure HTTPS server on :8081 utils/http.go:146 +# DEBU Watcher connected pagerduty/main.go:252 +# DEBU PagerDuty API health check finished ok pagerduty/main.go:176 +# DEBU Setting up the webhook extensions pagerduty/main.go:178 +``` + + +After modifying your configuration, run the bot with the following command: + +```code +$ helm upgrade --install teleport-plugin-pagerduty teleport/teleport-plugin-pagerduty --values teleport-pagerduty-values.yaml +``` + +To inspect the plugin's logs, use the following command: + +```code +$ kubectl logs deploy/teleport-plugin-pagerduty +``` + +Debug logs can be enabled by setting `log.severity` to `DEBUG` in +`teleport-pagerduty-helm.yaml` and executing the `helm upgrade ...` command +above again. Then you can restart the plugin with the following command: + +```code +$ kubectl rollout restart deployment teleport-plugin-pagerduty +``` + + + + +### Create an Access Request + +As the Teleport user `myuser`, create an Access Request for the `editor` role: + +(!docs/pages/includes/plugins/create-request.mdx!) + +You should see a log resembling the following on your PagerDuty plugin host: + +``` +INFO Successfully created PagerDuty incident pd_incident_id:00000000000000 +pd_service_name:Teleport Access Request Notifications +request_id:00000000-0000-0000-0000-000000000000 request_op:put +request_state:PENDING pagerduty/app.go:366 +``` + +In PagerDuty, you will see a new incident containing information about the +Access Request: + +![PagerDuty dashboard showing an Access +Request](../../../img/enterprise/plugins/pagerduty/new-access-req-incident.png) + + +### Resolve the request + +(!docs/pages/includes/plugins/resolve-request.mdx!) + + + +When the PagerDuty plugin sends a notification, anyone who receives the +notification can follow the enclosed link to an Access Reqeust URL. While users +must be authorized via their Teleport roles to review Access Request, you +should still check the Teleport audit log to ensure that the right users are +reviewing the right requests. + +When auditing Access Request reviews, check for events with the type `Access +Request Reviewed` in the Teleport Web UI and `access_request.review` if reviewing the audit log on the +Auth Service host. + + + +### Trigger an auto-approval + +As your Teleport user, create an Access Request for the `demo-role` role. + +You will see a log similar to the following on your PagerDuty plugin host: + +``` +INFO Successfully submitted a request approval +pd_user_email:myuser@example.com pd_user_name:My User +request_id:00000000-0000-0000-0000-000000000000 request_op:put +request_state:PENDING pagerduty/app.go:511 +``` + +Your Access Request will appear as `APPROVED`: + +```code +$ tsh requests ls +ID User Roles Created (UTC) Status +------------------------------------ ------------------ --------- ------------------- -------- +00000000-0000-0000-0000-000000000000 myuser@example.com demo-role 12 Aug 22 18:30 UTC APPROVED +``` + +## Step 8/8. Set up systemd + +In production, we recommend starting the Teleport plugin daemon via an init +system like systemd. Here's the recommended Teleport plugin service unit file +for systemd: + +```ini +(!examples/systemd/plugins/teleport-pagerduty.service!) +``` + +Save this as `teleport-pagerduty.service` in either `/usr/lib/systemd/system/` +or another [unit file load +path](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Unit%20File%20Load%20Path) +supported by systemd. + +Enable and start the plugin: + +```code +$ sudo systemctl enable teleport-pagerduty +$ sudo systemctl start teleport-pagerduty +``` + +## Feedback + +If you have any issues with this plugin please create a [GitHub +issue](https://github.com/gravitational/teleport-plugins/issues/new). diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-slack.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-slack.mdx new file mode 100644 index 0000000000000..4685782dff00e --- /dev/null +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-slack.mdx @@ -0,0 +1,415 @@ +--- +title: Access Requests with Slack +description: How to set up Teleport's Slack plugin for privilege elevation approvals. +--- + +This guide will explain how to set up Slack to receive Access Request messages +from Teleport. Teleport's Slack integration notifies individuals and channels of +Access Requests. Users can then approve and deny Access Requests from within +Slack, making it easier to implement security best practices without +compromising productivity. + +Here is an example of sending an Access Request via Teleport's Slack plugin: + + + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- Slack admin privileges to create an app and install it to your workspace. Your + Slack profile must have the "Workspace Owner" or "Workspace Admin" banner + below your profile picture. + +(!/docs/pages/includes/tctl.mdx!) + +## Step 1/8. Define RBAC resources + +Before you set up the Slack plugin, you will need to enable Role Access Requests +in your Teleport cluster. + +(!/docs/pages/includes/plugins/editor-request-rbac.mdx!) + +## Step 2/8. Install the Teleport Slack plugin + +We currently only provide `linux-amd64` binaries. You can also compile these +plugins from source. You can run the plugin from a remote host or your local +development machine. + + +We recommend installing Teleport plugins on the same host as the Teleport +Proxy Service. This is an ideal location as plugins have a low memory footprint +and will require access to both the public internet and the Teleport Auth Service. + + + + + ```code + $ curl -L -O https://get.gravitational.com/teleport-access-slack-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ tar -xzf teleport-access-slack-v(=teleport.version=)-linux-amd64-bin.tar.gz + $ ./teleport-access-slack/install + ``` + + + To install from source you need `git` and `go` >= (=teleport.golang=) + installed. + + ```code + # Check out the teleport-plugins repository + $ git clone https://github.com/gravitational/teleport-plugins.git + $ cd teleport-plugins/access/slack + $ make + ``` + + Place the `teleport-slack` binary into an appropriate location + within the system's `PATH`, e.g., `/usr/local/bin`: + + ```code + $ mv ./build/teleport-slack /usr/local/bin + ``` + + + + + Make sure the binary is installed: + + ```code + $ teleport-slack version + teleport-slack v(=teleport.plugin.version=) git:teleport-slack-v(=teleport.plugin.version=)-fffffffff go(=teleport.golang=) + ``` + +## Step 3/8. Create a user and role for the plugin + +(!docs/pages/includes/plugins/rbac.mdx!) + +## Step 4/8. Export the access plugin identity + +(!docs/pages/includes/plugins/identity-export.mdx!) + +The rest of this guide assumes that you have placed any files generated by this +command into `/var/lib/teleport/plugins/slack` for later reference when +configuring the plugin: + +```code +# create a data directory to hold certificate files for the plugin. +$ sudo mkdir -p /var/lib/teleport/plugins/slack +$ sudo mv auth.* /var/lib/teleport/plugins/slack +``` + +## Step 5/8. Register a Slack app + +The Access Request plugin for Slack receives Access Request events from the +Teleport Auth Service, formats them into Slack messages, and sends them to the +Slack API to post them in your workspace. For this to work, you must register a +new app with the Slack API. + +### Create your app + +Visit [https://api.slack.com/apps](https://api.slack.com/apps) to create a new +Slack app. Click "Create an App", then "From scratch". Fill in the form as shown +below: + +![Create Slack App](../../../img/enterprise/plugins/slack/Create-a-Slack-App.png) + +The "App Name" should be "Teleport". Click the "Development Slack Workspace" +dropdown and choose the workspace where you would like to see Access Request +messages. + +### Generate an OAuth token with scopes + +Next, configure your application to authenticate to the Slack API. We will do +this by generating an OAuth token that the plugin will present to the Slack API. + +We will restrict the plugin to the narrowest possible permissions by using OAuth +scopes. The Slack plugin needs to post messages to your workspace. It also needs +to read usernames and email addresses in order to direct Access Request +notifications from the Auth Service to the appropriate Teleport users in Slack. + +After creating your app, the Slack website will open a console where you can +specify configuration options. On the sidebar menu under "Features", click +"OAuth & Permissions". + +Scroll to the "Scopes" section and click "Add an OAuth Scope" for each of the +following scopes: + +- `chat:write` +- `incoming-webhook` +- `users:read` +- `users:read.email` + +The result should look like this: + +![API Scopes](../../../img/enterprise/plugins/slack/api-scopes.png) + +After you have configured scopes for your plugin, scroll back to the top of the +OAuth & Permissions page, find the "OAuth Tokens for Your Workspace" section, +and click "Install to Workspace". You will see a summary of the permission you +configured for the Slack plugin earlier. + +In "Where should Teleport post?", choose "Slackbot" as the default channel the +plugin will post to. The plugin will post here when sending direct messages. +Later in this guide, we will configure the plugin to post in other channels as +well. + +After submitting this form, you will see an OAuth token in the "OAuth & +Permissions" tab under "Tokens for Your Workspace": + +![OAuth Tokens](../../../img/enterprise/plugins/slack/OAuth.png) + +You will use this token later when configuring the Slack plugin. + +## Step 6/8. Configure the Teleport Slack plugin + +At this point, the Teleport Slack plugin has the credentials it needs to +communicate with your Teleport cluster and the Slack API. In this step, you will +configure the Slack plugin to use these credentials. You will also configure the +plugin to notify the right Slack channels when it receives an Access Request +update. + +### Generate a config file + +The Teleport Slack plugin uses a config file in TOML format. Generate a +boilerplate config by running the following command (the plugin will not run +unless the config file is in `/etc/teleport-slack.toml`): + +```code +$ teleport-slack configure | sudo tee /etc/teleport-slack.toml > /dev/null +``` + +This should result in a config file like the one below: + +```toml +(!examples/resources/plugins/teleport-slack.toml!) +``` + +### Edit the config file + +Edit the `teleport-slack.toml` file you created earlier to update the following +fields: + +**`[teleport]`** + +The Slack plugin uses this section to connect to the Teleport Auth Service. + + + +The address and credentials you configure depend on whether your plugin can +access the Auth Service directly: + + + + +Set `addr` to the address and port of your Auth Service. This address must be +reachable from the Teleport Slack Plugin. + +Set `client_key`, `client_crt`, and `root_cas` to the identity files +generated earlier: + +```toml +[teleport] +addr = "localhost:3025" +client_key = "/var/lib/teleport/plugins/slack/auth.key" # Teleport GRPC client secret key +client_crt = "/var/lib/teleport/plugins/slack/auth.crt" # Teleport GRPC client certificate +root_cas = "/var/lib/teleport/plugins/slack/auth.cas" # Teleport cluster CA certs +``` + + + +Set `addr` to your Proxy Service address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "mytenant.teleport.sh:443" +identity = "/var/lib/teleport/plugins/slack/auth.pem" +``` + + + + + + +Set `addr` to your Teleport Cloud tenant address with port `443`. + +Set `identity` to the identity file generated earlier: + +```toml +[teleport] +addr = "mytenant.teleport.sh:443" +identity = "/var/lib/teleport/plugins/slack/auth.pem" +``` + + + +**`[slack]`** + +`token`: Open [`https://api.slack.com/apps`](https://api.slack.com/apps), find +the Slack app you created earlier, navigate to the "OAuth & Permissions" tab, +copy the "Bot User OAuth Token", and paste it into this field. + +**`[role_to_recipients]`** + +The `role_to_recipients` map configure the channels that the Slack plugin will +notify when a user requests access to a specific role. When the Slack plugin +receives an Access Request from the Auth Service, it will look up the role being +requested and identify the Slack channels to notify. + +Here is an example of a `role_to_recipients` map: + +```toml +[role_to_recipients] +"*" = "admin-slack-channel" +"dev" = ["dev-slack-channel", "admin-slack-channel"] +"dba" = "alex@gmail.com" +``` + +In the `role_to_recipients` map, each key is the name of a Teleport role. Each +value configures the Slack channel (or channels) to notify. The value can be a +single string or an array of strings. Each string must be either the name of a +Slack channel (including a user's direct message channel) or the email address +of a Slack user. If the recipient is an email address, the Slack plugin will +use that email address to look up a direct message channel. + +The `role_to_recipients` map must also include an entry for `"*"`, which the +plugin looks up if no other entry matches a given role name. In the example +above, requests for roles aside from `dev` and `dba` will notify the +`admin-slack-channel` channel. + +
+ +Users can suggest reviewers when they create an Access Request, e.g.,: + +```code +$ tsh request create --roles=dbadmin --reviewers=alice@example.com,ivan@example.com +``` + +If an Access Request includes suggested reviewers, the Slack plugin will add +these to the list of channels to notify. If a suggested reviewer is an email +address, the plugin will look up the the direct message channel for that +address and post a message in that channel. + +
+ +Configure the Slack plugin to notify you when a user requests the `editor` role +by adding the following to your `role_to_recipients` config (replace +`TELEPORT_USERNAME` with the user you assigned the `editor-reviewer` role +earlier): + +```toml +[role_to_recipients] +"*" = "access-requests" +"editor" = "TELEPORT_USERNAME" +``` + +Either create an `access-requests` channel in your Slack workspace or rename the +value of the `"*"` key to an existing channel. + +### Invite your Slack app + +Once you have configured the channels that the Slack plugin will notify when it +receives an Access Request, you will need to ensure that the plugin can post in +those channels. + +You have already configured the plugin to send direct messages as Slackbot. For +any other channel you mention in your `role_to_recipients` map, you will need +to invite the plugin to that channel. Navigate to each channel and enter `/invite +@teleport` in the message box. + +## Step 7/8. Test your Slack app + +Once Teleport is running, you've created the Slack app, and the plugin is +configured, you can now run the plugin and test the workflow. + +Start the plugin: + +```code +$ teleport-slack start +``` + +If everything works fine, the log output should look like this: + +```code +$ teleport-slack start +INFO Starting Teleport Access Slack Plugin 7.2.1: slack/app.go:80 +INFO Plugin is ready slack/app.go:101 +``` + +Create an Access Request and check if the plugin works as expected with the +following steps. + +### Create an Access Request + +(!docs/pages/includes/plugins/create-request.mdx!) + +The user you configured earlier to review the request should receive a direct +message from "Teleport" in Slack allowing them to visit a link in the Teleport +Web UI and either approve or deny the request. + +### Resolve the request + +(!docs/pages/includes/plugins/resolve-request.mdx!) + +Once the request is resolved, the Slack bot will add an emoji reaction of ✅ or +❌ to the Slack message for the Access Request, depending on whether the request +was approved or denied. + + + +When the Slack plugin posts an Access Request notification to a channel, anyone +with access to the channel can view the notification and follow the link. While +users must be authorized via their Teleport roles to review Access Requests, you +should still check the Teleport audit log to ensure that the right users are +reviewing the right requests. + +When auditing Access Request reviews, check for events with the type `Access +Request Reviewed` in the Teleport Web UI and `access_request.review` if reviewing the audit log on the +Auth Service host. + + + +## Step 8/8. Set up systemd + +In production, we recommend starting the Teleport plugin daemon via an init +system like systemd. Here's the recommended Teleport plugin service unit file +for systemd: + +```ini +(!examples/systemd/plugins/teleport-slack.service!) +``` + +Save this as `teleport-slack.service` in either `/usr/lib/systemd/system/` or +another [unit file load +path](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Unit%20File%20Load%20Path) +supported by systemd. + +Enable and start the plugin: + +```code +$ sudo systemctl enable teleport-slack +$ sudo systemctl start teleport-slack +``` + + +## Next steps + +- Read our guides to configuring [Resource Access + Requests](../access-requests/resource-requests.mdx) and [Role Access + Requests](../access-requests/role-requests.mdx) so you can get the most out + of your Access Request plugins. +## Feedback + +If you have any issues with this plugin, please create a GitHub issue in our [`gravitational/teleport-plugins`](https://github.com/gravitational/teleport-plugins/issues/new) repo. diff --git a/docs/pages/access-controls/access-requests.mdx b/docs/pages/access-controls/access-requests.mdx new file mode 100644 index 0000000000000..08800eade2730 --- /dev/null +++ b/docs/pages/access-controls/access-requests.mdx @@ -0,0 +1,40 @@ +--- +title: Just-in-Time Access Requests +description: Teleport allows users to request new access capabilities from the CLI or UI. Requests can be escalated via ChatOps or anywhere else via our flexible Authorization Workflow API. +layout: tocless-doc +--- + +Teleport Just-in-Time Access Requests allow any user to request access to +a resource or role depending on need. The request can then be approved or +denied based on a configurable number of approvers. + +Just-in-Time Access Requests are a powerful way to implement the principle of +least privilege in your organization, leaving an attacker with no permanent +admins to target. Users receive elevated privileges for a limited period of +time. And aside from their reviewer privileges, users who review requests can +have limited access to cluster resources. + + + +Just-in-Time Access Requests are a feature of Teleport Enterprise. +Open-source Teleport users can get a preview of how Access Requests work by +requesting a role via the Teleport CLI. Full Access Request functionality, +including Resource Access Requests and an intuitive and searchable UI are +available in Teleport Enterprise. + + + +## Resource Access Requests + +With Resource Access Requests, engineers can easily get access to only the +individual resources they need, when they need it. + +[Get started with Resource Access Requests](./access-requests/resource-requests.mdx). + +## Role Access Requests + +Role Access Requests balance security and flexibility. Engineers can request +temporary credentials with elevated roles in order to perform critical +system-wide tasks. + +[Get started with Role Access Requests](./access-requests/role-requests.mdx). diff --git a/docs/pages/access-controls/access-requests/resource-requests.mdx b/docs/pages/access-controls/access-requests/resource-requests.mdx new file mode 100644 index 0000000000000..4895c3876c194 --- /dev/null +++ b/docs/pages/access-controls/access-requests/resource-requests.mdx @@ -0,0 +1,371 @@ +--- +title: Resource Access Requests +description: Teleport allows users to request access to specific resources from the CLI or UI. Requests can be escalated via ChatOps or anywhere else via our flexible Authorization Workflow API. +h1: Teleport Resource Access Requests +--- + + + Resource Access Requests are currently in Preview. + + +With Teleport Resource Access Requests, users can request access to specific +resources without needing to know anything about the roles or RBAC controls used +under the hood. +The Access Request API makes it easy to dynamically approve or deny these +requests. + + + +Just-in-time Access Requests are a feature of Teleport Enterprise. +Open-source Teleport users can get a preview of how Access Requests work by +requesting a role via the Teleport CLI. Full Access Request functionality, +including Resource Access Requests and an intuitive and searchable UI are +available in Teleport Enterprise. + + + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +(!docs/pages/includes/tctl.mdx!) + + +All `teleport` instances in the cluster must be running Teleport `v10.0.0` or +greater in order for Resource Access Requests to be properly enforced. +Older versions of `teleport` will only do RBAC checks based on roles and will +not respect resource restrictions. +It is not recommended to enable Resource Access Requests by setting any +`search_as_roles` until all `teleport` instances in your cluster have been +upgraded to version 10. + + +## Step 1/8. Create the requester role + +This role allows the requester to search for resources accessible by the +`access` role (all resources by default) and request access to them. + +```yaml +# requester.yaml +kind: role +version: v5 +metadata: + name: requester +spec: + allow: + request: + search_as_roles: + - access +``` + +```code +$ tctl create requester.yaml +``` + +## Step 2/8. Create the reviewer role + +This role allows the reviewer to approve all requests for the `access` role. + +```yaml +# reviewer.yaml +kind: role +version: v5 +metadata: + name: reviewer +spec: + allow: + review_requests: + roles: + - access +``` + +```code +$ tctl create reviewer.yaml +``` + +## Step 3/8. Grant the roles to users + +Grant the `requester` and `reviewer` roles to existing users, or create new +users to test this feature. +Make sure the requester has a valid `login` so that they can view and access SSH +nodes. + +```code +$ tctl users add alice --roles requester --logins alice +$ tctl users add bob --roles reviewer +``` + +For the rest of the guide we will assume that the `requester` role has been +granted to a user named `alice` and the `reviewer` role has been granted to a +user named `bob`. + +## Step 4/8. Search for resources + +First, log in as `alice`. + +```code +$ tsh login --proxy teleport.example.com --user alice +``` + +Notice that `tsh ls` returns an empty list, because `alice` does not have access to any resources by default. +```code +$ tsh ls +Node Name Address Labels +--------- ------- ------ +``` + +Then try searching for all available ssh nodes. + +```code +$ tsh request search --kind node +Name Hostname Labels Resource ID +------------------------------------ ----------- ------------ ------------------------------------------------------ +b1168402-9340-421a-a344-af66a6675738 iot test=test /teleport.example.com/node/b1168402-9340-421a-a344-af66a6675738 +bbb56211-7b54-4f9e-bee9-b68ea156be5f node test=test /teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f + +To request access to these resources, run +> tsh request create --resource /teleport.example.com/node/b1168402-9340-421a-a344-af66a6675738 --resource /teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f \ + --reason +``` + +You can search for resources of kind `node`, `kube_cluster`, `db`, `app`, and `windows_desktop`. +Advanced filters and queries are supported, see our +[filtering reference](../../reference/cli.mdx#resource-filtering). + +Try narrowing your search to a specific resource you want to access. + +```code +$ tsh request search --kind node --search iot +Name Hostname Labels Resource ID +------------------------------------ ----------- ------------ ------------------------------------------------------ +b1168402-9340-421a-a344-af66a6675738 iot test=test /teleport.example.com/node/b1168402-9340-421a-a344-af66a6675738 + +To request access to these resources, run +> tsh request create --resource /teleport.example.com/node/b1168402-9340-421a-a344-af66a6675738 \ + --reason +``` + +## Step 5/8. Request access to a resource + +Copy the command output by `tsh request search` in the previous step, optionally filling in a request reason. + +```code +$ tsh request create --resource /teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f \ + --reason "responding to incident 123" +Creating request... +Request ID: f406f5d8-3c2a-428f-8547-a1d091a4ddab +Username: alice +Roles: access +Resources: ["/teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f"] +Reason: "responding to incident 123" +Reviewers: [none] (suggested) +Status: PENDING + +hint: use 'tsh login --request-id=' to login with an approved request + +Waiting for request approval... + +``` + +The command will automatically wait until the request is approved. + +## Step 6/8. Approve the Access Request + +First, log in as `bob`. + +```code +$ tsh login --proxy teleport.example.com --user bob +``` + +Then list, review, and approve the Access Request. + +```code +$ tsh request ls +ID User Roles Resources Created At (UTC) Status +------------------------------------ ----- ------ --------------------------- ------------------- ------- +f406f5d8-3c2a-428f-8547-a1d091a4ddab alice access ["/teleport.example.... [+] 23 Jun 22 18:25 UTC PENDING + +[+] Requested resources truncated, use `tsh request show ` to view the full list + +hint: use 'tsh request show ' for additional details + use 'tsh login --request-id=' to login with an approved request +$ tsh request show f406f5d8-3c2a-428f-8547-a1d091a4ddab +Request ID: f406f5d8-3c2a-428f-8547-a1d091a4ddab +Username: alice +Roles: access +Resources: ["/teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f"] +Reason: "responding to incident 123" +Reviewers: [none] (suggested) +Status: PENDING + +hint: use 'tsh login --request-id=' to login with an approved request +$ tsh request review --approve f406f5d8-3c2a-428f-8547-a1d091a4ddab +Successfully submitted review. Request state: APPROVED +``` + + +Check out our +[Access Request Integrations](#integrating-with-an-external-tool) +to notify the right people about new Access Requests. + + +## Step 7/8. Access the requested resource + +`alice`'s `tsh request create` command should resolve now that the request has been approved. + +```code +$ tsh request create --resource /teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f \ + --reason "responding to incident 123" +Creating request... +Request ID: f406f5d8-3c2a-428f-8547-a1d091a4ddab +Username: alice +Roles: access +Resources: ["/teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f"] +Reason: "responding to incident 123" +Reviewers: [none] (suggested) +Status: PENDING + +hint: use 'tsh login --request-id=' to login with an approved request + +Waiting for request approval... + +Approval received, getting updated certificates... + +> Profile URL: https://teleport.example.com + Logged in as: alice + Active requests: f406f5d8-3c2a-428f-8547-a1d091a4ddab + Cluster: teleport.example.com + Roles: access, requester + Logins: alice + Kubernetes: disabled + Allowed Resources: ["/teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f"] + Valid until: 2022-06-23 22:46:22 -0700 PDT [valid for 11h16m0s] + Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty +``` + +`alice` can now view and access the node. + +```code +$ tsh ls +Node Name Address Labels +--------- --------- --------- +iot [::]:3022 test=test + +$ tsh ssh alice@iot +iot:~ alice$ +``` + +## Step 8/8. Resume regular access + +While logged in with a resource access request, users will be blocked from access to any other resources. +This is necessary because their certificate now contains an elevated role, +so it is restricted to only allow access to the resources they were specifically approved for. +Use the `tsh request drop` command to "drop" the request and resume regular access. + +```code +$ tsh request drop +``` + +## Next Steps + +### Automatically request access for SSH + +Once you have configured Resource Access Requests, +`tsh ssh` is able to automatically create a Resource Access Request for you when access is denied, +allowing you to skip the `tsh request search` and `tsh request create` steps. + +```code +$ tsh ssh alice@iot +ERROR: access denied to alice connecting to iot on cluster teleport.example.com + +You do not currently have access to alice@iot, attempting to request access. + +Enter request reason: please +Creating request... +Request ID: ab43fc70-e893-471b-872e-ae65eb24fd76 +Username: alice +Roles: access +Resources: ["/teleport.example.com/node/bbb56211-7b54-4f9e-bee9-b68ea156be5f"] +Reason: "please" +Reviewers: [none] (suggested) +Status: PENDING + +hint: use 'tsh login --request-id=' to login with an approved request + +Waiting for request approval... + +Approval received, reason="okay" +Getting updated certificates... + +iot:~ alice$ +``` + +### Restrict the resources a user can request access to + +Create a role which can only access SSH nodes labeled `env:staging`. + +```yaml +# staging-access.yaml +kind: role +version: v5 +metadata: + name: staging-access +spec: + allow: + node_labels: + env: staging + logins: + - "{{internal.logins}}" + options: + # Only allows the requester to use this role for 1 hour from time of request. + max_session_ttl: 1h +``` + +```code +$ tctl create staging-access.yaml +``` + +Update the `requester` and `reviewer` roles to reference `staging-access` +instead of the default `access` role. + +```yaml +# requester.yaml +kind: role +version: v5 +metadata: + name: requester +spec: + allow: + request: + search_as_roles: + - staging-access + # Requires 2 approvals for the request. + thresholds: + - approve: 2 + deny: 1 +``` + +```yaml +# reviewer.yaml +kind: role +version: v5 +metadata: + name: reviewer +spec: + allow: + review_requests: + roles: + - staging-access +``` + +```code +$ tctl create -f requester.yaml +$ tctl create -f reviewer.yaml +``` + +The `requester` will now only be able to search for or request access to +resources accessible by the `staging-access` role. + +### Integrating with an External Tool +(!docs/pages/includes/access-request-integrations.mdx!) + diff --git a/docs/pages/enterprise/workflow/index.mdx b/docs/pages/access-controls/access-requests/role-requests.mdx similarity index 81% rename from docs/pages/enterprise/workflow/index.mdx rename to docs/pages/access-controls/access-requests/role-requests.mdx index cbacd4dbfc456..14980cde7d6a4 100644 --- a/docs/pages/enterprise/workflow/index.mdx +++ b/docs/pages/access-controls/access-requests/role-requests.mdx @@ -1,39 +1,31 @@ --- -title: Access Requests for Infrastructure Access +title: Role Access Requests description: Teleport allows users to request new roles with elevated privileges from the CLI or UI. Requests can be escalated via ChatOps or anywhere else via our flexible Authorization Workflow API. -h1: Teleport Access Requests +h1: Teleport Role Access Requests --- With Teleport, users can request additional roles via a third-party communication service. The Access Request API makes it easy to dynamically approve or deny these requests. - + - This guide requires Teleport Cloud or Teleport Enterprise. +Just-in-time Access Requests are a feature of Teleport Enterprise. +Open-source Teleport users can get a preview of how Access Requests work by +requesting a role via the Teleport CLI. Full Access Request functionality, +including Resource Access Requests and an intuitive and searchable UI are +available in Teleport Enterprise. - View this guide as the user of another Teleport edition: + - - - - - - +## Prerequisites - +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) - +(!docs/pages/includes/tctl.mdx!) -- [Integrating Teleport with Slack](ssh-approval-slack.mdx) -- [Integrating Teleport with Mattermost](ssh-approval-mattermost.mdx) -- [Integrating Teleport with Jira Cloud](ssh-approval-jira-cloud.mdx) -- [Integrating Teleport with Jira Server](ssh-approval-jira-server.mdx) -- [Integrating Teleport with PagerDuty](ssh-approval-pagerduty.mdx) -## Access Requests Setup +## Role Access Requests Setup **Contractor Role** This role allows the contractor to request the role DBA. @@ -55,7 +47,7 @@ spec: ``` **DBA Role** -This role allows the contractor to request the role DBA. +This role can be requested by the contractor. ```yaml kind: role @@ -165,7 +157,7 @@ deny: When requesting a new role users can add provide a reason along with their request `tsh login --request-roles="db" --request-reason="Need access to db"`. -By requiring a reason along with an access request, you can provide users with a default +By requiring a reason along with an Access Request, you can provide users with a default unprivileged state where they must always go through the Access Requests API in order to gain meaningful privilege. @@ -196,7 +188,7 @@ spec: - claim: groups value: admins roles: ['*'] - # Teleport can attach annotations to pending access requests. these + # Teleport can attach annotations to pending Access Requests. these # annotations may be literals, or be variable interpolation expressions, # effectively creating a means for propagating selected claims from an # external identity provider to the plugin system. @@ -205,9 +197,9 @@ spec: groups: ['{{external.groups}}'] options: # the `request_access` field can be set to 'always' or 'reason' to tell - # tsh or the web UI to always create an access request on login. If it is + # tsh or the web UI to always create an Access Request on login. If it is # set to 'reason', the user will be required to indicate *why* they are - # generating the access request. + # generating the Access Request. request_access: reason # the `request_prompt` field can be used to tell the user what should # be supplied in the request reason field. @@ -260,7 +252,7 @@ Because automatically generated requests always include all roles that the user $ tctl request approve --roles=role-1,role-3 --reason='Approved, but not role-2 right now' 28a3fb86-0230-439d-ad88-11cfcb213193 ``` -### Other features of Access Requests +### Other features of Role Access Requests - Users can request multiple roles at one time. e.g `roles: ['dba','netsec','cluster-x']` - Approved requests have no effect on Teleport's behavior outside of allowing additional @@ -268,14 +260,7 @@ $ tctl request approve --roles=role-1,role-3 --reason='Approved, but not role-2 older versions of Teleport, since only the issuing Auth Server needs any particular knowledge of the feature. -## Integrating with an External Tool -| Integration | Feature | Type | Setup Instructions | -| - | - | - | - | -| Slack | | Chatbot | [Setup Slack](ssh-approval-slack.mdx) | -| Mattermost | | Chatbot | [Setup Mattermost](ssh-approval-mattermost.mdx) | -| Jira Server | | Project Board | [Setup Jira Server](ssh-approval-jira-server.mdx) | -| Jira Cloud | | Project Board | [Setup Jira Cloud](ssh-approval-jira-cloud.mdx) | -| PagerDuty | | Schedule | [Setup PagerDuty](ssh-approval-pagerduty.mdx) | +## Integrating with an External Tool +(!docs/pages/includes/access-request-integrations.mdx!) - \ No newline at end of file diff --git a/docs/pages/access-controls/compliance-frameworks.mdx b/docs/pages/access-controls/compliance-frameworks.mdx new file mode 100644 index 0000000000000..7bc35e8c84a49 --- /dev/null +++ b/docs/pages/access-controls/compliance-frameworks.mdx @@ -0,0 +1,14 @@ +--- +title: "Compliance Frameworks" +description: "How to use Teleport's access controls to streamline compliance without sacrificing productivity." +--- + +Teleport makes it easier for your organization to achieve compliance with +different frameworks, including SOC 2 and FedRAMP. You can fulfill the access +control requirements of your compliance framework by applying configuration +settings within Teleport. + +Follow our guides to see how to use Teleport to achieve compliance: + +- [FedRAMP](./compliance-frameworks/fedramp.mdx) +- [SOC 2](./compliance-frameworks/soc2.mdx) diff --git a/docs/pages/enterprise/fedramp.mdx b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx similarity index 72% rename from docs/pages/enterprise/fedramp.mdx rename to docs/pages/access-controls/compliance-frameworks/fedramp.mdx index c02395654ff3e..6173d1ec3df19 100644 --- a/docs/pages/enterprise/fedramp.mdx +++ b/docs/pages/access-controls/compliance-frameworks/fedramp.mdx @@ -4,48 +4,34 @@ description: How to configure SSH, Kubernetes, database, and web app access to b --- Teleport provides the foundation to meet FedRAMP requirements for the purposes of accessing infrastructure. This includes support for [FIPS 140-2](https://en.wikipedia.org/wiki/FIPS\_140-2), also known as the Federal Information Processing Standard, which is the US government approved standard for cryptographic modules. This document outlines a high -level overview of how Teleport FIPS mode works and how it can help your company to become FedRAMP certified. +level overview of how Teleport FIPS mode works and how it can help your company to become FedRAMP authorized. - - -This guide is intended for Teleport Enterprise users. - - - - - - - - - - - -### Obtain FedRAMP certification with Teleport +### Obtain FedRAMP authorization with Teleport Teleport includes new FedRAMP and FIPS 140-2 features to support companies that sell into government agencies. | Control | Teleport Features | | - | - | -| [AC-03 Access Enforcement]((=fedramp.control_url=)AC-3) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls/introduction.mdx) to:
• Control which SSH nodes a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which UNIX logins a user is allowed to use when logging into a server. | +| [AC-02 Account Management]((=fedramp.control_url=)AC-2) | Audit events are emitted in the Auth Service when a user is created, updated, deleted, locked, or unlocked. | +| [AC-03 Access Enforcement]((=fedramp.control_url=)AC-3) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../../access-controls/introduction.mdx) to:
• Control which SSH nodes a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which UNIX logins a user is allowed to use when logging into a server. | | [AC-10 Concurrent Session Control]((=fedramp.control_url=)AC-10) | Teleport administrators can define concurrent session limits using Teleport’s RBAC. | +| [AC-12 Session Termination]((=fedramp.control_url=)AC-12) | Admins can terminate active sessions with [session locking](../../access-controls/guides/locking.mdx). Teleport terminates sessions on expiry or inactivity.| | [AC-17 Remote Access]((=fedramp.control_url=)AC-17) | Teleport administrators create users with configurable roles that can be used to allow or deny access to system resources. | -| [AC-20 Use of External Information Systems]((=fedramp.control_url=)AC-20) | Teleport supports connecting multiple independent clusters using a feature called [Trusted Clusters](../setup/admin/trustedclusters.mdx). When allowing access from one cluster to another, roles are mapped according to a pre-defined relationship of the scope of access. | -| [AU-03 Audit and Accountability]((=fedramp.control_url=)AU-3) – Content of Audit Records and [AU-12 Audit Generation]((=fedramp.control_url=)AU-12) | Teleport contains an [Audit Log](../architecture/authentication.mdx#audit-log) that records cluster-wide events such as:
• Failed login attempts.
• Commands that were executed (SSH “exec” commands).
• Ports that were forwarded.
• File transfers that were initiated. | -| [AU-10 Non-Repudiation]((=fedramp.control_url=)AU-10) | Teleport audit logging supports both events as well as audit of an entire SSH session. For non-repudiation purposes a full session can be replayed back and viewed. | +| [AC-20 Use of External Information Systems]((=fedramp.control_url=)AC-20) | Teleport supports connecting multiple independent clusters using a feature called [Trusted Clusters](../../management/admin/trustedclusters.mdx). When allowing access from one cluster to another, roles are mapped according to a pre-defined relationship of the scope of access. | +| [AU-03 Audit and Accountability]((=fedramp.control_url=)AU-3) – Content of Audit Records and [AU-12 Audit Generation]((=fedramp.control_url=)AU-12) | Teleport contains an [Audit Log](../../reference/audit.mdx) that records cluster-wide events such as:
• Failed login attempts.
• Commands that were executed (SSH “exec” commands).
• Ports that were forwarded.
• File transfers that were initiated. | +| [AU-10 Non-Repudiation]((=fedramp.control_url=)AU-10) | Teleport audit logging supports both events as well as audit of an entire SSH session. For non-repudiation purposes, a full session can be replayed back and viewed. | | [CM-08 Information System Component Inventory]((=fedramp.control_url=)CM-8) | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | | [IA-03 Device Identification and Authentication]((=fedramp.control_url=)IA-3) | Teleport requires valid x509 or SSH certificates issued by a Teleport Certificate Authority (CA) to establish a network connection for device-to-device network connection between Teleport components. | | [SC-12 Cryptographic Key Establish and Management]((=fedramp.control_url=)SC-12) | Teleport initializes cryptographic keys that act as a Certificate Authority (CA) to further issue x509 and SSH certificates. SSH and x509 user certificates that are issued are signed by the CA and are (by default) short-lived. SSH host certificates are also signed by the CA and rotated automatically (a manual force rotation can also be performed).
Teleport Enterprise builds against a FIPS 140-2 compliant library (BoringCrypto) is available.
In addition, when Teleport Enterprise is in FedRAMP/FIPS 140-2 mode, Teleport will only start and use FIPS 140-2 compliant cryptography. | -| [AC-2 Account Management]((=fedramp.control_url=)AC-2) | Audit events are emitted in the auth server when a user is created, updated, deleted, locked or unlocked. | -| [AC-12 Session Termination]((=fedramp.control_url=)AC-12) | Admins can terminate active sessions with [session locking](../access-controls/guides/locking.mdx). Teleport terminates sessions on expiry or inactivity.| Enterprise customers can download the custom FIPS package from the [Dashboard](https://dashboard.gravitational.com/web/login). Look for `Linux 64-bit (FedRAMP/FIPS)`. RPM and DEB packages are also available. # Setup -Customers can follow our [Enterprise Getting Started Guide](./getting-started.mdx) for +Customers can follow our [Enterprise Getting Started Guide](../../deploy-a-cluster/teleport-enterprise/getting-started.mdx) for instructions on how to setup Teleport Enterprise. You'll need to start with the Teleport -Enterprise FIPS Binary. +Enterprise FIPS binary. After downloading the binary tarball, run: @@ -103,7 +89,8 @@ ssh_service: ### Teleport Node -Save the following configuration file as `/etc/teleport.yaml` on the node server. +Save the following configuration file as `/etc/teleport.yaml` on the Node +Service host: ```yaml teleport: @@ -141,22 +128,20 @@ binary was compiled against an approved cryptographic module (BoringCrypto) and fails to start if it was not. - For OSS and Enterprise binaries not compiled with BoringCrypto, this flag will report that this version of Teleport is not compiled with the appropriate cryptographic module. -- Running commands like `ps aux` can be useful to note that Teleport is running in FedRAMP enforcing mode. +- Running commands like `ps aux` can be useful to note that Teleport is running in FIPS mode. - If no ciphersuites are provided, Teleport will set the default ciphersuites to be FIPS 140-2 compliant. -- If ciphersuites, key exchange and MAC algorithms are provided in the Teleport configuration, Teleport will validate that they are FIPS 140-2 compliant.. +- If ciphersuites, key exchange, and MAC algorithms are provided in the Teleport configuration, Teleport will validate that they are FIPS 140-2 compliant. - Teleport will always enable at-rest encryption for both DynamoDB and S3. - If recording proxy mode is selected, validation of host certificates should always happen. ### FedRAMP Audit Log -At the close of a connection (close of a \*srv.ServerContext) the total data transmitted and received +At the close of a connection (close of a \*srv.ServerContext), the total data transmitted and received is emitted to the Audit Log. ## What else does the Teleport FIPS binary enforce? -- Supporting configurable TLS versions. This is to ensure that only TLS 1.2 is supported in FedRAMP mode. -- Removes all uses of non-compliant algorithms like NaCl and replace with compliant algorithms like AES-GCM. -- Teleport is compiled with [BoringCrypto](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3678) -- User, host and CA certificates (and host keys for recording proxy mode) should only use 2048-bit RSA private keys. - - \ No newline at end of file +- TLS protocol version is restricted to TLS 1.2. +- All uses of non-compliant algorithms such as NaCl are removed and replaced with compliant algorithms such as AES-GCM. +- Teleport is compiled with [BoringCrypto](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3678) +- User, host, and CA certificates (and host keys for recording proxy mode) only use 2048-bit RSA private keys. diff --git a/docs/pages/enterprise/soc2.mdx b/docs/pages/access-controls/compliance-frameworks/soc2.mdx similarity index 73% rename from docs/pages/enterprise/soc2.mdx rename to docs/pages/access-controls/compliance-frameworks/soc2.mdx index 1c23eebc2b2d3..e3ad0d1c86b78 100644 --- a/docs/pages/enterprise/soc2.mdx +++ b/docs/pages/access-controls/compliance-frameworks/soc2.mdx @@ -1,11 +1,11 @@ --- -title: SOC2 compliance for SSH, Kubernetes and Databases -description: How to configure SOC2-compliant access to SSH, Kubernetes, databases, desktops and web apps -h1: SOC2 Compliance for SSH, Kubernetes, Databases, Desktops and Web Apps +title: SOC 2 compliance for SSH, Kubernetes, and Databases +description: How to configure SOC 2-compliant access to SSH, Kubernetes, databases, desktops, and web apps +h1: SOC 2 Compliance for SSH, Kubernetes, Databases, Desktops, and Web Apps --- -Teleport is designed to meet SOC2 requirements for the purposes of accessing infrastructure, change management and system operations. This document outlines a high -level overview of how Teleport can be used to help your company to become SOC2 certified. +Teleport is designed to meet SOC 2 requirements for the purposes of accessing infrastructure, change management, and system operations. This document outlines a high +level overview of how Teleport can be used to help your company to become SOC 2 compliant. - - - - - - - +## Achieving SOC 2 Compliance with Teleport +SOC 2 or Service Organization Controls were developed by the American Institute of CPAs (AICPA). They are based on five trust services criteria: security, availability, processing integrity, confidentiality, and privacy. -## Achieving SOC2 Compliance with Teleport -SOC2 or Service Organization Controls were developed by the American Institute of CPAs (AICPA). They are based on five trust service areas: security, availability, processing integrity, confidentiality and privacy. - -## What Key SOC2 Controls does Teleport help achieve? +## What Key SOC 2 Controls does Teleport help achieve? Teleport helps with 4 of the 9 control areas. ### CC6 Control Activities @@ -41,19 +30,19 @@ Teleport issues temporary security credentials according to the user's role. ### CC7 System Operations Teleport helps audit and monitor access. - + - Audit events and session recordings are securely stored in a vault to prevent tampering. - Convert logins, executed commands, deployments and other events into structured audit logs. - Monitor, share and join interactive sessions in real-time from the CLI or browser. ### CC8 Change Management -Teleport helps users elevate their permissions during incidents, RBAC helps limit the need for approvals. The Teleport slack integration allows for managers to quickly approve temporary SSH access requests. +Teleport helps users elevate their permissions during incidents, RBAC helps limit the need for approvals. The Teleport slack integration allows for managers to quickly approve temporary SSH Access Requests. - Let engineers request elevated permissions on the fly without ever leaving the terminal - Approve or deny permission requests with ChatOps workflow via Slack or other supported platforms. - Extend and customize permission elevation workflow with a simple API and extendable plugin system. -## What Specific Criteria does Teleport Help Statisfy? +## What Specific Criteria does Teleport Help Satisfy? Below is a table of principles and common points of focus listed by [AICPA’s official “trust Service Criteria” Document](https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf) and how Teleport helps satisfy them. @@ -61,37 +50,35 @@ Each principle has many “Points of Focus” which will apply differently to di | Principle Criteria | Point of Focus | Teleport Features | | --- | --- | --- | -| CC6.1 - Restricts Logical Access | Logical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets. | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls/introduction.mdx) to:
  • Control which SSH nodes a user can or cannot access.
  • Control cluster level configuration (session recording, configuration, etc.)
  • Control which UNIX logins a user is allowed to use when logging into a server.
| | -| CC6.1 - Identifies and Authenticates Users | Persons, infrastructure, and software are identified and authenticated prior to accessing information assets, whether locally or remotely. | Provide role-based access controls (RBAC) using short-lived certificates and your existing identity management service. Connecting locally or remotely is just as easy. | -| CC6.1 - Considers Network Segmentation | Network segmentation permits unrelated portions of the entity's information system to be isolated from each other. | [Teleport enables beyond corp network segmentation](../setup/admin/trustedclusters.mdx) | [Connect to nodes behind Firewalls or create reverse tunnels to a proxy server](../faq.mdx#can-i-connect-to-nodes-behind-a-firewall) | | | | -| CC6.1 - Manages Points of Access | Points of access by outside entities and the types of data that flow through the points of access are identified, inventoried, and managed. The types of individuals and systems using each point of access are identified, documented, and managed. | [Label Nodes to inventory and create rules](../setup/admin/labels.mdx) | [Create Labels from AWS Tags](../setup/guides/ec2-tags.mdx) | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | | | -| CC6.1 - Restricts Access to Information Assets | Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access-control rules for information assets. | [Teleport uses Certificates to grant access and create access control rules](../architecture/overview.mdx#4-authenticate-node-certificate) | +| CC6.1 - Restricts Logical Access | Logical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets. | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../introduction.mdx) to:
  • Control which SSH nodes a user can or cannot access.
  • Control cluster level configuration (session recording, configuration, etc.)
  • Control which UNIX logins a user is allowed to use when logging into a server.
| +| CC6.1 - Identifies and Authenticates Users | Persons, infrastructure, and software are identified and authenticated prior to accessing information assets, whether locally or remotely. | Provide role-based access controls (RBAC) using short-lived certificates and your existing identity management service. Connecting locally or remotely is just as easy. | +| CC6.1 - Considers Network Segmentation | Network segmentation permits unrelated portions of the entity's information system to be isolated from each other. | [Teleport enables beyond corp network segmentation](../../management/admin/trustedclusters.mdx)

[Connect to nodes behind Firewalls or create reverse tunnels to a proxy server](../../faq.mdx#can-i-connect-to-nodes-behind-a-firewall) | +| CC6.1 - Manages Points of Access | Points of access by outside entities and the types of data that flow through the points of access are identified, inventoried, and managed. The types of individuals and systems using each point of access are identified, documented, and managed. | [Label Nodes to inventory and create rules](../../management/admin/labels.mdx)

[Create Labels from AWS Tags](../../management/guides/ec2-tags.mdx)

Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | +| CC6.1 - Restricts Access to Information Assets | Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access-control rules for information assets. | [Teleport uses Certificates to grant access and create access control rules](../../architecture/overview.mdx) | | CC6.1 - Manages Identification and Authentication | Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure, and software. | Teleport makes setting policies for SSH requirements easy since it works in the cloud and on premise with the same authentication security standards. | -| CC6.1 - Manages Credentials for Infrastructure and Software | New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use. | [Invite nodes to your cluster with short lived tokens](../setup/admin/adding-nodes.mdx) | +| CC6.1 - Manages Credentials for Infrastructure and Software | New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use. | [Invite nodes to your cluster with short lived tokens](../../management/admin/adding-nodes.mdx) | | CC6.1 - Uses Encryption to Protect Data | The entity uses encryption to supplement other measures used to protect data at rest, when such protections are deemed appropriate based on assessed risk. | Teleport Audit logs can use DynamoDB encryption at rest. | | CC6.1 - Protects Encryption Keys | Processes are in place to protect encryption keys during generation, storage, use, and destruction. | Teleport acts as a Certificate Authority to issue SSH and x509 user certificates that are signed by the CA and are (by default) short-lived. SSH host certificates are also signed by the CA and rotated automatically | -| CC6.2 - Controls Access Credentials to Protected Assets | Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian. | [Request Approval from the command line](../setup/reference/cli.mdx#tctl-request-approve) | [Build Approval Workflows with Access Requests](./workflow/index.mdx) | [Use Plugins to send approvals to tools like Slack or Jira](./workflow/index.mdx) | | | -| CC6.2 - Removes Access to Protected Assets When Appropriate | Processes are in place to remove credential access when an individual no longer requires such access. | [Teleport issues temporary credentials based on an employees role and are revoked upon job change, termination or end of a maintenance window](./workflow/index.mdx) | +| CC6.2 - Controls Access Credentials to Protected Assets | Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian. | [Request Approval from the command line](../../reference/cli.mdx#tctl-request-approve)

[Build Approval Workflows with Access Requests](../../access-controls/access-requests.mdx)

[Use Plugins to send approvals to tools like Slack or Jira](../../access-controls/access-requests.mdx) | +| CC6.2 - Removes Access to Protected Assets When Appropriate | Processes are in place to remove credential access when an individual no longer requires such access. | [Teleport issues temporary credentials based on an employees role and are revoked upon job change, termination or end of a maintenance window](../../access-controls/access-requests.mdx) | | CC6.2 - Reviews Appropriateness of Access Credentials | The appropriateness of access credentials is reviewed on a periodic basis for unnecessary and inappropriate individuals with credentials. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | -| CC6.3 - Creates or Modifies Access to Protected Information Assets | Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner. | [Build Approval Workflows with Access Requests](./workflow/index.mdx) to get authorization from asset owners. | -| CC6.3 - Removes Access to Protected Information Assets | Processes are in place to remove access to protected information assets when an individual no longer requires access. | Teleport uses temporary credentials and can be integrated with your version control system or even your HR system to [revoke access with the Access requests API](../api/introduction.mdx) | -| CC6.3 - Uses Role-Based Access Controls | Role-based access control is utilized to support segregation of incompatible functions. | [Role based access control ("RBAC") allows Teleport administrators to grant granular access permissions to users.](../access-controls/introduction.mdx) | +| CC6.3 - Creates or Modifies Access to Protected Information Assets | Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner. | [Build Approval Workflows with Access Requests](../../access-controls/access-requests.mdx) to get authorization from asset owners. | +| CC6.3 - Removes Access to Protected Information Assets | Processes are in place to remove access to protected information assets when an individual no longer requires access. | Teleport uses temporary credentials and can be integrated with your version control system or even your HR system to [revoke access with the Access requests API](../../api/introduction.mdx) | +| CC6.3 - Uses Role-Based Access Controls | Role-based access control is utilized to support segregation of incompatible functions. | [Role based access control ("RBAC") allows Teleport administrators to grant granular access permissions to users.](../../access-controls/introduction.mdx) | | CC6.3 - Reviews Access Roles and Rules | The appropriateness of access roles and access rules is reviewed on a periodic basis for unnecessary and inappropriate individuals with access and access rules are modified as appropriate. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. | -| CC6.6 - Restricts Access | The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. | Teleport makes it easy to restrict access to common ports like 21, 22 and instead have users [tunnel to the server](../faq.mdx#can-i-connect-to-nodes-behind-a-firewall) using Teleport. [Teleport uses the following default ports.](../setup/reference/networking.mdx#ports) | +| CC6.6 - Restricts Access | The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. | Teleport makes it easy to restrict access to common ports like 21, 22 and instead have users [tunnel to the server](../../faq.mdx#can-i-connect-to-nodes-behind-a-firewall) using Teleport. [Teleport uses the following default ports.](../../reference/networking.mdx#ports) | | CC6.6 - Protects Identification and Authentication Credentials | Identification and authentication credentials are protected during transmission outside system boundaries. | [Yes, Teleport protects credentials outside your network allowing for Zero Trust network architecture](https://goteleport.com/blog/applying-principles-of-zero-trust-to-ssh/) | -| CC6.6 - Requires Additional Authentication or Credentials | Additional authentication information or credentials are required when accessing the system from outside its boundaries. | [Yes, Teleport can manage MFA with TOTP, WebAuthn or U2F Standards or connect to your Identity Provider using SAML, OAUTH or OIDC](./sso.mdx) | -| CC6.6 - Implements Boundary Protection Systems | Boundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts. | [Trusted clusters](../setup/admin/trustedclusters.mdx) | -| CC6.7 - Uses Encryption Technologies or Secure Communication Channels to Protect Data | Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. | [Teleport has strong encryption including a FedRAMP compliant FIPS mode](./fedramp.mdx#starting-teleport-in-fips-mode) | -| CC7.2 - Implements Detection Policies, Procedures, and Tools | Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | [Teleport creates detailed SSH Audit Logs with Metadata](../setup/reference/audit.mdx) | [Use BPF Session Recording to catch malicious program execution](../server-access/guides/bpf-session-recording.mdx) | | | | -| CC7.2 - Designs Detection Measures | Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. | [Use Enhanced Session Recording to catch malicious program execution, capture TCP connections and log programs accessing files on the system the should not be accessing.](../server-access/guides/bpf-session-recording.mdx) | -| CC7.3 - Communicates and Reviews Detected Security Events | Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. | [Use Session recording to replay and review suspicious sessions](../architecture/nodes.mdx#session-recording). | -| CC7.3 - Develops and Implements Procedures to Analyze Security Incidents | Procedures are in place to analyze security incidents and determine system impact. | [Analyze detailed logs and replay recorded sessions to determine impact. See exactly what files were accessed during an incident.](../server-access/guides/bpf-session-recording.mdx) | -| CC7.4 - Contains Security Incidents | Procedures are in place to contain security incidents that actively threaten entity objectives. | [Use Teleport to quickly revoke access and contain an active incident](../access-controls/guides/locking.mdx) | [Use Shared Sessions so Multiple On-Call Engineers can collaborate and fight fires together.](../server-access/guides/tsh.mdx#sharing-sessions) | | | | -| CC7.4 - Ends Threats Posed by Security Incidents | Procedures are in place to mitigate the effects of ongoing security incidents. | [Use Teleport to quickly revoke access and contain an active incident](../access-controls/guides/locking.mdx) | -| CC7.4 - Obtains Understanding of Nature of Incident and Determines Containment Strategy | An understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach. | [Use Teleport’s Session Recording and Replay along with logs to understand what actions led to an incident.](../setup/reference/audit.mdx#recorded-sessions) | -| CC7.4 - Evaluates the Effectiveness of Incident Response | The design of incident-response activities is evaluated for effectiveness on a periodic basis. | [Use audit logs and session recordings to find pain points in your incident response plan and improve effectiveness](../server-access/guides/bpf-session-recording.mdx). | -| CC7.4 - Periodically Evaluates Incidents | Periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes. | [Use Session recording and audit logs to find patterns that lead to incidents.](../server-access/guides/bpf-session-recording.mdx) | -| CC7.5 - Determines Root Cause of the Event | The root cause of the event is determined. | [Use Session recording and audit logs to find root cause.](../server-access/guides/bpf-session-recording.mdx) | -| CC7.5 - Improves Response and Recovery Procedures | Lessons learned are analyzed and the incident-response plan and recovery procedures are improved. | [Replay Session recordings at your 'after action review' or postmortem meetings](../server-access/guides/bpf-session-recording.mdx) | - - \ No newline at end of file +| CC6.6 - Requires Additional Authentication or Credentials | Additional authentication information or credentials are required when accessing the system from outside its boundaries. | [Yes, Teleport can manage MFA with TOTP, WebAuthn or U2F Standards or connect to your Identity Provider using SAML, OAUTH or OIDC](../../access-controls/sso.mdx) | +| CC6.6 - Implements Boundary Protection Systems | Boundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts. | [Trusted clusters](../../management/admin/trustedclusters.mdx) | +| CC6.7 - Uses Encryption Technologies or Secure Communication Channels to Protect Data | Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. | [Teleport has strong encryption including a FedRAMP compliant FIPS mode](./fedramp.mdx#starting-teleport-in-fips-mode) | +| CC7.2 - Implements Detection Policies, Procedures, and Tools | Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | [Teleport creates detailed SSH Audit Logs with Metadata](../../reference/audit.mdx)

[Use BPF Session Recording to catch malicious program execution](../../server-access/guides/bpf-session-recording.mdx) | +| CC7.2 - Designs Detection Measures | Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. | [Use Enhanced Session Recording to catch malicious program execution, capture TCP connections and log programs accessing files on the system the should not be accessing.](../../server-access/guides/bpf-session-recording.mdx) | +| CC7.3 - Communicates and Reviews Detected Security Events | Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. | [Use Session recording to replay and review suspicious sessions](../../architecture/nodes.mdx#ssh-session-recording). | +| CC7.3 - Develops and Implements Procedures to Analyze Security Incidents | Procedures are in place to analyze security incidents and determine system impact. | [Analyze detailed logs and replay recorded sessions to determine impact. See exactly what files were accessed during an incident.](../../server-access/guides/bpf-session-recording.mdx) | +| CC7.4 - Contains Security Incidents | Procedures are in place to contain security incidents that actively threaten entity objectives. | [Use Teleport to quickly revoke access and contain an active incident](../../access-controls/guides/locking.mdx)

[Use Shared Sessions so Multiple On-Call Engineers can collaborate and fight fires together.](../../connect-your-client/tsh.mdx#sharing-sessions) | +| CC7.4 - Ends Threats Posed by Security Incidents | Procedures are in place to mitigate the effects of ongoing security incidents. | [Use Teleport to quickly revoke access and contain an active incident](../../access-controls/guides/locking.mdx) | +| CC7.4 - Obtains Understanding of Nature of Incident and Determines Containment Strategy | An understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach. | [Use Teleport’s Session Recording and Replay along with logs to understand what actions led to an incident.](../../reference/audit.mdx#recorded-sessions) | +| CC7.4 - Evaluates the Effectiveness of Incident Response | The design of incident-response activities is evaluated for effectiveness on a periodic basis. | [Use audit logs and session recordings to find pain points in your incident response plan and improve effectiveness](../../server-access/guides/bpf-session-recording.mdx). | +| CC7.4 - Periodically Evaluates Incidents | Periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes. | [Use Session recording and audit logs to find patterns that lead to incidents.](../../server-access/guides/bpf-session-recording.mdx) | +| CC7.5 - Determines Root Cause of the Event | The root cause of the event is determined. | [Use Session recording and audit logs to find root cause.](../../server-access/guides/bpf-session-recording.mdx) | +| CC7.5 - Improves Response and Recovery Procedures | Lessons learned are analyzed and the incident-response plan and recovery procedures are improved. | [Replay Session recordings at your 'after action review' or postmortem meetings](../../server-access/guides/bpf-session-recording.mdx) | diff --git a/docs/pages/access-controls/faq.mdx b/docs/pages/access-controls/faq.mdx index 04f0e978e5ca2..dc288390b7991 100644 --- a/docs/pages/access-controls/faq.mdx +++ b/docs/pages/access-controls/faq.mdx @@ -11,4 +11,4 @@ description: Frequently asked questions about Teleport RBAC **Q:** Can I use node-level RBAC with OpenSSH servers? -**A:** No. OpenSSH servers running `sshd` can't label themselves. This is a factor in deciding to run the Teleport Node service instead. +**A:** No. OpenSSH servers running `sshd` can't label themselves. This is a factor in deciding to run the Teleport Node Service instead. diff --git a/docs/pages/access-controls/getting-started.mdx b/docs/pages/access-controls/getting-started.mdx index 971bcbacb9590..3dfa9e5fd2602 100644 --- a/docs/pages/access-controls/getting-started.mdx +++ b/docs/pages/access-controls/getting-started.mdx @@ -3,7 +3,7 @@ title: Getting Started With Access Controls description: Get started using Teleport Access Controls. --- -In Teleport, any local, SSO, or robot user can assigned one or several roles. +In Teleport, any local, SSO, or robot user can be assigned one or several roles. Roles govern access to databases, SSH servers, Kubernetes clusters, Windows desktops, and web apps. @@ -104,7 +104,7 @@ users within your SSO solution to Teleport roles. - Follow our [SAML Okta Guide](../enterprise/sso/okta.mdx#configure-okta) to + Follow our [SAML Okta Guide](./sso/okta.mdx#configure-okta) to create a SAML application. Save the file below as `okta.yaml` and update the `acs` field. @@ -123,17 +123,17 @@ users within your SSO solution to Teleport roles. - Follow our [OIDC guides](../enterprise/sso/oidc.mdx#identity-providers) to + Follow our [OIDC guides](./sso/oidc.mdx#identity-providers) to create an OIDC application. Copy the YAML below to a file called `oidc.yaml` and edit the information to @@ -173,7 +173,7 @@ spec: logins: ['readonly'] # Assigns users with this role to the built-in Kubernetes group "view" kubernetes_groups: ["view"] - # Allow access to SSH nodes, Kubernetes clusters, apps or databases + # Allow access to SSH nodes, Kubernetes clusters, apps or databases # labeled with "staging" or "test" node_labels: 'env': ['staging', 'test'] diff --git a/docs/pages/access-controls/guides.mdx b/docs/pages/access-controls/guides.mdx index 1c9bf2a0b1263..2636eeaa05784 100644 --- a/docs/pages/access-controls/guides.mdx +++ b/docs/pages/access-controls/guides.mdx @@ -1,33 +1,20 @@ --- -title: Access Controls Guides -description: Detailed guides for configuring Teleport Access Controls. +title: Cluster Access and RBAC +description: How to configure access to specific resources in your infrastructure or your Teleport cluster as a whole. layout: tocless-doc --- -
    - -
  • - [Dual Authorization](./guides/dual-authz.mdx). Protect access to critical resources with dual authorization. -
    • -     -
  • - [Role Templates](./guides/role-templates.mdx). Setup dynamic access policies with Role Templates. -
    • -
  • - [Impersonating Teleport Users](./guides/impersonation.mdx). Create certs for CI/CD using impersonation. -
    • -
  • - [Second Factor - WebAuthn](./guides/webauthn.mdx). Add Two-Factor Authentication through WebAuthn. -
    • -
  • - [Per-session MFA](./guides/per-session-mfa.mdx). Per-session Multi-Factor Authentication. -
    • -
  • - [Locking](./guides/locking.mdx). Lock access to active user sessions or hosts. -
    • - -
  • - [Moderated Sessions](./guides/moderated-sessions.mdx). Require session auditors and allow fine-grained live session access. -
    • -     -
+Teleport gives you fine-grained control over who can access resources in your +infrastructure as well as how they can access those resources. Once you have +deployed a Teleport cluster, configure access controls to achieve the right +security policies for your organization. + +- [Dual Authorization](./guides/dual-authz.mdx): Protect access to critical resources with dual authorization. +- [Role Templates](./guides/role-templates.mdx): Set up dynamic access policies with role templates. +- [Impersonating Teleport Users](./guides/impersonation.mdx): Create certificates for other users with impersonation. +- [Passwordless](./guides/passwordless.mdx): Use passwordless authentication (Preview). +- [WebAuthn](./guides/webauthn.mdx): Add two-factor authentication through WebAuthn. +- [Per-Session MFA](./guides/per-session-mfa.mdx): Per-session multi-mactor authentication. +- [Locking](./guides/locking.mdx): Lock access to active user sessions or hosts. +- [Moderated Sessions](./guides/moderated-sessions.mdx): Require session auditors and allow fine-grained live session access. + diff --git a/docs/pages/access-controls/guides/dual-authz.mdx b/docs/pages/access-controls/guides/dual-authz.mdx index 283bab9c03a1d..dd9ee726cc4e2 100644 --- a/docs/pages/access-controls/guides/dual-authz.mdx +++ b/docs/pages/access-controls/guides/dual-authz.mdx @@ -10,37 +10,26 @@ Here are the most common scenarios: - Improve the security of your system and prevent one successful phishing attack from compromising your system. - Satisfy FedRAMP AC-3 Dual authorization control that requires approval of two authorized individuals. -In this guide, we will set up Teleport's access requests to require the approval +In this guide, we will set up Teleport's Just-in-Time Access Requests to require the approval of two team members for a privileged role `dbadmin`. This guide requires a commercial edition of Teleport. The open source - edition of Teleport only supports [GitHub](../../setup/admin/github-sso.mdx) as + edition of Teleport only supports [GitHub](../../access-controls/sso/github-sso.mdx) as an SSO provider. - View this guide as a user of another Teleport edition: - - - - - - - - - - - The steps below describe how to use Teleport with Mattermost. You can also [integrate with many other providers](../../enterprise/workflow/index.mdx). + The steps below describe how to use Teleport with Mattermost. You can also [integrate with many other providers](../access-requests.mdx). ## Prerequisites - Mattermost installed. -(!/docs/pages/includes/commercial-prereqs-tabs.mdx!) +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) @@ -226,7 +215,7 @@ Alice and Ivan can review and approve request using Web UI or CLI: If Bob has created a request using CLI, he will assume it once it has been approved. -Bob can also assume granted access request roles using Web UI: +Bob can also assume granted Access Request roles using Web UI: ![Teleport Assume](../../../img/access-controls/dual-authz/teleport-7-bob-assume.png) @@ -257,5 +246,3 @@ auth_service: ``` - - \ No newline at end of file diff --git a/docs/pages/access-controls/guides/impersonation.mdx b/docs/pages/access-controls/guides/impersonation.mdx index 297156fce4f2e..2489761616817 100644 --- a/docs/pages/access-controls/guides/impersonation.mdx +++ b/docs/pages/access-controls/guides/impersonation.mdx @@ -341,5 +341,5 @@ Here is an explanation of the fields used in the `where` conditions within this | `impersonate_role.metadata.labels[" - All connections initated with per-session MFA matching the device ID will be locked. + All connections initiated with per-session MFA matching the device ID will be locked. ```code $ tctl lock --mfa-device=d6c06a18-e147-4232-9dfe-6f83a28d5850 --message="All contractor access is disabled for 10h." --ttl=10h # Created a lock with name "d6c06a18-e147-4232-9dfe-6f83a28d5850". @@ -81,7 +81,7 @@ with one of the following options: ``` - All connections using elevated privileges from the matching access request will be locked. + All connections using elevated privileges from the matching Access Request will be locked. ```code $ tctl lock --access-request=261e80c5-357b-4c43-9b67-40a6bc4c6e4d --ttl=24h # Created a lock with name "dc7cee9d-fe5e-4534-a90d-db770f0234a1". @@ -162,7 +162,7 @@ spec: ``` The `kind: lock` resources can also be created and updated using `tctl create` -as per usual. See the [Admin Guide](../../setup/reference/resources.mdx) for more +as per usual. See the [Admin Guide](../../reference/resources.mdx) for more details. @@ -185,7 +185,7 @@ Deleting a lock will allow new sessions or host connections. ## Next steps: Locking modes -If a Teleport node or Proxy Service cannot properly synchronize its local lock +If a Teleport Node or Proxy Service cannot properly synchronize its local lock view with the backend, there is a decision to be made about whether to rely on the last known locks. This decision strategy is encoded as one of the two modes: - `strict` mode causes all interactions to be terminated when the locks are not diff --git a/docs/pages/access-controls/guides/moderated-sessions.mdx b/docs/pages/access-controls/guides/moderated-sessions.mdx index c1f2ed01859f7..bf5acda067606 100644 --- a/docs/pages/access-controls/guides/moderated-sessions.mdx +++ b/docs/pages/access-controls/guides/moderated-sessions.mdx @@ -12,23 +12,15 @@ other users to be present in a Server or Kubernetes Access session. Depending on the requirements, these users can observe the session in real time, participate in the session, and terminate the session at will. +In addition, Teleport administrators can [define rules](#join_sessions) that allow users to join each other's +sessions from `tsh` and the Web UI. + Moderated Sessions requires Teleport Enterprise or Teleport Cloud. - View this guide as a user of another Teleport edition: - - - - - - - - - - ### Use cases Moderated Sessions are useful in the following scenarios: @@ -67,6 +59,12 @@ The following are required options for `require_session_join`: |`modes`|`[]`[Participant mode](#participant-modes)|The participant mode that applies to the user joining the Moderated Session under this policy| |`count`|Integer|The number of users that need to match the filter expression to satisfy the policy| +The following fields are optional for `require_session_join`: + +|Option|Type|Description| +|---|---|---| +|`on_leave`|[On leave](#on-leave)|The action to take when the policy is no longer satisfied| + #### Example The policy below specifies that the `prod-access` role must have a minimum of @@ -189,14 +187,31 @@ filter expression in order to satisfy the policy. The `count` field of a require policy is a positive integer value that specifies the minimum amount of users this policy requires. +### On leave + +The `on_leave` string option in require policies is used to define what happens when a moderator leaves a session, causing a policy to no longer be satisfied. + +There are two possible actions to take in this scenario: +1. Terminate the session and disconnect all participants, corresponding to the `"terminate"` value. +2. Pause the session and stop any input/output streaming until the policy is satisfied again, corresponding to the `"pause"` value. + +By default, Teleport treats an empty string in this field as the same as `terminate`. +That is, the session is terminated instantly and all participants are disconnected. + +If all require policies attached to the session owner are set to `"pause"`, the session will instead pause +but the session will remain open. This discards all input from session participants and buffers the most recent output until the session can resume. + ## Backwards compatibility with Server Access +Moderated Session RBAC controls were added to the role specification in version 5 +(`version: v5` in the YAML definition). Previously, Server Access did not include controls over which users can join a -session. To work around this, RBAC rules are ignored for users that only have -V4 roles (`version: v4` in the role specification). New roles are created as -V5. V4 roles are upgraded when they are modified in the UI. If a user has any -attached V5 roles (`version: v5` in the role specification), the new RBAC access -checks will be enforced. +session. +To avoid breaking functionality for users with only roles on v4 or older, RBAC +access checks will only be enforced if the user has at least one v5 role. + +New roles will be created as v5 by default, and older roles can by updated with +`tctl` or from the Web UI by modifying the `version` field. ## MFA-based presence @@ -207,7 +222,7 @@ wishing to join have a configured U2F or WebAuthn MFA token. Every 30 seconds, Teleport will issue a prompt to the user in the terminal, asking them to press their MFA token in the next 15 seconds. This will happen -continously during the session and exists so that moderators are always present +continuously during the session and exists so that moderators are always present and watching a given session. If no MFA input is received within 60 seconds, the user is kicked from the @@ -227,4 +242,3 @@ example be used to enable notifications over some external communication system. - [Moderated Sessions](https://github.com/gravitational/teleport/blob/master/rfd/0043-kubeaccess-multiparty.md) - \ No newline at end of file diff --git a/docs/pages/access-controls/guides/passwordless.mdx b/docs/pages/access-controls/guides/passwordless.mdx new file mode 100644 index 0000000000000..c94320d8b77ed --- /dev/null +++ b/docs/pages/access-controls/guides/passwordless.mdx @@ -0,0 +1,293 @@ +--- +title: "Passwordless (Preview)" +description: Learn how to use passwordless authentication with Teleport. +videoBanner: GA37qqB6Lmk +--- + + + Passwordless is currently in Preview. + + +Passwordless takes advantage of WebAuthn to provide passwordless and +usernameless authentication for Teleport. + +## Prerequisites + +- A Teleport cluster with WebAuthn configured. + See the [Second Factor: WebAuthn](./webauthn.mdx) guide. +- A hardware device with support for WebAuthn and resident keys. + As an alternative, you can use a Mac with biometrics / Touch ID. +- A web browser with WebAuthn support. To see if your browser supports + WebAuthn, check the [WebAuthn Compatibility]( + https://developers.yubico.com/WebAuthn/WebAuthn_Browser_Support/) page. +- A signed and notarized `tsh` for Touch ID. + [Download the macOS tsh installer](../../installation.mdx#macos). + +A Teleport cluster capable of WebAuthn is automatically capable of passwordless. + +## Step 1/2. Register + +Register your passwordless device using `tsh`: + +```code +$ tsh mfa add +# Choose device type [TOTP, WEBAUTHN, TOUCHID]: WEBAUTHN +# Enter device name: bio +# Allow passwordless logins [YES, NO]: YES +# Tap any *registered* security key +# Tap your *new* security key +# MFA device "bio" added. +``` + +You may pick either `WEBAUTHN` or `TOUCHID` as the device type. Make sure to +answer `YES` to "Allow passwordless logins". + +If you are using a hardware device, a passwordless registration will occupy a +resident key slot. Resident keys, also called discoverable credentials, are +stored in persistent memory in the authenticator (i.e., the device that is used +to authenticate). In contrast, MFA keys are encrypted by the authenticator and +stored in the Teleport Auth Server. Regardless of your device type, passwordless +registrations may also be used for regular MFA. + + +If you plan on relying exclusively on passwordless, it's recommended to register +more than one device. A portable hardware device is ideal, as it can be shared +between `tsh`, the Teleport Web UI, and different computers. + + +
+ Touch ID registrations are isolated by application. A Touch ID registration + for `tsh` is different from a registration made from Chrome or Safari. You may + register the same Touch ID device from multiple applications to get + passwordless access in all of them. +
+ +## Step 2/2. Authenticate + +Authenticate using your passwordless credential: + +```code +$ tsh login --proxy=example.com --auth=passwordless +# Tap your security key +# > Profile URL: https://example.com +# Logged in as: codingllama +# Cluster: example.com +# Roles: access, editor +# Logins: codingllama +# Kubernetes: enabled +# Valid until: 2021-10-04 23:32:29 -0700 PDT [valid for 12h0m0s] +# Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty +``` + +A fully passwordless cluster defaults to passwordless logins, making +`--auth=passwordless` unnecessary. See the next section to learn how to enable +passwordless by default. + + +You can also execute passwordless logins in the Teleport Web UI. To do so, look +for the passwordless link in the Web UI. + + +## Optional: Enable passwordless by default + +Passwordless enthusiasts may enable passwordless by default in their clusters. +Note that this configuration changes Teleport's behavior even for users without +a passwordless device registered, so existing users may need to authenticate +using `tsh login --proxy=example.com --auth=local` in order to get their first +passwordless registration. + +To enable passwordless by default, add `connector_name: passwordless` to your +cluster configuration: + + + + + Auth Server `teleport.yaml` file: + + ```yaml + auth_service: + authentication: + type: local + second_factor: on + webauthn: + rp_id: example.com + connector_name: passwordless # passwordless by default + ``` + + + Create a `cap.yaml` file or get the existing configuration using + `tctl get cluster_auth_preference`: + + ```yaml + kind: cluster_auth_preference + version: v2 + metadata: + name: cluster-auth-preference + spec: + type: local + second_factor: "on" + webauthn: + rp_id: example.com + connector_name: passwordless # passwordless by default + ``` + + Update the configuration: + + ```code + $ tctl create -f cap.yaml + # cluster auth preference has been updated + ``` + + + + + +Create a `cap.yaml` file or get the existing configuration using +`tctl get cluster_auth_preference`: + +```yaml +kind: cluster_auth_preference +version: v2 +metadata: + name: cluster-auth-preference +spec: + type: local + second_factor: "on" + webauthn: + rp_id: example.com + connector_name: passwordless # passwordless by default +``` + +Update the configuration: + +```code +$ tctl create -f cap.yaml +# cluster auth preference has been updated +``` + + +## Troubleshooting + +### "Allow passwordless logins" doesn't appear + +If you don't see the "Allow passwordless logins" prompt during `tsh mfa add`, +you may be using an older version of `tsh`. Download the latest `tsh` from our +[installation page](../../installation.mdx). + +### Hardware device not usable + +`tsh` only prompts for hardware devices with certain capabilities for +passwordless registrations. If your device isn't blinking it may not be capable +of passwordless logins. + +Below is a non-comprehensive list of requirements: + +- Device must support WebAuthn (sometimes also called FIDO2 or CTAP2). +- Device must be capable of user verification (biometrics or PIN). +- Device must have a PIN set. +- Device must have fingerprints enrolled (if biometric). This typically means + both a PIN *and* fingerprints. + +`tsh` relies in an embedded libfido2 to access hardware devices. If you are +running on Linux, you may be missing the necessary udev rules to access your +device. Try following the [installation instructions for libfido2]( +https://github.com/Yubico/libfido2#installation), which may provide you the +necessary udev rules. + +### Touch ID not usable + +If you are having trouble with Touch ID, make sure that you are using the latest +standalone version of `tsh`. [Download the macOS tsh installer]( +../../installation.mdx#macos). + +Touch ID support requires Macs with the Touch Bar and Secure Enclave. It also +requires macOS >= 10.13 (macOS High Sierra). + +You can run the `tsh touchid diag` command to verify requirements. A capable +device and `tsh` binary should show an output similar to the one below: + +```code +$ tsh touchid diag +# Has compile support? true +# Has signature? true +# Has entitlements? true +# Passed LAPolicy test? true +# Passed Secure Enclave test? true +# Touch ID enabled? true +``` + +### Disable passwordless + +If you want to forbid passwordless access to your cluster, add `passwordless: +false` to your configuration: + + + + + Auth Server `teleport.yaml` file: + + ```yaml + # snippet from /etc/teleport.yaml: + auth_service: + authentication: + type: local + second_factor: on + webauthn: + rp_id: example.com + passwordless: false # disable passwordless + ``` + + + Create a `cap.yaml` file or get the existing configuration using + `tctl get cluster_auth_preference`: + + ```yaml + kind: cluster_auth_preference + version: v2 + metadata: + name: cluster-auth-preference + spec: + type: local + second_factor: "on" + webauthn: + rp_id: example.com + passwordless: false # disable passwordless + ``` + + Update the configuration: + + ```code + $ tctl create -f cap.yaml + # cluster auth preference has been updated + ``` + + + + + +Create a `cap.yaml` file or get the existing configuration using +`tctl get cluster_auth_preference`: + +```yaml +kind: cluster_auth_preference +version: v2 +metadata: + name: cluster-auth-preference +spec: + type: local + second_factor: "on" + webauthn: + rp_id: example.com + passwordless: false # disable passwordless +``` + +Update the configuration: + +```code +$ tctl create -f cap.yaml +# cluster auth preference has been updated +``` + diff --git a/docs/pages/access-controls/guides/per-session-mfa.mdx b/docs/pages/access-controls/guides/per-session-mfa.mdx index 5594c7be08d3b..0ce4fe566fc5e 100644 --- a/docs/pages/access-controls/guides/per-session-mfa.mdx +++ b/docs/pages/access-controls/guides/per-session-mfa.mdx @@ -17,7 +17,7 @@ their on-disk Teleport certificates. In addition to per-session MFA, enable login MFA in your SSO provider and/or for all [local Teleport - users](../../setup/reference/authentication.mdx#local-no-authentication-connector) + users](../../reference/authentication.mdx#local-no-authentication-connector) to improve security. @@ -246,6 +246,11 @@ $ tsh ssh prod3.example.com # jerry@prod3.example.com > ``` + +If you are using `tsh` in a constrained environment, you can tell it to use +OTP by doing `tsh --mfa-mode=otp ssh prod3.example.com`. + + If per-session MFA was enabled cluster-wide, Jerry would be prompted for MFA even when logging into `dev1.example.com`. @@ -283,11 +288,10 @@ Current limitations for this feature are: - WebAuthn hardware devices aren't currently supported in `tsh` on Windows. - Only `tsh ssh` supports per-session MFA authentication for SSH (OpenSSH `ssh` does not). -- Only `kubectl` supports per-session U2F authentication for Kubernetes. +- Only `kubectl` supports per-session WebAuthn authentication for Kubernetes. - Application access clients don't support per-session MFA authentication yet, although cluster and role configuration applies to them. If you enable per-session MFA checks cluster-wide, you will not be able to use Application access. We're working on integrating per-session MFA checks for these clients. -- For Desktop Access, only WebAuthn devices are supported. Teleport does not - support U2F devices for Desktop Access MFA. +- For Desktop Access, only WebAuthn devices are supported. diff --git a/docs/pages/access-controls/guides/role-templates.mdx b/docs/pages/access-controls/guides/role-templates.mdx index 16abd9e92ec8b..788a3b2116396 100644 --- a/docs/pages/access-controls/guides/role-templates.mdx +++ b/docs/pages/access-controls/guides/role-templates.mdx @@ -131,7 +131,7 @@ spec: Update both users' entries with the `tctl create -f` command: ```code -$ tctl create -f traits.yaml +$ tctl create -f traits.yaml # user "alice" has been updated ``` @@ -367,14 +367,14 @@ Available interpolation functions include: Function | Description --- | --- -`email.local(variable)` | Extracts the local part of an email field, like `Alice ` or `bob@example.com`. -`regexp.replace(variable, expression, replacement)` | Finds all matches of `expression` and replaces them with `replacement`. This supports expansion, e.g. `regexp.replace(external.email, "^(.*)@example.com$", "$1")`. Values which do not match the expression will be filtered out. +`email.local(variable)` | Extracts the local part of an email address. `email.local(alice@example.com)` evaluates to `alice`. +`regexp.replace(variable, expression, replacement)` | Finds all matches of `expression` and replaces them with `replacement`. This supports expansion, e.g. `regexp.replace(external.email, "^(.*)@example.com$", "$1")`. Values which do not match the expression will be filtered out. `$N` is used to refer to the Nth captured group, starting at `$1`. ## Templating in Access Requests -Access and Reviewer Request specifications do not use the same interpolation -system as logins, labels etc. Instead, you can use the `claims_to_roles` clause -in the `request` and `review` rules to specify one or more patterns to match. +Access and Reviewer Request specifications do not use the same interpolation +system as logins, labels etc. Instead, you can use the `claims_to_roles` clause +in the `request` and `review` rules to specify one or more patterns to match. For example, given the following rule template: @@ -386,12 +386,12 @@ metadata: spec: allow: request: - # `roles` is a static list of roles a user with the `product-admin` role may + # `roles` is a static list of roles a user with the `product-admin` role may # request temporary access to - roles: [access] + roles: [access] claims_to_roles: - - claim: 'projects' + - claim: 'projects' value: '^product-(.*)$' # matches all group names with a leading 'product-' roles: ['$1-admin'] # generates a role name from the value capture ``` @@ -410,7 +410,7 @@ spec: projects: ['internal-tooling', 'product-alpha', 'product-beta'] ``` -In this case, Alice would be allowed to request access to the RBAC roles `access` (from the static +In this case, Alice would be allowed to request access to the RBAC roles `access` (from the static role list) and `alpha-admin` and `beta-admin` (from the `claims_to_roles` mapping). The same syntax applies for Review Requests. diff --git a/docs/pages/access-controls/guides/u2f.mdx b/docs/pages/access-controls/guides/u2f.mdx deleted file mode 100644 index 0dd3515630510..0000000000000 --- a/docs/pages/access-controls/guides/u2f.mdx +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: Second Factor - U2F -description: Configuring U2F support in Teleport clusters. ---- - -# U2F (Hardware Tokens) - - - Consider updating your cluster to use [WebAuthn](./webauthn.mdx) as the second - factor protocol. WebAuthn is a modern U2F replacement that allows for a wider - range of devices to be used as second factor authenticators. - - -Teleport supports [FIDO U2F](https://www.yubico.com/about/background/fido/) -hardware keys as a second authentication factor. U2F can be used for logging -into Teleport (`tsh login` or the login page on the Web UI) and for logging -into individual SSH nodes or Kubernetes clusters (`tsh ssh` and `kubectl`). - -## Prerequisites - -(!docs/pages/includes/edition-prereqs-tabs.mdx!) - -- U2F hardware device, such as Yubikey or Solokey -- Web browser that [supports U2F](https://caniuse.com/u2f) - -(!docs/pages/includes/tctl.mdx!) - -## Enable U2F support - -By default U2F is disabled. To enable U2F support, edit the Teleport -configuration file `/etc/teleport.yaml` like so: - -```yaml -# snippet from /etc/teleport.yaml to show an example configuration of U2F: -auth_service: - authentication: - type: local - # to enable U2F support, set this field to 'u2f', 'on' or 'optional' - second_factor: u2f - u2f: - app_id: https://example.com - facets: - - "https://example.com" # app_id should always also be listed as a facet - - "https://example.com:443" - device_attestation_cas: - - "/path/to/u2f_attestation_ca.pem" -``` - -The fields in the above snippet are: - -- `app_id` - public address of the Teleport proxy, *including* the `https://` - prefix. If you use a port number other than 443, include it as well. - - Examples: - - - `https://example.com` (uses default port 443) - - `https://example.com:3080` (uses non-default port 3080) - - - The `app_id` must never change in the lifetime of the cluster, because it's - recorded in the registration data on the U2F device. If the App ID changes, - all existing U2F key registrations will become invalid and all users who use - U2F as the second factor will need to re-register. When using multiple proxy - servers, make sure they are reachable at the same public address (usually - behind a load balancer). - - -- `facets` - list of allowed addresses of the Teleport proxy, checked during - authentication attempts. This list is used to prevent malicious websites and - proxies from requesting U2F challenges on behalf of the legitimate proxy. - - For compatibility with multiple browsers, it's recommended to write down the - proxy address in several formats. For example, if your `app_id` is - `https://example.com`, your `facets` should include `https://example.com` - (same as the app_id) and `https://example.com:443`. - -- `device_attestation_cas` - optional list of certificate authorities (as local - file paths or in-line PEM certificate string) for U2F [device - attestation](https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-overview.html#verifying-that-a-u2f-device-is-genuine) - verification. This field allows you to restrict which U2F device vendors you - trust. Devices from other vendors will be rejected during registration. By - default, any vendor is allowed. - -Once the configuration file was edited, restart `teleport` to pick up the -changes. - -## Register U2F devices as a user - -A user can register multiple U2F devices [using `tsh`](../../setup/reference/cli.mdx#tsh-mfa-add): - -```code -$ tsh mfa add - -# Choose device type [TOTP, U2F]: u2f -# Enter device name: desktop yubikey -# Tap any *registered* security key -# Tap your *new* security key -# MFA device "desktop yubikey" added. -``` - -{/* Convert to new UI component https://github.com/gravitational/next/issues/275 */} - - - U2F devices are currently not supported in `tsh` on Windows. - - -## Login using U2F - -Once a U2F device is registered, the user will be prompted for it on login: - -```code -$ tsh login --proxy=example.com - -# Enter password for Teleport user awly: -# Tap any security key -# > Profile URL: https://example.com -# Logged in as: awly -# Cluster: example.com -# Roles: admin* -# Logins: awly -# Kubernetes: enabled -# Valid until: 2021-04-01 23:32:29 -0700 PDT [valid for 12h0m0s] -# Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty -``` - - -U2F for logging into Teleport is only required for [local -users](../../setup/reference/authentication.mdx#local-no-authentication-connector). SSO users should configure -multi-factor authentication in their SSO provider. - - -## Next steps - -- [Setup per-session U2F checks](per-session-mfa.mdx) diff --git a/docs/pages/access-controls/guides/webauthn.mdx b/docs/pages/access-controls/guides/webauthn.mdx index 8fee14df8cf98..6db1636ad7306 100644 --- a/docs/pages/access-controls/guides/webauthn.mdx +++ b/docs/pages/access-controls/guides/webauthn.mdx @@ -4,9 +4,9 @@ description: Configuring WebAuthn support in Teleport clusters. --- Teleport supports [WebAuthn](https://webauthn.guide/) as a second authentication -factor. WebAuthn can be used for logging in to Teleport (`tsh login` or the login -page on the Web UI) and for logging in to individual SSH nodes or Kubernetes -clusters (`tsh ssh` and `kubectl`). +factor. WebAuthn can be used for logging in to Teleport (`tsh login` or the +login page on the Web UI) and for logging in to individual SSH nodes or +Kubernetes clusters (`tsh ssh` and `kubectl`). WebAuthn support includes hardware devices, such as YubiKeys or SoloKeys (`tsh` and Web UI), as well as biometric authenticators like Touch ID and Windows Hello @@ -24,11 +24,10 @@ and Web UI), as well as biometric authenticators like Touch ID and Windows Hello ## Step 1/3. Enable WebAuthn support -WebAuthn is disabled by default. To enable WebAuthn support, update your Teleport -configuration as below: +WebAuthn is disabled by default. To enable WebAuthn support, update your +Teleport configuration as below: - Auth Server `teleport.yaml` file: @@ -68,7 +67,7 @@ configuration as below: spec: type: local # To enable WebAuthn support, set this field to 'on', 'optional' or 'webauthn' - second_factor: on + second_factor: "on" webauthn: rp_id: example.com attestation_allowed_cas: @@ -83,11 +82,11 @@ configuration as below: $ tctl create -f cap.yaml # cluster auth preference has been updated ``` - + - + Obtain your existing `cluster_auth_preference` resource: @@ -108,7 +107,7 @@ metadata: spec: type: local # To enable WebAuthn support, set this field to 'on', 'optional' or 'webauthn' - second_factor: on + second_factor: "on" webauthn: rp_id: example.com attestation_allowed_cas: @@ -129,10 +128,14 @@ Update the configuration: $ tctl create -f cap.yaml # cluster auth preference has been updated ``` - -You will need to include the following configuration fields. +
+ Starting on Teleport v10, WebAuthn replaces U2F. See the [U2F](#u2f) section. +
`rp_id` is the public domain of the Teleport Proxy Service, *excluding* protocol (`https://`) and port number. @@ -178,7 +181,6 @@ $ tsh mfa add Once a WebAuthn device is registered, the user will be prompted for it on login: - ```code $ tsh login --proxy=example.com # Enter password for Teleport user codingllama: @@ -192,10 +194,9 @@ $ tsh login --proxy=example.com # Valid until: 2021-10-04 23:32:29 -0700 PDT [valid for 12h0m0s] # Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty ``` - - + ```code $ tsh login --proxy=mytenant.teleport.sh # Enter password for Teleport user codingllama: @@ -209,15 +210,112 @@ $ tsh login --proxy=mytenant.teleport.sh # Valid until: 2021-10-04 23:32:29 -0700 PDT [valid for 12h0m0s] # Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty ``` - WebAuthn for logging in to Teleport is only required for [local users]( - ../../setup/reference/authentication.mdx#local-no-authentication-connector). SSO users should configure - multi-factor authentication in their SSO provider. + ../../reference/authentication.mdx#local-no-authentication-connector). + SSO users should configure multi-factor authentication in their SSO provider. +## U2F + +Starting with Teleport v10, WebAuthn replaces U2F. If you haven't configured U2F +before, no further action is necessary—any U2F devices are automatically +supported. + +If you have an existing U2F configuration, but haven't explicitly configured +WebAuthn yet, Teleport will automatically derive your WebAuthn configuration +from your existing U2F configuration. + +You may write the WebAuthn configuration yourself, but keep the U2F `app_id` +field. Doing so ensures that any already-registered U2F devices won't need to be +re-registered. + +For example, consider the U2F configuration below: + +```yaml +# snippet from /etc/teleport.yaml showing a U2F configuration: +auth_service: + authentication: + type: local + second_factor: u2f + u2f: + app_id: https://example.com + facets: + - "https://example.com" + - "https://example.com:443" + device_attestation_cas: + - "/path/to/u2f_attestation_ca.pem" +``` + +The migrated WebAuthn configuration is: + + + + + ```yaml + # snippet from /etc/teleport.yaml: + auth_service: + authentication: + type: local + second_factor: on # changed from "u2f" + u2f: + # Keep the app_id to avoid re-registering U2F devices. + app_id: https://example.com + webauthn: + # rp_id is the public domain of the Teleport Proxy Service. + # It's similar to the U2F app_id, but without "https://" or port number. + rp_id: example.com + attestation_allowed_cas: + - "/path/to/u2f_attestation_ca.pem" + ``` + + + ```yaml + kind: cluster_auth_preference + version: v2 + metadata: + name: cluster-auth-preference + spec: + type: local + second_factor: "on" # changed from "u2f" + u2f: + # Keep the app_id to avoid re-registering U2F devices. + app_id: https://example.com + webauthn: + # rp_id is the public domain of the Teleport Proxy Service. + # It's similar to the U2F app_id, but without "https://" or port number. + rp_id: example.com + attestation_allowed_cas: + - "/path/to/u2f_attestation_ca.pem" + ``` + + + + + +```yaml +kind: cluster_auth_preference +version: v2 +metadata: + name: cluster-auth-preference +spec: + type: local + second_factor: "on" # changed from "u2f" + u2f: + # Keep the app_id to avoid re-registering U2F devices. + app_id: https://example.com + webauthn: + # rp_id is the public domain of the Teleport Proxy Service. + # It's similar to the U2F app_id, but without "https://" or port number. + rp_id: example.com + attestation_allowed_cas: + - "/path/to/u2f_attestation_ca.pem" +``` + + ## Next steps -- [Setup per-session MFA checks](per-session-mfa.mdx) +- [Passwordless](./passwordless.mdx) +- [Setup per-session MFA checks](./per-session-mfa.mdx) diff --git a/docs/pages/access-controls/introduction.mdx b/docs/pages/access-controls/introduction.mdx index 2682056936f34..8afa9923b927f 100644 --- a/docs/pages/access-controls/introduction.mdx +++ b/docs/pages/access-controls/introduction.mdx @@ -24,26 +24,13 @@ guide. ## Guides - - - Dual Authorization for SSH and Kubernetes. - - - Dynamic Access Policies with Role Templates. - - - Create certs for CI/CD using impersonation. - - - Add Two-Factor Authentication through WebAuthn. - - - Per-session Multi-Factor Authentication. - - - Locking sessions and identities. - - +- [Dual Authorization](./guides/dual-authz.mdx): Dual Authorization for SSH and Kubernetes. +- [Teleport Role Templates](./guides/role-templates.mdx): Dynamic Access Policies with Role Templates. +- [Impersonating Teleport Users](./guides/impersonation.mdx): Create certs for CI/CD using impersonation. +- [Passwordless](./guides/passwordless.mdx): Use passwordless authentication (Preview). +- [Second Factor - WebAuthn](./guides/webauthn.mdx): Add Two-Factor Authentication through WebAuthn. +- [Per-session MFA](./guides/per-session-mfa.mdx): Per-session Multi-Factor Authentication. +- [Locking](./guides/locking.mdx): Locking sessions and identities. ## How does it work? diff --git a/docs/pages/access-controls/reference.mdx b/docs/pages/access-controls/reference.mdx index 6da65d0f8f45e..5f662fd4c5c56 100644 --- a/docs/pages/access-controls/reference.mdx +++ b/docs/pages/access-controls/reference.mdx @@ -31,14 +31,15 @@ sessions. You can see all of the available resources and verbs under the `allow` section in the example role configuration below. To manage cluster roles, a Teleport administrator can use the Web UI or the -command line using [tctl resource commands](../setup/reference/resources.mdx). +command line using [tctl resource commands](../reference/resources.mdx). To see the list of roles in a Teleport cluster, an administrator can execute: ```code -# Log in to your cluster with tsh so you can use tctl. -# You can also run tctl on your Auth Service host. +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. $ tsh login --user=myuser --proxy=teleport.example.com $ tctl get roles ``` @@ -56,151 +57,9 @@ $ tctl get roles (!docs/pages/includes/backup-warning.mdx!) -A role definition looks like this: - -```yaml -kind: role -version: v5 -metadata: - name: example -spec: - # Options used for user sessions with default values: - options: - # max_session_ttl defines the TTL (time to live) of SSH certificates - # issued to the users with this role. - max_session_ttl: 8h - # forward_agent controls whether SSH agent forwarding is allowed - forward_agent: true - # port_forwarding controls whether TCP port forwarding is allowed - port_forwarding: true - # client_idle_timeout determines if SSH sessions to cluster nodes are forcefully - # terminated after no activity from a client (idle client). it overrides the - # global cluster setting. examples: "30m", "1h" or "1h30m" - client_idle_timeout: never - # Determines if the clients will be forcefully disconnected when their - # certificates expire in the middle of an active SSH session. - # It overrides the global cluster setting. - disconnect_expired_cert: no - # Optional: max_connections Per-user limit of concurrent sessions within a - # cluster. - max_connections: 2 - # Optional: max_sessions total number of session channels that can be established - # across a single connection. 10 will match OpenSSH default behavior. - max_sessions: 10 - # permit_x11_forwarding allows users to use X11 forwarding with openssh clients and servers through the proxy - permit_x11_forwarding: true - # Specify whether or not to record the user's desktop sessions. - # Desktop session recording is enabled if one or more of the user's - # roles has enabled recording. Defaults to true if unspecified. - # Desktop sessions will never be recorded if auth_service.session_recording - # is set to 'off' in teleport.yaml or if the cluster's session_recording_config - # resource has set 'mode: off'. - record_sessions: - desktop: true - # Specify whether clipboard sharing should be allowed with the - # remote desktop (requires a supported browser). Defaults to true - # if unspecified. If one or more of the user's roles has disabled - # the clipboard, then it will be disabled. - desktop_clipboard: true - # Specify a list of names and associated values to be included in user SSH keys. - # The key type can only be "ssh" and the mode can only be "extension". - # The name and value fields can be arbitrary strings and the value field - # supports variable interpolation. - cert_extensions: - - type: ssh - mode: extension - name: login@github.com - value: "{{ external.github_login }}" - # The allow section declares a list of resource/verb combinations that are - # allowed for the users of this role. By default, nothing is allowed. - allow: - # The logins array defines the OS/UNIX logins a user is allowed to use. - # a few special variables are supported here (see below) - logins: [root, '{{internal.logins}}'] - # Windows logins a user is allowed to use for desktop sessions. - windows_desktop_logins: [Administrator, '{{internal.logins}}'] - # If the Kubernetes integration is enabled, this setting configures which - # kubernetes groups the users of this role will be assigned to. - # Note that you can refer to a SAML/OIDC trait via the "external" property bag. - # This allows you to specify Kubernetes group membership in an identity manager: - kubernetes_groups: ["system:masters", "{{external.trait_name}}"]] - - # List of node labels a user will be allowed to connect to: - node_labels: - # A user can only connect to a node marked with 'test' label: - 'environment': 'test' - # The wildcard ('*') means "any node" - '*': '*' - # Labels can be specified as a list: - 'environment': ['test', 'staging'] - # Regular expressions are also supported, for example, the equivalent - # of the list example above can be expressed as: - 'environment': '^test|staging$' +Here is a full role specification: - kubernetes_labels: - # A user can only access prod environments - 'env': 'prod' - # User can access any region in us-west, e.g us-west-1, us-west-2 - 'region': 'us-west-*' - 'cluster_name': '^us.*\.example\.com$' - - # Defines roles that this user can request. - # Needed for teleport's access request workflow - # https://goteleport.com/teleport/docs/enterprise/workflow/ - request: - roles: - - dba - - # List of allow-rules. See below for more information. - rules: - - resources: [role] - verbs: [list, create, read, update, delete] - - resources: [auth_connector] - verbs: [list, create, read, update, delete] - - resources: [session] - verbs: [list, read] - - resources: [trusted_cluster] - verbs: [list, create, read, update, delete] - - resources: [event] - verbs: [list, read] - - resources: [user] - verbs: [list,create,read,update,delete] - - resources: [token] - verbs: [list,create,read,update,delete] - - # Moderated Sessions policy that dictates requirements for starting a session. - require_session_join: - # Defines the name of the policy. The name serves only as an - # identifier in logs and for organisation/categorisation. - - name: Auditor oversight - # Specifies an RBAC predicate that is used to define - # which users count against the required user count of the policy. - filter: 'contains(user.roles, "auditor")' - # The different session kinds this policy applies to. - kinds: ['k8s', 'ssh'] - # A list of session participant modes that a participant must have - # one of in order to count against the policy. - modes: ['moderator'] - # The minimum amount of users that need to match the filter expression - # in order to satisfy the policy. - count: 1 - - # Moderated Sessions policy that dictates the ability to join sessions - join_sessions: - # Defines the name of the policy. The name serves only as an - # identifier in logs and for organisation/categorisation. - - name: Auditor oversight - # Allows one to join sessions created by other users with these roles - roles : ['prod-access'] - # The different session kinds this policy applies to. - kinds: ['k8s', 'ssh'] - # The list of session participant modes the role may join the session as. - modes: ['moderator', 'observer'] - - # The deny section uses the identical format as the 'allow' section. - # The deny rules always override allow rules. - deny: {} -``` +(!docs/pages/includes/role-spec.mdx!) The following variables can be used with `logins` and `windows_desktop_logins` fields: @@ -232,7 +91,7 @@ logins: ### Role options -As shown above, a role can define certain restrictions on SSH sessions initiated by users. +As shown above, a role can define certain restrictions on sessions initiated by users. The table below documents the behavior of each option if multiple roles are assigned to a user. | Option | Description | Multi-role behavior | @@ -240,10 +99,23 @@ The table below documents the behavior of each option if multiple roles are assi | `max_session_ttl` | Max. time to live (TTL) of a user's SSH certificates | The shortest TTL wins | | `forward_agent` | Allow SSH agent forwarding | Logical "OR" i.e. if any role allows agent forwarding, it's allowed | | `port_forwarding` | Allow TCP port forwarding | Logical "OR" i.e. if any role allows port forwarding, it's allowed | +| `ssh_file_copy` | Allow SCP/SFTP | Logical "AND" i.e. if all roles allows file copying, it's allowed | | `client_idle_timeout` | Forcefully terminate active SSH sessions after an idle interval | The shortest timeout value wins, i.e. the most restrictive value is selected | | `disconnect_expired_cert` | Forcefully terminate active SSH sessions when a client certificate expires | Logical "OR" i.e. evaluates to "yes" if at least one role requires session termination | -| `max_connections` | Limit on how many active SSH sessions can be started via Teleport | | | `max_sessions` | Total number of session channels which can be established across a single SSH connection via Teleport | | +| `enhanced_recording` | Indicates which events should be recorded by the BFP-based session recorder | | +| `permit_x11_forwarding` | Allow users to enable X11 forwarding with OpenSSH clients and servers | | +| `require_session_mfa` | Require additional MFA tap before initiating a session | Logical "OR" i.e. evaluates to "yes" if at least one role requires session MFA | +| `lock` | Locking mode (`strict` or `best_effort`) | `strict` wins in case of conflict | +| `request_access` | Enterprise-only Access Request strategy (`optional`, `always` or `reason`) | | +| `request_prompt` | Prompt for the Access Request "reason" field | | +| `max_connections` | Enterprise-only limit on how many concurrent sessions can be started via Teleport | | +| `max_kubernetes_connections` | Defines the maximum number of concurrent Kubernetes sessions per user | | +| `record_session` |Defines the [Session recording mode](../reference/audit.mdx#modes).|The strictest value takes precedence.| +| `desktop_clipboard` | Allow clipboard sharing for desktop sessions | Logical "AND" i.e. evaluates to "yes" if all roles enable clipboard sharing | +| `pin_source_ip` | Enable source IP pinning for SSH certificates | Logical "OR" i.e. evaluates to "yes" if at least one role requires session termination | +| `cert_extensions` | Specifies extensions to be included in SSH certificates | | +| `create_host_user` | Allow users to be automatically created on a host | Logical "AND" i.e. evaluates to "yes" if all roles matching a Node enable host user creation | ## Preset roles @@ -283,7 +155,7 @@ Label | `v3` Default | `v4` and `v5` Default ## RBAC for hosts A Teleport role can also define which hosts (nodes) a user can have access to. -This works by [labeling nodes](../setup/admin/labels.mdx) and listing +This works by [labeling nodes](../management/admin/labels.mdx) and listing allow/deny labels in a role definition. Consider the following use case: @@ -355,8 +227,8 @@ RBAC lets teams limit what resources are available to Teleport users. This can b you don't want regular users editing SSO (`auth_connector`) or creating and editing new roles (`role`). -Below is an example `allow` section that illustrates commonly used `rules`. -Each rule includes a list of Teleport resources and the CRUD +Below is an example `allow` section that illustrates commonly used `rules`. +Each rule includes a list of Teleport resources and the CRUD operations that a user is allowed to execute on them: ```yaml @@ -412,8 +284,8 @@ allow: ## RBAC for sessions It is possible to further limit access to -[shared sessions](../server-access/guides/tsh.mdx#sharing-sessions) and -[session recordings](../architecture/nodes.mdx#session-recording). +[shared sessions](../connect-your-client/tsh.mdx#sharing-sessions) and +[session recordings](../architecture/nodes.mdx#ssh-session-recording). The examples below illustrate how to restrict session access only for the user who created the session. @@ -475,8 +347,8 @@ spec: ## Second Factor - U2F -Refer to the [Second Factor - U2F guide](./guides/u2f.mdx) if you have a cluster -using the legacy U2F support. +Refer to the [Second Factor - WebAuthn](./guides/webauthn.mdx#u2f) guide if you +have a cluster using the legacy U2F support. ## Filter fields @@ -489,5 +361,5 @@ Here is an explanation of the fields used in the `where` and `filter` conditions | `ssh_session.participants` | The list of participants from an SSH session | | `user.metadata.name` | The user's name | -Check out our [predicate language](../setup/reference/predicate-language.mdx#scoping-allowdeny-rules-in-role-resources) +Check out our [predicate language](../reference/predicate-language.mdx#scoping-allowdeny-rules-in-role-resources) guide for a more in depth explanation of the language. diff --git a/docs/pages/access-controls/sso.mdx b/docs/pages/access-controls/sso.mdx new file mode 100644 index 0000000000000..511a25e7b1ee1 --- /dev/null +++ b/docs/pages/access-controls/sso.mdx @@ -0,0 +1,610 @@ +--- +title: Configure Single Sign-On +description: How to set up single sign-on (SSO) for SSH using Teleport +--- + +Teleport users can log in to servers, Kubernetes clusters, databases, web +applications, and Windows desktops through their organization's Single Sign-On +(SSO) provider. + +- [Azure Active Directory (AD)](./sso/azuread.mdx): Configure Azure Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps. +- [Active Directory (ADFS)](./sso/adfs.mdx): Configure Windows Active Directory SSO for SSH, Kubernetes, databases, desktops and web apps. +- [Google Workspace](./sso/google-workspace.mdx): Configure Google Workspace SSO for SSH, Kubernetes, databases, desktops and web apps. +- [GitHub](./sso/github-sso.mdx): Configure GitHub SSO for SSH, + Kubernetes, databases, desktops, and web apps. +- [GitLab](./sso/gitlab.mdx): Configure GitLab SSO for SSH, Kubernetes, databases, desktops and web apps. +- [OneLogin](./sso/one-login.mdx): Configure OneLogin SSO for SSH, Kubernetes, databases, desktops and web apps. +- [OIDC](./sso/oidc.mdx): Configure OIDC SSO for SSH, Kubernetes, databases, desktops and web apps. +- [Okta](./sso/okta.mdx): Configure Okta SSO for SSH, Kubernetes, databases, desktops and web apps. + +## How Teleport uses SSO + +You can register your Teleport cluster as an application with your SSO provider. +When a user signs in to Teleport, your SSO provider will execute its own +authentication flow, then send an HTTP request to your Teleport cluster to +indicate that authentication has completed. + +Teleport authenticates users to your infrastructure by issuing short-lived +certificates. After a user completes an SSO authentication flow, Teleport issues +a short-lived certificate to the user. Teleport also creates a temporary user on +the Auth Service backend. + +### Temporary `user` resources + +After a user completes an SSO authentication flow, Teleport creates a temporary +`user` resource for the user. + +When a user signs in to Teleport with `tsh login`, they can configure the TTL of +the `user` Teleport creates. Teleport enforces a limit of 30 hours (the default +is 12 hours). + +In the Teleport audit log, you will see an event of type `user.create` with +information about the temporary user. + +
+ +You can inspect a temporary `user` resource created via your SSO integration +by using the `tctl` command: + + + + +```code +# Log in to your cluster with tsh so you can use tctl remotely +$ tsh login --proxy=proxy.example.com --user=myuser +$ tctl get users/ +``` + + + + +```code +# Log in to your cluster with tsh so you can use tctl remotely +$ tsh login --proxy=mytenant.teleport.sh --user=myuser +$ tctl get users +``` + + +Here is an example of a temporary `user` resource created when the GitHub user +`myuser` signed in to GitHub to authenticate to Teleport. This resource +expires 12 hours after creation. The `created_by` field indicates that the +resource was created by Teleport's GitHub SSO integration: + +```yaml +kind: user +metadata: + expires: "2022-06-15T04:02:34.586688054Z" + id: 0000000000000000000 + name: myuser +spec: + created_by: + connector: + id: github + identity: myuser + type: github + time: "2022-06-14T16:02:34.586688441Z" + user: + name: system + expires: "0001-01-01T00:00:00Z" + github_identities: + - connector_id: github + username: myuser + roles: + - editor + - access + - auditor + status: + is_locked: false + lock_expires: "0001-01-01T00:00:00Z" + locked_time: "0001-01-01T00:00:00Z" + recovery_attempt_lock_expires: "0001-01-01T00:00:00Z" + traits: + github_teams: + - my-team + kubernetes_groups: null + kubernetes_users: null + logins: + - root +version: v2 +``` + +
+ +### Certificates for SSO users + +Along with creating a temporary user, Teleport issues SSH and X.509 certificates +to a successfully authenticated SSO user's machine. This enables SSO users to +authenticate to your cluster without Teleport needing to create a permanent +record of them. + +In the X.509 certificate, for example, the `Subject` field contains the same +information defined in the temporary `user` resource. This enables Teleport to +enforce RBAC rules for the authenticated user when they access resources in your +cluster. + +This is a `Subject` field for a certificate that Teleport issued for the GitHub +user `myuser`, who signed in to a Teleport cluster via the GitHub SSO +integration: + +``` +Subject: L=myuser/street=teleport.example.com/postalCode={"github_teams":["my-team"],"kubernetes_groups":null,"kubernetes_users":null,"logins":["root"]}, O=access, O=editor, O=auditor, CN=myuser/1.3.9999.1.7=teleport.example.com +``` + +The user belongs to the GitHub team `my-team`, which this Teleport cluster maps +to the `access`, `editor`, and `auditor` roles in Teleport. (Read the guide for +your SSO provider to determine how to configure role mapping.) + +
+ +To inspect the contents of an X.509 certificate issued for your user after you +sign in to Teleport via SSO, run the following commands: + +```code +$ TELEPORT_CLUSTER= +$ SSO_USER= +$ openssl x509 -text -in ~/.tsh/keys/${TELEPORT_CLUSTER}/${SSO_USER}-x509.pem | grep "Subject:" +``` + +You can inspect an SSH certificate issued for your Teleport user with the +following command: + +```code +$ ssh-keygen -L -f ~/.tsh/keys/${TELEPORT_CLUSTER}/${SSO_USER}-ssh/${TELEPORT_CLUSTER}-cert.pub +``` + +
+ +### Multiple SSO providers + +Since Teleport creates temporary users and issues short-lived certificates when +a user authenticates via SSO, it is straightforward to integrate Teleport with +multiple SSO providers. Besides the temporary `user` resource, no persistent +backend data in Teleport is tied to a user's account with the SSO provider. + +This also means that if one SSO provider becomes unavailable, the end user only +needs to choose another SSO provider when signing in to Teleport. While the +user may be locked out of their account with the first SSO provider, signing in +via the second provider is sufficient for Teleport to issue a new certificate +and grant the user access to your infrastructure. + +Note that if the username of an SSO user already belongs to a user registered +locally with the Auth Service (i.e., created via `tctl users add`), the SSO +login will fail. + +## Logging in via SSO + +Users can log in to Teleport via your SSO provider by executing a command +similar to the following, using the `--auth` flag to specify the provider: + +```code +# This command will automatically open the default web browser and take a user +# through the login process with an SSO provider +$ tsh login --proxy=proxy.example.com --auth=github +``` + +The command opens a browser window and shows a URL the user can visit in the +terminal to complete their SSO flow: + +```text +If browser window does not open automatically, open it by clicking on the link: +http://127.0.0.1:45235/055a310a-1099-43ea-8cf6-ffc41d88ad1f +``` + +Teleport will wait for up to 3 minutes for a user to authenticate. If +authentication succeeds, Teleport will retrieve SSH and X.509 certificates and +store them in the `~/.tsh/keys/` directory. The tool will also will +add SSH cert to an SSH agent if there's one running. + +## Configuring SSO + +Teleport works with SSO providers by relying on the concept of an +**authentication connector**. An authentication connector is a configuration +resource that controls how SSO users log in to Teleport—and which Teleport roles +they will assume once they do. + +This means that you can apply fine-grained RBAC policies to your Teleport +cluster without needing to change the solution you use for on– and offboarding +users. + +### Supported connectors + +The following authentication connectors are supported: + + + +|Type|Description| +|---|---| +|None|If no authentication connector is created, Teleport will use local authentication based user information stored in the Auth Service backend. You can manage user data via the `tctl users` command. | +|`saml`| The SAML connector type uses the [SAML protocol](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) to authenticate users and query their group membership.| +|`oidc`| The OIDC connector type uses the [OpenID Connect protocol](https://en.wikipedia.org/wiki/OpenID_Connect) to authenticate users and query their group membership.| +|`github`| The GitHub connector uses GitHub SSO to authenticate users and query their group membership.| + + + + +|Type|Description| +|---|---| +|None|If no authentication connector is created, Teleport will use local authentication based user information stored in the Auth Service backend. You can manage user data via the `tctl users` command. | +|`github`| The GitHub connector uses GitHub SSO to authenticate users and query their group membership.| + + + +### Creating an authentication connector + + + +Before you can create an authentication connector, you must enable +authentication via that connector's protocol. + +To set the default authentication type as `saml` or `oidc`, either modify your Auth Service configuration file +or create a `cluster_auth_preference` resource. + + + + Update `/etc/teleport.yaml` in the `auth_service` section and restart the `teleport` daemon. + ```yaml + auth_service: + authentication: + # Set as saml, oidc, or github + type: saml|oidc|github + ``` + + (!docs/pages/includes/sso/idp-initiated.mdx!) + + + Create a file called `cap.yaml`: + ```yaml + kind: cluster_auth_preference + metadata: + name: cluster-auth-preference + spec: + authentication: + # Set as saml, oidc, or github + type: saml|oidc|github + version: v2 + ``` + + Create the resource: + + + + ```code + # Log in to your cluster with tsh so you can run tctl commands. + # You can also run tctl directly on the Auth Service host. + $ tsh login --proxy=teleport.example.com --user=myuser + $ tctl create -f cap.yaml + ``` + + + + + ```code + # Log in to your cluster with tsh so you can run tctl commands. + $ tsh login --proxy=mytenant.teleport.sh --user=myuser + $ tctl create -f cap.yaml + ``` + + + (!docs/pages/includes/sso/idp-initiated.mdx!) + + + + + + + +Next, define an authentication connector. Create a file called `connector.yaml` +with the following content: + +```yaml +kind: cluster_auth_preference +metadata: + name: cluster-auth-preference +spec: + type: github + webauthn: + # Replace with the address of your Teleport cluster + rp_id: 'example.teleport.sh' +version: v2 + +``` + + + + + +Next, define an authentication connector. Create a file called `connector.yaml` +based on one of the following examples. + + + + +```yaml +# connector.yaml +kind: saml +version: v2 +metadata: + name: corporate +spec: + # display allows to set the caption of the "login" button + # in the Web interface + display: "Okta" + + # enables/disables idp-initiated saml login + allow_idp_initiated: false + + # The last segment of the URL must be identical to the connector metadata name + # when IdP-initiated login is enabled. + acs: https://teleport-proxy.example.com:3080/v1/webapi/saml/acs/corporate + attributes_to_roles: + - {name: "groups", value: "okta-admin", roles: ["access"]} + - {name: "groups", value: "okta-dev", roles: ["dev"]} + + # note that wildcards can also be used. the next line instructs Teleport + # to assign "access" role to any user who has the SAML attribute that begins with "admin": + - { name: "group", value: "admin*", roles: ["access"] } + # regular expressions with capture are also supported. the next line instructs Teleport + # to assign users to roles `admin-1` if his SAML "group" attribute equals 'ssh_admin_1': + - { name: "group", value: "^ssh_admin_(.*)$", roles: ["admin-$1"] } + + entity_descriptor: | + +``` + +(!docs/pages/includes/sso/idp-initiated.mdx!) + + + + +```yaml +(!/examples/resources/onelogin-connector.yaml!) +``` + + + + +```yaml +(!/examples/resources/oidc-connector.yaml!) +``` + + + + +```yaml +(!/examples/resources/gworkspace-connector-inline.yaml!) +``` + + + + +```yaml +(!/examples/resources/adfs-connector.yaml!) +``` + + + + +```yaml +(!/examples/resources/saml-connector.yaml!) +``` + +(!docs/pages/includes/sso/idp-initiated.mdx!) + + + + +```yaml +kind: cluster_auth_preference +metadata: + name: cluster-auth-preference +spec: + type: github + webauthn: + # Replace with the address of your Teleport cluster + rp_id: 'example.teleport.sh' +version: v2 + +``` + + + + +You may use `entity_descriptor_url`, in lieu of `entity_descriptor`, to fetch +the entity descriptor from your IDP. + +We recommend "pinning" the entity descriptor by including the XML rather than +fetching from a URL. + + + +Create the connector: + +```code +$ tctl create -f connector.yaml +``` + +### User logins + +Often it is required to restrict SSO users to their unique UNIX logins when they +connect to Teleport Nodes. To support this: + +- Use the SSO provider to create a field called `unix_login` (you can use another name). +- Make sure the `unix_login` field is exposed as a claim via SAML/OIDC. +- Update a Teleport role to include the `{{external.unix_login}}` variable in the list of allowed logins: + +```yaml +kind: role +version: v5 +metadata: + name: sso_user +spec: + allow: + logins: + - '{{external.unix_login}}' + node_labels: + '*': '*' +``` + + + +### Provider-Specific Workarounds + +Certain SSO providers may require or benefit from changes to Teleport's SSO +flow. These provider-specific changes can be enabled by setting the +`spec.provider` property of the connector definition to one of the following +values to match your identity provider: + +- `adfs` (SAML): Required for compatibility with Active Directory (ADFS); refer + to the full [ADFS guide](./sso/adfs.mdx#create-teleport-roles) for details. +- `netiq` (OIDC): Used to enable NetIQ-specific ACR value processing; refer to + the [OIDC guide](./sso/oidc.mdx#optional-acr-values) for details. +- `ping` (SAML and OIDC): Required for compatibility with Ping Identity (including + PingOne and PingFederate). +- `okta` (OIDC): Required when using Okta as an OIDC provider. + +At this time, the `spec.provider` field should not be set for any other identity providers. + + + +## Working with an external email identity + +Along with sending groups, an SSO provider will also provide a user's email address. +In many organizations, the username that a person uses to log in to a system is the +same as the first part of their email address, the "local" part. + +For example, `dave.smith@example.com` might log in with the username `dave.smith`. +Teleport provides an easy way to extract the first part of an email address so +it can be used as a username. This is the `{{email.local}}` function. + +If the email claim from the identity provider (which can be accessed via +`{{external.email}}`) is sent and contains an email address, you can extract the +"local" part of the email address before the @ sign like this: +`{{email.local(external.email)}}` + +Here's how this looks in a Teleport role: + +```yaml +kind: role +version: v5 +metadata: + name: sso_user +spec: + allow: + logins: + # Extracts the local part of dave.smith@acme.com, so the login will + # now support dave.smith. + - '{{email.local(external.email)}}' + node_labels: + '*': '*' +``` + +## Working with multiple SSO providers + +Teleport can also support multiple connectors. For example, a Teleport +administrator can define and create multiple connector resources using +`tctl create` as shown above. + +To see all configured connectors, execute this command on the Auth Server: + +```code +$ tctl get connectors +``` + +To delete/update connectors, use the usual `tctl rm` and `tctl create` commands +as described in the [Resources Reference](../reference/resources.mdx). + +If multiple authentication connectors exist, the clients must supply a +connector name to `tsh login` via `--auth` argument: + +```code +# use "okta" SAML connector: +$ tsh --proxy=proxy.example.com login --auth=okta + +# use local Teleport user DB: +$ tsh --proxy=proxy.example.com login --auth=local --user=admin +``` + +Refer to the following guides to configure authentication connectors of both +SAML and OIDC types: + +- [SSH Authentication with Okta](./sso/okta.mdx) +- [SSH Authentication with OneLogin](./sso/one-login.mdx) +- [SSH Authentication with ADFS](./sso/adfs.mdx) +- [SSH Authentication with OAuth2 / OpenID Connect](./sso/oidc.mdx) + +## SSO customization + +Use the `display` field in an authentication connector to control the appearance +of SSO buttons in the Teleport Web UI. + +| Provider | YAML | Example | +| - | - | - | +| GitHub | `display: GitHub` | ![github](../../img/teleport-sso/github@2x.png) | +| Microsoft | `display: Microsoft` | ![microsoft](../../img/teleport-sso/microsoft@2x.png) | +| Google | `display: Google` | ![google](../../img/teleport-sso/google@2x.png) | +| BitBucket | `display: Bitbucket` | ![bitbucket](../../img/teleport-sso/bitbucket@2x.png) | +| OpenID | `display: Okta` | ![Okta](../../img/teleport-sso/openId@2x.png) | + +## Troubleshooting + +Troubleshooting SSO configuration can be challenging. Usually a Teleport administrator +must be able to: + + +- Ensure that HTTP/TLS certificates are configured properly for both Teleport + proxy and the SSO provider. + +- Be able to see what SAML/OIDC claims and values are getting exported and passed + by the SSO provider to Teleport. +- Be able to see how Teleport maps the received claims to role mappings as defined + in the connector. + +If something is not working, we recommend to: + +- Double-check the host names, tokens and TCP ports in a connector definition. + + +### Using the Web UI + +If you get "access denied" or other login errors, the number one place to check is the Audit +Log. You can access it in the **Activity** tab of the Teleport Web UI. + +![Audit Log Entry for SSO Login error](../../img/sso/teleportauditlogssofailed.png) + +Example of a user being denied because the role `clusteradmin` wasn't set up: + +```json +{ + "code": "T1001W", + "error": "role clusteradmin is not found", + "event": "user.login", + "method": "oidc", + "success": false, + "time": "2019-06-15T19:38:07Z", + "uid": "cd9e45d0-b68c-43c3-87cf-73c4e0ec37e9" +} +``` + +### Teleport does not show the expected Nodes + +(!docs/pages/includes/node-logins.mdx!) + +When configuring SSO, ensure that the identity provider is populating each user's +traits correctly. For a user to see a Node in Teleport, the result of populating a + template variable in a role's `allow.logins` must match at least one of a user's + `traits.logins`. + +In this example a user will have usernames `ubuntu`, `debian` and usernames from the SSO trait `logins` for Nodes that have a `env: dev` label. If the SSO trait username is `bob` then the usernames would include `ubuntu`, `debian`, and `bob`. + +```yaml +kind: role +metadata: + name: example-role +spec: + allow: + logins: ['{{external.logins}}', ubuntu, debian] + node_labels: + 'env': 'dev' +version: v5 +``` diff --git a/docs/pages/enterprise/sso/adfs.mdx b/docs/pages/access-controls/sso/adfs.mdx similarity index 92% rename from docs/pages/enterprise/sso/adfs.mdx rename to docs/pages/access-controls/sso/adfs.mdx index cf941b28de241..a433ac73c7c57 100644 --- a/docs/pages/enterprise/sso/adfs.mdx +++ b/docs/pages/access-controls/sso/adfs.mdx @@ -13,26 +13,6 @@ like: - Only members of "DBA" group can SSH into machines running PostgreSQL. - Developers must never SSH into production servers. -- ... and many others. - - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - ## Prerequisites @@ -148,7 +128,7 @@ ADFS claim and use that field as an allowed login for each user. Note the double quotes (`"`) and square brackets (`[]`) around the claim name—these are important. -Next, create a SAML connector [resource](../../setup/reference/resources.mdx): +Next, create a SAML connector [resource](../../reference/resources.mdx): ```yaml (!examples/resources/adfs-connector.yaml!) @@ -207,5 +187,3 @@ automatically in a browser. ## Troubleshooting (!docs/pages/includes/sso/loginerrortroubleshooting.mdx!) - - diff --git a/docs/pages/enterprise/sso/azuread.mdx b/docs/pages/access-controls/sso/azuread.mdx similarity index 91% rename from docs/pages/enterprise/sso/azuread.mdx rename to docs/pages/access-controls/sso/azuread.mdx index 62c4871a9735b..5cacd4052b823 100644 --- a/docs/pages/enterprise/sso/azuread.mdx +++ b/docs/pages/access-controls/sso/azuread.mdx @@ -12,25 +12,6 @@ SSH credentials to specific groups of users with a SAML Authentication Connector The following steps configure an example SAML authentication connector matching Azure AD groups with security roles. You can choose to configure other options. - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - - ## Prerequisites Before you get started you’ll need: @@ -78,7 +59,7 @@ Before you get started you’ll need: 8. For **Entity ID** and **Reply URL**, enter the same proxy URL. - For self-hosted deployments, the URL will be similar to `https://teleport.example.com:3080/v1/webapi/saml/acs`. + For self-hosted deployments, the URL will be similar to `https://teleport.example.com:3080/v1/webapi/saml/acs/connectorName`. For Teleport Cloud users, the URL will be similar to `https://mytenant.teleport.sh`. @@ -107,7 +88,7 @@ Before you get started you’ll need: type="warning" title="Important" > - This is a important document. Treat the Federation Metadata XML file as you would a password. + This is an important document. Treat the Federation Metadata XML file as you would a password. ## Create a SAML Connector @@ -122,9 +103,14 @@ metadata: name: azure-saml spec: display: "Microsoft" + + # enables/disables idp-initiated saml login + allow_idp_initiated: false + # acs is the Assertion Consumer Service URL. This should be the address of # the Teleport proxy that your identity provider will communicate with. - acs: https://teleport.example.com:3080/v1/webapi/saml/acs + # The last segment of the URL must be identical to the connector metadata name. + acs: https://teleport.example.com:3080/v1/webapi/saml/acs/azure-saml attributes_to_roles: - {name: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups", value: "", roles: ["editor"]} - {name: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups", value: "", roles: ["dev"]} @@ -132,6 +118,8 @@ spec: ``` +(!docs/pages/includes/sso/idp-initiated.mdx!) + Replace the `acs` field with your Teleport address, update the group IDs in the `attributes_to_roles` field with the actual Azure AD group ID values, and insert the downloaded Federation Metadata XML into the `entity_descriptor` field. @@ -241,7 +229,7 @@ kind: saml metadata: name: azure-saml spec: - acs: https://teleport.example.com/v1/webapi/saml/acs + acs: https://teleport.example.com/v1/webapi/saml/acs/azure-saml attributes_to_roles: - name: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups roles: @@ -249,14 +237,14 @@ spec: - access - auditor value: '*' - audience: https://teleport.example.com/v1/webapi/saml/acs + audience: https://teleport.example.com/v1/webapi/saml/acs/azure-saml cert: "" display: Microsoft entity_descriptor: | \ No newline at end of file diff --git a/docs/pages/setup/admin/github-sso.mdx b/docs/pages/access-controls/sso/github-sso.mdx similarity index 100% rename from docs/pages/setup/admin/github-sso.mdx rename to docs/pages/access-controls/sso/github-sso.mdx diff --git a/docs/pages/enterprise/sso/gitlab.mdx b/docs/pages/access-controls/sso/gitlab.mdx similarity index 89% rename from docs/pages/enterprise/sso/gitlab.mdx rename to docs/pages/access-controls/sso/gitlab.mdx index d0eb57efb2b1b..71ef8261a99e5 100644 --- a/docs/pages/enterprise/sso/gitlab.mdx +++ b/docs/pages/access-controls/sso/gitlab.mdx @@ -15,25 +15,6 @@ like: - Only members of "ProductionKubernetes" can access production Kubernetes clusters - Developers must never SSH into production servers. - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - - ## Prerequisites - At least two groups in GitLab with users assigned. @@ -51,7 +32,7 @@ like: You should have at least one group configured in GitLab to map to Teleport roles. In this example we use the names `gitlab-dev` and `gitlab-admin`. Assign users to each of these groups. -1. Create a Application in one of your Groups that will allow using GitLab as a OAuh provider to Teleport. +1. Create a Application in one of your Groups that will allow using GitLab as a OAuth provider to Teleport. Settings @@ -75,7 +56,7 @@ If you are self hosting that is likely another local address. ### Create a OIDC Connector -Create a OIDC connector [resource](../../setup/reference/resources.mdx): +Create a OIDC connector [resource](../../reference/resources.mdx): Replace the Application ID and the Secret with the values from GitLab. ```yaml @@ -201,4 +182,3 @@ automatically in a browser). (!docs/pages/includes/sso/loginerrortroubleshooting.mdx!) - \ No newline at end of file diff --git a/docs/pages/enterprise/sso/google-workspace.mdx b/docs/pages/access-controls/sso/google-workspace.mdx similarity index 94% rename from docs/pages/enterprise/sso/google-workspace.mdx rename to docs/pages/access-controls/sso/google-workspace.mdx index 19b9410aa0c3b..6eb98480b0824 100644 --- a/docs/pages/enterprise/sso/google-workspace.mdx +++ b/docs/pages/access-controls/sso/google-workspace.mdx @@ -12,26 +12,6 @@ to define policies like: - Only members of "DBA" Google group can SSH into machines running PostgreSQL. - Developers must never SSH into production servers. -- ... and many others. - - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - ## Prerequisites @@ -166,7 +146,7 @@ page of the GCP console, select"Internal" as your User Type. ![configuration of the OAuth consent screen](../../../img/googleoidc/consent-screen-1.png) - Configure the appearence of your connector by picking a visible name, user support email, etc. + Configure the appearance of your connector by picking a visible name, user support email, etc. ### Select scopes @@ -235,7 +215,7 @@ Configure [domain-wide ## Step 3/4. Create an OIDC connector -Create the following OIDC connector [resource spec](../../setup/reference/resources.mdx) as `gworkspace-connector.yaml`. We will explain how to choose values for fields within the resource spec below. +Create the following OIDC connector [resource spec](../../reference/resources.mdx) as `gworkspace-connector.yaml`. We will explain how to choose values for fields within the resource spec below. @@ -321,4 +301,3 @@ automatically in a browser). - [Google Workspace Directory API](https://developers.google.com/admin-sdk/directory) - [How nested Google Workspace groups work](https://support.google.com/a/answer/167100?hl=en) - \ No newline at end of file diff --git a/docs/pages/enterprise/sso/oidc.mdx b/docs/pages/access-controls/sso/oidc.mdx similarity index 89% rename from docs/pages/enterprise/sso/oidc.mdx rename to docs/pages/access-controls/sso/oidc.mdx index ea29a46334946..b39aed6f53268 100644 --- a/docs/pages/enterprise/sso/oidc.mdx +++ b/docs/pages/access-controls/sso/oidc.mdx @@ -11,26 +11,6 @@ administrators to define policies like: - Only members of "DBA" group can SSH into machines running PostgreSQL. - Developers must never SSH into production servers. -- ... and many others. - - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - ## Prerequisites @@ -74,7 +54,7 @@ should be `https://proxy.example.com:3080/v1/webapi/oidc/callback` ## OIDC connector configuration The next step is to add an OIDC connector to Teleport. The connectors are manipulated -via `tctl` [resource commands](../../setup/reference/resources.mdx). To create a new connector, +via `tctl` [resource commands](../../reference/resources.mdx). To create a new connector, create a connector resource file in YAML format, for example `oidc-connector.yaml`. The file contents are shown below. This connector requests the scope `group` @@ -90,8 +70,9 @@ Create the connector: ```code -# Log in to your Teleport cluster so you can use tctl remotely. -# You can also run tctl on your Auth Service host. +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. $ tsh login --proxy=teleport.example.com --user=myuser $ tctl create oidc-connector.yaml ``` @@ -100,7 +81,7 @@ $ tctl create oidc-connector.yaml ```code -# Log in to your Teleport cluster so you can use tctl remotely +# Log in to your Teleport cluster so you can use tctl remotely. $ tsh login --proxy=mytenant.teleport.sh --user=myuser $ tctl create oidc-connector.yaml ``` @@ -110,7 +91,7 @@ $ tctl create oidc-connector.yaml ## Create Teleport Roles The next step is to define Teleport roles. They are created using the same -`tctl` [resource commands](../../setup/reference/resources.mdx) as we used for the auth +`tctl` [resource commands](../../reference/resources.mdx) as we used for the auth connector. Below are two example roles that are mentioned above, the first is an admin @@ -243,6 +224,21 @@ spec: A list of available optional prompt parameters are available from the [OpenID website](https://openid.net/specs/openid-connect-core-1\_0.html#AuthRequest). +### Optional: Disable email verification + +By default, Teleport will validate the `email_verified` claim, and users who attempt to sign in without a verified email address will be prevented from doing so. + +For testing and other purposes, you may opt out of this behavior by enabling `allow_unverified_email` in your OIDC connector. This option weakens the overall security of the system, so we do not recommend enabling it. + +```yaml +kind: oidc +version: v2 +metadata: + name: connector +spec: + allow_unverified_email: true +``` + ## Testing For the Web UI, if the above configuration were real, you would see a button @@ -259,4 +255,3 @@ identity provider if you are not automatically redirected. (!docs/pages/includes/sso/loginerrortroubleshooting.mdx!) - \ No newline at end of file diff --git a/docs/pages/enterprise/sso/okta.mdx b/docs/pages/access-controls/sso/okta.mdx similarity index 89% rename from docs/pages/enterprise/sso/okta.mdx rename to docs/pages/access-controls/sso/okta.mdx index d748bab651589..9e5d166327eb3 100644 --- a/docs/pages/enterprise/sso/okta.mdx +++ b/docs/pages/access-controls/sso/okta.mdx @@ -15,25 +15,6 @@ like: - Only members of "DBA" group can SSH into machines running PostgreSQL. - Developers must never SSH into production servers. - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - - ## Prerequisites - Okta account with admin access. Your account must include users and at least two groups. @@ -61,8 +42,8 @@ statements (special signed metadata exposed via a SAML XML response). GENERAL -- Single sign on URL `https://teleport-proxy.example.com:443/v1/webapi/saml/acs` -- Audience URI (SP Entity ID)`https://teleport-proxy.example.com:443/v1/webapi/saml/acs` +- Single sign on URL `https://teleport-proxy.example.com:443/v1/webapi/saml/acs/connectorName` +- Audience URI (SP Entity ID)`https://teleport-proxy.example.com:443/v1/webapi/saml/acs/connectorName` - Name ID format `EmailAddress` - Application username `Okta username` @@ -113,12 +94,14 @@ configure a Teleport connector: ## Create a SAML Connector -Now, create a SAML connector [resource](../../setup/reference/resources.mdx): +Now, create a SAML connector [resource](../../reference/resources.mdx): ```yaml (!examples/resources/saml-connector.yaml!) ``` +(!docs/pages/includes/sso/idp-initiated.mdx!) + Create the connector using `tctl` tool: ```code @@ -191,4 +174,3 @@ automatically in a browser). (!docs/pages/includes/sso/loginerrortroubleshooting.mdx!) - \ No newline at end of file diff --git a/docs/pages/enterprise/sso/one-login.mdx b/docs/pages/access-controls/sso/one-login.mdx similarity index 90% rename from docs/pages/enterprise/sso/one-login.mdx rename to docs/pages/access-controls/sso/one-login.mdx index d5deb6fc282a2..a1963c8854da8 100644 --- a/docs/pages/enterprise/sso/one-login.mdx +++ b/docs/pages/access-controls/sso/one-login.mdx @@ -13,25 +13,6 @@ like: - Developers must never SSH into production servers. - ... and many others. - - - This guide requires Teleport Cloud or Teleport Enterprise. - - View this guide as the user of another Teleport edition: - - - - - - - - - - - - ## Prerequisites - One Login account with admin access and users assigned to at least two groups. @@ -98,7 +79,7 @@ Once the application is set up, download `SAML Metadata`. ## Create a SAML Connector -Now, create a SAML connector [resource](../../setup/reference/resources.mdx). +Now, create a SAML connector [resource](../../reference/resources.mdx). Write down this template as `onelogin-connector.yaml`: ```yaml @@ -195,4 +176,3 @@ automatically in a browser). (!docs/pages/includes/sso/loginerrortroubleshooting.mdx!) - \ No newline at end of file diff --git a/docs/pages/api/architecture.mdx b/docs/pages/api/architecture.mdx index 63fd3be31dc41..931ff516c9411 100644 --- a/docs/pages/api/architecture.mdx +++ b/docs/pages/api/architecture.mdx @@ -53,7 +53,7 @@ The Teleport Go client uses Credentials to gather and hold TLS certificates, con to proxy servers over SSH, and perform some other actions. Credentials are created by using Credential loaders, which gather certificates and data -generated by [Teleport CLIs](../setup/reference/cli.mdx). +generated by [Teleport CLIs](../reference/cli.mdx). Since there are several Credential loaders to choose from with distinct benefits, here's a quick breakdown: - Profile Credentials are the easiest to get started with. All you have to do is log in to your device with `tsh login`. Your Teleport proxy address and credentials will automatically be located and used. diff --git a/docs/pages/api/getting-started.mdx b/docs/pages/api/getting-started.mdx index 39a65249335ef..f5748c619b74e 100644 --- a/docs/pages/api/getting-started.mdx +++ b/docs/pages/api/getting-started.mdx @@ -6,7 +6,7 @@ description: Get started working with the Teleport API programmatically using Go # Getting Started In this getting started guide we will use the Teleport API Go client to connect -to a Teleport Node configured as an Auth Server. +to a Teleport Auth Service. Here are the steps we'll walkthrough: @@ -115,4 +115,4 @@ $ go run main.go - Read about Teleport [API architecture](./architecture.mdx) for an in-depth overview of the API and API clients. - Read [API authorization](./architecture.mdx#authorization) to learn more about defining custom roles for your API client. - Review the `client` [pkg.go reference documentation](https://pkg.go.dev/github.com/gravitational/teleport/api/client) for more information about working with the Teleport API programmatically. -- Familiarize yourself with the [admin manual](../setup/admin.mdx) to make the best use of the API. +- Familiarize yourself with the [admin manual](../management/admin.mdx) to make the best use of the API. diff --git a/docs/pages/api/introduction.mdx b/docs/pages/api/introduction.mdx index c3e2637f03d0f..5e412048687d9 100644 --- a/docs/pages/api/introduction.mdx +++ b/docs/pages/api/introduction.mdx @@ -7,21 +7,18 @@ layout: tocless-doc The Teleport Auth API provides a gRPC API for remotely interacting with a Teleport Auth server. Teleport has a public [Go client](https://pkg.go.dev/github.com/gravitational/teleport/api/client) -to programatically interact with the API. [tsh and tctl](../setup/reference/cli.mdx) use the same API. +to programatically interact with the API. [tsh and tctl](../reference/cli.mdx) use the same API. ## Go client Here is what you can do with the Go Client: - Integrating with external tools, which we have already done - for [several tools](../enterprise/workflow/index.mdx#integrating-with-an-external-tool), + for [several tools](../access-controls/access-request-plugins/index.mdx), such as Slack, Jira, and Mattermost. - - Writing a program/bot to manage access requests automatically, based on your use case. One idea + - Writing a program/bot to manage Access Requests automatically, based on your use case. One idea is to allow/deny developer requests based on their currently assigned tasks. - Performing CRUD actions on resources, such as `roles`, `auth connectors`, and `provisioning tokens`. - Dynamically configuring Teleport. - - - Create an API client in 3 minutes with the Getting Started Guide. - - +Create an API client in 3 minutes with the [Getting Started +Guide](./getting-started.mdx). diff --git a/docs/pages/application-access/controls.mdx b/docs/pages/application-access/controls.mdx index ff656c2ae7847..9ca69c36d4c82 100644 --- a/docs/pages/application-access/controls.mdx +++ b/docs/pages/application-access/controls.mdx @@ -76,9 +76,9 @@ allow: - Learn about using [JWT tokens](./jwt/introduction.mdx) to implement access controls in your application. - Integrate with your identity provider: - - [OIDC](../enterprise/sso/oidc.mdx) - - [ADFS](../enterprise/sso/adfs.mdx) - - [Azure AD](../enterprise/sso/azuread.mdx) - - [Google Workspace](../enterprise/sso/google-workspace.mdx) - - [Onelogin](../enterprise/sso/one-login.mdx) - - [Okta](../enterprise/sso/okta.mdx) + - [OIDC](../access-controls/sso/oidc.mdx) + - [ADFS](../access-controls/sso/adfs.mdx) + - [Azure AD](../access-controls/sso/azuread.mdx) + - [Google Workspace](../access-controls/sso/google-workspace.mdx) + - [Onelogin](../access-controls/sso/one-login.mdx) + - [Okta](../access-controls/sso/okta.mdx) diff --git a/docs/pages/application-access/getting-started.mdx b/docs/pages/application-access/getting-started.mdx index 83557a08c7319..eee6eb817f057 100644 --- a/docs/pages/application-access/getting-started.mdx +++ b/docs/pages/application-access/getting-started.mdx @@ -61,7 +61,7 @@ your platform from our ### Generate a token -A join token is required to authorize a Teleport Application Service agent to +A join token is required to authorize a Teleport Application Service instance to join the cluster. Generate a short-lived join token and save it, for example, in `/tmp/token` on your Teleport Application Service host: diff --git a/docs/pages/application-access/guides.mdx b/docs/pages/application-access/guides.mdx index 216844fcde423..cde83da609723 100644 --- a/docs/pages/application-access/guides.mdx +++ b/docs/pages/application-access/guides.mdx @@ -6,17 +6,8 @@ layout: tocless-doc These guides explain basic Teleport Application Access usage. - - - How to use Teleport for Application Access. - - - How to access REST APIs with Teleport Application Access. - - - How to access AWS Management Console with Teleport Application Access. - - - Register/unregister apps without restarting Teleport. - - +- [Web App Access](./guides/connecting-apps.mdx): How to access web apps with Teleport Application Access. +- [TCP App Access (Preview)](./guides/tcp.mdx): How to access plain TCP apps with Teleport Application Access. +- [API Access](./guides/api-access.mdx): How to access REST APIs with Teleport Application Access. +- [AWS Access](./guides/aws-console.mdx): How to access AWS Management Console, AWS CLI, and AWS SDKs with Teleport Application Access. +- [Dynamic Registration](./guides/dynamic-registration.mdx): Register/unregister apps without restarting Teleport. diff --git a/docs/pages/application-access/guides/api-access.mdx b/docs/pages/application-access/guides/api-access.mdx index 7d45468932a50..25d75ec2258a1 100644 --- a/docs/pages/application-access/guides/api-access.mdx +++ b/docs/pages/application-access/guides/api-access.mdx @@ -57,7 +57,6 @@ $ tsh app login grafana # Logged into app grafana. Example curl command: $ curl \ - --cacert /Users/alice/.tsh/keys/teleport.example.com/certs.pem \ --cert /Users/alice/.tsh/keys/teleport.example.com/alice-app/cluster-name/grafana-x509.pem \ --key /Users/alice/.tsh/keys/teleport.example.com/alice \ https://grafana.teleport.example.com:3080 @@ -70,7 +69,11 @@ target application's API through Teleport App Access. type="note" title="CA and Key Pair Files" > - Note the paths to the CA certificate and your user's certificate/key pair in the command - `curl` will use a client certificate to authenticate with Teleport. + Note the paths to your user's certificate/key pair in the command - `curl` will use a client certificate to authenticate with Teleport. + + + The Teleport Proxy Service is usually configured with a wildcard certificate issued by a public certificate authority such as Let's Encrypt. If your Teleport Proxy Service has been configured to use a self-signed certificate instead, you will need to include it in your `curl` command using `--cacert `. + As Grafana's API requires authentication, let's update the `curl` command to @@ -79,7 +82,6 @@ call its `/api/users` endpoint: ```code $ curl --user admin:admin \ - --cacert /Users/alice/.tsh/keys/teleport.example.com/certs.pem \ --cert /Users/alice/.tsh/keys/teleport.example.com/alice-app/cluster-name/grafana-x509.pem \ --key /Users/alice/.tsh/keys/teleport.example.com/alice \ https://grafana.teleport.example.com:3080/api/users @@ -139,7 +141,6 @@ appropriate `curl` command. Using our Grafana `/api/users` example above: ```code $ curl --user admin:admin \ - --cacert $(tsh app config --format=ca) \ --cert $(tsh app config --format=cert) \ --key $(tsh app config --format=key) \ $(tsh app config --format=uri)/api/users diff --git a/docs/pages/application-access/guides/aws-console.mdx b/docs/pages/application-access/guides/aws-console.mdx index a5f81b35aad81..0abd552c916c3 100644 --- a/docs/pages/application-access/guides/aws-console.mdx +++ b/docs/pages/application-access/guides/aws-console.mdx @@ -1,40 +1,39 @@ --- -title: Access AWS Management Console With Teleport Application Access -description: How to access AWS Management Console with Teleport Application Access. +title: Access AWS With Teleport Application Access +description: How to access AWS with Teleport Application Access. videoBanner: GVcy_rffxQw --- -# AWS Management Console Access - Teleport can automatically sign your users into the AWS management console with -appropriate IAM roles. +appropriate IAM roles. Teleport also provides API access to AWS Command Line +Interface (CLI) or any applications using AWS SDKs like Terraform. This guide will explain how to: -- Connect your AWS account(s) to Teleport. -- Set up example AWS IAM Read Only and Power User roles. -- Use Teleport's role-based access control with AWS IAM roles. +- Access AWS Management Console through Teleport. - View Teleport users' AWS console activity in CloudTrail. - Access the AWS Command Line Interface (CLI) through Teleport. +- Access applications using AWS SDKs through Teleport. ## Prerequisites - A running Teleport cluster, either self hosted or in Teleport Cloud. -- A Teleport Node with Application Access enabled. Follow the [Getting Started](../getting-started.mdx) - or [Connecting Apps](./connecting-apps.mdx) guides to get it running. +- A host running the `teleport` daemon with Application Access enabled. Follow + the [Getting Started](../getting-started.mdx) or + [Connecting Apps](./connecting-apps.mdx) guides to get it running. - IAM permissions in the AWS account you want to connect. - AWS EC2 or other instance where you can assign a IAM Security Role for the Teleport Agent. - `aws` command line interface (CLI) tool in PATH. [Installing or updating the latest version of the AWS CLI ](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) -If using the Teleport agent deployed in AWS EKS, you cannot use Helm chart +If using Teleport deployed in AWS EKS, you cannot use Helm chart annotations to specify the IAM permissions; you must associate the policy with the cluster role for the worker nodes. Otherwise, you will receive "400 Bad Request" errors from AWS. -## Step 1. [Optional] Configure Read Only and Power User roles +## Step 1/9. [Optional] Configure Read Only and Power User roles AWS provides the `ReadOnlyAccess` and `PowerUserAccess` IAM policies that can be incorporated into roles. **Skip this step** if you already have the roles you want to provide access to. @@ -69,7 +68,7 @@ Enter a role name and press create role. Follow the same steps and select `PowerUserAccess` IAM Policy to create a `ExamplePowerUser` role. -## Step 2. Update IAM role trust relationships +## Step 2/9. Update IAM role trust relationships This step is only required if you are allowing access from another account. The trust relationship will already exist for the same account. @@ -107,7 +106,7 @@ From the EC2 dashboard select Actions -> Security -> Modify IAM Role. Do this for each IAM role your Teleport users will need to assume. -## Step 3. Give Teleport permissions to assume roles +## Step 3/9. Give Teleport permissions to assume roles Next, create a Role using this IAM policy to allow Teleport to assume IAM roles: @@ -134,7 +133,7 @@ is using. ![AWS Attach Security Role](../../../img/application-access/attach-security-role.png) -## Step 4. Configure Teleport IAM role mapping +## Step 4/9. Configure Teleport IAM role mapping The next step is to give your Teleport users permissions to assume IAM roles. @@ -159,7 +158,7 @@ The `aws_role_arns` field supports template variables so they can be populated dynamically based on your users' identity provider attributes. See [Role Templates](../../access-controls/guides/role-templates.mdx) for details. -## Step 5. Register AWS console application in Teleport +## Step 5/9. Register AWS console application in Teleport Add AWS management console to your application service configuration: @@ -221,12 +220,22 @@ app_service: labels: aws_account_id: "0987654321" env: prod + - name: "awsconsole-third-party" + uri: "https://console.aws.amazon.com/ec2/v2/home" + labels: + aws_account_id: "1234554321" + aws: + external_id: "example-external-id" ``` When showing available IAM roles, Teleport will display only role ARNs that belong to the specific account. -## Step 6. Connect to AWS console with assumed IAM role +For AWS accounts that require external IDs for accessing their resources, set +the `external_id` field, which the Application Service uses when assuming the +AWS roles in these accounts. + +## Step 6/9. Connect to AWS console with assumed IAM role Navigate to the Applications tab in your Teleport cluster's control panel and click on the Launch button for the AWS console application which will bring up @@ -245,11 +254,11 @@ federated login and the name of your assumed IAM role: Note that your federated login session is marked with your Teleport username. - If the Teleport agent is running with [temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html), + If Teleport is running with [temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html), the management console session will be limited to a maximum of one hour. -## Step 7. Use CloudTrail to see Teleport user activity +## Step 7/9. Use CloudTrail to see Teleport user activity To view CloudTrail events for your federated sessions, navigate to the CloudTrail [dashboard](https://console.aws.amazon.com/cloudtrail/home) and go to "Event history". @@ -259,7 +268,7 @@ username which you can search for to get the events history: ![CloudTrail](../../../img/application-access/cloud-trail.png) -## Step 8. Using AWS CLI +## Step 8/9. Access AWS CLI Before beginning this step, make sure that the `aws` command line interface (CLI) tool is installed in PATH. For more information, read [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html). @@ -287,6 +296,55 @@ To log out of the aws application and remove credentials: $ tsh app logout awsconsole-test ``` +## Step 9/9. Access applications using AWS SDKs + +First, log into the previously configured console app if you haven't already +done so: + +```code +$ tsh app login --aws-role ExamplePowerUser awsconsole-test +``` + +Now, use the following command to start a local HTTPS proxy server your +applications will be connecting to: + +```code +$ tsh proxy aws -p 23456 +Started AWS proxy on http://127.0.0.1:23456. + +Use the following credentials and HTTPS proxy setting to connect to the proxy: + AWS_ACCESS_KEY_ID= + AWS_SECRET_ACCESS_KEY= + AWS_CA_BUNDLE= + HTTPS_PROXY=http://127.0.0.1:23456 +``` + +Use the displayed AWS credentials and HTTPS proxy settings when configuring +your application. + +It is important to check how AWS credentials and HTTPS proxy setting can be +configured for your application. For example, many command line tools like +`terraform` or `eksctl` support setting the above AWS credentials and the HTTPS +proxy using environment variables: + +```code +$ export AWS_ACCESS_KEY_ID= +$ export AWS_SECRET_ACCESS_KEY= +$ export AWS_CA_BUNDLE= +$ export HTTPS_PROXY=http://127.0.0.1:23456 +$ terraform plan +``` + +If you are developing your own applications using AWS SDKs, some SDKs may +require extra environment variables (e.g. `AWS_SDK_LOAD_CONFIG=true` for AWS +SDK for Go v2) or require configuring the HTTPS proxy through code (e.g. AWS +SDK for JavaScript). + +To log out of the AWS application and remove credentials: + +```code +$ tsh app logout awsconsole-test +``` ## Next steps diff --git a/docs/pages/application-access/guides/connecting-apps.mdx b/docs/pages/application-access/guides/connecting-apps.mdx index 83e2050a5ce91..1333d6f4c5a1f 100644 --- a/docs/pages/application-access/guides/connecting-apps.mdx +++ b/docs/pages/application-access/guides/connecting-apps.mdx @@ -1,10 +1,8 @@ --- -title: Use Teleport for Application Access +title: Web Application Access description: How to configure Teleport for Application Access. --- -# Connecting Web Applications - Download the latest version of Teleport for your platform from our [downloads page](https://goteleport.com/teleport/download) and follow the installation [instructions](../../installation.mdx). @@ -41,6 +39,10 @@ join the cluster. Generate a short-lived join token and save it for example in `/tmp/token`: ```code +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. +$ tsh login --user=myuser --proxy=teleport.example.com $ tctl tokens add \ --type=app \ --app-name=grafana \ @@ -101,7 +103,7 @@ Install Teleport: (!docs/pages/includes/install-linux.mdx!) -A Teleport Application Proxy agent can be started with a single CLI command: +You can start the Teleport Application Service with a single CLI command: ```code $ sudo teleport start \ @@ -281,7 +283,7 @@ requests forwarded to a web application. Headers injected this way override any headers with the same names that may be sent by an application. The following headers are reserved and can't be -rewritten: `X-Teleport-Jwt`, `Cf-Access-Token`, `X-Forwarded-*`. +rewritten: `Teleport-Jwt-Assertion`, `Cf-Access-Token`, and any `X-Forwarded-*`. Rewritten header values support the same templating variables as [role templates](../../access-controls/guides/role-templates.mdx). In the example above, `X-Internal-Trait` header will be populated with the value diff --git a/docs/pages/application-access/guides/dynamic-registration.mdx b/docs/pages/application-access/guides/dynamic-registration.mdx index fb9252734298e..3b2f5f8f96ad1 100644 --- a/docs/pages/application-access/guides/dynamic-registration.mdx +++ b/docs/pages/application-access/guides/dynamic-registration.mdx @@ -85,8 +85,9 @@ To create an application resource, run: ```code -# Log in to your Teleport cluster so you can use tctl remotely. -# You can also run tctl on your Auth Service host. +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. $ tsh login --proxy=teleport.example.com --user=myuser $ tctl create app.yaml ``` @@ -104,8 +105,8 @@ $ tctl create app.yaml After the resource has been created, it will appear among the list of available -apps (in `tsh app ls` or UI) as long as at least one application agent picks it -up according to its label selectors. +apps (in `tsh app ls` or UI) as long as at least one Application Service +instance picks it up according to its label selectors. To update an existing application resource, run: diff --git a/docs/pages/application-access/guides/tcp.mdx b/docs/pages/application-access/guides/tcp.mdx new file mode 100644 index 0000000000000..c94c309ef41c5 --- /dev/null +++ b/docs/pages/application-access/guides/tcp.mdx @@ -0,0 +1,152 @@ +--- +title: TCP Application Access (Preview) +description: How to configure Teleport for accessing plain TCP apps +--- + +Teleport can provide access to any TCP-based application. This allows users to +connect to applications which Teleport doesn't natively support such as SMTP +servers or databases not yet natively supported in Database Access. + +## Prerequisites + +(!docs/pages/includes/edition-prereqs-tabs.mdx!) + +(!docs/pages/includes/tctl.mdx!) + +- TCP application to connect to. In this guide we'll use a PostgreSQL running + in Docker as an example. You can also use any TCP-based application you may + already have. +- Host where you will run the Teleport Application Service. + +We will assume your Teleport cluster is accessible at `teleport.example.com` +and `*.teleport.example.com`. You can substitute the address of your Teleport +Proxy Service. (For Teleport Cloud customers, this will be similar to +`mytenant.teleport.sh`.) + + +(!docs/pages/includes/dns-app-access.mdx!) + + +## Step 1/4. Start PostgreSQL container + +Skip this step if you already have an application you'd like to connect to. + +Start a PostgreSQL server in a Docker container: + +```code +$ docker run --name postgres -p 5432:5432 -e POSTGRES_PASSWORD= -d postgres +``` + +## Step 2/4. Start Teleport Application Service + +Teleport Application Service requires a valid auth token to join the cluster. + + +To generate one, run the following command on your Auth Service node: + +```code +$ tctl tokens add --type=app +``` + +Next, create a Teleport user with the `access` role that will allow it to +connect to cluster applications: + +```code +$ tctl users add --roles=access alice +``` + + + +To generate one, log into your Cloud tenant and run the following command: + +```code +$ tsh login --proxy=mytenant.teleport.sh +$ tctl tokens add --type=app +``` + + +Save the generated token in `/tmp/token` on the node where Application Service +will run. + +Now, install Teleport on the Application Service node. It must be able to reach +both your Teleport Proxy and the TCP application it's going to proxy. + +(!docs/pages/includes/install-linux.mdx!) + +Create the Application Service configuration file `/etc/teleport.yaml` with +the following contents: + +```yaml +teleport: + auth_token: "/tmp/token" + auth_servers: + - teleport.example.com:3080 +auth_service: + enabled: "no" +ssh_service: + enabled: "no" +proxy_service: + enabled: "no" +app_service: + enabled: "yes" + apps: + - name: "tcp-app" + uri: tcp://localhost:5432 +``` + +Note that the URI scheme must be `tcp://` in order for Teleport to recognize +this as a TCP application. + +Start Teleport: + +```code +$ teleport start +``` + +## Step 3/4. Start app proxy + +Log into your Teleport cluster and view available applications: + +```code +$ tsh login --proxy=teleport.example.com +$ tsh app ls +Application Description Type Public Address Labels +----------- ------------- ---- -------------------------------- ----------- +tcp-app TCP tcp-app.root.gravitational.io +``` + +Your TCP application should show up and be denoted with a `TCP` type. + +Now log into the application: + +```code +$ tsh app login tcp-app +Logged into TCP app tcp-app. Start the local TCP proxy for it: + + tsh proxy app tcp-app + +Then connect to the application through this proxy. +``` + +Next, start a local proxy for it: + +```code +$ tsh proxy app tcp-app +Proxying connections to tcp-app on 127.0.0.1:55868 +``` + +The `tsh proxy app` command will set up a listener that will proxy all connections to +the target application. + +## Step 4/4. Connect + +Once the local proxy is running, you can connect to the application using the +application client you would normally use to connect to it: + +```code +$ psql postgres://postgres@localhost:55868/postgres +``` + +## Next steps + +* Learn about [access controls](../controls.mdx) for applications. diff --git a/docs/pages/application-access/introduction.mdx b/docs/pages/application-access/introduction.mdx index 3f4c4fb2e0f54..ea195a7084ae6 100644 --- a/docs/pages/application-access/introduction.mdx +++ b/docs/pages/application-access/introduction.mdx @@ -43,23 +43,12 @@ Get started with Application Access in a 10 minute [guide](./getting-started.mdx These guides explain basic Teleport Application Access usage. - - - How to use Teleport for Application Access. - - - How to access REST APIs with Teleport Application Access. - - - How to access AWS Management Console with Teleport Application Access. - - - Register/unregister apps without restarting Teleport. - - - Try Teleport using our guided Teleport Application Access lab. - - +- [Web App Access](./guides/connecting-apps.mdx): How to access web apps with Teleport Application Access. +- [TCP App Access (Preview)](./guides/tcp.mdx): How to access plain TCP apps with Teleport Application Access. +- [API Access](./guides/api-access.mdx): How to access REST APIs with Teleport Application Access. +- [AWS Access](./guides/aws-console.mdx): How to access AWS Management Console, AWS CLI, and AWS SDKs with Teleport Application Access. +- [Dynamic Registration](./guides/dynamic-registration.mdx): Register/unregister apps without restarting Teleport. +- [Interactive Lab](https://play.instruqt.com/teleport/invite/rgvuva4gzkon): Try Teleport using our guided Teleport Application Access lab. ## JWT guides @@ -67,14 +56,8 @@ These guides explain how web apps behind Teleport Application Access can leverage Teleport-signed JWT tokens to implement authentication and authorization. - - - Introduction to JWT tokens with Application Access. - - - How to use JWT authentication with Elasticsearch. - - +- [Introduction](./jwt/introduction.mdx): Introduction to JWT tokens with Application Access. +- [Elasticsearch](./jwt/elasticsearch.mdx): How to use JWT authentication with Elasticsearch. ## Example legacy apps diff --git a/docs/pages/application-access/jwt.mdx b/docs/pages/application-access/jwt.mdx index 25ba0d108e8d9..111de4329ee3d 100644 --- a/docs/pages/application-access/jwt.mdx +++ b/docs/pages/application-access/jwt.mdx @@ -8,11 +8,5 @@ These guides explain how web apps behind Teleport Application Access can leverage Teleport-signed JWT tokens to implement authentication and authorization. - - - Introduction to JWT tokens with Application Access. - - - How to use JWT authentication with Elasticsearch. - - +- [Introduction](./jwt/introduction.mdx): Introduction to JWT tokens with Application Access. +- [Elasticsearch](./jwt/elasticsearch.mdx): How to use JWT authentication with Elasticsearch. diff --git a/docs/pages/application-access/reference.mdx b/docs/pages/application-access/reference.mdx index 0eee16d52d4c5..86bd14a094a33 100644 --- a/docs/pages/application-access/reference.mdx +++ b/docs/pages/application-access/reference.mdx @@ -53,6 +53,10 @@ app_service: - name: "hostname" command: ["hostname"] period: 1m0s + # Optional AWS-specific configurations. + aws: + # External ID used when assuming AWS roles for this application. + external_id: "example-external-id" ``` ## Application resource @@ -100,8 +104,9 @@ assume that you have created a YAML file called `app.yaml` with your configurati ```code -# Log in to your Teleport cluster. -# You can also run tctl on your Auth Service host. +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. $ tsh login --proxy=teleport.example.com --user=myuser # Create the resource $ tctl create -f app.yaml @@ -111,7 +116,7 @@ $ tctl create -f app.yaml ```code -# Log in to your Teleport cluster. +# Log in to your cluster with tsh so you can use tctl from your local machine. $ tsh login --proxy=mytenant.teleport.sh --user=myuser # Create the resource. $ tctl create -f app.yaml diff --git a/docs/pages/architecture/authentication.mdx b/docs/pages/architecture/authentication.mdx index 61d9e6a7a0e31..5727f9938f95a 100644 --- a/docs/pages/architecture/authentication.mdx +++ b/docs/pages/architecture/authentication.mdx @@ -1,230 +1,167 @@ --- -title: Teleport Authentication Service, SSH, and Kubernetes certificates -description: This chapter explains the concept of a Teleport Auth Service and Certificate Authority (CA) to issue SSH and Kubernetes certificates. -h1: Teleport Authentication Service +title: Teleport Authentication +description: This chapter explains how Teleport uses certificate authorities to authenticate users and services. +h1: Teleport Authentication with Certificates --- -This document outlines the Teleport Authentication Service and Certificate -Management. It explains how Users and Nodes are identified and granted access to -Nodes and Services. +## Authentication -## Authentication vs. Authorization +Teleport handles both authentication and authorization. -Teleport Auth handles both authentication and authorization. These topics are -related but different, and they are often discussed jointly as "Auth". +- Authentication is about proving an identity of a user or a service. +- Authorization is proving access rights to something. -**Authentication** is proving an identity. "I say I am Bob, and I really am Bob. -See look I have Bob's purple hat." The job of an Authentication system is to -define the criteria by which users must prove their identity. Is having a purple -hat enough to show that a person is Bob? Maybe, maybe not. To identify users and -nodes to Teleport Auth, we require them to present a cryptographically-signed -certificate issued by the Teleport Auth Certificate Authority. +This article covers authentication with short-lived certificates. -**Authorization** is proving access to something: "Bob has a purple hat, but -also a debit card and the correct PIN code. Bob can access a bank account with -the number 814000001344. Can Bob get $20 out of the ATM?" The ATM's Authentication system would validate Bob's PIN Code, while the Authorization system would use a stored mapping from Bob to account #814000001344 to decide -whether Bob could withdraw cash. Authorization defines and determines -permissions that users have within a system, such as access to cash within a -banking system, or data in a filesystem. Before users are granted access to -nodes, the Auth Service checks their identity against a stored mapping in a -database. +## Short-Lived Certificates -![Authentication and Authorization](../../img/authn_authz.svg) +Certificate Authorities and short-lived certificates are the core of Teleport authentication. +In Teleport at the start of every connection, a user or a service has to present a valid certificate issued by +a trusted certificate authority. Clients always initiate mutual TLS or mutual SSH connections. -## SSH certificates +Teleport Certificate Authority issues short-lived x.509 certificates for web services, databases, kubernetes clusters, +desktops and SSH certificates for OpenSSH-compatible servers. -One can think of an SSH certificate as a "permit" issued and time-stamped by a -trusted authority. In this case, the authority is the Auth Server's Certificate -Authority. A certificate contains four important pieces of data: +### Why certificates? -1. List of principals (identities) this certificate belongs to. -2. Signature of the certificate authority who issued it. -3. The expiration date, also known as "time-to-live" or simply TTL. -4. Additional data, such as the node role, is stored as a certificate extension. - -## Authentication in Teleport - -Teleport uses SSH certificates to authenticate nodes and users within a cluster. +- Certificates are tied to user or service identity. Any connection and action can be traced back to a user +or a service. +- Short-lived certificates automatically expire, there is no need to revoke them. +- Certificates solve trust on first use (TOFU) problems. In a Teleport cluster, all servers have +identities and certificates of their own. They will not allow a connection if a client certificate is signed by an +untrusted certificate authority. +- Certificates enable mutually authenticated channel - mTLS, mTLS mitigates a wide range of attacks - spoofing, on-path attacks, credential stuffing and others. +- Certificates work better for large-scale deployments. Each server or service just needs to validate +if the certificate has been signed with a valid certificate authority, and does not need to copy user +credentials over to every service. -Two CAs are used inside the Auth Server because nodes and users each need their own certificates. {/* TODO: Why? */} + +Teleport issues certificates that are good from a few hours to minutes before they auto-expire without any action. +The shorter the duration for these certificates, the better. +Ideally, certs should be issued only for the duration of a session. +In practice, several hours or the duration of the workday are OK too. +The expiry date in certificates can not be forged +without invalidating the certificates, so any system can validate the certificate. + -- The **Node CA** issues certificates which identify a node (i.e. host, server, - computer). These certificates are used to add new nodes to a cluster and identify connections coming from the node. -- The **User CA** issues certificates which identify a User. These certificates are used to authenticate users when they try to connect to a cluster node. +### X.509 certificates -### Issuing Node certificates +X.509 certificates are the same certificates you use when accessing websites with a browser. They bind +identity to the public key with a certificate authority's signature. -Node Certificates identify a node within a cluster and establish the permissions -of the node to access other Teleport services. The presence of a signed -certificate on a node makes it a cluster member. - -![Node Joins Cluster](../../img/node_join.svg) - -1. To join a cluster for the first time, a node must present a "join token" to the auth server. The token can be static (configured via config file) or a dynamic, single-use token generated by [`tctl nodes add`](../setup/reference/cli.mdx#tctl-nodes-add). - - - When using dynamic tokens, their default time to live (TTL) is 30 - minutes, but it can be reduced (not increased) via - [`tctl nodes add --ttl`](../setup/reference/cli.mdx#tctl-nodes-add) flag. - - -2. When a new node joins the cluster, the auth server generates a new public/private keypair for the node and signs its certificate. This node certificate contains the node's role(s) (`proxy`, `auth` or `node`) as a certificate extension (opaque signed string). - -### Using Node certificates - -![Node Authorization](../../img/node_cluster_auth.svg) -All nodes in a cluster can connect to the [Auth Server's API](#auth-api) {/* Docs about this */} -implemented as an HTTP REST service running over the SSH -tunnel. This API connection is authenticated with the node certificate and the -encoded role is checked to enforce access control. For example, a client -connection using a certificate with only the `node` role won't be able to add -and delete users. This client connection would only be authorized to get auth -servers registered in the cluster. +![x.509 certs](../../img/architecture/x509-cert@2x.svg) -### Issuing user certificates + -![Client obtains new certificate](../../img/cert_invalid.svg) +Teleport uses x.509 certificates for Kubernetes, databases, web services and its own internal +components - proxies, auth services to establish mutually authenticated TLS connections - mTLS. -The Auth Server uses its User CA to issue user certificates. User certificates -are stored on a user's machine in the `~/.tsh/keys/example.com` directory or also -by the system's SSH agent if it is running. +### OpenSSH certificates -1. To get permission to join a cluster for the first time a user must provide their username, password, and 2nd-factor token. Users can log in with [`tsh login`](../setup/reference/cli.mdx#tsh-login) or via the Web UI. The Auth server checks the username and password against its identity storage and checks the 2nd-factor token. -2. If the correct credentials were offered, the Auth Server will generate a signed certificate and return it to the client. For users, certificates are stored in `~/.tsh` by default. If the client uses the Web UI the signed certificate is associated with a secure WebSocket session. +OpenSSH certificates are similar to X.509 (web) certificates and also bind identity of the user or a server +to the public key with a certificate authority's signature. -In addition to a user's identity, user certificates also contain user roles and -SSH options, like "permit-agent-forwarding" {/* TODO: link to config/set options here */}. -This additional data is stored as a certificate extension and is protected by -the CA signature. +
-### Using user certificates +![SSH certs](../../img/architecture/ssh-cert@2x.svg) -![Client offers valid certificate](../../img/user_auth.svg) +
-When a client requests access to a node cluster, the Auth Server first checks -that a certificate exists and hasn't expired. If it has expired, the client must -re-authenticate with their username, password, and 2nd factor. If the -certificate is still valid, the Auth Server validates the certificate's -signature. The client is then granted access to the cluster. From here, the -[Proxy Server](proxy.mdx) establishes a connection between client and node. +OpenSSH certificate contain metadata used to authenticate users and hosts: -## Certificate rotation +1. List of principals (identities) this certificate belongs to. +2. Signature of the certificate authority who issued it. +3. The expiration date, also known as "time-to-live" or simply TTL. +4. Additional data, such as the node role, is stored as a certificate extension. -By default, all user certificates have an expiration date, also known as the *time to live *(TTL). This TTL can be configured by a Teleport administrator. However, the node certificates issued by an Auth Server are valid indefinitely by default. +### Making Time Work For You -Teleport supports certificate rotation, i.e. the process of invalidating all -previously-issued certificates for nodes *and* users regardless of their TTL. -Certificate rotation is triggered by [`tctl auth -rotate`](../setup/reference/cli.mdx#tctl-auth-rotate). When this command is invoked by a Teleport -administrator on one of a cluster's Auth Servers, the following happens: +Expiry is a feature of certificates that makes time work in favor of security. +SSH and X.509 certificates include an optional expiry date that is verified by +servers in addition to a signature. -1. A new certificate authority (CA) key is generated. -2. The old CA will be considered valid *alongside* the new CA for a while. This period is called a *grace period*. {/* TODO: Link to config/defaults. */} -3. During the grace period, all previously issued certificates will be considered valid, assuming their TTL isn't expired. -4. After the grace period is over, the certificates issued by the old CA are no longer accepted. +
-This process is repeated twice, once for the node CA and once for the user CA. +![Short lived certs](../../img/architecture/ssh-cert-short-lived@1.5x.svg) -Take a look at the [Certificate Rotation Guide](../setup/operations/ca-rotation.mdx) to -learn how to do certificate rotation in practice. +
-## Auth API +In the diagram above, Alice gets a short lived SSH certificate, but the same rules apply to +X.509 certificates issued by Teleport and used for Kubernetes, Databases, Web Apps and Desktops. -{ - /* TODO: Can we say more about this, abstract of routes provided */ -} +Teleport issues certificates that are good from a few hours to minutes before they auto-expire without any action. +Instead of distributing revocation lists, Teleport relies on time to do the job for us. -Clients can also connect to the auth API through the Teleport proxy to use a limited subset of the API to discover the member nodes of the cluster. + +In some cases, certificate expiration is not fast enough, and all sessions have to be terminated immediately, +for example during active security incident. +For those cases, Teleport Proxy can terminate live connections using [session and identity locking](../access-controls/guides/locking.mdx). + -## Auth state +### Short-lived Certs For Users -The Auth service maintains state using a database of users, credentials, -certificates, and audit logs. The default storage location is -`/var/lib/teleport` or an [admin-configured storage destination](../setup/reference/backends.mdx). +To issue a certificate to a user, Teleport opens login screen, issues a cert and delivers it back to a user's computer: -There are three types of data stored by the auth server: +We recommend using SSO with GitHub, Okta or any other identity provider and get a cert. -- - **Cluster State** The auth server stores its own keys in a cluster state storage. All of cluster dynamic configuration is stored there as well, including: - - Node membership information and online/offline status for each node. - - List of active sessions. - - List of locally stored users - - RBAC configuration (roles and permissions). - - Other dynamic configuration. -- **Audit Log** When users log into a Teleport cluster, execute remote commands, and log out, that activity is recorded in the audit log. See Audit Log for more details. More on this in the [Audit Log section](../setup/reference/audit.mdx). -- **Recorded Sessions** When Teleport users launch remote shells via `tsh ssh` command, their interactive sessions are recorded and stored by the auth server. Each recorded session is a file that is saved in /var/lib/teleport by default but can also be saved in external storage, like an AWS S3 bucket. +
+ +![SSO exchange for short-lived certs](../../img/architecture/idp-sso-traits@1.5x.svg) +
-## Audit log +### Short-lived Certs for Services -The Teleport auth server keeps the audit log of SSH-related events that take -place on any node within a Teleport cluster. Each node in a cluster emits audit -events and submits them to the auth server. The events recorded include: +Deployment automation services, such as Jenkins, can use Teleport's Machine ID +service to receive and renew certificates. Teleport Machine ID's bot runs alongside +services and rotates SSH and X.509 certificates. -- Successful user logins -- Node IP addresses, Application, Database and Kubernetes FQDN -- Session time -- Session IDs +
+ +![Certificates for services](../../img/architecture/certs-machine-id@1.8x.svg) +
- - Because all SSH events like `exec` or `session_start` are by default reported by the Teleport node service, they will not be logged if you are using OpenSSH `sshd` daemon on your nodes. [Recording proxy mode](proxy.mdx#recording-proxy-mode) - +### Internal certificates -Only an SSH server can report what's happening to the Teleport auth server. -The audit log is a JSON file that is by default stored on the auth server's -filesystem under `/var/lib/teleport/log`. The format of the file is documented -in the [Admin Manual](../setup/reference/audit.mdx). +Teleport internal services - Auth, Proxy and Nodes use certificates to identify themselves +within a cluster. To join proxies and nodes to the cluster and receive certificates, admins should use +[short-lived tokens or cloud identity services](../management/admin/adding-nodes.mdx). -Teleport users are encouraged to export the events into external, long term -storage. +Unlike users and services, internal services receive long-lived certificates. - - If multiple Teleport auth servers are used - to service the same cluster (High Availability mode) a network file system must be used for - `/var/lib/teleport/log` to allow them to combine all audit events into the - same audit log. [Learn how to deploy Teleport in High Availability Mode.](../setup/reference/backends.mdx). - - -## Storage back-ends - -Different types of cluster data can be configured with different storage -back-ends as shown in the table below: - -| Data Type | Supported Back-ends | Notes | -| - | - | - | -| Cluster state | `dir`, `etcd`, `dynamodb`,`firestore` | Multi-server (High Availability) configuration is only supported using `etcd`, `dynamodb`, and `firestore` back-ends. | -| Audit Log Events | `dir`, `dynamodb`, `firestore` | If `dynamodb` is used for the audit log events, `s3` back-end **must** be used for the recorded sessions. | -| Recorded Sessions | `dir`, `s3` | `s3` is mandatory if `dynamodb` is used for the audit log. For Google Cloud storage use `audit_sessions_uri: 'gs://` | - - - The reason Teleport designers split the audit log events and the recorded sessions into different back-ends is because of the nature of the data. A recorded session is a compressed binary stream (blob) while the event is a well-defined JSON structure. `dir` works well enough for both in small deployments, but large clusters require specialized data stores: S3 is perfect for uploading session blobs, while DynamoDB or `etcd` are better suited to store the cluster state. - +To renew these certificates, admins should use certificate authority rotation, the process of invalidating all +previously-issued certificates for nodes or users regardless of expiry and issuing a new ones, +using a new certificate authority. -The combination of DynamoDB + S3 is especially popular among AWS users because -it allows them to run Teleport clusters completely devoid of local state. +Take a look at the [Certificate Rotation Guide](../management/operations/ca-rotation.mdx) to +learn how to do certificate rotation in practice. - - For High Availability in production, a Teleport cluster can be - serviced by multiple auth servers running in sync. Check [High Availability configuration](../setup/reference/backends.mdx) in the Admin Guide. - + +To quickly lock out the node, proxy or auth service that may be compromised without rotating the entire +cluster certificates, use node [session and identity locking](../access-controls/guides/locking.mdx). + ## More concepts - [Architecture Overview](overview.mdx) -- [Teleport Users](users.mdx) +- [Authorization](authorization.mdx) - [Teleport Nodes](nodes.mdx) - [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/authorization.mdx b/docs/pages/architecture/authorization.mdx new file mode 100644 index 0000000000000..8391071f9f1ed --- /dev/null +++ b/docs/pages/architecture/authorization.mdx @@ -0,0 +1,381 @@ +--- +title: Teleport Authorization +description: This chapter explains how Teleport authorizes users and roles. +h1: Teleport Authorization +--- + +## Authorization + +Teleport handles both authentication and authorization. + +- Authentication is about proving an identity of a user or a service. +- Authorization is proving access rights to something. + +This article covers authorization of users and services with RBAC. + +## Users and Roles + +Teleport supports several types of user accounts: + +- Interactive and non-interactive. +- Local and external. + +Each user is associated with one or several roles after successful authentication. + +### Interactive users + +Interactive users can be local or external. +Local user accounts store login credentials - password hash and MFA device data in Teleport's backend. +External user accounts authenticate with a third-party identity provider using SSO protocols - OAuth 2.0, OIDC or SAML. + +#### External users from SSO providers + +Let's review the example Alice who is authenticating using SSO provider of her organization +with Teleport: + +![Role mapping](../../img/architecture/role-mapping@1.5x.svg) + + +Every time SSO user logs in, Teleport creates a temporary user account record +that automatically expires with SSO session and logs audit log entries. + +Teleport creates this record to avoid name collisions with local users. + + +#### External users from other clusters + +A user could be external to the Teleport cluster, if another cluster or certificate authority issues a certificate +that this cluster trusts. In this case, Teleport activates [trusted cluster mapping logic](./trustedclusters.mdx#role-mapping). + +#### Local interactive users + +Local interactive users have a record in Teleport's backend with credentials. + +A cluster administrator have to create account entries for every Teleport user with +[`tctl users add`](../reference/cli.mdx) or API call. + +Every local Teleport User must be associated with a list of one or more roles. +This list is called "role mappings". + +### Non-interactive users + +Teleport supports non-interactive users for automation services, e.g. Jenkins or micro-services +running in your organization. + +### Local non-interactive users + +Local non-interactive users also have a user entry that maps their name to roles, +but they do not have credentials stored in the database. +Non-interactive users have to use Teleport's machine ID product to receive and renew certificates. +Teleport Machine ID's bot runs alongside services and rotates SSH and X.509 certificates on behalf +of non-interactive users: + +
+ +![Certificates for services](../../img/architecture/certs-machine-id@1.8x.svg) +
+ +### External non-interactive users + +External non-interactive users behave just like local ones, but it is another +cluster or certificate authority that issues certificates for them. + +They do not have local user records in Teleport backend. Teleport activates +[trusted cluster mapping logic](./trustedclusters.mdx#role-mapping) to support this use case. + +## Role Based Access Control + +Every Teleport user is assigned one or several roles that govern access to resources and Teleport's API. + +### Allow and Deny Rules + +Each Teleport role works by having two lists of rules: `allow` rules and `deny` rules: + +- Everything is denied by default. +- Deny rules get evaluated first and take priority. +- A rule consists of two parts: the resources and verbs. + +Here's an example of an allow rule describing a list verb applied to the sessions resource. +It means "allow users of this role to see a list of recorded SSH or Kubernetes sessions". + +```yaml +allow: + - resources: [session] + verbs: [list] +``` + +### Principals + +Roles define what principals (e.g. Linux OS users or Kubernetes group) users assigned +to the role are allowed to assume: + +```yaml +spec: + allow: + # The logins array defines the OS/UNIX logins a user is allowed to use. + logins: [ubuntu] + # Kubernetes groups defines what kubernetes groups a user is allowed to assume. + kubernetes_groups: [viewer] +``` + +In case if a user has many roles, the list of principals is merged in one set. + +### Labels + +Role labels define what resources rules in the role apply to. For example, let's +review a role that specifies access for SSH nodes and kubernetes clusters: + +```yaml +spec: + allow: + # List of node labels a user will be allowed to connect to: + node_labels: + # Regular expressions are also supported, for example, the equivalent + # of the list example above can be expressed as: + 'environment': '^test|staging$' + + kubernetes_labels: + # User can access any region in us-west, e.g us-west-1, us-west-2 + 'region': 'us-west-*' + 'cluster_name': '^us.*\.example\.com$' +``` + +Here is how labels, allow rules and principals are applied: + +- For `allow` rule to match, all labels in the rule should match, +for example, in the Kubernetes rule above, both `region` and `cluster_name` should match. +- For `deny` rule to match, any label in the rule could match. + +**Principals and labels** + +Let's assume Alice is assigned two roles: `dev` and `prod`: + +Dev role allows SSH access as `root` and unrestricted access to kubernetes as `system:masters` for +any kubernetes cluster or node with labels matching 'test' or 'stage'. + +```yaml +metadata: + name: dev +spec: + allow: + logins: [root] + kubernetes_groups: ['system:masters'] + # List of node labels a user will be allowed to connect to: + node_labels: + 'environment': ['test', 'stage'] + kubernetes_labels: + 'environment': ['test', 'stage'] +``` + +Prod role allows SSH access as `ubuntu` and `view` access to kubernetes for +any kubernetes cluster or node with labels matching 'prod' + +```yaml +metadata: + name: prod +spec: + allow: + logins: [ubuntu] + kubernetes_groups: ['view'] + node_labels: + 'environment': ['prod'] + kubernetes_labels: + 'environment': ['prod'] +``` + +Here is how Teleport will evaluate Alice's access: + +- Alice can SSH as root to server labeled as `test` or `stage` +- Alice can not SSH as root to server labeled as `prod`, because prod role +only allows access as `ubuntu` to `prod`-labeled servers. + +The same applies to Kubernetes: + +- Alice can access kubernetes cluster as `system:masters` if it's labeled as `test` or `stage`. +- Alice can access kubernetes clusters only as a `view` role if it's labeled as `prod`. + + +### Role templates + +Roles support template variables. Here is a role snippet that explains +how variables are interpolated. + +```yaml +spec: + # The allow section declares a list of resource/verb combinations that are + # allowed for the users of this role. By default, nothing is allowed. + allow: + # internal.logins - will be interpolated from local user's traits - + # properties you can assign when creating a user. + logins: ['{{internal.logins}}'] + + # kubernetes_groups specifies Kubernetes groups a user with this role will assume. + # You can refer to a SAML/OIDC trait via the "external" property bag. + # This allows you to specify Kubernetes group membership in an identity manager: + kubernetes_groups: ['{{external.groups}}'] +``` + + +Any role that uses variable interpolation is treated as a role template. +You can add interpolation to any role spec. + + +**Variable interpolation rules* + +- If `external.groups` is a list that contains `["dev", "prod"]` the expression `["{{external.groups}}"]` +will interpolate to list `["dev", "prod"]`. +- If `external.groups` is a variable that equals `"dev"` the expression `["{{external.groups}}"]` +will interpolate to `["dev"]`. +- If `external.groups` is missing, the expression `"{{external.groups}}"` will evaluate into empty string `""`. +You can use predicate language function calls in templates, e.g. `{{email.local(external.foo)}}`. +- You can combine string prefixes and values, for example: `"IAM#{{regexp.replace(external.foo, "^bar-(.*)$", "$1")}};"`. +- Invalid expressions will be ignored, e.g. `external.foo}}` will be skipped, just as invalid function calls. +- Invalid values will be omitted, for example `-foo` is not a valid Unix login, so if variable `external.foo` equals +`"-foo"`, it will be omitted in `logins: ["{{external.foo}}"]`. + +**How role templates are evaluated** + +Role templates are evaluated at the time of access to any resource either by proxy or node. +Every Teleport component - proxy, auth server or node has up to date copy of all roles. + +Let's review a case with the following role template: + +```yaml +metadata: + name: devs +spec: + allow: + kubernetes_groups: ["{{external.k8s_groups}}"] + kubernetes_labels: + "env": ["{{external.env}}"] +``` + +User Alice authenticates with Teleport and receives the following variables from +the identity provider: + +``` +k8s_groups: ["view", "edit"] +env: ["stage"] +``` + +These variables get encoded in the X.509 certificate as extensions. + +When proxy authorizes the attempt to connect to the Kubernetes cluster it interpolates +the role template and the variables, and gets: + +```yaml +metadata: + name: devs +spec: + allow: + kubernetes_groups: ["view", "edit"] + kubernetes_labels: + "env": ["stage"] +``` + +Finally, the proxy applies the resulting role to the kubernetes cluster Alice tries to +access and checks it against cluster. If the cluster has labels `"env": "stage"` +the attempt succeeds, otherwise it fails. + +### Role conditions + +The example below illustrate how to restrict session access only for the user who created the session +using role conditions: + +```yaml +kind: role +metadata: + name: only-own-sessions +spec: + allow: + rules: + # Users can only view session recordings for sessions in which they + # participated. + - resources: [session] + verbs: [list, read] + where: contains(session.participants, user.metadata.name) +``` + + +You can use `where` fields in all resource rules. Check out [the full role reference](../access-controls/reference.mdx) contains full role spec for details. + + +### Role options + +Alongside `allow` and `deny` rules, roles control a variety of options, for example: + +``` +kind: role +version: v5 +metadata: + name: relaxed +spec: + # options specify connection, in case if user has multiple non-default + # conflicting options, teleport chooses the least permissive value. + options: + # max_session_ttl defines the TTL (time to live) of certificates + # issued to the users with this role. + max_session_ttl: 8h + # lock sets locking mode for user of this role, + # valid values are "strict" or "best_effort" + lock: strict +``` + +In case if user has multiple roles that specify conflicting options, for example, +role `relaxed` sets the `max_session_ttl` to `8h` and `restricted` that sets `max_session_ttl` +to `4h`, most secure value will be used, in this case Teleport will choose to limit sessions to 4 hours. + +Teleport applies the same logic to other values, for example if two roles specify both `strict` and `best_effort` +options, Teleport will choose `strict` option. + +### Just in Time Access Requests + + + + + The full version of Just In Time Access Requests is available only in Teleport Cloud or Enterprise. + + + + +Roles allow requesting elevated privileges - other roles or individual resources. + +Roles control who can review requests for privileges and define how many approvals +or rejections are required: + +```yaml +spec: + allow: + # review_requests allows a user holding this role + # to approve or deny Access Requests + review_requests: + roles: ['dbadmin'] + + # request allows a user user request roles matching + # expressions below + request: + # the `roles` list can be a mixture of literals and wildcard matchers + roles: ['common', 'dev-*'] + # thresholds specifies minimum amount of approvers and deniers, + # defaults to 1 for both + thresholds: + # requires at least two qualifying approvers and at least one denier. + - approve: 2 + deny: 1 +``` + +## Next steps + +- [Access Control Reference](../access-controls/reference.mdx). +- [Teleport Predicate Language](../reference/predicate-language.mdx). +- [Access Requests Guides](../access-controls/access-requests.mdx) +- [Architecture Overview](overview.mdx) +- [Teleport Auth](authentication.mdx) +- [Teleport Nodes](nodes.mdx) +- [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/nodes.mdx b/docs/pages/architecture/nodes.mdx index 9fea6fb78e766..abcee79289015 100644 --- a/docs/pages/architecture/nodes.mdx +++ b/docs/pages/architecture/nodes.mdx @@ -1,43 +1,50 @@ --- -title: Teleport Nodes -description: This chapter explains the concept of a Teleport Node and Teleport manages SSH and Kubernetes nodes. -h1: Teleport Nodes +title: Teleport SSH Nodes +description: This chapter explains the concept of a Teleport Node and how Teleport manages SSH. +h1: Teleport SSH Nodes --- -Teleport calls any computing device (server, VM, AWS instance, etc) a "node". +## The SSH Node service -## The Node service +The Teleport Node service is optional. You can use it to replace OpenSSH on your infrastructure. +Here is why we recommend Teleport Node service instead of OpenSSH: -A node becomes a Teleport Node when the node joins a cluster with a "join" token. Read about how nodes are issued certificates in the [Auth Guide](authentication.mdx#issuing-node-certificates). +- The node service supports BPF recording of all syscalls, network calls and files accessed during SSH session. +- It can record terminal sessions. +- It provides automatic registration, certificate and certificate authority rotation, +- It can provision OS user and update sudoers files according to teleport roles. +- You can connect nodes to proxies with outbound persistent tunnels, for your IoT lab or remote infrastructure. -![Node joins a cluster](../../img/node_join.svg) +Just like with OpenSSH, the `node` service provides SSH access to every node with any clients supporting client SSH certificates: -A Teleport Node runs the [`teleport`](../setup/reference/cli.mdx#teleport) daemon with the `node` role. This process handles incoming connection requests, authentication, and remote command execution on the node, similar to the function of OpenSSH's `sshd`. +- [OpenSSH: `ssh`](../server-access/guides/openssh.mdx) +- [Teleport CLI client: `tsh ssh`](../reference/cli.mdx#tsh-ssh) +- [Teleport Proxy UI](./proxy.mdx) accessed via a web browser. +- Ansible and other SSH compatible clients. + +## Joining Nodes + +A node candidate becomes a Teleport Node when it joins a cluster and authenticates itself to receive cluster certificate. -![Node Service ping API](../../img/node_service_api.svg) +![Node joins a cluster](../../img/architecture/node-registration@1.2x.svg) -All cluster Nodes keep the Auth Server updated on their status with periodic ping messages. They report their IP addresses and the values of their assigned labels. Nodes can access the list of all Nodes in their cluster via the [Auth Server API](authentication.mdx#auth-api). +All cluster Nodes keep the Auth Server updated on their status with periodic ping messages. +They report their IP addresses and the values of their assigned labels. +Clients can access the list of all Nodes in their cluster via the Auth Server API or CLI. - In most environments, we advise replacing the OpenSSH daemon `sshd` with the Teleport Node Service unless there are existing workflows relying on `ssh` or in special cases such as embedded devices that can't run custom binaries. +Nodes can register with Auth servers directly, or use proxies to establish the connection to auth servers. +The latter is helpful if you have multiple proxies and nodes all over the world. -The `node` service provides SSH access to every node with all of the following clients: - -- [OpenSSH: `ssh`](../server-access/guides/openssh.mdx) -- [Teleport CLI client: `tsh ssh`](../setup/reference/cli.mdx#tsh-ssh) -- [Teleport Proxy UI](proxy.mdx#web-to-ssh-proxy) accessed via a web browser. - -Each client is authenticated via the [Auth Service](authentication.mdx#authentication-in-teleport) before being granted access to a Node. - -## Node identity on a cluster +## SSH Host certificate -Node Identity is defined on the Cluster level by the certificate a node possesses. +Node's identity is represented by SSH host certificate it receives after registering withing the cluster: -![Node Identity](../../img/node_identity.svg) +![Host certificate](../../img/architecture/ssh-host-cert@1.2x.svg) This certificate contains information about the node including: @@ -45,9 +52,9 @@ This certificate contains information about the node including: - A **nodename**, which defaults to `hostname` of the node, but can be configured. - The **cluster_name**, which defaults to the `hostname` of the auth server, but can be configured - The node **role** (i.e. `node,proxy`) encoded as a certificate extension -- The cert **TTL** (time-to-live) +- The cert **Expiry time** -A Teleport Cluster is a set of one or more machines whose certificates are signed by the same certificate authority (CA) operating in the Auth Server. A certificate is issued to a node when it joins the cluster for the first time. Learn more about this process in the [Auth Guide](authentication.mdx#authentication-in-teleport). +A Teleport Cluster is a set of one or more machines whose certificates are signed by the same certificate authority (CA) operating in the Auth Server. A certificate is issued to a node when it joins the cluster for the first time. +You can mix both modes in the same cluster, depending on your use case. +For example, you can have several IOT devices joining the cluster via reverse tunnel +and a large fleet of servers in the internal network using standard mode. + ## Cluster state Cluster state is stored in a central storage location configured by the Auth -Server. This means that each node is completely stateless and holds no secrets +Server. Each node (or proxy) is stateless and holds no secrets such as keys or passwords. -![Cluster State](../../img/cluster_state.svg) - -The cluster state information stored includes: +The cluster state includes: - Node membership information and online/offline status for each node. - List of active sessions. @@ -85,14 +99,14 @@ The cluster state information stored includes: - RBAC configuration (roles and permissions). - Dynamic configuration. -Read more about what is stored in the [Auth Guide](authentication.mdx#auth-state) - -## Session recording +## SSH Session recording By default, nodes submit SSH session traffic to the Auth server for storage. These recorded sessions can be replayed later via `tsh play` command or in a web browser. +### SSH node recording + Some Teleport users assume that audit and session recording happen by default on the Teleport proxy server. This is not the case in default configuration because a proxy cannot see the encrypted traffic, it is encrypted end-to-end, @@ -100,22 +114,44 @@ i.e. from an SSH client to an SSH server/node, see the diagram below: ![session-recording-diagram](../../img/session-recording.svg) -However, starting from Teleport 2.4, it is possible to configure the -Teleport proxy to enable "recording proxy mode". +### Proxy recording mode + +In this mode, the proxy terminates (decrypts) the SSH connection using the +certificate supplied by the client via SSH agent forwarding and then establishes +its own SSH connection to the final destination server, effectively becoming an +authorized "man in the middle". This allows the proxy server to forward SSH +session data to the auth server to be recorded, as shown below: + +![recording-proxy](../../img/recording-proxy.svg) + +The recording proxy mode, although *less secure*, was added to allow Teleport +users to enable session recording for OpenSSH's servers running `sshd`, which is +helpful when gradually transitioning large server fleets to Teleport. + +We consider the "recording proxy mode" to be less secure for two reasons: + +1. It grants additional privileges to the Teleport proxy. In the default mode, + the proxy stores no secrets and cannot "see" the decrypted data. This makes a + proxy less critical to the security of the overall cluster. But if an + attacker gains physical access to a proxy Node running in the "recording" + mode, they will be able to see the decrypted traffic and client keys stored in the proxy's process memory. +2. Recording proxy mode requires SSH Agent Forwarding. Agent Forwarding is required because without it, a proxy will not be able to establish the 2nd connection to the destination Node. + +However, there are advantages of proxy-based session recording too. When +sessions are recorded at the Nodes, a root user can add iptables rules to +prevent sessions logs from reaching the Auth Service. With sessions recorded at +the proxy, users with root privileges on Nodes have no way of disabling the +audit. -## Trusted Clusters +See the [reference](../reference/audit.mdx#recorded-sessions) to learn how to turn +on the recording proxy mode. Note that the recording mode is configured on the +Auth Service. -Teleport Auth Service can allow 3rd party users or nodes to connect to cluster -nodes if their certificates are signed by a trusted CA. A *trusted cluster* is -a public key of the trusted CA. It can be configured via `teleport.yaml` file. -{ - /* TODO: incomplete, write more on this */ -} ## More concepts - [Architecture Overview](overview.mdx) -- [Teleport Users](users.mdx) -- [Teleport Auth](authentication.mdx) +- [Teleport Authentication](authentication.mdx) +- [Teleport Authorization](authorization.mdx) - [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/overview.mdx b/docs/pages/architecture/overview.mdx index 704dfc46dbc85..cd3b3d9edf2ee 100644 --- a/docs/pages/architecture/overview.mdx +++ b/docs/pages/architecture/overview.mdx @@ -1,254 +1,133 @@ --- title: Teleport Architecture Overview -description: Basic concepts and architecture of Teleport. What is an SSH cluster? How certificate-based SSH authentication works? How does SSH auditing work? -h1: Architecture Introduction +description: High level overview of concepts and architecture of Teleport. +h1: Architecture Overview --- + This guide is for those looking for a deeper understanding of Teleport. If you are looking for hands-on instructions on how to set up Teleport for your team, -check out the [Admin Guide](../setup/admin.mdx) +check out the [Admin Guide](../management/admin.mdx) + ## What makes Teleport different -- Teleport replaces legacy keys and shared secrets with short-lived X.509 and SSH certificates - for services and users. -- It proxies and inspects SSH, Kubernetes, Web, and Database protocols. - For example for SSH, it controls the session from the start - and captures a session recording and in-kernel system calls using BPF. -- It removes a need for VPN and can connect multiple regions and organizations - in a decentralized network using mutual TLS and SSH tunnels. +- Teleport replaces legacy keys, passwords and shared secrets with short-lived X.509 and SSH certificates + for services and users accessing your infrastructure. +- It proxies and inspects SSH, Kubernetes, Web, Database and Desktop access protocols. +- It removes a need for VPN and connects multiple regions and organizations +in a decentralized network using mutual TLS and SSH tunnels. -## Design principles +## Core Components -Teleport was designed under the following principles: +The key concept of Teleport's architecture is a cluster. +A Teleport cluster consists of the Teleport Auth Service, Teleport Proxy Service and optional Teleport Agents. -- **Off the Shelf Security**: Teleport does not re-implement any security primitives and uses well-established, popular implementations of the encryption and network protocols. -- **Open Standards**: There is no security through obscurity. Teleport is fully - compatible with existing and open standards and other software, including - [OpenSSH](../server-access/guides/openssh.mdx). -- **Cluster-Oriented Design**: Teleport is built for managing clusters, not individual servers. In practice this means that hosts and users - have cluster memberships. Identity management and authorization happen on a - cluster level. -- **Built for Teams**: Teleport was created under the assumption of multiple teams operating on several disconnected clusters. Example use cases might be production-vs-staging environment, or a cluster-per-customer or cluster-per-application basis. +Cluster controls access to resources - Linux or Windows servers, databases, Kubernetes clusters, +Windows desktops, cloud services and consoles, internal web applications and services. -This doc introduces the basic concepts of Teleport so you can get started -managing access! + +To create a minimal Teleport cluster, you have to run two services: +Teleport Auth Service and Teleport Proxy Service. For your home lab, +you can run both services as a one binary and process. + -## Definitions - -Here are definitions of the key concepts you will use in Teleport. - -| Concept | Description | -| - | - | -| Node | A node is a "server", "host" or "computer". Users can create shell sessions to access nodes remotely. | -| User | A user represents someone (a person) or something (a machine) who can perform a set of operations on a node. | -| Cluster | A cluster is a group of nodes that work together and can be considered a single system. Cluster nodes can create connections to each other, often over a private network. Cluster nodes often require TLS authentication to ensure that communication between nodes remains secure and comes from a trusted source. | -| Certificate Authority (CA) | A Certificate Authority issues SSL certificates in the form of public/private keypairs. | -| [Teleport Node](nodes.mdx) | A Teleport Node is a regular node that is running the Teleport Node service. Teleport Nodes can be accessed by authorized Teleport Users. A Teleport Node is always considered a member of a Teleport Cluster, even if it's a single-node cluster. | -| [Teleport User](users.mdx) | A Teleport User represents someone who needs access to a Teleport Cluster. Users have stored usernames and passwords, and are mapped to OS users on each node. User data is stored locally or in an external store. | -| Teleport Cluster | A Teleport Cluster is comprised of one or more nodes, each of which holds certificates signed by the same [Auth Server CA](authentication.mdx). The CA cryptographically signs the certificate of a node, establishing cluster membership. | -| [Teleport CA](authentication.mdx) | Teleport operates two internal CAs as a function of the Auth service. One is used to sign User certificates and the other signs Node certificates. Each certificate is used to prove identity, cluster membership, and manage access. | - -## Teleport services - -Teleport uses three services which work together: [Nodes](nodes.mdx), -[Auth](authentication.mdx), and [Proxy](proxy.mdx). - -[**Teleport Nodes**](nodes.mdx) are servers that can be accessed remotely with -SSH. The Teleport Node service runs on a machine and is similar to the `sshd` -daemon you may be familiar with. Users can log in to a Teleport Node with all -of the following clients: - -- [OpenSSH: `ssh`](../server-access/guides/openssh.mdx) (works on Linux, macOS and Windows) -- [Teleport CLI client: `tsh ssh`](../setup/reference/cli.mdx#tsh-ssh) (works on Linux, macOS and Windows) -- [Teleport Proxy UI](proxy.mdx#web-to-ssh-proxy) accessed via any modern web browser (including Safari on iOS and Chrome on Android) - -[**Teleport Auth**](authentication.mdx) authenticates Users and Nodes, authorizes User -access to Nodes, and acts as a CA by signing certificates issued to Users and -Nodes. - -[**Teleport Proxy**](proxy.mdx) forwards User credentials to the [Auth -Service](authentication.mdx), creates connections to a requested Node after successful -authentication, and serves a [Web UI](proxy.mdx#web-to-ssh-proxy). - -## Basic architecture overview - -The numbers correspond to the steps needed to connect a client to a node. These -steps are explained below the diagram. +### Teleport Auth Service - - The teleport daemon calls services "roles" in the CLI - client. The `--roles` flag has no relationship to concept of [User Roles](users.mdx#user-roles) or - permissions. - - -![Teleport Overview](../../img/overview.svg) +The auth service controls certificate authority of the cluster. +It uses managed back-ends and HSM to store the certificate authority private keys. +The auth service issues certificates to clients and maintains the audit log. -1. Initiate Client Connection -2. Authenticate Client -3. Connect to Node -4. Authorize Client Access to Node - - - In the diagram above we show each Teleport service separately for clarity, but Teleport services do not have to run on separate nodes. - Teleport can be run as a binary on a single-node cluster with no external storage backend. We demonstrate this minimal setup in the [Getting Started Guide](../getting-started.mdx). - - -## Detailed architecture overview - -Here is a detailed diagram of a Teleport Cluster. - -The numbers correspond to the steps needed to connect a client to a node. These -steps are explained in detail below the diagram. - -![Teleport Everything](../../img/everything.svg) - -### 1: Initiate client connection - -![Client offers certificate](../../img/client_initiate.svg) - -The client tries to establish an SSH connection to a proxy using the CLI -interface or a web browser. When establishing a connection, the client offers -its certificate. Clients must always connect through a proxy for two reasons: - -1. Individual nodes may not always be reachable from outside a secure network. - -2. Proxies always record SSH sessions and keep track of active user sessions. - - This makes it possible for an SSH user to see if someone else is connected to - a node she is about to work on. -### 2: Authenticate client certificate +![Auth service](../../img/architecture/auth.png) -![Client offers valid certificate](../../img/cert_ok.svg) + -The proxy checks if the submitted certificate has been previously signed by the -auth server. + +The auth service uses HTTPS and accepts client certificates for authentication. +You don't have to deploy it on a private network, but it's a good practice to restrict network access to its port +for defense in depth. + -![Client obtains new certificate](../../img/cert_invalid.svg) +Here are some key facts about the auth service: -If there was no certificate previously offered (first time log in) or if the certificate has expired, the proxy denies the connection and asks the client to -login interactively using a password and a 2nd factor if enabled. +- It is the only service that has to be connected to the backend for audit and state storage. +All other services are stateless and always interact with auth service GRPC API, never +directly with the backend. +- This is why you can safely limit access to the backend to the auth service only. +- You can run multiple auth services in the cluster for high availability. -Teleport supports -[Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en), -[Authy](https://www.authy.com/), or another -[TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) -generator. The password + 2nd factor are submitted to a proxy via HTTPS, -therefore it is critical for a secure configuration of Teleport to install a -proper HTTPS certificate on a proxy. +### Teleport Proxy Service - - Do not use self-signed SSL/HTTPS certificates in production! - - -If the credentials are correct, the auth server generates and signs a new -certificate and returns it to the client via the proxy. The client stores this certificate -and will use it for subsequent logins. The certificate will automatically expire after -12 hours by default. This [TTL](https://en.wikipedia.org/wiki/Time_to_live) can be [configured](../setup/reference/cli.mdx#tctl-users-add) -to another value by the cluster administrator. - -### 3: Lookup Node - -![Node lookup](../../img/node_lookup.svg) - -At this step, the proxy tries to locate the requested node in a cluster. There -are three lookup mechanisms a proxy uses to find the node's IP address: - -1. Uses DNS to resolve the name requested by the client. -2. Asks the Auth Server if there is a Node registered with this `nodename`. -3. Asks the Auth Server to find a node (or nodes) with a label that matches the requested name. - -If the node is located, the proxy establishes the connection between the client -and the requested node. The destination node then begins recording the session, -sending the session history to the auth server to be stored. +The proxy service allows access to cluster resources from the outside. +It is the only service that has to be available from any user-facing network. +All public users and external services most of the time connect to the proxy. - - Teleport may also be configured to have the session recording - occur on the proxy, see [Audit Reference](../setup/reference/audit.mdx) for more - information. - - -### 4: Authenticate Node certificate - -![Node Membership Authentication](../../img/node_cluster_auth.svg) - -When the node receives a connection request, it checks with the Auth Server to -validate the node's certificate and validate the Node's cluster membership. - -If the node certificate is valid, the node is allowed to access the Auth Server -API which provides access to information about nodes and users in the cluster. - -### 5: Grant user Node access - -![User Granted Node Access](../../img/user_node_access.svg) -The node requests the Auth Server to provide a list of [OS users (user -mappings)](../setup/admin/users.mdx) for the connecting client, to make sure the client is -authorized to use the requested OS login. +![Proxy service](../../img/architecture/proxy.png) -Finally, the client is authorized to create an SSH connection to a node. + -![Proxy Connection Established](../../img/proxy_client_connect.svg) + +In its minimal configuration, the proxy service can multiplex all connections on one port and protocol, HTTPS. + -## Teleport CLI tools + +In some cases, e.g. break-glass recovery scenarios, and if allowed by configuration, clients can bypass proxies and +connect to resources with client certificates directly. Proxies add benefits, such as connection control, +routing and tunneling but are not a required component for connections! + -Teleport offers two command-line tools. `tsh` is a client tool used by the end -users, while `tctl` is used for cluster administration. +### Teleport Node Service -### `tsh` +The Teleport Node Service is optional. You can use it to replace OpenSSH on your infrastructure. +Here is why we recommend the Teleport Node Service instead of OpenSSH: -`tsh` is similar in nature to OpenSSH `ssh` or `scp`. It has -subcommands named after them so you can call: +- The Node Service supports BPF recording of all syscalls, network calls and files accessed during SSH session. +- It can record terminal sessions. +- It provides automatic registration, certificate and certificate authority rotation. +- It can provision OS user and update sudoers files according to teleport roles. +- You connect nodes to the proxy using outbound persistent tunnels, for your IoT lab or +remote infrastructure. -```code -$ tsh --proxy=p ssh -p 1522 user@host -$ tsh --proxy=p scp -P example.txt user@host/destination/dir -``` - -Unlike `ssh`, `tsh` is very opinionated about authentication: it always uses -auto-expiring certificates and it always connects to Teleport nodes via a proxy. - -When `tsh` logs in, the auto-expiring certificate is stored in `~/.tsh` and is -valid for 12 hours by default, unless you specify another interval via the -`--ttl` flag (capped by the server-side configuration). - -You can learn more about `tsh` in the [User Manual](../server-access/guides/tsh.mdx). - -### `tctl` - -`tctl` is used to administer a Teleport cluster. It connects to the Teleport -Auth Service and allows an administrator to manage Nodes, users, and other -resources in the cluster. +## Definitions -You can run `tctl` commands either remotely or on the Teleport Auth Service -host. When run remotely, `tctl` requires that the user authenticate to the -cluster. When run on the Auth Service host, `tctl` uses the identity of the Auth -Service itself, and does not require additional authentication. +Here are some of the key concepts we use in Teleport. -You can learn more about `tctl` in the [CLI Reference](../setup/reference/cli.mdx#tctl). +| Concept | Description | +| - | - | +| Certificate Authority (CA) | A Certificate Authority issues x.509 and SSH certificates in the form of public/private key pairs. | +| Teleport Cluster | A Teleport Cluster manages access to resources - databases, kubernetes clusters, servers, desktops, web apps and clouds.| +| Teleport Proxy Service | A proxy service allows access to cluster resources from the public network. It is the only service that has to be available from the public network.| +| Teleport Auth Service | The auth service manages certificate authorities of the cluster. It issues certificates to clients and maintains the audit log.| +| [Teleport CA](./authentication.mdx) | Teleport's Auth service operates multiple internal certificate authorities. One is used to sign User certificates and the other signs Node certificates. Each certificate is used to prove identity, cluster membership, and manage access.| +| [Teleport Users](./authorization.mdx) | A Teleport User represents a user or a service that needs access to resources behind Teleport Cluster. Users can be local or external, interactive for users and non-interactive for services. | +| [Teleport Node](./nodes.mdx) | A Teleport Node is an optional service to replace OpenSSH. | ## Next steps -- If you haven't already, read the [Getting Started Guide](../getting-started.mdx) to run a - minimal setup of Teleport yourself. -- Set up Teleport for your team with the [Admin Guide](../setup/admin.mdx). - Read the rest of the Architecture Guides: -- [Teleport Users](users.mdx) +- See how Teleport uses [Certificates](authentication.mdx) for authentication. +- [Teleport Authorization](authorization.mdx) - [Teleport Nodes](nodes.mdx) -- [Teleport Auth](authentication.mdx) - [Teleport Proxy](proxy.mdx) +- Reduce your surface of attack using [TLS routing](./tls-routing.mdx). + +Get started with Teleport: + +- Read the [Getting Started Guide](../getting-started.mdx) to run a Teleport yourself or +sign up for [Teleport cloud](https://goteleport.com/signup/). +- Set up Teleport for your team with the [Admin Guide](../management/admin.mdx). + + diff --git a/docs/pages/architecture/proxy.mdx b/docs/pages/architecture/proxy.mdx index 144338df5e26f..43688cc00cff5 100644 --- a/docs/pages/architecture/proxy.mdx +++ b/docs/pages/architecture/proxy.mdx @@ -1,125 +1,73 @@ --- title: Teleport Proxy Service -description: How Teleport implements SSH and Kubernetes access via a Proxy -h1: The Proxy Service +description: Architecture of Teleport's identity-aware proxy service +h1: Teleport Identity-Aware Proxy Service --- -The proxy is a stateless service that performs three main functions in a -Teleport cluster: +Teleport Proxy is a identity aware proxy, with a web UI. Here are Proxy's key features: -1. It serves as an authentication gateway. It asks for credentials from - connecting clients and forwards them to the Auth server via [Auth - API](authentication.mdx#auth-api). -2. It looks up the IP address for a requested Node and then proxies a connection - from client to Node. -3. It serves a Web UI that is used by cluster users to sign up and configure - their accounts, explore Nodes in a cluster, log into remote Nodes, join - existing SSH sessions or replay recorded sessions. +- Users can authenticate with a Single-Sign-On or local credentials to access SSH and Windows Desktops via Proxy's web UI. +- Proxy is identity aware - it makes sure that only authenticated clients can connect to target resources. +It intercepts traffic for multiple protocols - SSH, Kubernetes, HTTPS, databases. +It records commands, API calls and queries and streams them to the audit log. +- Proxy provides networking and connectivity features. Nodes and proxies behind firewalls can connect +to proxies using reverse tunnels. System administrators can use TLS routing feature to compress all ports for all protocols to one TLS port using TLS routing feature. -## Connecting to a Node +![Proxy service](../../img/architecture/proxy.png) -### Web to SSH Proxy + +To create a minimal Teleport cluster, you have run two services: +Teleport Auth Service and Teleport Proxy Service. For your home lab, +you can run both services as a one binary and process. + -In this mode, Teleport Proxy implements WSS - secure web sockets - to proxy a -client SSH connection: +## Web UI -![Teleport Proxy Web](../../img/proxy-web.svg) +In Web UI, Teleport Proxy implements WSS - secure web sockets - to proxy a +target resource, for example SSH server or Desktop: -1. User logs in to Web UI using username and password, and 2nd-factor token if configured (2FA Tokens are not used with SSO providers). -2. Proxy passes credentials to the Auth Server's API -3. If Auth Server accepts credentials, it generates a new web session and generates a special ssh keypair associated with this web session. Auth server - starts serving [OpenSSH ssh-agent protocol](https://tools.ietf.org/html/draft-miller-ssh-agent-04) to the proxy. -4. The User obtains an SSH session in the Web UI and can interact with the Node on a web-based terminal. From the Node's perspective, it's a regular SSH - client connection that is authenticated using an OpenSSH certificate, so no special logic is needed. +![Teleport Proxy Web](../../img/architecture/proxy-web-to-resource@1.2x.svg) - When using the web UI, the Teleport Proxy terminates SSL traffic and re-encodes data for the SSH client connection. + When using the web UI, the Teleport Proxy terminates traffic and re-encodes data for the client connection. -### CLI to SSH Proxy +## Identity-Aware-Proxy -**Getting Client Certificates** +In IAP mode, users initiate the SSO or login flow to sign public keys on their client machines: -Teleport Proxy implements a special method to let clients get short-lived -authentication certificates signed by the Certificate Authority (CA) provided by -the [Auth Service](authentication.mdx#authentication-in-teleport). - -![Teleport Proxy SSH](../../img/proxy-ssh-1.svg) - -1. A [`tsh` client](../setup/reference/cli.mdx#tsh) generates an OpenSSH key pair. It forwards the generated public key, username, password, and second-factor token to the proxy. -2. The Proxy Service forwards the request to the Auth Service. -3. If Auth Service accepts credentials, it generates a new certificate signed by its user CA and sends it back to the Proxy Server. The certificate has a TTL - that defaults to 12 hours but can be configured in [`tctl`](../setup/reference/cli.mdx#tctl). -4. The Proxy Server returns the user certificate to the client and the client stores it in `~/.tsh/keys/example.com`. The certificate is also added to the local SSH agent if one is running. - -**Using Client Certificates** - -Once the client has obtained a certificate, it can use it to authenticate with -any Node in the cluster. Users can use the certificate using a standard OpenSSH -client `ssh` or using `tsh`: - -![Teleport Proxy Web](../../img/proxy-ssh-2.svg) - -1. A client connects to the Proxy Server and provides target Node's host and port location. There are three lookup mechanisms a proxy uses to find the - Node's IP address: - - - Use DNS to resolve the name requested by the client. - - Asks the Auth Service if there is a Node registered with this `nodename`. - - Asks the Auth Service to find a Node (or Nodes) with a label that matches the requested name. - -2. If the Node is located, the Proxy establishes an SSH tunnel to the - requested Node and starts forwarding traffic from Node to client. - -3. The client uses the established SSH tunnel from Proxy to Node to open a new - SSH connection. The client authenticates with the target Node using its - client certificate. +![Teleport Proxy IAP](../../img/architecture/proxy-iap-to-resource@1.2x.svg) - Teleport's proxy command makes it compatible with [SSH jump hosts](https://wiki.gentoo.org/wiki/SSH_jump_host) implemented using OpenSSH's `ProxyCommand`. It also supports OpenSSH's ProxyJump/ssh -J implementation. +We consider IAP mode more secure than Web UI access, because private keys never leave user's client. +Client's connection to resource is mutually authenticated. This mode is also less vulnerable +for web-related attacks, like CSRF or cookie hijacking, because browser is used less. -## Recording Proxy mode - -In this mode, the proxy terminates (decrypts) the SSH connection using the -certificate supplied by the client via SSH agent forwarding and then establishes -its own SSH connection to the final destination server, effectively becoming an -authorized "man in the middle". This allows the proxy server to forward SSH -session data to the auth server to be recorded, as shown below: - -![recording-proxy](../../img/recording-proxy.svg) - -The recording proxy mode, although *less secure*, was added to allow Teleport -users to enable session recording for OpenSSH's servers running `sshd`, which is -helpful when gradually transitioning large server fleets to Teleport. +## Tunnels -We consider the "recording proxy mode" to be less secure for two reasons: +In this mode, resources behind firewall can establish reverse tunnels back to proxies. +Proxies will forward client's connections to target resources via those tunnels. -1. It grants additional privileges to the Teleport proxy. In the default mode, - the proxy stores no secrets and cannot "see" the decrypted data. This makes a - proxy less critical to the security of the overall cluster. But if an - attacker gains physical access to a proxy Node running in the "recording" - mode, they will be able to see the decrypted traffic and client keys stored in the proxy's process memory. -2. Recording proxy mode requires SSH Agent Forwarding. Agent Forwarding is required because without it, a proxy will not be able to establish the 2nd connection to the destination Node. +In the example below, Alice connects to kubernetes cluster behind firewall via two tunnels: -However, there are advantages of proxy-based session recording too. When -sessions are recorded at the Nodes, a root user can add iptables rules to -prevent sessions logs from reaching the Auth Service. With sessions recorded at -the proxy, users with root privileges on Nodes have no way of disabling the -audit. +![Teleport Proxy Tunnel](../../img/architecture/proxy-tunnel@1.2x.svg) -See the [reference](../setup/reference/audit.mdx#recorded-sessions) to learn how to turn -on the recording proxy mode. Note that the recording mode is configured on the -Auth Service. + +All modes above are turned on by default in Proxies. No special configuration is necessary, unless you +want to turn some of those modes off. + ## More concepts +- [TLS Routing](tls-routing.mdx) - [Architecture Overview](overview.mdx) -- [Teleport Users](users.mdx) -- [Teleport Auth](authentication.mdx) +- [Teleport Authentication](authentication.mdx) +- [Teleport Authorization](authorization.mdx) - [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/tls-routing.mdx b/docs/pages/architecture/tls-routing.mdx index 4e11fe8b44041..e1247f12253fa 100644 --- a/docs/pages/architecture/tls-routing.mdx +++ b/docs/pages/architecture/tls-routing.mdx @@ -72,7 +72,7 @@ Let's take a look at how each protocol Teleport supports implements TLS routing. ## SSH Teleport client `tsh`, when connecting to an SSH node, first dials Teleport -proxy over TLS and requests `teleport-ssh-proxy` ALPN protocol. +proxy over TLS and requests `teleport-proxy-ssh` ALPN protocol. No local proxy is started in this case as `tsh` uses this TLS connection as a transport to establish the SSH connection. @@ -83,17 +83,17 @@ To support standard OpenSSH client, Teleport provides a `tsh proxy ssh` command which can be used as a `ProxyCommand`. Similarly to `tsh ssh`, `tsh proxy ssh` establishes a TLS tunnel to Teleport -proxy with `teleport-ssh-proxy` ALPN protocol, which `ssh` then connects over. +proxy with `teleport-proxy-ssh` ALPN protocol, which `ssh` then connects over. See the [OpenSSH client](../server-access/guides/openssh.mdx) guide for details on how it's configured. ## Reverse tunnels -Reverse tunnel agents for Teleport node, application and database services, as -well as for trusted clusters, open a TLS tunnel to the cluster's proxy with -`teleport-reversetunnel` ALPN protocol and then dials SSH over it establishing -the reverse tunnel connection. +Reverse tunnel workers within the Teleport Node, Application and Database +Services, as well as for Trusted Clusters, open a TLS tunnel to the cluster's +Proxy Service with the `teleport-reversetunnel` ALPN protocol. The workers then +dial SSH over the tunnel, establishing a secure connection. ## Kubernetes @@ -136,7 +136,7 @@ Teleport provides a `tsh proxy db` command to launch a local database proxy: $ tsh proxy db example-db ``` -See [GUI clients](../database-access/guides/gui-clients.mdx) guide for a usage +See [GUI clients](../connect-your-client/gui-clients.mdx) guide for a usage example. ## Web UI, apps and desktops @@ -148,6 +148,6 @@ protocols for ALPN. ## Next steps -- See [migration guide](../setup/operations/tls-routing.mdx) to learn how to +- See [migration guide](../management/operations/tls-routing.mdx) to learn how to upgrade an existing cluster to use TLS routing. - Read through TLS routing design document [RFD](https://github.com/gravitational/teleport/blob/master/rfd/0039-sni-alpn-teleport-proxy-routing.md). diff --git a/docs/pages/architecture/trustedclusters.mdx b/docs/pages/architecture/trustedclusters.mdx new file mode 100644 index 0000000000000..403cd463d6916 --- /dev/null +++ b/docs/pages/architecture/trustedclusters.mdx @@ -0,0 +1,65 @@ +--- +title: Teleport Trusted Clusters Architecture +description: Deep dive into design of Teleport Trusted Clusters. +h1: Trusted Clusters Architecture +--- + +## Overview + +Teleport can partition compute infrastructure into multiple clusters. A cluster +is a group of Teleport connected resources. Each cluster +manages a set of certificate authorities (CAs) for its users and resources. + +Trusted Clusters allow the users of one cluster, the **root cluster**, to +seamlessly SSH into the Nodes of another cluster, the **leaf cluster**, while +remaining authenticated with only a single Auth Service. The leaf cluster can +be running behind a firewall without any ingress ports open. + +Uses for Trusted Clusters include: + +- Managed service providers (MSP) remotely managing the infrastructure of their clients. +- Device manufacturers remotely maintaining computing appliances deployed on premises. +- Large cloud software vendors managing multiple data centers. + + +Individual nodes and proxies can create reverse tunnels to proxy services without creating a new cluster. +You don't need to set up a trusted cluster just to connect a couple of servers, kubernetes clusters or +databases behind a firewall. + + +## Multi-Data-center Clusters + +In the example below, there are three independent clusters: + +- Cluster `sso.example.com` is a root cluster. This cluster can be used as a single-sign-on entry point +for your organization. It can have it's own independent resources connected to it, or be used just for audit +logs collection and single-sign-on. +- Clusters `us-east-1a` and `us-east-1b` are two independent clusters in different availability zones. + +![Trusted clusters](../../img/architecture/trusted-clusters@1.5x.svg) + +## Role Mapping + +In Teleport, leaf clusters are autonomous - they have their own state, roles and even local users. +Leaf clusters have autonomy to decide how to map identity of the external users to their local roles. +We call this process role mapping. Take a look at the flow below to understand how it works: + +![Role mapping](../../img/architecture/tc-role-mapping.svg) + + +If this all sounds complicated, but don't worry, you do not need to use trusted clusters unless you have +large, distributed infrastructure or your organization works with external agencies or contractors who +need separate access. + +In many cases, a single cluster is enough. A single teleport cluster can scale to hundreds of thousands +of connected resources! + + +## Next steps + +Read the rest of the Architecture Guides: + +- See how Teleport uses [Certificates](authentication.mdx) for authentication. +- Reduce your surface of attack using [TLS routing](./tls-routing.mdx). +- Follow our [guide](../management/admin/trustedclusters.mdx) to set up trusted clusters. + diff --git a/docs/pages/architecture/users.mdx b/docs/pages/architecture/users.mdx deleted file mode 100644 index 30caeec4ee053..0000000000000 --- a/docs/pages/architecture/users.mdx +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: Teleport Users -description: This chapter explains the concept of a Teleport User and how it's different from operating system (OS) users or Kubernetes users. -h1: Teleport Users ---- - -## Types of users - -Unlike traditional SSH, Teleport introduces the concept of a User Account. A -User Account is not the same as SSH login. Instead, each Teleport User is -associated with another account which is used to authenticate the user. - -For Open Source edition users, these will be OS users who are administered -outside of Teleport on each cluster node. For example, there can be a Teleport -user `joe` who can be permitted to log in as "root" to a specific subset of -nodes. Another user `juliet` could be permitted to OS users `root` and to -`nginx`. Teleport does not know the OS Users so it expects both `root` and -`nginx` to exist on the node. - -For Enterprise edition users, these can be stored in an external identity source -such as Okta, Active Directory, OneLogin, G Suite, or OIDC. Read the -[Enterprise Guide](../enterprise/introduction.mdx) to learn more. - -Teleport supports two types of user accounts: **Local Users** and -**External Users**. - -### Local users - -Local users are created and stored in Teleport's own identity storage in the -Auth Server. - -Let's look at this table: - -| Teleport User | Allowed OS Logins | Description | -| - | - | - | -| joe | joe, root | Teleport user `joe` can log in into member nodes as OS user `joe` or `root`. | -| juliet | juliet | Teleport user `juliet` can log in into member nodes only as OS user `juliet`. | -| ross | | If no OS login is specified, it defaults to the same name as the Teleport user, here this is `ross`. | - -A cluster administrator must create account entries for every Teleport user with -[`tctl users add`](../setup/reference/cli.mdx). Every Teleport User must be -associated with a list of one or more machine-level OS usernames it can -authenticate as during a login. This list is called "user mappings". - -![User Mappings](../../img/user_mappings.svg) - -The diagram shows the following mappings. A couple of noteworthy things -from this example: - -- Teleport User `sandra` does **not** have access to `grav-02` - through Teleport because `ops` is not an OS username on that node. -- Teleport User `joe` has access to all nodes because the OS user `root` - is present on all nodes. - -| Teleport User | logins | has access to nodes | -| - | - | - | -| joe | root, joe | grav-00, grav-01, grav-02 | -| tara | tara | grav-01, grav-02 | -| teleport | teleport | grav-00, grav-02 | -| sandra | ops | grav-00, grav-01 | - -Teleport supports second-factor authentication (2FA) when using a local auth -connector and it is enforced by default. - - - 2FA is not supported with SSO providers such as GitHub or Okta. To learn - more about SSO configuration check out the [SSO section of the Enterprise - Guide](../enterprise/introduction.mdx#sso) - - -There are two types of 2FA supported: - -- [TOTP - e.g. Google Authenticator](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) -- [WebAuthn - e.g. YubiKey](https://webauthn.guide) - -`TOTP` is the default. You can use [Google -Authenticator](https://en.wikipedia.org/wiki/Google_Authenticator) or -[Authy](https://www.authy.com/) or any other TOTP client. - -### External users - -{ - /* TODO: Production topic */ -} - -External users are users stored elsewhere within an organization. Examples -include GitHub, Active Directory (AD), OIDC, or any identity store with an -OpenID/OAuth2 or SAML endpoint. - - - External user storage is only supported in Teleport - Enterprise. Please take a look at the [Teleport - Enterprise](../enterprise/introduction.mdx) chapter for more information. - - -#### Multiple identity sources - -It is possible to have multiple identity sources configured for a Teleport -cluster. In this case, an identity source (called a "connector") will have to be -passed to -[`tsh --auth=connector_name login`](../setup/reference/cli.mdx#tsh-login). - -{ - /* TODO: Production Configuration */ -} - -The local users connector can be specified via [`tsh --auth=local -login`](../setup/reference/cli.mdx#tsh-login). - -## User roles - -Unlike traditional SSH, each Teleport user account is assigned a `role`. Having -roles allows Teleport to implement role-based access control (RBAC), i.e. assign -users to groups (roles) and restrict each role to a subset of actions on a -subset of nodes in a cluster. - -{ - /* TODO: Enterprise Topic */ -} - -## More concepts - -- [Architecture Overview](overview.mdx) -- [Teleport Auth](authentication.mdx) -- [Teleport Nodes](nodes.mdx) -- [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/database-access/guides/gui-clients.mdx b/docs/pages/connect-your-client/gui-clients.mdx similarity index 60% rename from docs/pages/database-access/guides/gui-clients.mdx rename to docs/pages/connect-your-client/gui-clients.mdx index 44b91bb32176e..12e0b0cfb4486 100644 --- a/docs/pages/database-access/guides/gui-clients.mdx +++ b/docs/pages/connect-your-client/gui-clients.mdx @@ -16,7 +16,7 @@ Ensure that your environment includes the following: - A running Teleport cluster. For details on how to set this up, see one of our - [Getting Started](/docs/getting-started) guides. + [Getting Started](/docs/getting-started) guides. - The `tsh` client tool version >= (=teleport.version=). @@ -51,7 +51,7 @@ Ensure that your environment includes the following: [sign up page](https://goteleport.com/signup/) to begin your free trial. - The `tsh` client tool version >= (=cloud.version=). To download these tools, - visit the [Downloads](/docs/cloud/downloads) page. + visit the [Downloads](../deploy-a-cluster/teleport-cloud/downloads.mdx) page. ```code $ tsh version @@ -62,7 +62,7 @@ Ensure that your environment includes the following: - The Teleport Database Service configured to access a database. See one of our - [guides](../guides.mdx) for how to set up Teleport Database Access for your + [guides](../database-access/guides.mdx) for how to set up Teleport Database Access for your database. @@ -79,19 +79,24 @@ You won't need to configure any credentials when connecting to this tunnel. Here is an example on how to start the proxy: ```bash -# First, login into the database. -$ tsh db login - -# Then, start the local proxy. +# Start the local proxy. $ tsh proxy db --tunnel Started authenticated tunnel for the database "" in cluster "" on 127.0.0.1:62652. ``` -You can then connect to the address the proxy command returns, in our example it +You can optionally specify the database name and the user to use by default +when connecting to the database: + +```code +$ tsh proxy db --db-user=my-database-user --db-name=my-schema --tunnel +``` + +Now, you can connect to the address the proxy command returns. In our example it is `127.0.0.1:62652`. + -If you're using Teleport in [TLS routing](../../setup/operations/tls-routing.mdx) +If you're using Teleport in [TLS routing](../management/operations/tls-routing.mdx) mode where each database protocol is multiplexed on the same web proxy port, use the following command to start a local TLS proxy your GUI database client will be connecting to: @@ -170,21 +175,21 @@ PostgreSQL servers. To configure a new connection, right-click on "Servers" in the main browser view and create a new server: -![pgAdmin Add Server](../../../img/database-access/pgadmin-add-server@2x.png) +![pgAdmin Add Server](../../img/database-access/pgadmin-add-server@2x.png) In the "General" tab of the new server dialog, enter the server connection name: -![pgAdmin General](../../../img/database-access/pgadmin-general@2x.png) +![pgAdmin General](../../img/database-access/pgadmin-general@2x.png) In the "Connection" tab, fill in the hostname, port, user and database name from the configuration above: -![pgAdmin Connection](../../../img/database-access/pgadmin-connection@2x.png) +![pgAdmin Connection](../../img/database-access/pgadmin-connection@2x.png) In the "SSL" tab, set "SSL Mode" to `Verify-Full` and fill in paths for client certificate, key and root certificate from the configuration above: -![pgAdmin SSL](../../../img/database-access/pgadmin-ssl@2x.png) +![pgAdmin SSL](../../img/database-access/pgadmin-ssl@2x.png) Click "Save", and pgAdmin should immediately connect. If pgAdmin prompts you for password, leave the password field empty and click OK. @@ -198,7 +203,7 @@ for more information). Use the "Database native" authentication with an empty password: ![DBeaver Postgres Configure -Server](../../../img/database-access/dbeaver-pg-configure-server.png) +Server](../../img/database-access/dbeaver-pg-configure-server.png) Clicking on "Test connection" should return a connection success message. Then, click on "Finish" to save the configuration. @@ -213,17 +218,17 @@ In the MySQL Workbench "Setup New Connection" dialog, fill out "Connection Name", "Hostname", "Port", and "Username": ![MySQL Workbench -Parameters](../../../img/database-access/workbench-parameters@2x.png) +Parameters](../../img/database-access/workbench-parameters@2x.png) In the "SSL" tab, set "Use SSL" to `Require and Verify Identity` and enter the paths to your CA, certificate, and private key files (see [Get connection information](./gui-clients.mdx#get-connection-information)): -![MySQL Workbench SSL](../../../img/database-access/workbench-ssl@2x.png) +![MySQL Workbench SSL](../../img/database-access/workbench-ssl@2x.png) Optionally, click "Test Connection" to verify connectivity: -![MySQL Workbench Test](../../../img/database-access/workbench-test@2x.png) +![MySQL Workbench Test](../../img/database-access/workbench-test@2x.png) Save the connection and connect to the database. @@ -231,26 +236,26 @@ Save the connection and connect to the database. Right-click in the "Database Navigator" menu in the main view and select Create > Connection: -![DBeaver Add Server](../../../img/database-access/dbeaver-add-server.png) +![DBeaver Add Server](../../img/database-access/dbeaver-add-server.png) In the search bar of the "Connect to a database" window that opens up, type "mysql", select the MySQL driver, and click "Next": -![DBeaver Select Driver](../../../img/database-access/dbeaver-select-driver.png) +![DBeaver Select Driver](../../img/database-access/dbeaver-select-driver.png) In the newly-opened "Connection Settings" tab, use the Host as `localhost` and Port as the one returned by the proxy command (`62652` in the example above): -![DBeaver Select Configure Server](../../../img/database-access/dbeaver-configure-server.png) +![DBeaver Select Configure Server](../../img/database-access/dbeaver-configure-server.png) In that same tab, set the username to match the one that you are connecting to using Teleport and uncheck the "Save password locally" box: -![DBeaver Select Configure User](../../../img/database-access/dbeaver-configure-user.png) +![DBeaver Select Configure User](../../img/database-access/dbeaver-configure-user.png) Click the "Edit Driver Settings" button on the "Main" tab, check the "No Authentication" box, and click "Ok" to save: -![DBeaver Driver Settings](../../../img/database-access/dbeaver-driver-settings.png) +![DBeaver Driver Settings](../../img/database-access/dbeaver-driver-settings.png) Once you are back in the "Connection Settings" window, click "Ok" to finish and DBeaver should connect to the remote MySQL server automatically. @@ -262,21 +267,21 @@ graphical client. On the "New Connection" panel, click on "Fill in connection fields individually". -![MongoDB Compass new connection](../../../img/database-access/compass-new-connection@2x.png) +![MongoDB Compass new connection](../../img/database-access/compass-new-connection@2x.png) On the "Hostname" tab, enter the hostname and port of the proxy you will use to access the database (see [Get connection information](./gui-clients.mdx#get-connection-information)). Leave "Authentication" as None. -![MongoDB Compass hostname](../../../img/database-access/compass-hostname@2x.png) +![MongoDB Compass hostname](../../img/database-access/compass-hostname@2x.png) On the "More Options" tab, set SSL to "Client and Server Validation" and set the CA as well as the client key and certificate. Note that a CA path must be provided and be able to validate the certificate presented by your Teleport Proxy Service's web endpoint. -![MongoDB Compass more options](../../../img/database-access/compass-more-options@2x.png) +![MongoDB Compass more options](../../img/database-access/compass-more-options@2x.png) Click on the "Connect" button. @@ -289,7 +294,7 @@ more information.) Use the SQL Server Authentication option and keep the Password field empty: -![DBeaver connection options](../../../img/database-access/guides/sqlserver/dbeaver-connection@2x.png) +![DBeaver connection options](../../img/database-access/guides/sqlserver/dbeaver-connection@2x.png) Click OK to connect. @@ -303,7 +308,7 @@ more information.) Select the "User & Password" authentication option and keep the "Password" field empty: -![DataGrip connection options](../../../img/database-access/guides/sqlserver/datagrip-connection@2x.png) +![DataGrip connection options](../../img/database-access/guides/sqlserver/datagrip-connection@2x.png) Click "OK" to connect. @@ -315,26 +320,95 @@ Click "OK" to connect. After opening Redis Insight click `ADD REDIS DATABASE`. -![Redis Insight Startup Screen](../../../img/database-access/guides/redis/redisinsight-startup.png) +![Redis Insight Startup Screen](../../img/database-access/guides/redis/redisinsight-startup.png) -Log in to your Redis instance with a Redis user first by using: +Now start a local proxy to your Redis instance: -`tsh db login --db-user=alice redis-db-name`. +`tsh proxy db --db-user=alice redis-db-name`. Click `Add Database Manually`. Use `127.0.0.1` as the `Host`. Use the port printed by the `tsh` command you ran in [Get connection information](#get-connection-information). Provide your Redis username as `Username` and password as `Password`. -![Redis Insight Configuration](../../../img/database-access/guides/redis/redisinsight-add-config.png) +![Redis Insight Configuration](../../img/database-access/guides/redis/redisinsight-add-config.png) Next, check the `Use TLS` and `Verify TLS Certificates` boxes and copy the CA certificate returned by `tsh proxy db`. Copy the private key and certificate to corresponding fields. Click `Add Redis Database`. -![Redis Insight TLS Configuration](../../../img/database-access/guides/redis/redisinsight-tls-config.png) +![Redis Insight TLS Configuration](../../img/database-access/guides/redis/redisinsight-tls-config.png) Congratulations! You have just connected to your Redis instance. -![Redis Insight Connected](../../../img/database-access/guides/redis/redisinsight-connected.png) +![Redis Insight Connected](../../img/database-access/guides/redis/redisinsight-connected.png) + + +## Snowflake: JetBrains (IntelliJ, Goland, DataGrip, PyCharm, etc.) + + +The Snowflake integration works only in the authenticated proxy mode. Start a local proxy for connections to your Snowflake database by using the command below: +``` +tsh proxy db --tunnel --port 2000 snowflake +``` + +In "Database Explorer" click the "add" button, pick "Data Source", and then pick "Snowflake": + +![JetBrains Add Database](../../img/database-access/guides/snowflake/jetbrains-add-database.png) + +Next, set "Host" to `localhost` and "Port" to the port returned by the `tsh proxy db` command you ran earlier (`2000` in the example above). +Set the "Username" to match the one that you are assuming when you connect to Snowflake + via Teleport and enter any value (e.g., "teleport") in the "Password" field (the value of + "Password" will be ignored but is required to create a data source in your IDE): + +![JetBrains General](../../img/database-access/guides/snowflake/jetbrains-general.png) + +Switch to the "Advanced" tab, set any value (e.g., "teleport") for "account", and add a new record named `ssl` with value `off` (as with "Password", "account" is ignored while establishing the connection but required by your IDE): + +![JetBrains Advanced](../../img/database-access/guides/snowflake/jetbrains-advanced.png) + +Teleport ignores the provided password and the account name as internally it uses values from the Database Agent configuration. +Setting "SSL" to `off` only disables encryption on your local machine. The connection to Snowflake is encrypted by Teleport. + +Now you can click "Test Connection" to check your configuration. + +![JetBrains Success](../../img/database-access/guides/snowflake/jetbrains-success.png) + +Congratulations! You have just connected to your Snowflake instance. + +## Snowflake: DBeaver + +The Snowflake integration works only in the authenticated proxy mode. Start a local proxy for connections to your Snowflake database by using the command below: +``` +tsh proxy db --tunnel --port 2000 snowflake +``` + +Add a new database by clicking the "add" icon in the top-left corner: + +![DBeaver Main Screen](../../img/database-access/guides/snowflake/dbeaver-main-screen.png) + +In the search bar of the "Connect to a database" window that opens up, type "snowflake", select the Snowflake driver, and click "Next": + +![DBeaver Select Database](../../img/database-access/guides/snowflake/dbeaver-select-database.png) + +Set "Host" to `localhost` and "Port" to the port returned by the `tsh proxy db` command you ran earlier (`2000` in the example above). +In the "Authentication" section set the "Username" to match the database username passed to Teleport with `--db-user` +and enter any value (e.g., "teleport") in the "Password" field (the value of + "Password" will be ignored when establishing a connection but is required by DBeaver to register your database): + +![DBeaver Main](../../img/database-access/guides/snowflake/dbeaver-main.png) + +Next, click the "Driver properties" tab and set "account" to any value (e.g., "teleport"; as with "Password", the value of + "account" will be ignored when establishing a connection but is required by DBeaver to register your database). In "User properties", set "ssl" to `off`: + +![DBeaver Driver](../../img/database-access/guides/snowflake/dbeaver-driver.png) + +Teleport ignores the provided password and the account name as internally it uses values from the Database Agent configuration. +SSL set to `off` disables only encryption on local machine. Connection to Snowflake is encrypted by Teleport. + +Now you can click on "Test Connection..." in the bottom-left corner: + +![DBeaver Success](../../img/database-access/guides/snowflake/dbeaver-success.png) + +Congratulations! You have just connected to your Snowflake instance. diff --git a/docs/pages/connect-your-client/teleport-connect.mdx b/docs/pages/connect-your-client/teleport-connect.mdx new file mode 100644 index 0000000000000..ef0b8bc4ea5d5 --- /dev/null +++ b/docs/pages/connect-your-client/teleport-connect.mdx @@ -0,0 +1,199 @@ +--- +title: Using Teleport Connect +description: Using Teleport Connect +--- + +Teleport Connect provides easy and secure access to SSH servers and databases, with support for +other resources such as Kubernetes clusters and applications coming in the future. + +![resources tab in Teleport Connect](../../img/use-teleport/connect-cluster.png) + +## Installation & upgrade + +Head over to the [Downloads](https://goteleport.com/download/) page to download the most recent +version. Teleport Connect supports macOS, Linux, and Windows. + + + +Double-click the downloaded `.dmg` file and drag the Teleport Connect icon to the Applications folder. + +To upgrade Teleport Connect to a newer version, drag the new version to the Applications folder. + + +Download the DEB (Debian-based distros) or RPM (RHEL-based distros) package and install it using +your package manager. Repeat the process for in-place upgrades. + +You can also download the project as a `tar.gz` file to extract and run it in place: + +```code +$ tar -xf teleport-(=teleport.version=)-linux-*.tar.gz +``` + + +Download and run the installer `.exe` file. It will install and open Teleport Connect without +further user input. + +Repeat the process with newer versions to upgrade. + + + +## User interface + +![user interface of Teleport Connect](../../img/use-teleport/connect-ui-overview.png) + +The top bar of Teleport Connect consists of: + +- The **profile selector** (the top right), which allows you to switch between profiles on different + Teleport clusters as well as log in or out of the clusters. +- The **connection list** (the top left) showing recent connections, allowing you to seamlessly switch + between them. +- The **command bar** (in the middle), which launches any command you input in a new terminal tab. +- The **cluster selector** (to the left of the command bar), which shows up only if you have set up + Trusted Clusters and there are leaf clusters connected to the root cluster. It lets you browse + leaf cluster resources. It also changes which cluster the commands in the command bar are going to target. + +## Connecting to an SSH server + +1. Open a tab with cluster resources by clicking on the plus symbol at the right end of the tab bar. + You can also press `Ctrl/Cmd + T` to achieve the same result. +2. Look for the SSH server you want to connect to and click the Connect button to the right. +3. Select or enter the SSH user you wish to log in as and press `Enter`. +4. A new tab will open with a shell session on the chosen server. + +Alternatively, you can type `tsh ssh` into the command bar in the Teleport Connect window, and the autocompletion will help +you connect to a server. + +## Connecting to a database + +1. Open a tab with cluster resources by clicking on the plus symbol at the end of the tab bar. You + can also press `Ctrl/Cmd + T` to achieve the same result. +2. Select the Databases section. +3. Look for the database server you wish to connect to and click the Connect button to the right. +4. Select or enter the database user you with to use and press `Enter`. +5. A new tab will open with a new connection established between your device and the database server. + +This connection will remain active until you click the Close Connection button or close Teleport +Connect. The port number will persist between app restarts—you can set up your favorite client +without worrying about the port suddenly changing. + +### With a GUI client + +To connect with a GUI client, follow the instructions in the database connection tab under the +Connect with GUI section. + +### With a CLI client + +The database connection tab shows the command that can be used to connect to the database. You can +modify the database name of the connection and then click the Run button to open a new terminal tab +with that command executed. + +## Connecting to multiple clusters + +Teleport Connect allows you to log in to multiple clusters at the same time. After logging in to +your first cluster, open the profile selector at the top right and click the *+Add another cluster* +button. You can switch between active profiles in multiple ways: + +- Click at the profile selector button at the top right. +- Open the profile selector with a shortcut (`Ctrl/Cmd + I`). +- Using the connection list at the top left to select a connection will automatically switch you to + the right profile. + +At the moment Teleport Connect supports only one user per cluster. To log in as a different user, +log out of the cluster first. + +## Restarting and reconnecting + +Before closing, Teleport Connect will remember the tabs that you had open at the end of the session. +Next time you open the app, Connect will ask you if you want to reopen those tabs. If you agree, +Connect will restore connections to all resources that were active before you closed the app. + +When restoring terminal tabs, Teleport Connect doesn't attempt to re-execute commands that were in +progress when the app was closed. It will only restore the working directory for those tabs. + +## Troubleshooting + +Logging out of a cluster, closing the app and logging in again resets all app state related to that +cluster. This can help if you encounter a bug which renders the user interface partially unusable. +It might also help if you have issues with connecting to an active cluster that don't happen in the +Web UI. + + + +To force the app to log you out of all clusters, close the app and remove the `~/Library/Application +Support/Teleport Connect/tsh` folder. Removing the file `~/Library/Application +Support/Teleport Connect/app_state.json` will clear all remembered tabs and connections. + + +To force the app to log you out of all clusters, close the app and remove the `~/.config/Teleport +Connect/tsh` folder. Removing the file `/.config/Teleport Connect/app_state.json` will clear +all remembered tabs and connections. + + +To force the app to log you out of all clusters, close the app and remove the +`C:\Users\%UserName%\AppData\Roaming\Teleport Connect\tsh` folder. Removing the file +`C:\Users\%UserName%\AppData\Roaming\Teleport Connect\app_state.json` will clear all remembered tabs +and connections. + + + +### Submitting an issue + +To submit an issue, click the Submit Feedback button at the bottom right (the speech bubble symbol) +and follow the *Submit a Bug* link. + + + +Be sure to attach logs, which can be found under `~/Library/Application Support/Teleport Connect/logs`. +The version of the app can be found in the app menu under the About Teleport Connect menu item. + + +Be sure to attach logs, which can be found under `~/.config/Teleport Connect/logs`. The app version +can be found by pressing `Alt` to access the app menu, then -> Help -> About Teleport Connect. + + +Be sure to attach logs, which can be found under `C:\Users\%UserName%\AppData\Roaming\Teleport Connect\logs`. +You may need to adjust File Explorer to [view hidden files and folders](https://support.microsoft.com/en-us/search?query=how%20to%20view%20hidden%20files%20in%20windows%2010). +The app version can be found by pressing `Alt` to access the app menu -> Help -> About Teleport Connect. + + + +### Updating local shell environment + +Teleport Connect updates and caches the local shell environment on app restart and not when starting +a new shell session. If you add new environment variables to your shell startup files, Connect will +see them only after you restart the app. + +### Insecure mode + +You can open Teleport Connect in insecure mode, which skips HTTPS certificate verification when +talking to a Teleport Proxy Service. This is useful in test environments or for demo purposes. We +do not recommend using this mode in production. + + + +To launch the app in insecure mode, open a terminal first. From there you can launch the app in one +of two ways: + +```code +# Using macOS open utility: +$ open -a "Teleport Connect" --args --insecure + +# Passing the flag to the executable directly: +$ /Applications/Teleport\ Connect.app/Contents/MacOS/Teleport\ Connect --insecure +``` + + +From a terminal, open Teleport Connect with the `--insecure` flag: + +```code +$ teleport-connect --insecure +```` + + +From the Command Prompt, open Teleport Connect with the `--insecure` flag: + +```code +$ "%LocalAppData%\Programs\teleport-connect\Teleport Connect.exe" --insecure +```` + + \ No newline at end of file diff --git a/docs/pages/server-access/guides/tsh.mdx b/docs/pages/connect-your-client/tsh.mdx similarity index 77% rename from docs/pages/server-access/guides/tsh.mdx rename to docs/pages/connect-your-client/tsh.mdx index dfe0bed4943ec..3a2afa9631e59 100644 --- a/docs/pages/server-access/guides/tsh.mdx +++ b/docs/pages/connect-your-client/tsh.mdx @@ -21,7 +21,7 @@ terminal for the CLI reference. ## Introduction For the impatient, here's an example of how a user would typically use -[`tsh`](../../setup/reference/cli.mdx#tsh): +[`tsh`](../reference/cli.mdx#tsh): @@ -76,11 +76,11 @@ $ tsh logout In other words, Teleport was designed to be fully compatible with existing SSH-based workflows and does not require users to learn anything new, other than -to call [`tsh login`](../../setup/reference/cli.mdx#tsh-login) in the beginning. +to call [`tsh login`](../reference/cli.mdx#tsh-login) in the beginning. ## Installing tsh -Follow [these install instructions](../../installation.mdx) to obtain the `tsh` +Follow [these install instructions](../installation.mdx) to obtain the `tsh` binary. Ideally, install `tsh` of the same version as the version used in your Teleport cluster. @@ -114,7 +114,7 @@ $ tsh ssh --proxy=mytenant.teleport.sh --user=joe root@node -[CLI Docs - tsh ssh](../../setup/reference/cli.mdx#tsh-ssh) +[CLI Docs - tsh ssh](../reference/cli.mdx#tsh-ssh) ## Logging in @@ -148,7 +148,7 @@ $ tsh login --proxy=mytenant.teleport.sh -[CLI Docs - tsh login](../../setup/reference/cli.mdx#tsh-login) +[CLI Docs - tsh login](../reference/cli.mdx#tsh-login) | Port | Description | | - | - | @@ -164,10 +164,10 @@ This allows you to authenticate just once, maybe at the beginning of the day. Su type="tip" title="Tip" > - It is recommended to always use [`tsh login`](../../setup/reference/cli.mdx#tsh-login) before using any other `tsh` commands. This allows users to omit `--proxy` flag in subsequent tsh commands. For example `tsh ssh user@host` will work. + It is recommended to always use [`tsh login`](../reference/cli.mdx#tsh-login) before using any other `tsh` commands. This allows users to omit `--proxy` flag in subsequent tsh commands. For example `tsh ssh user@host` will work. -A Teleport cluster can be configured for multiple user identity sources. For example, a cluster may have a local user called `admin` while regular users should [authenticate via GitHub](../../setup/admin/github-sso.mdx). In this case, you have to pass `--auth` flag to `tsh login` to specify which identity storage to use: +A Teleport cluster can be configured for multiple user identity sources. For example, a cluster may have a local user called `admin` while regular users should [authenticate via GitHub](../access-controls/sso/github-sso.mdx). In this case, you have to pass `--auth` flag to `tsh login` to specify which identity storage to use: @@ -217,7 +217,7 @@ $ tsh login --proxy=mytenant.teleport.sh --browser=none In this situation, a link will be printed on the screen. You can copy and paste this link into a browser of your choice to continue the login flow. -[CLI Docs - tsh login](../../setup/reference/cli.mdx#tsh-login) +[CLI Docs - tsh login](../reference/cli.mdx#tsh-login) ### Inspecting an SSH certificate @@ -257,7 +257,7 @@ $ tsh status -[CLI Docs - tsh status](../../setup/reference/cli.mdx#tsh-status) +[CLI Docs - tsh status](../reference/cli.mdx#tsh-status) ### SSH agent support @@ -278,7 +278,7 @@ variable to `false` in your shell profile to make this permanent. ### Identity files -[`tsh login`](../../setup/reference/cli.mdx#tsh-login) can also save the user certificate into a +[`tsh login`](../reference/cli.mdx#tsh-login) can also save the user certificate into a file: @@ -352,7 +352,10 @@ In this example, we're creating a certificate with a TTL of one hour for the ```code -# To be executed on a Teleport Auth Server +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. +$ tsh login --proxy=teleport.example.com --user=myuser $ tctl auth sign --ttl=1h --user=jenkins --out=jenkins.pem ``` @@ -367,7 +370,7 @@ $ tctl auth sign --ttl=1h --user=jenkins --out=jenkins.pem -[CLI Docs - tctl auth sign](../../setup/reference/cli.mdx#tctl-auth-sign) +[CLI Docs - tctl auth sign](../reference/cli.mdx#tctl-auth-sign) Now `jenkins.pem` can be copied to the Jenkins server and passed to the `-i` (identity file) flag of `tsh`. @@ -376,7 +379,7 @@ Now `jenkins.pem` can be copied to the Jenkins server and passed to the `-i` unrestricted certificate TTL values. For non-production usage, you can use -[Machine ID](../../machine-id/introduction.mdx), currently in preview, to +[Machine ID](../machine-id/introduction.mdx), currently in preview, to provide your bot user with automatically updated, short-lived credentials. ## Exploring the cluster @@ -396,7 +399,7 @@ $ tsh ls # graviton 10.1.0.7:3022 os:osx ``` -[CLI Docs - tsh ls](../../setup/reference/cli.mdx#tsh-ls) +[CLI Docs - tsh ls](../reference/cli.mdx#tsh-ls) `tsh ls` can apply a filter based on the node labels. @@ -409,7 +412,13 @@ $ tsh ls os=osx # graviton 33333333-aaaa-1284 10.1.0.7:3022 os:osx ``` -[CLI Docs -tsh ls](../../setup/reference/cli.mdx#tsh-ls) +[CLI Docs -tsh ls](../reference/cli.mdx#tsh-ls) + +
+ +(!docs/pages/includes/node-logins.mdx!) + +
## Interactive shell @@ -618,6 +627,14 @@ other user can join you through their terminal by typing: $ tsh join ``` + + Joining sessions requires special permissions that need to be set up by your cluster administrator. + Refer them to the [Moderated Sessions guide](../access-controls/guides/moderated-sessions.mdx) for more information on configuring join permissions. + + Joining sessions is not supported in recording proxy mode (where `session_recording` is set to `proxy`). @@ -628,7 +645,7 @@ Teleport supports creating clusters of servers located behind firewalls **without any open listening TCP ports**. This works by creating reverse SSH tunnels from behind-firewall environments into a Teleport Proxy Service you have access to. -These features are called **Trusted Clusters**. Refer to [the Trusted Clusters guide](../../setup/admin/trustedclusters.mdx) +These features are called **Trusted Clusters**. Refer to [the Trusted Clusters guide](../management/admin/trustedclusters.mdx) to learn how a Trusted Cluster can be configured. @@ -662,7 +679,7 @@ $ tsh --proxy=mytenant.teleport.sh clusters -[CLI Docs - tsh clusters](../../setup/reference/cli.mdx#tsh-clusters) +[CLI Docs - tsh clusters](../reference/cli.mdx#tsh-clusters) Now you can use the `--cluster` flag with any `tsh` command. For example, to list SSH nodes that are members of the `production` cluster, simply run: @@ -718,5 +735,108 @@ Service, and this tunnel is used to establish inbound SSH connections. +## X11 forwarding + +In order to run graphical programs within an SSH session, such as an IDE like +Virtual Studio Code, you'll need to request X11 forwarding for the session with +the `-X` flag. + +```code +$ tsh ssh -X node01 +``` + +X11 forwarding provides the server with secure access to your local X Server +so that it can communicate directly with your local display and I/O devices. + + + The `-Y` flag can be used to start Trusted X11 forwarding. This is needed + in order to enable more "unsafe" features, such as running clipboard or + screenshot utilities like `xclip`. However, it provides the server with + unmitigated access to your local X Server and puts your local machine at + risk of X11 attacks, so it should only be used with extreme caution. + + +In order to use X11 forwarding, you'll need to enable it on the Teleport Node. +You'll also need to ensure that your user has the `permit_x11_forwarding` role option: + +```code +$ tsh status +> Profile URL: https://proxy.example.com:3080 + Logged in as: dev + ... + Extensions: permit-X11-forwarding +``` + +## Custom aliases and defaults + +You can configure `tsh` to define aliases, custom commands and command-specific flag defaults. Using aliases, you can run frequently used `tsh` commands more easily. + +Aliases are defined in configuration files using the following syntax: + +```yaml +aliases: + "": "" +``` + +The `` can only be a top-level subcommand. In other words, you can define `tsh mycommand` alias but not `tsh my command`. + +`tsh` loads two kinds of configuration files: + +- global: by default `/etc/tsh.yaml`, unless overridden by the `$TELEPORT_GLOBAL_TSH_CONFIG` env var. +- user-specific: `$TELEPORT_HOME/config/config.yaml`, which by defaults resolves to `~/.tsh/config/config.yaml`. + +`tsh` merges the user-specific config with the global config. In case of conflicts (i.e. same alias defined in both files), the user-specific config has higher priority. + +In either of those files you can add define an alias such as: + +```yaml +aliases: + "l": "tsh login --auth=okta --username=alice" +``` + +From now on, `tsh l` will resolve to `tsh login --auth=okta --username=bob`. + +You can also change the defaults for regular `tsh` commands: + +```yaml +aliases: + "status": "tsh status --format=json" +``` + +Calling external programs other than `tsh` is also possible: + +```yaml +aliases: + "connect": "bash -c 'tsh login $0 && tsh ssh $1'" +``` + +The example above demonstrates the usage of variables `$0` and `$1`. They represent arguments provided to the alias. With the definition above, `tsh connect foo bar` resolves to `bash -c 'tsh login foo && tsh ssh bar'`. + +The alias can use as many arguments as needed. If the alias is invoked with too few arguments, `tsh` will report an error. Conversely, providing additional arguments is *not* an error. `tsh` will append any additional arguments to the end of an alias definition. + +Given the configuration: + +```yaml +aliases: + "example": "bash -c 'echo first=$0 $0-$1 $3'" +``` + +`tsh example 0 1 unused-2 3 unused-4` will expand to `bash -c 'echo first=0 0-1 3 unused-2 unused-4'`. + +You can also add the `$TSH` variable to an alias definition. When invoking the alias, `tsh` will expand this to the absolute path to current `tsh` executable. This can be useful if there are multiple `tsh` versions installed, or the currently used version is not in `PATH`. + +```yaml +aliases: + "status": "$TSH status --format=json" +``` + +The alias substitution happens before the command line flags are fully parsed. This means that it is not affected by the `--debug` flag. To troubleshoot your aliases, set the `TELEPORT_DEBUG=1` environment variable instead. This will cause the `tsh` logs to be printed to the console: + +```bash +$ TELEPORT_DEBUG=1 tsh status +DEBU [TSH] Self re-exec command: tsh [status --format=json]. tsh/aliases.go:203 +... +``` + ## Further reading -- [CLI Reference](../../setup/reference/cli.mdx). \ No newline at end of file +- [CLI Reference](../reference/cli.mdx). diff --git a/docs/pages/contributing/documentation/how-to-contribute.mdx b/docs/pages/contributing/documentation/how-to-contribute.mdx index 7c94afa4d9eb4..db941b7ba88d8 100644 --- a/docs/pages/contributing/documentation/how-to-contribute.mdx +++ b/docs/pages/contributing/documentation/how-to-contribute.mdx @@ -3,9 +3,11 @@ title: How to Contribute to Teleport's Documentation description: Follow this guide to get started contributing changes to Teleport's documentation --- -This guide describes the general workflow for making documentation changes +This guide describes the general workflow for making documentation changes. +It assumes you already have Node >=14 and `yarn` installed. ## Step 1/4 Set up your local environment + Clone the `gravitational/docs` repository via `git clone`: ```code @@ -17,7 +19,7 @@ Different versions of the documentation are organized into the `content` directo Navigate to the root of your local clone of the `gravitational/docs` repository and run the following command to populate the `content` directory: ```code -$ git submodule update --init --recursive +$ yarn git-update ``` Next, navigate to the directory under `content` that corresponds to the latest version of Teleport. @@ -26,6 +28,12 @@ Next, navigate to the directory under `content` that corresponds to the latest v $ cd content/(=version=) ``` +Switch to the master branch (or versioned branch for updates specific to previous versions): + +```code +git switch master +``` + Check out a new branch of `gravitational/teleport`. ```code @@ -37,6 +45,7 @@ $ git switch -c my-branch Run the following command to start the development server: ```code +$ yarn install $ yarn dev ``` @@ -52,7 +61,9 @@ $ yarn markdown-lint-external-links ``` ## Step 3/4 Create a pull request -Commit your changes and push your branch to `gravitational/teleport` (if you work at Teleport) or a fork of `gravitational/teleport`. + +Commit your changes and push your branch to `gravitational/teleport` (if you +work at Teleport) or a fork of `gravitational/teleport`. ```code # If you are an external contributor, create a fork and push to it. @@ -63,19 +74,73 @@ $ git rebase origin/master $ git push -u fork my-branch ``` -Visit https://github.com/gravitational/teleport and create a pull request (PR) against your branch. Our continuous integration (CI) pipeline will automatically assign reviewers to your PR. +Visit https://github.com/gravitational/teleport and create a pull request (PR) +against your branch. Our continuous integration (CI) pipeline will automatically +assign reviewers to your PR. ## Step 4/4 Backport your changes -Since our docs site is versioned, we want to ensure that any changes you make to the most recent version of our documentation are reflected for the versions of Teleport we currently support. + +Since our docs site is versioned, we want to ensure that any changes you make to +the most recent version of our documentation are reflected for the versions of +Teleport we currently support. You can find our list of currently supported versions in the FAQ: https://goteleport.com/docs/faq/#which-version-of-teleport-is-supported -We will illustrate a backport for Teleport version 8.x.x. In this example, we have created a PR against `origin/master` from the branch `my-branch`, which has been committed to our fork. +There are many ways to create a backport, and we will illustrate three common +methods for backporting Teleport documentation PRs. + + + + +When you open a pull request, add labels of the format `backport/branch/v[0-9]+` +to backport your PR to different versioned branches of `gravitational/teleport`. + +For example, to backport a change to v10 of the documentation, you would add the +label, `backport/branch/v10`. + +When you merge your PR, our continuous integration pipeline will create a table +of links in the comments of the PR that let you create additional PRs for your +backports. + + + +The label method will fail for forks of `gravitational/teleport`. + + -Copy the hash of the commit we made to `my-branch`, then run the following commands: + + + +Navigate to the root of your `gravitational/teleport` clone and run the +following command, assigning the `PR` variable to the ID of your GitHub PR and +the `TO` variable to a comma-separated list of versioned branch names: + +```code +$ PR=0000 TO=branch/v10 make backport +``` + +This script will automatically generate backport branches and open PRs for them. + + + +The `make backport` method will fail for forks of `gravitational/teleport`. + + + + + + +If automatic backport methods have failed, you will need to backport manually. + +We will illustrate a backport for Teleport version 8.x.x. In this example, we +have created a PR against `origin/master` from the branch `my-branch`, which has +been committed to our fork. + +Copy the hash of the commit we made to `my-branch`, then run the following +commands: ```code $ git fetch origin @@ -87,6 +152,9 @@ $ git push -u fork my-branch-backport-v8 Finally, create a PR for your backport. + + + ## Next steps - Consult our [style guide](./style-guide.mdx) to ensure your docs page is consistent with the rest of our docs. -- Use our [UI reference](./reference.mdx) to find the right UI components for your needs. \ No newline at end of file +- Use our [UI reference](./reference.mdx) to find the right UI components for your needs. diff --git a/docs/pages/contributing/documentation/issues.mdx b/docs/pages/contributing/documentation/issues.mdx index 35041360f75f6..40bab762cdc81 100644 --- a/docs/pages/contributing/documentation/issues.mdx +++ b/docs/pages/contributing/documentation/issues.mdx @@ -9,14 +9,6 @@ GitHub issue. [Issue: Documentation](https://github.com/gravitational/teleport/issues/new?assignees=&labels=documentation&template=documentation.md) -To help us organize our time responding to issues and pull requests, please add the `documentation` label if you are proposing or making a change to the documentation. - -You can help us estimate the time it will take to plan or review a change by adding one of the following labels: - -|Label|Meaning| -|:---|:---| -|docs-new|Requires creating a new docs page| -|docs-edit|Requires editing an existing docs page (perhaps substantially)| -|docs-plumbing|Changes to how we build, display, and deploy the docs—may involve [gravitational/docs](https://github.com/gravitational/docs)| -|docs-minor-tweak|Straightforward change to a single paragraph or code snippet| -|docs-assess-scope|Need to assess the scope of the project before starting work| \ No newline at end of file +To help us organize our time responding to issues and pull requests, please add +the `documentation` label if you are proposing or making a change to the +documentation. diff --git a/docs/pages/contributing/documentation/reference.mdx b/docs/pages/contributing/documentation/reference.mdx index 597d31b9e2d28..bf9e503843b4e 100644 --- a/docs/pages/contributing/documentation/reference.mdx +++ b/docs/pages/contributing/documentation/reference.mdx @@ -150,8 +150,8 @@ Different types will result in different background colors and icons. Admonitions are similar to notices, but are intended for longer content that looks better against a white background. Use this syntax: ```jsx - - Admontion content. + + Admonition content. ``` @@ -209,7 +209,7 @@ To insert a details block like the one above, use this syntax: `scope` is an optional property that specifies the component's [scope](./reference.mdx#scopes). -If `scopeOnly` is asasigned to `{true}`, the component will only be visible +If `scopeOnly` is assigned to `{true}`, the component will only be visible in the provided scope and invisible in all other scopes. ## Figures diff --git a/docs/pages/database-access/architecture.mdx b/docs/pages/database-access/architecture.mdx index 73cf58425a388..554f84e981307 100644 --- a/docs/pages/database-access/architecture.mdx +++ b/docs/pages/database-access/architecture.mdx @@ -52,14 +52,14 @@ Let's take a look at the typical flow Database Access users go through to connect to a database. 1. A user logs into the cluster with `tsh login` command and retrieves - a client certificate. See [Issuing User Certificates](../architecture/authentication.mdx#issuing-user-certificates) + a client certificate. See [Issuing User Certificates](../architecture/authentication.mdx) for more details on how it works. 2. The user picks the database they want to connect to from the list of available - databases shown in `tsh db ls` command and retrieves a short-lived X.509 - certificate for it with `tsh db login`. -3. The user uses a standard database client (e.g. `psql`, `mysql` or one of the - [graphical clients](./guides/gui-clients.mdx)) to connect to the Proxy, authenticating - with the client certificate from step 2. + databases shown in `tsh db ls` command. +3. The user connects to the database with the `tsh db connect` command, which + first retrieves a short-lived X.509 certificate and then launches the + standard database client (e.g. `psql`) with this client certificate to + authenticate with the Teleport Proxy service. 4. The Proxy authenticates the connection and dispatches it to the appropriate Database Service based on the routing information encoded in the client certificate, over the reverse tunnel. @@ -84,8 +84,10 @@ Let's take a detailed look at each authentication point. ### Database client to Proxy -Database clients authenticate with the Proxy using X.509 client certificates -obtained from the `tsh db login` command. +When running the `tsh db connect` command, the command first retrieves a +short-lived X.509 certificate for the selected database. Then the command +provides the database client with this client certificate to authenticate with +the Proxy. -The login command updates database-specific local configuration files (e.g. -PostgreSQL [connection service file](https://www.postgresql.org/docs/13/libpq-pgservice.html) -or MySQL [option file](https://dev.mysql.com/doc/refman/8.0/en/option-files.html) -to group connection information for a particular database, which CLI clients -can refer to. - -For configuring graphical clients, there is a `tsh db config` command that -prints detailed information about the connection such as host/port and location -of the secrets. See [GUI Clients](./guides/gui-clients.mdx) for details. +For configuring graphical clients, use the `tsh proxy db` command, which prints +detailed information about the connection such as the host, port, and location +of the secrets. See [GUI Clients](../connect-your-client/gui-clients.mdx) for details. ### Proxy to Database service diff --git a/docs/pages/database-access/faq.mdx b/docs/pages/database-access/faq.mdx index a579246b8c7ed..a5f959ca5a2e9 100644 --- a/docs/pages/database-access/faq.mdx +++ b/docs/pages/database-access/faq.mdx @@ -13,6 +13,7 @@ Teleport Database Access currently supports the following protocols: - MySQL - PostgreSQL - Redis +- Snowflake For PostgreSQL and MySQL, the following Cloud-hosted versions are supported in addition to self-hosted deployments: @@ -73,7 +74,7 @@ should work. Standard command-line clients such as `psql`, `mysql`, `mongo` or `mongosh` are supported. There are also instructions for configuring select -[graphical clients](./guides/gui-clients.mdx). +[graphical clients](../connect-your-client/gui-clients.mdx). ## When will you support X database? @@ -112,4 +113,4 @@ If none of the above options work for you and you still want to disable the CA check, you can use `mode` under the `tls` option in the Teleport configuration file. For more details please refer to the reference -[configuration file](./reference/configuration.mdx#database-service-configuration). \ No newline at end of file +[configuration file](./reference/configuration.mdx#database-service-configuration). diff --git a/docs/pages/database-access/getting-started.mdx b/docs/pages/database-access/getting-started.mdx index 8fd5d5376dd08..fbebf0e2a2e22 100644 --- a/docs/pages/database-access/getting-started.mdx +++ b/docs/pages/database-access/getting-started.mdx @@ -37,8 +37,6 @@ release. (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/3. Set up Aurora In order to allow Teleport connections to an Aurora instance, the instance needs @@ -207,27 +205,28 @@ $ tsh login --proxy=mytenant.teleport.sh --user=alice -Now we can inspect available databases and retrieve credentials for the -configured Aurora instance: +Now we can inspect available databases: ```code $ tsh db ls -$ tsh db login aurora ``` -Finally, connect to the database using the `psql` command shown in the output of -the `tsh db login` command, which looks similar to this: +Finally, connect to the database: ```code -$ psql "service=-aurora user=alice dbname=postgres" +$ tsh db connect --db-user=alice --db-name postgres aurora ``` +## Troubleshooting + +(!docs/pages/includes/database-access/aws-troubleshooting.mdx!) + ## Next Steps For the next steps, dive deeper into the topics relevant to your Database Access use-case, for example: - Check out configuration [guides](./guides.mdx). -- Learn how to configure [GUI clients](./guides/gui-clients.mdx). +- Learn how to configure [GUI clients](../connect-your-client/gui-clients.mdx). - Learn about Database Access [role-based access control](./rbac.mdx). - See [frequently asked questions](./faq.mdx). diff --git a/docs/pages/database-access/guides/azure-postgres-mysql.mdx b/docs/pages/database-access/guides/azure-postgres-mysql.mdx index 19faea6ab4f6b..d4b4335af6c48 100644 --- a/docs/pages/database-access/guides/azure-postgres-mysql.mdx +++ b/docs/pages/database-access/guides/azure-postgres-mysql.mdx @@ -10,8 +10,8 @@ description: How to configure Teleport Database Access with Azure Database for P scopeOnly={true} min="8.1" > - Database access for Azure PostgreSQL/MySQL is available starting from Teleport - `8.1`. + Static configuration of database access for Azure PostgreSQL/MySQL is available starting from Teleport + `8.1` and Azure database auto-discovery is available starting from Teleport `10.2`. This guide will help you to: @@ -44,9 +44,7 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - -## Step 1/4. Install and configure Teleport +## Step 1/5. Install and configure Teleport ### Set up the Teleport Auth and Proxy Services @@ -60,36 +58,30 @@ Install Teleport on the host where you will run the Teleport Database Service: (!docs/pages/includes/install-linux.mdx!) - +Create the Database Service configuration, specifying a region like this: -Start the Teleport Database Service. Make sure to update `--auth-server` to point to -your Teleport Proxy Service address and `--uri` to the Azure database server -endpoint. + ```code - $ teleport db start \ + $ teleport db configure create \ + -o file \ + --proxy=tele.example.com:443 \ --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=azure-db \ - --protocol=postgres \ - --uri=example.postgres.database.azure.com:5321 \ - --labels=env=dev + --azure-postgres-discovery=eastus ``` ```code - $ teleport db start \ + $ teleport db configure create \ + -o file \ + --proxy=teleport.example.com:3080 \ --token=/tmp/token \ - --auth-server=teleport.example.com:3080 \ - --name=azure-db \ - --protocol=mysql \ - --uri=example.mysql.database.azure.com:3306 \ - --labels=env=dev + --azure-mysql-discovery=eastus ``` @@ -98,34 +90,26 @@ endpoint. -Start the Teleport Database Service. Make sure to update `--auth-server` to point to -your Teleport Cloud tenant address and `--uri` to the Azure database server -endpoint. - ```code - $ teleport db start \ + $ teleport db configure create \ + -o file \ + --proxy=teleport.example.com:3080 \ --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=azure-db \ - --protocol=postgres \ - --uri=example.postgres.database.azure.com:5321 \ - --labels=env=dev + --azure-postgres-discovery=eastus ``` ```code - $ teleport db start \ + $ teleport db configure create \ + -o file \ + --proxy=teleport.example.com:3080 \ --token=/tmp/token \ - --auth-server=mytenant.teleport.sh:443 \ - --name=azure-db \ - --protocol=mysql \ - --uri=example.mysql.database.azure.com:3306 \ - --labels=env=dev + --azure-mysql-discovery=eastus ``` @@ -133,16 +117,15 @@ endpoint. - - You can start the Teleport Database Service using a configuration file instead of - CLI flags. See the [YAML reference](../reference/configuration.mdx). - +The command will generate a Database Service configuration with Azure MySQL/Postgres +database auto-discovery enabled in the `eastus` region and place it at the +`/etc/teleport.yaml` location. ### Create a Teleport user (!docs/pages/includes/database-access/create-user.mdx!) -## Step 2/4. Configure Azure service principal +## Step 2/5. Configure Azure service principal To authenticate with PostgreSQL or MySQL databases, Teleport Database Service needs to obtain access tokens from Azure AD. There are a couple of ways to @@ -172,7 +155,7 @@ achieve that: ![Created identity](../../../img/database-access/guides/azure/created-identity@2x.png) - Next, navigate to the Azure VM that will run your Database Service agent and + Next, navigate to the Azure VM that will run your Database Service instance and add the identity you've just created to it: ![VM identity](../../../img/database-access/guides/azure/vm-identity@2x.png) @@ -205,7 +188,7 @@ achieve that: ![Registered app secrets](../../../img/database-access/guides/azure/registered-app-secrets@2x.png) The Teleport Database Service uses Azure SDK's default credential provider chain to - look for credentials. Refer to [Authentication methods](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization) + look for credentials. Refer to [Azure SDK Authorization](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization) to pick a method suitable for your use-case. For example, to use environment-based authentication with a client secret, the Database Service should have the following environment variables set: @@ -218,10 +201,88 @@ achieve that: -## Step 3/4. Create Azure database users +## Step 3/5. Configure IAM permissions for Teleport + +### Create a custom role + +Teleport needs Azure IAM permissions to discover and register MySQL and PostgreSQL databases. +Create a role with assignable scope(s) that include all databases that Teleport should discover. For example: + +```json +{ + "properties": { + "roleName": "TeleportDiscovery", + "description": "Allows Teleport to discover MySQL and PostgreSQL databases", + "assignableScopes": [ + "/subscriptions/11111111-2222-3333-4444-555555555555" + ], + "permissions": [ + { + "actions": [ + "Microsoft.DBforMySQL/servers/read", + "Microsoft.DBforPostgreSQL/servers/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ] + } +} +``` + +This role definition allows Teleport to discover MySQL and PostgreSQL databases, but Teleport only needs +permissions for the database types you have. The assignable scopes include a subscription, so +the role can be assigned at any resource scope within that subscription, or assigned using the +subscription scope itself. + + +Custom roles, unlike +[Azure built-in roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles), +can not have a root assignable scope. The highest assignable scope that +can be used in a custom role is subscription scope. Using a management group scope is currently an Azure +preview feature, and only allows for a single management group in the "assignableScopes" of a role +definition. +See [Azure RBAC custom roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles) for +more information. + + +Go to the [Subscriptions](https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBlade) page and select a subscription. + +Click on *Access control (IAM)* in the subscription and select *Add > Add custom role*: +
+![IAM custom role](../../../img/database-access/guides/azure/add-custom-role@2x.png) +
+ +In the custom role creation page, click the *JSON* tab and click *Edit*, then paste the JSON example +and replace the subscription in "assignableScopes" with your own subscription id: +
+![Create JSON role](../../../img/database-access/guides/azure/create-role-from-json@2x.png) +
+ +### Create a role assignment for the Teleport Database Service principal. + +To grant Teleport permissions, the custom role you created must be assigned to the Teleport service principal - +either the managed identity or the app registration you created earlier. + +Navigate to the resource scope where you want to make the role assignment. Click *Access control (IAM)* and +select *Add > Add role assignment*. Choose the custom role you created as the role and the Teleport +service principal as a member. + +
+![Assign role](../../../img/database-access/guides/azure/create-role-assignment@2x.png) +
+ + +The role assignment should be at a high enough scope to allow the Teleport Database Service to discover +all matching databases. See +[Identify the needed scope](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps#step-3-identify-the-needed-scope) +for more information about Azure scopes and creating role assignments. + +## Step 4/5. Create Azure database users To let Teleport connect to your Azure database authenticating as a service -principal, you need to create Azure AD users for that principal in the database. +principal, you need to create Azure AD users authenticated by that principal in the database. ### Assign Azure AD administrator @@ -231,7 +292,13 @@ and set the AD admin using the *Set admin* button: ![Set AD admin](../../../img/database-access/guides/azure/set-ad-admin@2x.png) -Note that only one AD user can be set as an admin for the database. + +Only one Azure user (or group) can be set as an Azure AD admin for the database. +If the Azure AD admin is removed from the server, all Azure AD logins will be disabled for the server. +Adding a new Azure AD admin from the same tenant will re-enable Azure AD logins. +Refer to [Use Azure Active Directory for authenticating with PostgreSQL](https://docs.microsoft.com/en-us/azure/postgresql/single-server/concepts-azure-ad-authentication) +for more information. + ### Connect to the database as an AD admin @@ -282,12 +349,19 @@ registrations: mysql> CREATE AADUSER 'teleport' IDENTIFIED BY '11111111-2222-3333-4444-555555555555'; Query OK, 0 rows affected (0.92 sec) ``` + + The created user may not have access to anything by default so let's grant it + some permissions: + + ```sql + GRANT ALL ON `%`.* TO 'teleport'@'%'; + ``` -You can create multiple database users for the same service principal. +You can create multiple database users identified by the same service principal. -## Step 4/4. Connect +## Step 5/5. Connect Log in to your Teleport cluster. Your Azure database should appear in the list of available databases: @@ -315,21 +389,10 @@ $ tsh db ls -Fetch a short-lived client certificate for your Azure database using the -`tsh db login` command: - -```code -$ tsh db login --db-user=teleport azure-db -``` - - - You can be logged in to multiple databases simultaneously. - - -Now connect to the database: +To retrieve credentials for a database and connect to it: ```code -$ tsh db connect azure-db +$ tsh db connect --db-user=teleport azure-db ``` @@ -343,6 +406,10 @@ To log out of the database and remove credentials: $ tsh db logout azure-db ``` +## Troubleshooting + +(!docs/pages/includes/database-access/azure-troubleshooting.mdx!) + ## Next steps (!docs/pages/includes/database-access/guides-next-steps.mdx!) diff --git a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx index f4ec970b4de51..3b08cf0e49159 100644 --- a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx +++ b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx @@ -37,8 +37,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/3. Install and configure Teleport ### Set up the Teleport Auth and Proxy Services @@ -187,27 +185,17 @@ $ tsh db ls -Fetch short-lived client certificate for it using `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login roach +$ tsh db connect roach ``` - - You can be logged into multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database server: ```code -$ tsh db login --db-user=alice roach -``` - -Now connect to the database: - -```code -$ tsh db connect roach +$ tsh db connect --db-user=alice roach ``` diff --git a/docs/pages/database-access/guides/dynamic-registration.mdx b/docs/pages/database-access/guides/dynamic-registration.mdx index 5cb01786db665..8da5713d3548d 100644 --- a/docs/pages/database-access/guides/dynamic-registration.mdx +++ b/docs/pages/database-access/guides/dynamic-registration.mdx @@ -94,8 +94,8 @@ $ tctl create database.yaml (!docs/pages/includes/tctl.mdx!) After the resource has been created, it will appear among the list of available -databases (in `tsh db ls` or UI) as long as at least one database agent picks -it up according to its label selectors. +databases (in `tsh db ls` or UI) as long as at least one Database Service +instance picks it up according to its label selectors. To update an existing database resource, run: diff --git a/docs/pages/database-access/guides/dynamodb.mdx b/docs/pages/database-access/guides/dynamodb.mdx new file mode 100644 index 0000000000000..4a1d6001a69b5 --- /dev/null +++ b/docs/pages/database-access/guides/dynamodb.mdx @@ -0,0 +1,303 @@ +--- +title: Database Access with AWS DynamoDB +description: How to access AWS DynamoDB with Teleport. +--- + +Access to AWS DynamoDB is provided by [**Teleport Application +Access**](../../application-access/introduction.mdx) for the AWS Console and +API. + +This guide will help you to: +- Install the Teleport Application Service. +- Set up the Teleport Application Service to access the AWS Console and API. +- Connect to your DynamoDB databases through the Teleport Application Service. + + +![DynamoDB Self-Hosted](../../../img/database-access/guides/dynamodb_selfhosted.png) + + + +![DynamoDB Cloud](../../../img/database-access/guides/dynamodb_cloud.png) + + +## Prerequisites + +- AWS account with DynamoDB databases. +- IAM permissions to create IAM roles. +- `aws` Command Line Interface (CLI) tool installed in PATH. +- A host, e.g., an EC2 instance, where you will run the Teleport Application + Service. + +(!docs/pages/includes/edition-prereqs-tabs.mdx!) + +(!docs/pages/includes/tctl.mdx!) + + +If you have not yet deployed the Auth Service and Proxy Service, you should follow one of our [getting started guides](../getting-started.mdx) or try our Teleport Application Access [interactive learning track](https://play.instruqt.com/teleport/invite/rgvuva4gzkon). + + +We will assume your Teleport cluster is accessible at `teleport.example.com` and `*.teleport.example.com`. You can substitute the address of your Teleport Proxy Service. (For Teleport Cloud customers, this will be similar to `mytenant.teleport.sh`.) + + +(!docs/pages/includes/dns-app-access.mdx!) + + +## Step 1/5. Create an IAM role for DynamoDB access + +Visit the [Roles page](https://console.aws.amazon.com/iamv2/home#/roles) of +the AWS Console, then press "Create Role". + +Select the "AWS account" option, which creates a default trust policy to allow +other entities in this account to assume this role: + +![Create Role Step 1](../../../img/database-access/guides/dynamodb-create-role-1.png) + +Press "Next". Find the AWS-managed policy `AmazonDynamoDBFullAccess` and then select the policy: + +![Create Role Step 2](../../../img/database-access/guides/dynamodb-create-role-2.png) + +Press "Next". Enter a role name and press "Create role": + +![Create Role Step 3](../../../img/database-access/guides/dynamodb-create-role-3.png) + + +`AmazonDynamoDBFullAccess` may provide too much access for your intentions. To +use a different IAM policy to reduce permissions, see [Managing access +permissions to your Amazon DynamoDB +Resources](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-overview.html) for more details. + + +## Step 2/5. Configure the Teleport IAM role mapping +The next step is to give your Teleport users permissions to assume IAM roles in +your Teleport cluster. + +You can do this by creating a Teleport role with the `aws_role_arns` field +listing the IAM role ARN created in the previous step: + +```yaml +kind: role +version: v5 +metadata: + name: aws-dynamodb-access +spec: + allow: + app_labels: + '*': '*' + aws_role_arns: + - arn:aws:iam::123456789000:role/ExampleTeleportDynamoDBRole +``` + +
+The `aws_role_arns` field supports template variables so they can be populated +dynamically based on your users' identity provider attributes. See [Role +Templates](../../access-controls/guides/role-templates.mdx) for details. +
+ +Now assign this role to the Teleport users you wish to grant access to +DynamoDB. + +## Step 3/5. Install the Teleport Application Service + +### Generate a token + +A join token is required to authorize a Teleport Application Service instance +to join the cluster. Generate a short-lived join token and save the output of +the command: + +```code +$ tctl tokens add \ + --type=app \ + --app-name=aws-dynamodb \ + --app-uri=https://console.aws.amazon.com/dynamodbv2/home +``` + +The output should contain a `teleport app start` command that can be used to +start the Teleport Application Service in the next step. + +### Install and start Teleport +Install Teleport on the host where you will run the Teleport Application +Service. See our [Installation](../../installation.mdx) page for options +besides Linux servers. + +(!docs/pages/includes/install-linux.mdx!) + +Now start the Teleport Application Service using the output from the previous +step: + +```code +$ teleport app start \ + --token=(=presets.tokens.first=) \ + --ca-pin=(=presets.ca_pin=) \ + --auth-server=https://teleport.example.com:443 \ + --name=aws-dynamodb \ + --uri=https://console.aws.amazon.com/dynamodbv2/home +``` + +## Step 4/5. Give Teleport permissions to assume roles + +Next, attach the following policy to the IAM role or IAM user the Teleport +Application Service instance is using, which allows the Application Service to +assume the IAM roles: + +```yaml +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sts:AssumeRole", + "Resource": "*" + } + ] +} +``` + + +You can make the policy more strict by providing specific IAM role resource +ARNs in the "Resource" field instead of using a wildcard. + + +## Step 5/5. Connect + +Once the Application Service has started and joined the cluster, you can start +connecting to your DynamoDB database. + +### Using AWS Management Console + +First log in to the Teleport Web UI at `https://teleport.example.com` (replace +with your Proxy Service's public address). + +Navigate to the Applications tab in your Teleport cluster's control panel and +click on the Launch button for the AWS DynamoDB application. This will bring up +an IAM role selector: + +![IAM role selector](../../../img/database-access/guides/dynamodb-select-iam-role.png) + +Click on the role you want to assume and you will get redirected to the AWS +Management Console, signed in with the selected role. + +In the console's top-right corner you should see that you're logged in through +federated login and the name of your assumed IAM role: + +![Federated login](../../../img/database-access/guides/dynamodb-federated-login.png) + +Note that your federated login session is marked with your Teleport username. + +### Using AWS CLI +Now, log into the previously configured AWS DynamoDB app on your desktop: + +```code +$ tsh app login --aws-role ExampleTeleportDynamoDBRole aws-dynamodb +Logged into AWS app aws. Example AWS CLI command: + +$ tsh aws s3 ls +``` + +The `--aws-role` flag allows you to specify the AWS IAM role to assume when +accessing the AWS API. You can either provide a role name like `--aws-role +ExampleTeleportDynamoDBRole` or a full role ARN like +`arn:aws:iam::123456789000:role/ExampleTeleportDynamoDBRole`. + +Now you can use the `tsh aws` command like the native `aws` command-line tool: + +```code +$ tsh aws dynamodb list-tables +``` + +To log out of the `aws-dynamodb` application and remove credentials: + +```code +$ tsh app logout aws-dynamodb +``` + +### Using other DynamoDB applications + +First, log into the previously configured AWS DynamoDB app if you haven't +already done so: + +```code +$ tsh app login --aws-role ExampleTeleportDynamoDBRole aws-dynamodb +``` + +To connect your DynamoDB application, you can start either a local HTTPS proxy +or a local AWS Service Endpoint proxy. + + + + By default, starting the AWS app proxy creates a local HTTPS proxy server + that forwards AWS requests to the Teleport Proxy Service, enabling you to + access AWS applications. + + Now, use the following command to start the proxy your applications will be + connecting to: + + ```code + $ tsh proxy aws -p 23456 + Started AWS proxy on http://127.0.0.1:23456. + + Use the following credentials and HTTPS proxy setting to connect to the proxy: + AWS_ACCESS_KEY_ID= + AWS_SECRET_ACCESS_KEY= + AWS_CA_BUNDLE= + HTTPS_PROXY=http://127.0.0.1:23456 + ``` + + Use the displayed AWS credentials and HTTPS proxy settings when configuring + your application. + + For example, you can assign the AWS credentials and the HTTPS proxy address + to environment variables for Python AWS SDK: + ```code + $ export AWS_ACCESS_KEY_ID= + $ export AWS_SECRET_ACCESS_KEY= + $ export AWS_CA_BUNDLE= + $ export HTTPS_PROXY=http://127.0.0.1:23456 + $ python3 + >>> import boto3 + >>> boto3.client('dynamodb').list_tables() + {'TableNames': ['my-dynamodb-table'], 'ResponseMetadata': {...}} + + ``` + + + + If your application cannot use a HTTPS proxy, start the AWS app proxy with + the `--endpoint-url` flag to create a local server that can be used as an + AWS Service Endpoint. + + ```code + $ tsh proxy aws --endpoint-url -p 23457 + Started AWS proxy which serves as an AWS endpoint URL at https://localhost:23457 + + In addition to the endpoint URL, use the following credentials to connect to the proxy: + AWS_ACCESS_KEY_ID= + AWS_SECRET_ACCESS_KEY= + AWS_CA_BUNDLE= + ``` + + For example, to connect the GUI tool `dynamodb-admin` to the local AWS + Service Endpoint proxy: + ```code + $ export AWS_ACCESS_KEY_ID= + $ export AWS_SECRET_ACCESS_KEY= + $ export NODE_EXTRA_CA_CERTS= + $ export DYNAMO_ENDPOINT=https://127.0.0.1:23457 + $ dynamodb-admin + database endpoint: https://127.0.0.1:23457 + region: ca-central-1 + accessKey: + + dynamodb-admin listening on http://localhost:8001 (alternatively http://0.0.0.0:8001) + ``` + + + +To log out of the `aws-dynamodb` application and remove credentials: + +```code +$ tsh app logout aws-dynamodb +``` + +## Next steps +- More information on [AWS Management and API with Teleport Application Access](../../application-access/guides/aws-console.mdx). +- Learn more about [AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html). diff --git a/docs/pages/database-access/guides/ha.mdx b/docs/pages/database-access/guides/ha.mdx index 730132fd7ba66..a0c3daa4cdaa4 100644 --- a/docs/pages/database-access/guides/ha.mdx +++ b/docs/pages/database-access/guides/ha.mdx @@ -37,37 +37,36 @@ $ tsh db ls # -------- # postgres -$ tsh db login postgres $ tsh db connect postgres ``` -When connecting, Teleport will randomly pick the service to connect through to -provide some load balancing. If the selected agent is down (e.g. in case of AZ -outage), Teleport will try to connect via other agents. +When connecting, Teleport will randomly pick the Database Service instance to +connect through to provide some load balancing. If the selected instance is down +(e.g. in case of AZ outage), Teleport will try to connect via other instances. ## Separate replicas -With separate replicas, each Database Service agent proxying the database +With separate replicas, each Database Service instance proxying the database assigns it a different name. This allows you to explicitly pick the agent you want to connect to the database over: ```yaml -# Database service agent #1. +# Database service instance #1. db_service: enabled: "yes" databases: - # Note the name is different than agent #2 but URI is the same. + # Note the name is different than instance #2 but the URI is the same. - name: "postgres-us-east-1a" protocol: "postgres" uri: "postgres.example.com:5432" ``` ```yaml -# Database service agent #2. +# Database service instance #2. db_service: enabled: "yes" databases: - # Note the name is different than agent #1 but URI is the same. + # Note the name is different than instance #1 but the URI is the same. - name: "postgres-us-east-1b" protocol: "postgres" uri: "postgres.example.com:5432" @@ -83,7 +82,6 @@ $ tsh db ls # postgres-us-east-1a # postgres-us-east-1b -$ tsh db login postgres-us-east-1a $ tsh db connect postgres-us-east-1a ``` diff --git a/docs/pages/database-access/guides/mongodb-atlas.mdx b/docs/pages/database-access/guides/mongodb-atlas.mdx index 25dd37d307837..4e5b07761218e 100644 --- a/docs/pages/database-access/guides/mongodb-atlas.mdx +++ b/docs/pages/database-access/guides/mongodb-atlas.mdx @@ -27,8 +27,6 @@ In this guide you will: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/3. Configure Teleport ### Set up the Teleport Auth and Proxy services @@ -251,28 +249,17 @@ $ tsh db ls -To connect to a particular database instance, first retrieve its certificate -using `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login mongodb-atlas +$ tsh db connect mongodb-atlas ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=alice mongodb-atlas -``` - -Once logged in, connect to the database: - -```code -$ tsh db connect mongodb-atlas +$ tsh db connect --db-user=alice mongodb-atlas ``` diff --git a/docs/pages/database-access/guides/mongodb-self-hosted.mdx b/docs/pages/database-access/guides/mongodb-self-hosted.mdx index 55194d8248556..6da81c89bfd8c 100644 --- a/docs/pages/database-access/guides/mongodb-self-hosted.mdx +++ b/docs/pages/database-access/guides/mongodb-self-hosted.mdx @@ -33,8 +33,6 @@ In this guide you will: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/3. Install and configure Teleport ### Set up the Teleport Auth and Proxy services @@ -256,28 +254,17 @@ $ tsh db ls -To connect to a particular database instance, first retrieve its certificate -using the `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login example-mongo +$ tsh db connect example-mongo ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=alice example-mongo -``` - -Once logged in, connect to the database: - -```code -$ tsh db connect example-mongo +$ tsh db connect --db-user=alice example-mongo ``` diff --git a/docs/pages/database-access/guides/mysql-cloudsql.mdx b/docs/pages/database-access/guides/mysql-cloudsql.mdx index 027d38853397a..854f2e39c8da3 100644 --- a/docs/pages/database-access/guides/mysql-cloudsql.mdx +++ b/docs/pages/database-access/guides/mysql-cloudsql.mdx @@ -26,8 +26,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/5. Create a service account for the Teleport Database Service Teleport uses one-time passwords to authenticate with Cloud SQL MySQL. To be @@ -280,28 +278,17 @@ $ tsh db ls Note that you will only be able to see databases your role has access to. See our [RBAC](../rbac.mdx) guide for more details. -To connect to a particular database server, first retrieve credentials from -Teleport using the `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login cloudsql +$ tsh db connect cloudsql ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database user and database name to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=alice --db-name=mysql cloudsql -``` - -Once logged in, connect to the database: - -```code -$ tsh db connect cloudsql +$ tsh db connect --db-user=alice --db-name=mysql cloudsql ``` diff --git a/docs/pages/database-access/guides/mysql-self-hosted.mdx b/docs/pages/database-access/guides/mysql-self-hosted.mdx index cfeb191aa833d..6fa5124ffa77f 100644 --- a/docs/pages/database-access/guides/mysql-self-hosted.mdx +++ b/docs/pages/database-access/guides/mysql-self-hosted.mdx @@ -26,8 +26,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/4. Set up the Teleport Auth and Proxy Services Teleport Database Access for MySQL is available starting from Teleport version @@ -248,31 +246,17 @@ $ tsh db ls Note that you will only be able to see databases your role has access to. See the [RBAC](../rbac.mdx) guide for more details. -To connect to a particular database server, first retrieve credentials from -Teleport using the `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login example +$ tsh db connect example ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=root --db-name=mysql example -``` - -Once logged in, connect to the database: - -```code -$ tsh db connect example +$ tsh db connect --db-user=root --db-name=mysql example ``` diff --git a/docs/pages/database-access/guides/postgres-cloudsql.mdx b/docs/pages/database-access/guides/postgres-cloudsql.mdx index b342c1eb041e6..e4e4ae3d2e88a 100644 --- a/docs/pages/database-access/guides/postgres-cloudsql.mdx +++ b/docs/pages/database-access/guides/postgres-cloudsql.mdx @@ -22,13 +22,12 @@ This guide will help you to: ## Prerequisites - Google Cloud account +- Command-line client `psql` installed and added to your system's `PATH` environment variable. - A host, e.g., a Compute Engine instance, where you will run the Teleport Database Service (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/7. Enable Cloud SQL IAM authentication Teleport uses [IAM database authentication](https://cloud.google.com/sql/docs/postgres/authentication) @@ -122,7 +121,7 @@ Assign it the "Service Account Token Creator" role: "Service Account Token Creator", "Cloud SQL Viewer", and "Cloud SQL Admin" - IAM roles include more permissions than the database agent needs. To further + IAM roles include more permissions than the Database Service needs. To further restrict the service account, you can create a role that includes only the following permissions: ```ini @@ -351,25 +350,17 @@ $ tsh db ls Note that you will only be able to see databases your role has access to. See our [RBAC](../rbac.mdx) guide for more details. -To connect to a particular database server, first retrieve credentials from -Teleport using the `tsh db login` command: +To retrieve credentials for a database and connect to it: ```sh -$ tsh db login cloudsql +$ tsh db connect cloudsql ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=teleport@.iam --db-name=postgres cloudsql +$ tsh db connect --db-user=teleport@.iam --db-name=postgres cloudsql ``` .iam --db-name=postgres cloudsql -Once logged in, connect to the database: - -```code -$ tsh db connect aurora -``` - - - The `psql` command-line client should be available in PATH in order to be - able to connect. - - To log out of the database and remove credentials: ```code diff --git a/docs/pages/database-access/guides/postgres-redshift.mdx b/docs/pages/database-access/guides/postgres-redshift.mdx index 985039a655472..f5db5b22083ec 100644 --- a/docs/pages/database-access/guides/postgres-redshift.mdx +++ b/docs/pages/database-access/guides/postgres-redshift.mdx @@ -23,13 +23,12 @@ This guide will help you to: - AWS account with a Redshift cluster and permissions to create and attach IAM policies. +- Command-line client `psql` installed and added to your system's `PATH` environment variable. - A host, e.g., an EC2 instance, where you will run the Teleport Database Service. (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/6. Install Teleport (!docs/pages/includes/database-access/start-auth-proxy.mdx!) @@ -93,7 +92,7 @@ $ teleport start --config=/etc/teleport.yaml ``` The Database Service will discover all Redshift databases according to the configuration -and register them in the cluster. The agent will also attempt to configure IAM +and register them in the cluster. The Database Service will also attempt to configure IAM access policies for the discovered databases. Keep in mind that AWS IAM changes may not propagate immediately and can take a few minutes to come into effect. @@ -139,21 +138,21 @@ $ tsh db ls -Log in to a particular database using the `tsh db login` command: + + You can override the database name by applying the `teleport.dev/database_name` AWS tag to the resource. The value of the tag will be used as the database name. + + +To retrieve credentials for a database and connect to it: ```code -$ tsh db login my-redshift +$ tsh db connect my-redshift ``` - - You can be logged into multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=awsuser --db-name=dev my-redshift +$ tsh db connect --db-user=awsuser --db-name=dev my-redshift ``` @@ -161,23 +160,16 @@ $ tsh db login --db-user=awsuser --db-name=dev my-redshift tokens for Redshift databases. Users must exist in the database. -Now connect to the database: - -```code -$ tsh db connect my-redshift -``` - - - The `psql` command-line client should be available in `PATH` in order to be - able to connect. - - To log out of the database and remove credentials: ```code $ tsh db logout my-redshift ``` +## Troubleshooting + +(!docs/pages/includes/database-access/aws-troubleshooting.mdx!) + ## Next steps - Learn more about [using IAM authentication to generate database user diff --git a/docs/pages/database-access/guides/postgres-self-hosted.mdx b/docs/pages/database-access/guides/postgres-self-hosted.mdx index cb381fba37e2d..9128ddc2e6e62 100644 --- a/docs/pages/database-access/guides/postgres-self-hosted.mdx +++ b/docs/pages/database-access/guides/postgres-self-hosted.mdx @@ -21,13 +21,12 @@ This guide will help you to: ## Prerequisites - A self-hosted PostgreSQL instance. +- Command-line client `psql` installed and added to your system's `PATH` environment variable. - A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database Service. (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/5. Set up the Teleport Auth and Proxy services Teleport Database Access for PostgreSQL is available starting from the `6.0` @@ -222,38 +221,19 @@ $ tsh db ls Note that you will only be able to see databases your role has access to. See [RBAC](../rbac.mdx) section for more details. -To connect to a particular database server, first retrieve credentials from -Teleport using `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login example +$ tsh db connect example ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=postgres --db-name=postgres example +$ tsh db connect --db-user=postgres --db-name=postgres example ``` -Once logged in, connect to the database: - -```code -$ tsh db connect example -``` - - - The `psql` command-line client should be available in `PATH` in order to be - able to connect. - - To log out of the database and remove credentials: ```code diff --git a/docs/pages/database-access/guides/rds.mdx b/docs/pages/database-access/guides/rds.mdx index c62f3cd1c3448..f784a28ca9008 100644 --- a/docs/pages/database-access/guides/rds.mdx +++ b/docs/pages/database-access/guides/rds.mdx @@ -38,8 +38,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/7. Install Teleport (!docs/pages/includes/database-access/start-auth-proxy.mdx!) @@ -69,7 +67,7 @@ $ teleport db configure create \ ``` - + ```code $ teleport db configure create \ @@ -187,29 +185,21 @@ $ tsh db ls Primary, reader, and custom endpoints of Aurora clusters have names of ``, `-reader`, and `-custom-` respectively. + + You can override the `` part of the name with `teleport.dev/database_name` AWS tag. -Log in to particular database using `tsh db login` command: +To retrieve credentials for a database and connect to it: ```code -$ tsh db login postgres-rds +$ tsh db connect postgres-rds ``` - - You can be logged in to multiple databases simultaneously. - - You can optionally specify the database name and the user to use by default when connecting to the database instance: ```code -$ tsh db login --db-user=postgres --db-name=postgres postgres-rds -``` - -Now connect to the database: - -```code -$ tsh db connect postgres-rds +$ tsh db connect --db-user=postgres --db-name=postgres postgres-rds ``` @@ -223,6 +213,10 @@ To log out of the database and remove credentials: $ tsh db logout postgres-rds ``` +## Troubleshooting + +(!docs/pages/includes/database-access/aws-troubleshooting.mdx!) + ## Next steps (!docs/pages/includes/database-access/guides-next-steps.mdx!) diff --git a/docs/pages/database-access/guides/redis-aws.mdx b/docs/pages/database-access/guides/redis-aws.mdx new file mode 100644 index 0000000000000..7bcd449c022e3 --- /dev/null +++ b/docs/pages/database-access/guides/redis-aws.mdx @@ -0,0 +1,238 @@ +--- +title: Database Access with AWS ElastiCache and AWS MemoryDB for Redis +description: How to configure Teleport Database Access with AWS ElastiCache and AWS MemoryDB for Redis. +--- + +This guide will help you to: + +- Install Teleport `(=teleport.version=)`. +- Set up Teleport to access your ElastiCache and MemoryDB for Redis clusters. +- Connect to your clusters through Teleport. + + +![Teleport Database Access RDS Self-Hosted](../../../img/database-access/guides/redis_elasticache_selfhosted.png) + + + +![Teleport Database Access RDS Cloud](../../../img/database-access/guides/redis_elasticache_cloud.png) + + +## Prerequisites + +- AWS account with at least one ElastiCache or MemoryDB for Redis clusters + **In-transit encryption via (TLS) must be enabled**. +- Permissions to create and attach IAM policies. +- `redis-cli` version `6.2` or newer installed and added to your system's `PATH` environment variable. +- A host, e.g., an EC2 instance, where you will run the Teleport Database + Service. + +## Step 1/7. Install Teleport + +(!docs/pages/includes/database-access/start-auth-proxy.mdx!) + +## Step 2/7. Create a Teleport user + +(!docs/pages/includes/database-access/create-user.mdx!) + +## Step 3/7. Create a Database Service configuration + +(!docs/pages/includes/database-access/token.mdx!) + +Install Teleport on the host where you will run the Teleport Database Service: + +(!docs/pages/includes/install-linux.mdx!) + +Create the Database Service configuration: + + + + + + ```code + $ teleport db configure create \ + -o file \ + --proxy=teleport.example.com:3080 \ + --token=/tmp/token \ + --elasticache-discovery=us-west-1 + ``` + + + ```code + $ teleport db configure create \ + -o file \ + --proxy=teleport.example.com:3080 \ + --token=/tmp/token \ + --memorydb-discovery=us-west-1 + ``` + + + + + + + + + ```code + $ teleport db configure create \ + -o file \ + --proxy=mytenant.teleport.sh \ + --token=/tmp/token \ + --elasticache-discovery=us-west-1 + ``` + + + ``` + $ teleport db configure create \ + -o file \ + --proxy=mytenant.teleport.sh \ + --token=/tmp/token \ + --memorydb-discovery=us-west-1 + ``` + + + + + +The command will generate a Database Service configuration with ElastiCache or +MemoryDB database auto-discovery enabled on the `us-west-1` region and place it +at the `/etc/teleport.yaml` location. + +## Step 4/7. Create an IAM policy for Teleport + +Teleport needs AWS IAM permissions to be able to: + +- Discover and register ElastiCache and MemoryDB for Redis clusters. +- Modify ElastiCache and MemoryDB user passwords for Teleport-managed users. +- Save user passwords in AWS Secrets Manager for Teleport-managed users. + +(!docs/pages/includes/database-access/aws-bootstrap.mdx!) + +## Step 5/7. Start the Database Service + +Start the Database Service: + +```code +$ teleport start --config=/etc/teleport.yaml +``` + +The Database Service will discover and register all ElastiCache and MemoryDB +for Redis clusters according to the configuration. + +## Step 6/7. Create a Teleport-managed ElastiCache or MemoryDB user (optional) + +To provide better security, it is recommended to use [Redis +ACL](https://redis.io/docs/manual/security/acl/) for authentication with Redis +and let Teleport manage the users. The Teleport Database Service constantly +rotates any passwords managed by Teleport, saves these passwords in AWS Secrets +Manager, and automatically sends an `AUTH` command with the saved password when +connecting the client to the Redis server. + +To enable Redis ACL, please see [Authenticating users with Role-Based Access +Control for +ElastiCache](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) +and [Authenticating users with Access Control Lists for +MemoryDB](https://docs.aws.amazon.com/memorydb/latest/devguide/clusters.acls.html). + +Once an ElastiCache or MemoryDB user is created with the desired access, add an +AWS resource tag `teleport.dev/managed` with the value `true` to this user: + +![Managed User Tag](../../../img/database-access/guides/redis/redis-aws-managed-user-tag.png) + +The Database Service will automatically discover this user if it is associated +with a registered database. Keep in mind that it may take the Database Service +some time (up to 20 minutes) to discover this user once the tag is added. + +## Step 7/7. Connect + +Once the Database Service has started and joined the cluster, log in to see the +registered databases: + + +```code +$ tsh login --proxy=teleport.example.com --user=alice +$ tsh db ls +# Name Description Labels +# --------------------------- --------------------------------------------------------- -------- +# my-cluster-mode-elasticache ElastiCache cluster in us-west-1 (configuration endpoint) ... +# my-elasticache ElastiCache cluster in us-west-1 (primary endpoint) ... +# my-elasticache-reader ElastiCache cluster in us-west-1 (reader endpoint) ... +# my-memorydb MemoryDB cluster in us-west-1 ... +``` + + + + +```code +$ tsh login --proxy=mytenant.teleport.sh --user=alice +$ tsh db ls +# Name Description Labels +# --------------------------- --------------------------------------------------------- -------- +# my-cluster-mode-elasticache ElastiCache cluster in us-west-1 (configuration endpoint) ... +# my-elasticache ElastiCache cluster in us-west-1 (primary endpoint) ... +# my-elasticache-reader ElastiCache cluster in us-west-1 (reader endpoint) ... +# my-memorydb MemoryDB cluster in us-west-1 ... +``` + + + + + You can override the database name by applying the `teleport.dev/database_name` AWS tag to the resource. The value of the tag will be used as the database name. + + +To retrieve credentials for a database and connect to it: + +```code +$ tsh db connect --db-user=my-database-user my-elasticache +``` + +If flag `--db-user` is not provided, Teleport logs in as the `default` user. + +Now, depending on the authentication configurations, you may need to send an +`AUTH` command to authenticate with the Redis server: + + + + The Database Service automatically authenticates Teleport-managed users + with the Redis server. No `AUTH` command is required after successful + connection. + + If you are connecting as a non-Teleport-managed user, the connection + normally starts as the `default` user. Now you can authenticate the + database user with its password: + + ``` + AUTH my-database-user + ``` + + + + Now you can authenticate with the shared AUTH token: + + ``` + AUTH + ``` + + + + For Redis deployments without the ACL system or legacy `requirepass` + directive enabled, no `AUTH` command is required. + + + + +To log out of the database and remove credentials: + +```code +# Remove credentials for a particular database instance. +$ tsh db logout my-elasticache +# Remove credentials for all database instances. +$ tsh db logout +``` + +## Troubleshooting + +(!docs/pages/includes/database-access/aws-troubleshooting.mdx!) + +## Next steps + +(!docs/pages/includes/database-access/guides-next-steps.mdx!) diff --git a/docs/pages/database-access/guides/redis-cluster.mdx b/docs/pages/database-access/guides/redis-cluster.mdx index bdf28bc32070b..10051721ff8b7 100644 --- a/docs/pages/database-access/guides/redis-cluster.mdx +++ b/docs/pages/database-access/guides/redis-cluster.mdx @@ -34,7 +34,7 @@ This guide will help you to: - Redis version `6.0` or newer. -- `redis-cli` installed and added to your system's `PATH` environment variable. +- `redis-cli` version `6.2` or newer installed and added to your system's `PATH` environment variable. - A host where you will run the Teleport Database Service. Teleport version 9.0 or newer must be installed. @@ -43,8 +43,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - Redis `7.0` and RESP3 (REdis Serialization Protocol) are currently not supported. diff --git a/docs/pages/database-access/guides/redis.mdx b/docs/pages/database-access/guides/redis.mdx index 90f9564457bf7..82c06f626c7fd 100644 --- a/docs/pages/database-access/guides/redis.mdx +++ b/docs/pages/database-access/guides/redis.mdx @@ -34,7 +34,7 @@ This guide will help you to: - Redis version `6.0` or newer. -- `redis-cli` installed and added to your system's `PATH` environment variable. +- `redis-cli` version `6.2` or newer installed and added to your system's `PATH` environment variable. - A host where you will run the Teleport Database Service. Teleport version 9.0 or newer must be installed. @@ -43,8 +43,6 @@ This guide will help you to: (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - Redis `7.0` and RESP3 (REdis Serialization Protocol) are currently not supported. diff --git a/docs/pages/database-access/guides/snowflake.mdx b/docs/pages/database-access/guides/snowflake.mdx new file mode 100644 index 0000000000000..bcf5914a485df --- /dev/null +++ b/docs/pages/database-access/guides/snowflake.mdx @@ -0,0 +1,195 @@ +--- +title: Database Access with Snowflake +description: How to configure Teleport Database Access with Snowflake. +--- + +
+ Database access for Snowflake is available starting from Teleport `10.0`. +
+ +This guide will help you to: + +- Install and configure Teleport. +- Assign Teleport's public key to a Snowflake user. +- Connect to Snowflake through Teleport. + + + ![Teleport Database Access Snowflake Self-Hosted](../../../img/database-access/guides/snowflake_selfhosted.png) + + + + ![Teleport Database Access Snowflake Cloud](../../../img/database-access/guides/snowflake_cloud.png) + + +## Prerequisites + +- Snowflake account with `SECURITYADMIN` role or higher. + +- `snowsql` installed and added to your system's `PATH` environment variable. + +- A host where you will run the Teleport Database Service. Teleport version 10.0 or newer must be installed. + + See [Installation](../../installation.mdx) for details. + +(!docs/pages/includes/user-client-prereqs.mdx!) + +(!docs/pages/includes/tctl.mdx!) + +## Step 1/5. Install and configure Teleport + +### Set up the Teleport Auth and Proxy Services + +(!docs/pages/includes/database-access/start-auth-proxy.mdx!) + +### Set up the Teleport Database Service + +(!docs/pages/includes/database-access/token.mdx!) + +Install Teleport on the host where you will run the Teleport Database Service: + +(!docs/pages/includes/install-linux.mdx!) + + + + Start the Teleport Database Service, pointing the `--auth-server` flag to the + address of your Teleport Proxy Service: + + ```code + $ teleport db start \ + --token=/tmp/token \ + --auth-server=teleport.example.com:3080 \ + --name=example-snowflake \ + --protocol=snowflake \ + --uri=https://abc12345.snowflakecomputing.com \ + --labels=env=dev + ``` + + + + The `--auth-server` flag must point to the Teleport cluster's Proxy Service + endpoint because the Database Service always connects back to the cluster over a + reverse tunnel. + + + + + + + Start the Teleport Database Service, pointing the `--auth-server` flag to the + address of your Teleport Cloud tenant: + + ```code + $ teleport db start \ + --token=/tmp/token \ + --auth-server=mytenant.teleport.sh:443 \ + --name=example-snowflake \ + --protocol=snowflake \ + --uri=https://abc12345.snowflakecomputing.com \ + --labels=env=dev + ``` + + + + + You can start the Database Service using a configuration file instead of CLI flags. + See the [YAML reference](../reference/configuration.mdx) for details. + + +## Step 2/5. Create a Teleport user + +(!docs/pages/includes/database-access/create-user.mdx!) + +## Step 3/5. Export a public key + +Use the `tctl auth sign` command below to export a public key for your Snowflake user: + +```code +$ tctl auth sign --format=snowflake --out=server +``` + +The command will create a `server.pub` file with Teleport's public key. Teleport will use the corresponding private key to +generate a JWT (JSON Web Token) that will be used to authenticate to Snowflake. + +(!docs/pages/includes/database-access/rotation-note.mdx!) + +## Step 4/5. Add the public key to your Snowflake user + +Use the public key you generated earlier to enable key pair authentication. + +Log in to your Snowflake instance and execute the SQL statement below: + +```sql +alter user alice set rsa_public_key='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3dHYw4LJCcZzdbhb3hV...LwIDAQAB'; +``` + +In this statement, `alice` is the name of the Snowflake user and the `rsa_public_key` is the key generated earlier without +the PEM header/footer (first and the last line). + +You can use the `describe user` command to verify the user's public key: + +```sql +desc user alice; +``` + +See the [Snowflake documentation](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#step-4-assign-the-public-key-to-a-snowflake-user) +for more details. + +## Step 5/5. Connect + +Log in to your Teleport cluster and see the available databases: + + + + ```code + $ tsh login --proxy=teleport.example.com --user=alice + $ tsh db ls + # Name Description Labels + # ----------------- ------------------- -------- + # example-snowflake Example Snowflake ❄ env=dev + ``` + + + ```code + $ tsh login --proxy=mytenant.teleport.sh --user=alice + $ tsh db ls + # Name Description Labels + # ----------------- ------------------- -------- + # example-snowflake Example Snowflake ❄ env=dev + ``` + + + +To retrieve credentials for a database and connect to it: + +```code +$ tsh db connect example-snowflake +``` + +You can optionally specify the database user and the database name to use by +default when connecting to the database instance: + +```code +$ tsh db connect --db-user=alice --db-name=SNOWFLAKE_SAMPLE_DATA example-snowflake +``` + +The `snowsql` command-line client should be available in the system `PATH` in order to be +able to connect. + +To log out of the database and remove credentials: + +```code +# Remove credentials for a particular database instance. +$ tsh db logout example-snowflake +# Remove credentials for all database instances. +$ tsh db logout +``` + +## Next steps + +(!docs/pages/includes/database-access/guides-next-steps.mdx!) diff --git a/docs/pages/database-access/guides/sql-server-ad.mdx b/docs/pages/database-access/guides/sql-server-ad.mdx index 2fd22d9e89c5f..65dd7672b4ed4 100644 --- a/docs/pages/database-access/guides/sql-server-ad.mdx +++ b/docs/pages/database-access/guides/sql-server-ad.mdx @@ -1,6 +1,7 @@ --- title: Database Access with Microsoft SQL Server with Active Directory authentication (Preview) description: How to configure Teleport Database Access with Microsoft SQL Server with Active Directory authentication. +videoBanner: k2wz79XCexY ---
- Database access for Microsoft SQL Server is currently in a Preview mode and - does not include audit logging of database query activity. + Database Access for Microsoft SQL Server is currently in Preview mode. This guide will help you to: @@ -46,8 +46,6 @@ Directory authentication. (!docs/pages/includes/user-client-prereqs.mdx!) -(!docs/pages/includes/tctl.mdx!) - ## Step 1/7. Set up the Teleport Auth and Proxy (!docs/pages/includes/database-access/start-auth-proxy.mdx!) @@ -355,20 +353,10 @@ $ tsh db ls -Fetch the short-lived client certificate for it using the `tsh db login` command: - -```code -$ tsh db login --db-user=teleport sqlserver -``` - - - You can be logged in to multiple databases simultaneously. - - -Now connect to the database: +To retrieve credentials for a database and connect to it: ```code -$ tsh db connect sqlserver +$ tsh db connect --db-user=teleport sqlserver ``` diff --git a/docs/pages/database-access/introduction.mdx b/docs/pages/database-access/introduction.mdx index fd3a8fc21c687..63e9e2de9067d 100644 --- a/docs/pages/database-access/introduction.mdx +++ b/docs/pages/database-access/introduction.mdx @@ -11,7 +11,7 @@ Some of the things you can do with Database Access: - Users can retrieve short-lived database certificates using single sign-on flow thus maintaining their organization-wide identity. - Configure role-based access controls for databases and implement custom - [access request](../enterprise/workflow/index.mdx) workflows. + [Access Request](../access-controls/access-requests.mdx) workflows. - Capture database access events as well as query activity in the audit log. Database Access currently supports the following databases: @@ -51,11 +51,7 @@ with GitHub, execute a few SQL queries and observe them in the audit log: ## Getting started - - - Connect Aurora PostgreSQL in a 10 minute guide. - - +- [Getting started](./getting-started.mdx): Connect Aurora PostgreSQL in a 10 minute guide. (!docs/pages/includes/database-access/guides.mdx!) diff --git a/docs/pages/database-access/rbac.mdx b/docs/pages/database-access/rbac.mdx index ab9f96be220bd..0af8c3457f67f 100644 --- a/docs/pages/database-access/rbac.mdx +++ b/docs/pages/database-access/rbac.mdx @@ -100,7 +100,7 @@ is not currently enforced on MySQL connection attempts. Similar to other role fields, `db_*` fields support templating variables. -The `{{external.xyz}}` variables are replaced with values from external [SSO](../enterprise/sso.mdx) +The `{{external.xyz}}` variables are replaced with values from external [SSO](../access-controls/sso.mdx) providers. For OIDC, they will be expanded with a value of an "xyz" claim; for SAML — with an "xyz" assertion value. diff --git a/docs/pages/database-access/reference/audit.mdx b/docs/pages/database-access/reference/audit.mdx index 72bd21d077638..7527637466c6d 100644 --- a/docs/pages/database-access/reference/audit.mdx +++ b/docs/pages/database-access/reference/audit.mdx @@ -24,7 +24,7 @@ Successful connection event: "ei": 0, // Event index within the session. "event": "db.session.start", // Event name. "namespace": "default", // Event namespace, always "default". - "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database service agent host ID. + "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database Service host ID. "sid": "63b6fa11-cd44-477b-911a-602b75ab13b5", // Unique database session ID. "success": true, // Indicates successful connection. "time": "2021-04-27T23:00:26.014Z", // Event timestamp. @@ -49,7 +49,7 @@ Access denied event: "event": "db.session.start", // Event name. "message": "access to database denied", // Detailed error message. "namespace": "default", // Event namespace, always "default". - "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database service agent host ID. + "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database Service host ID. "sid": "d18388e5-cc7c-4624-b22b-d36db60d0c50", // Unique database session ID. "success": false, // Indicates unsuccessful connection. "time": "2021-04-27T23:03:05.226Z", // Event timestamp. diff --git a/docs/pages/database-access/reference/aws.mdx b/docs/pages/database-access/reference/aws.mdx index 9bf906be356eb..c44f3e9b78ddb 100644 --- a/docs/pages/database-access/reference/aws.mdx +++ b/docs/pages/database-access/reference/aws.mdx @@ -5,10 +5,14 @@ description: AWS IAM policies for Teleport database access. ## Auto-discovery With the appropriate IAM permissions, Teleport automatically discovers and -configures IAM policies for Amazon RDS and Redshift. +configures IAM policies for Amazon RDS and Redshift. Teleport also requires +permission to update database configurations, for example, to enable IAM +authentication on RDS databases. -Teleport also requires permission to update database configurations, for example, to -enable IAM authentication on RDS databases. +For Amazon ElastiCache and MemoryDB, Teleport requires permission to +automatically discover the Redis clusters. Teleport also requires permission to +automatically discover and modify any Teleport-managed ElastiCache or MemoryDB +users and permission to manage the passwords in AWS Secrets Manager. You can generate and manage the permissions with the [`teleport db configure bootstrap`](../../database-access/reference/cli.mdx#teleport-db-configure-bootstrap) @@ -19,8 +23,8 @@ IAM policies: $ teleport db configure bootstrap --manual ``` -Or if you prefer, you manage the IAM permissions yourself. Examples of policies -for each discovery type are shown below. +Or if you prefer, you can manage the IAM permissions yourself. Examples of +policies for each discovery type are shown below. ### Aurora/RDS @@ -29,7 +33,7 @@ for each discovery type are shown below. Use this policy if you're connecting to RDS instances and your Teleport database agent runs as an IAM user (for example, uses an AWS credentials file). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -57,10 +61,10 @@ for each discovery type are shown below. Use this policy if you're connecting to RDS instances and your Teleport - database agent runs as an IAM role (for example, on an EC2 instance with + Database Service runs as an IAM role (for example, on an EC2 instance with an attached IAM role). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -88,9 +92,9 @@ for each discovery type are shown below. Use this policy if you're connecting to Aurora clusters and your Teleport - database agent runs as an IAM user (for example, uses an AWS credentials file). + Database Service runs as an IAM user (for example, uses an AWS credentials file). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -118,10 +122,10 @@ for each discovery type are shown below. Use this policy if you're connecting to Aurora clusters and your Teleport - database agent runs as an IAM role (for example, on an EC2 instance with + Database Service runs as an IAM role (for example, on an EC2 instance with an attached IAM role). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -153,10 +157,10 @@ for each discovery type are shown below. - Use this permission boundary if your Teleport database agent runs as an IAM + Use this permission boundary if your Teleport Database Service runs as an IAM user (for example, it uses an AWS credentials file). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -186,7 +190,7 @@ for each discovery type are shown below. Use this permission boundary if your Teleport database agent runs as an IAM role (for example, on an EC2 instance with an attached IAM role). - Replace `{account-id}` with your AWS Account ID. + Replace `{account-id}` with your AWS Account ID: ```json { "Version": "2012-10-17", @@ -214,9 +218,99 @@ for each discovery type are shown below. +### ElastiCache/MemoryDB + +In addition to database discovery, Teleport requires permissions to modify user +passwords, and save passwords in AWS Secrets Manager, if any ElastiCache or +MemoryDB users are tagged to be managed by Teleport. + + + + Use this policy if you are connecting to ElastiCache clusters. + + Replace `{account-id}` with your AWS Account ID: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticache:ListTagsForResource", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheSubnetGroups", + "elasticache:DescribeUsers", + "elasticache:ModifyUser" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:aws:secretsmanager:*:{account-id}:secret:teleport/*" + ] + } + ] + } + ``` + + + Use this policy if you are connecting to MemoryDB clusters. + + Replace `{account-id}` with your AWS Account ID: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "memorydb:ListTags", + "memorydb:DescribeClusters", + "memorydb:DescribeSubnetGroups", + "memorydb:DescribeUsers", + "memorydb:UpdateUser" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:aws:secretsmanager:*:{account-id}:secret:teleport/*" + ] + } + ] + } + ``` + + + ## Manual registration -If you prefer to register RDS or Redshift databases manually using a [static -configuration](./configuration.mdx) or +If you prefer to register RDS, Redshift, ElastiCache or MemoryDB databases +manually using a [static configuration](./configuration.mdx) or [`tctl`](../guides/dynamic-registration.mdx) and manage IAM yourself, example IAM policies with the required permissions are shown below. @@ -308,3 +402,128 @@ See [Create an IAM role or user with permissions to call GetClusterCredentials](https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html) for more information. +### ElastiCache/MemoryDB policy + +If any ElastiCache or MemoryDB users are tagged to be managed by Teleport, +below are the IAM permissions required for managing the ElastiCache or MemoryDB +users. Otherwise, no additional IAM permissions are required. + + + + Use this policy for managing ElastiCache users. + + Replace `{account-id}` with your AWS Account ID: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticache:ListTagsForResource", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeUsers", + "elasticache:ModifyUser" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:aws:secretsmanager:*:{account-id}:secret:teleport/*" + ] + } + ] + } + ``` + + + Use this policy for managing MemoryDB users. + + Replace `{account-id}` with your AWS Account ID: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "memorydb:ListTags", + "memorydb:DescribeClusters", + "memorydb:DescribeUsers", + "memorydb:UpdateUser" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:aws:secretsmanager:*:{account-id}:secret:teleport/*" + ] + } + ] + } + ``` + + + +If any custom key prefix or KMS key ID is used in the static configuration, add +the following to the IAM policy. + +Replace `{account-id}`, `{my-prefix}` and `{my-kms-id}` accordingly: + +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:TagResource" + ], + "Resource": [ + "arn:aws:secretsmanager:*:{account-id}:secret:{my-prefix}/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "Resource": [ + "arn:aws:kms:*:{account-id}:key/{my-kms-id}", + ] + } + ] +} +``` + diff --git a/docs/pages/database-access/reference/cli.mdx b/docs/pages/database-access/reference/cli.mdx index 1dd0f9ddb0e84..5e280397c1aaa 100644 --- a/docs/pages/database-access/reference/cli.mdx +++ b/docs/pages/database-access/reference/cli.mdx @@ -19,7 +19,7 @@ Database Access, including: ## teleport db start -Starts Teleport Database Service agent. +Starts Teleport Database Service. @@ -103,18 +103,21 @@ $ teleport db configure create \ | - | - | | `--proxy` | Teleport Proxy Service address to connect to. Default: `0.0.0.0:3080`. | | `--token` | Invitation token to register with the Auth Service. Default: none. | -| `--rds-discovery` | List of AWS regions the agent will discover for RDS/Aurora instances. | -| `--redshift-discovery` | List of AWS regions the agent will discover for Redshift instances. | +| `--rds-discovery` | List of AWS regions in which the Database Service will discover RDS/Aurora instances. | +| `--redshift-discovery` | List of AWS regions in which the Database Service will discover Redshift instances. | +| `--elasticache-discovery` | List of AWS regions in which the Database Service will discover ElastiCache Redis clusters. | +| `--memorydb-discovery` | List of AWS regions in which the Database Service will discover MemoryDB clusters. | | `--ca-pin` | CA pin to validate the Auth Service (can be repeated for multiple pins). | | `--name` | Name of the proxied database. | -| `--protocol` | Proxied database protocol. Supported are: `[postgres mysql mongodb cockroachdb redis sqlserver]`. | +| `--protocol` | Proxied database protocol. Supported are: `[postgres mysql mongodb cockroachdb redis sqlserver snowflake]`. | | `--uri` | Address the proxied database is reachable at. | | `--labels` | Comma-separated list of labels for the database, for example env=dev,dept=it | | `-o/--output` | Write to stdout with `-o=stdout`, the default config file with `-o=file`, or a custom path with `-o=file:///path` | ## teleport db configure bootstrap -Bootstrap the necessary configuration for the database agent. It reads the provided agent configuration to determine what will be bootstrapped. +Bootstrap the necessary configuration for the Database Service. It reads the +provided configuration to determine what will be bootstrapped. ```code $ teleport db configure bootstrap -c /etc/teleport.yaml --attach-to-user TeleportUser @@ -137,6 +140,12 @@ When invoked with a `--format=db` (or `--format=mongodb` for MongoDB) flag, produces a CA certificate, a client certificate and a private key file used for configuring Database Access with self-hosted database instances. + + For database formats, `tctl` must be run on an Auth Service host or the remote + user must be be able to impersonate the built-in `Db` role and user. See the [impersonation guide](../../access-controls/guides/impersonation.mdx) + for details on how to allow impersonation. + + ```code $ tctl auth sign --format=db --host=db.example.com --out=db --ttl=2190h $ tctl auth sign --format=db --host=host1,localhost,127.0.0.1 --out=db --ttl=2190h @@ -149,6 +158,66 @@ $ tctl auth sign --format=db --host=host1,localhost,127.0.0.1 --out=db --ttl=219 | `--out` | Name prefix for output files. | | `--ttl` | Certificate validity period. | +
+ +The `tctl` user must have permissions to impersonate the Teleport Database +Service role, `Db`, in order to generate a signed database certificate. To add +these impersonation privileges to your Teleport user, run the following +commands. + +First, define a role that can impersonate the `Db` user. Add the following +content to a file called `db-impersonator.yaml`: + +```yaml +kind: role +version: v5 +metadata: + name: db-impersonator +spec: + options: + allow: + impersonate: + users: ['Db'] + roles: ['Db'] +``` + +Create the fole: + +```code +$ tctl create -f db-impersonator.yaml +``` + +Retrieve your Teleport user's dynamic configuration resource so you can add the +`db-impersonator` role: + +```code +$ TELEPORT_USER= +$ tctl get user/${TELEPORT_USER?} > myuser.yaml +``` + +Edit `myuser.yaml` to add the `db-impersonator` role: + +```diff +spec: + - access + - auditor + - editor ++ - db-impersonator + status: + is_locked: false +``` + +Update your user: + +```code +$ tctl create -f myuser.yaml +``` + +Log out of your Teleport cluster and log in again. You will now be able to run +`tctl auth sign` for database-specific certificate formats. + +
+ (!docs/pages/includes/database-access/ttl-note.mdx!) ## tctl db ls diff --git a/docs/pages/database-access/reference/configuration.mdx b/docs/pages/database-access/reference/configuration.mdx index 3cdf32e3a035c..0378cf2ef4b2a 100644 --- a/docs/pages/database-access/reference/configuration.mdx +++ b/docs/pages/database-access/reference/configuration.mdx @@ -171,8 +171,9 @@ assume that you have created a YAML file called `db.yaml` with your configuratio ```code -# Log in to your Teleport cluster. -# You can also run tctl on your Auth Service host. +# Log in to your cluster with tsh so you can use tctl from your local machine. +# You can also run tctl on your Auth Service host without running "tsh login" +# first. $ tsh login --proxy=teleport.example.com --user=myuser # Create the resource $ tctl create -f db.yaml @@ -182,7 +183,7 @@ $ tctl create -f db.yaml ```code -# Log in to your Teleport cluster +# Log in to your Teleport cluster so you can use tctl from your local machine. $ tsh login --proxy=mytenant.teleport.sh --user=myuser # Create the resource $ tctl create -f db.yaml diff --git a/docs/pages/deploy-a-cluster/deployments.mdx b/docs/pages/deploy-a-cluster/deployments.mdx new file mode 100644 index 0000000000000..b4fb360d1c93c --- /dev/null +++ b/docs/pages/deploy-a-cluster/deployments.mdx @@ -0,0 +1,13 @@ +--- +title: Reference Deployment Guides +description: Teleport Installation and Configuration Reference Deployment Guides. +layout: tocless-doc +--- + +These guides show you how to set up a full self-hosted Teleport deployment on +the platform of your choice. + +- [DigitalOcean](./deployments/digitalocean.mdx/): Use our DigitalOcean 1-Click App to quickly spin up Teleport on a droplet. +- [AWS Terraform](./deployments/aws-terraform.mdx): Deploy HA Teleport with Terraform Provider on AWS. +- [GCP](./deployments/gcp.mdx): Deploy HA Teleport on GCP. +- [IBM Cloud](./deployments/ibm.mdx): Deploy HA Teleport on IBM cloud. diff --git a/docs/pages/setup/deployments/aws-terraform.mdx b/docs/pages/deploy-a-cluster/deployments/aws-terraform.mdx similarity index 93% rename from docs/pages/setup/deployments/aws-terraform.mdx rename to docs/pages/deploy-a-cluster/deployments/aws-terraform.mdx index bf8f51655a4b2..4ab209ac5870e 100644 --- a/docs/pages/setup/deployments/aws-terraform.mdx +++ b/docs/pages/deploy-a-cluster/deployments/aws-terraform.mdx @@ -7,65 +7,18 @@ h1: Running Teleport Enterprise in High Availability mode on AWS This guide is designed to accompany our [reference Terraform code](https://github.com/gravitational/teleport/tree/master/examples/aws/terraform/ha-autoscale-cluster#terraform-based-provisioning-example-amazon-single-ami) and describe how to manage the resulting Teleport deployment. - - -Our reference Terraform code deploys self-hosted instances of the Teleport Auth -Service and Proxy Service. Since Teleport Cloud manages these services for you, -users interested in Terraform should consult the following guides instead of -this one: - - - - -Read our guide to using Teleport and Terraform - - - - -Read our Terraform provider reference - - - - -You can also view this guide as a user of another Teleport edition: - - - - - - - - - - - +(!docs/pages/includes/cloud/call-to-action.mdx!) ## Prerequisites -Our code requires Terraform 0.12+. You can [download Terraform here](https://www.terraform.io/downloads.html). We will assume that you have +Our code requires Terraform 0.13+. You can [download Terraform here](https://www.terraform.io/downloads.html). We will assume that you have `terraform` installed and available on your path. ```code $ which terraform /usr/local/bin/terraform $ terraform version -Terraform v0.12.20 +Terraform v1.2.6 ``` You will also require the `aws` command line tool. This is available in Ubuntu/Debian/Fedora/CentOS and MacOS Homebrew @@ -269,6 +222,26 @@ that people use to connect to your Teleport cluster, so choose wisely. This must be a subdomain of the domain you chose for [`route53_zone`](#route53\_zone) above. +### add\_wildcard\_route53\_record + +Setting `export TF_VAR_add_wildcard_route53_record="true"` + +Used to enable Application Access for subdomains of the Teleport Proxy Service's public web address. A wildcard entry for the public-facing +domain will be set in Route 53, e.g., `*.teleport.example.com`, to point to the Teleport load balancer. For ACM a wildcard +certificate is included if this is set to `true`. Let's Encrypt automatically includes a wildcard subdomain in certificates that it issues. + +### enable\_mongodb\_listener + +Port `27017` is enabled on the Network Load Balancer that connects to the Teleport MongoDB listener port. Required for MongoDB database access. + +### enable\_mysql\_listener + +Port `3036` is enabled on the Network Load Balancer that connects to the Teleport MySQL listener port. Required for MySQL connections. + +### enable\_postgres\_listener + +Port `5432` is enabled on the Network Load Balancer that connects to the Teleport PostgreSQL listener port. Required for PostgreSQL connections. + ### s3\_bucket_name Setting `export TF_VAR_s3_bucket_name="example-cluster"` @@ -344,7 +317,7 @@ table for cluster state will be the same as the cluster name configured in the [ In our example, the DynamoDB table would be called `example-cluster`. -More information about how Teleport works with DynamoDB can be found in our [Storage Backends guide](../reference/backends.mdx#dynamodb). +More information about how Teleport works with DynamoDB can be found in our [Storage Backends guide](../../reference/backends.mdx#dynamodb). ### Audit event storage @@ -354,7 +327,7 @@ with `-events` appended to the end. In our example, the DynamoDB table would be called `example-cluster-events`. -More information about how Teleport works with DynamoDB can be found in our [Storage Backends guide](../reference/backends.mdx#dynamodb). +More information about how Teleport works with DynamoDB can be found in our [Storage Backends guide](../../reference/backends.mdx#dynamodb). ### Recorded session storage @@ -568,7 +541,7 @@ $ tsh ssh root@ip-172-31-11-69-ec2-internal You are using LetsEncrypt if your `use_acm` variable is set to `"false"`. -#### Auth service +#### Auth Service ```code $ systemctl status teleport-auth.service @@ -583,7 +556,7 @@ $ systemctl status teleport-auth.service # Mar 05 18:04:39 ip-172-31-0-196.ec2.internal /usr/bin/teleport[3766]: INFO [CA] Generating TLS certificate {0x3767920 0xc00155d200 CN=teleport-admin,O=admin,POSTALCODE={\"kubernetes_groups\":null\,\"logins\":null},STREET=,L=root 2020-03-06 06:04:39.844777551 +0000 UTC []}. common_name:teleport-admin dns_name... ``` -You can get detailed logs for the Teleport auth servers using the `journalctl` command: +You can get detailed logs for the Teleport Auth Service using the `journalctl` command: ```code $ journalctl -u teleport-auth.service @@ -600,7 +573,7 @@ $ aws ec2 describe-instances --filters "Name=tag:TeleportCluster,Values=${TF_VAR You can run `tctl` commands on **any** of the auth instances connected to your cluster, however. -#### Proxy service +#### Proxy Service ```code $ systemctl status teleport-proxy.service @@ -616,7 +589,7 @@ $ systemctl status teleport-proxy.service # Mar 05 20:58:50 ip-172-31-2-109.ec2.internal /usr/bin/teleport[4514]: ERRO read tcp 172.31.2.109:3023->172.31.2.143:38011: read: connection reset by peer ``` -You can get detailed logs for the Teleport proxy service using the `journalctl` command: +You can get detailed logs for the Teleport Proxy Service using the `journalctl` command: ```code $ journalctl -u teleport-proxy.service @@ -631,7 +604,7 @@ $ aws ec2 describe-instances --filters "Name=tag:TeleportCluster,Values=${TF_VAR # 172.31.3.215 ``` -#### Node service +#### Node Service ```code $ systemctl status teleport-node.service @@ -647,7 +620,7 @@ $ systemctl status teleport-node.service # Mar 05 17:18:25 ip-172-31-11-69.ec2.internal /usr/bin/teleport[4456]: INFO [AUDIT:1] Setting directory /var/lib/teleport/log/upload/sessions owner...o:1639 ``` -You can get detailed logs for the Teleport node service using the `journalctl` command: +You can get detailed logs for the Teleport Node Service using the `journalctl` command: ```code $ journalctl -u teleport-node.service @@ -661,7 +634,7 @@ $ journalctl -u teleport-node.service When using ACM, the service name for the proxy is different (`teleport-proxy-acm.service` vs `teleport-proxy.service`). -#### Auth service +#### Auth Service ```code $ systemctl status teleport-auth.service @@ -676,7 +649,7 @@ $ systemctl status teleport-auth.service # Mar 05 18:04:39 ip-172-31-0-196.ec2.internal /usr/bin/teleport[3766]: INFO [CA] Generating TLS certificate {0x3767920 0xc00155d200 CN=teleport-admin,O=admin,POSTALCODE={\"kubernetes_groups\":null\,\"logins\":null},STREET=,L=root 2020-03-06 06:04:39.844777551 +0000 UTC []}. common_name:teleport-admin dns_name... ``` -You can get detailed logs for the Teleport auth server using the `journalctl` command: +You can get detailed logs for the Teleport Auth Service using the `journalctl` command: ```code $ journalctl -u teleport-auth.service @@ -693,7 +666,7 @@ $ aws ec2 describe-instances --filters "Name=tag:TeleportCluster,Values=${TF_VAR You can run `tctl` commands on **any** of the auth instances connected to your cluster, however. -#### Proxy service (ACM) +#### Proxy Service (ACM) ```code $ systemctl status teleport-proxy-acm.service @@ -709,7 +682,7 @@ $ systemctl status teleport-proxy-acm.service # Mar 05 20:58:50 ip-172-31-2-109.ec2.internal /usr/bin/teleport[4514]: ERRO read tcp 172.31.2.109:3023->172.31.2.143:38011: read: connection reset by peer ``` -You can get detailed logs for the Teleport proxy service using the `journalctl` command: +You can get detailed logs for the Teleport Proxy Service using the `journalctl` command: ```code $ journalctl -u teleport-proxy-acm.service @@ -724,7 +697,7 @@ $ aws ec2 describe-instances --filters "Name=tag:TeleportCluster,Values=${TF_VAR # 172.31.3.215 ``` -#### Node service +#### Node Service ```code $ systemctl status teleport-node.service @@ -740,7 +713,7 @@ $ systemctl status teleport-node.service # Mar 05 17:18:25 ip-172-31-11-69.ec2.internal /usr/bin/teleport[4456]: INFO [AUDIT:1] Setting directory /var/lib/teleport/log/upload/sessions owner...o:1639 ``` -You can get detailed logs for the Teleport node service using the `journalctl` command: +You can get detailed logs for the Teleport Node Service using the `journalctl` command: ```code $ journalctl -u teleport-node.service @@ -754,9 +727,9 @@ ways to integrate Teleport onto your servers. We recommend looking at our [Insta To add new nodes/EC2 servers that you can "SSH into" you'll need to: - [Install the Teleport binary on the Server](../../installation.mdx) -- [Run Teleport - we recommend using systemd](../admin/daemon.mdx) -- [Set the correct settings in /etc/teleport.yaml](../reference/config.mdx) -- [Add Nodes to the Teleport cluster](../admin/adding-nodes.mdx) +- [Run Teleport - we recommend using systemd](../../management/admin/daemon.mdx) +- [Set the correct settings in /etc/teleport.yaml](../../reference/config.mdx) +- [Add Nodes to the Teleport cluster](../../management/admin/adding-nodes.mdx) ### Getting the CA pin hash @@ -769,7 +742,7 @@ $ aws ssm get-parameter --region ${TF_VAR_region} --name "/teleport/${TF_VAR_clu You should use this so that nodes can validate the auth server's identity when joining your cluster. -### Getting the node join token +### Getting the Node join token You can use this command to get a join token for your Teleport cluster: @@ -778,29 +751,29 @@ $ aws ssm get-parameter --region ${TF_VAR_region} --name "/teleport/${TF_VAR_clu # 992a9725-0a64-428d-8e5e-308e6877743d ``` -You can also generate a Node join token using `tctl tokens add --type=node` [as detailed here in our admin guide](../admin/adding-nodes.mdx). +You can also generate a Node join token using `tctl tokens add --type=node` [as detailed here in our admin guide](../../management/admin/adding-nodes.mdx). -### Joining nodes via the Teleport auth server +### Joining Nodes via the Teleport Auth Service -To join Teleport nodes in the same VPC via the auth server, you can find the hostname for the auth load balancer with -this command: +To join Teleport Nodes in the same VPC via the Auth Service, you can find the +hostname for the Auth Service load balancer with this command: ```code $ aws elbv2 describe-load-balancers --names "${TF_VAR_cluster_name}-auth" --query "LoadBalancers[*].DNSName" --output text # example-cluster-auth-c5b0fc2764ee015b.elb.us-east-1.amazonaws.com ``` -With this method, the nodes should be configured like so: +With this method, the Nodes should be configured like so: ```yaml auth_servers: - example-cluster-auth-c5b0fc2764ee015b.elb.us-east-1.amazonaws.com:3025 ``` -### Joining nodes via Teleport IoT/node tunneling +### Joining Nodes via Teleport IoT/Node tunneling -To join Teleport nodes from outside the same VPC, you will either need to investigate VPC peering/gateways (out of scope -for this document) or join your nodes using [Teleport's node tunneling](../admin/adding-nodes.mdx) functionality. +To join Teleport Nodes from outside the same VPC, you will either need to investigate VPC peering/gateways (out of scope +for this document) or join your nodes using [Teleport's node tunneling](../../management/admin/adding-nodes.mdx) functionality. With this method, you can join the nodes using the public facing proxy address - `teleport.example.com:443` for our example. @@ -810,9 +783,9 @@ auth_servers: - teleport.example.com:443 ``` -### Trusted clusters +### Trusted Clusters -To add a trusted cluster, you'll need the hostname of the proxy load balancer. You can get it using this command: +To add a Trusted Cluster, you'll need the hostname of the proxy load balancer. You can get it using this command: ```code $ aws elbv2 describe-load-balancers --names "${TF_VAR_cluster_name}-proxy" --query "LoadBalancers[*].DNSName" --output text @@ -828,7 +801,7 @@ spec: ``` You can generate a token for adding the trusted cluster using `tctl tokens add --type=trusted_cluster` after connecting -to an auth server. Follow the instructions in our [Trusted Clusters guide](../admin/trustedclusters.mdx). +to an auth server. Follow the instructions in our [Trusted Clusters guide](../../management/admin/trustedclusters.mdx). ## Script to quickly connect to instances @@ -883,5 +856,3 @@ $ ./connect.sh proxy 1 # connect to the node $ ./connect.sh node ``` - - \ No newline at end of file diff --git a/docs/pages/getting-started/digitalocean.mdx b/docs/pages/deploy-a-cluster/deployments/digitalocean.mdx similarity index 71% rename from docs/pages/getting-started/digitalocean.mdx rename to docs/pages/deploy-a-cluster/deployments/digitalocean.mdx index d2eb4314c5270..6dfbf5b438f56 100644 --- a/docs/pages/getting-started/digitalocean.mdx +++ b/docs/pages/deploy-a-cluster/deployments/digitalocean.mdx @@ -7,29 +7,14 @@ videoBanner: voHQlSX_czE This tutorial will guide you through quickly getting started with Teleport on DigitalOcean with the Teleport 1-Click Droplet app. - - -This guide is intended for users of Teleport Open Source. - - - - - - - - - - -If you are looking for a manual installation, refer to our [Linux installation guide](./linux-server.mdx). +If you are looking for a manual installation, refer to our [Linux installation guide](../../deploy-a-cluster/open-source.mdx). +(!docs/pages/includes/cloud/call-to-action.mdx!) + ## Prerequisites - A Fully Qualified Domain Name (FQDN). - A two-factor authenticator app (e.g., [Google Authenticator](https://www.google.com/landing/2step/)). @@ -40,19 +25,19 @@ If you are looking for a manual installation, refer to our [Linux installation g Head over to the Teleport page on [DigitalOcean Marketplace](https://marketplace.digitalocean.com/apps/teleport) and click the “Create a Droplet” button:
- ![Teleport 1-Click droplet page](../../img/quickstart/digitalocean/1click-droplet-page.png) + ![Teleport 1-Click droplet page](../../../img/quickstart/digitalocean/1click-droplet-page.png)
Once you click the button, DigitalOcean redirects you to the control panel to configure resources for the Teleport droplet. This step is similar to how you create a regular [droplet in DigitalOcean](https://docs.digitalocean.com/products/droplets/how-to/create/). Teleport is very lightweight, and if you are just trying out Teleport, you can select the $5 droplet. Make sure you select "SSH keys" as the SSH authentication method as it is more secure than a password.
- ![Create a droplet](../../img/quickstart/digitalocean/create-droplet.png) + ![Create a droplet](../../../img/quickstart/digitalocean/create-droplet.png)
It will take a few minutes before our newly created Teleport droplet is ready. Once the droplet is ready, configure your FQDN with the public IP address of the droplet as an IP address for the `A` record of your domain name. For example, refer to the image below; we use the domain name `example.com`. The resulting domain we are using as an FQDN is `tele.example.com`, pointing to our Teleport droplet's public IP `192.168.200.200`.
- ![Configure DNS](../../img/quickstart/digitalocean/fqdn.png) + ![Configure DNS](../../../img/quickstart/digitalocean/fqdn.png)
## Step 2/3. Configure Teleport @@ -99,14 +84,14 @@ Open the link copied in the previous step in the browser to complete the setup p 1. Scan the QR code with your two-factor authentication app (e.g., Google Authenticator) 2. Set a password and enter the TOTP code generated from the two-factor authentication app.
- ![Set up user](../../img/quickstart/digitalocean/setup-user.png) + ![Set up user](../../../img/quickstart/digitalocean/setup-user.png)
Once you set up a password and provide a valid TOTP code, the user setup process will be complete, and you will be redirected to Teleport Web UI:
- ![Teleport Web UI](../../img/quickstart/digitalocean/webui.png) + ![Teleport Web UI](../../../img/quickstart/digitalocean/webui.png)
@@ -114,25 +99,11 @@ Congrats! You've completed setting up Teleport. ## Next steps Finally, you are a step closer to managing secure access to your infrastructure hosted in DigitalOcean. -Teleport lets you enable [certificate-based authentication for SSH](../server-access/getting-started.mdx) access. If you want to protect public access to internal applications such as GitLab or Grafana, check out our getting started guide on [Application Access](../application-access/getting-started.mdx). +Teleport lets you enable [certificate-based authentication for SSH](../../server-access/getting-started.mdx) access. If you want to protect public access to internal applications such as GitLab or Grafana, check out our getting started guide on [Application Access](../../application-access/getting-started.mdx). You can also secure access to databases, DigitalOcean Marketplace apps, and Kubernetes clusters using Teleport. Below are the links to get started further: - - - Single Sign-On, short-lived certificates, and audit for SSH servers. - - - Secure access to internal dashboards and web applications. - - - Single Sign-On, audit and unified access for Kubernetes clusters. - - - Secure access to PostgreSQL, MySQL and MongoDB databases. - - - Secure access to Windows Server. - - - - \ No newline at end of file +- [Server Access](../../server-access/getting-started.mdx): Single Sign-On, short-lived certificates, and audit for SSH servers. +- [Application Access](../../application-access/getting-started.mdx): Secure access to internal dashboards and web applications. +- [Kubernetes Access](../../kubernetes-access/getting-started.mdx): Single Sign-On, audit and unified access for Kubernetes clusters. +- [Database Access](../../database-access/getting-started.mdx): Secure access to PostgreSQL, MySQL and MongoDB databases. +- [Desktop Access](../../desktop-access/getting-started.mdx): Secure access to Windows Server. diff --git a/docs/pages/setup/deployments/gcp.mdx b/docs/pages/deploy-a-cluster/deployments/gcp.mdx similarity index 92% rename from docs/pages/setup/deployments/gcp.mdx rename to docs/pages/deploy-a-cluster/deployments/gcp.mdx index 57942adf4ccd0..2b85d6b016613 100644 --- a/docs/pages/setup/deployments/gcp.mdx +++ b/docs/pages/deploy-a-cluster/deployments/gcp.mdx @@ -12,33 +12,16 @@ high-level introduction to setting up and running Teleport in production. This guide shows you how to deploy the Auth Service and Proxy Service, which Teleport Cloud manages for you. -You can view this guide as a user of another Teleport edition: - - - - - - - - - - We have split this guide into: - [Teleport on GCP FAQ](#teleport-on-gcp-faq) - [GCP Teleport Introduction](#gcp-teleport-introduction) - [GCP Quickstart](#gcp-quickstart) +(!docs/pages/includes/cloud/call-to-action.mdx!) + ## Teleport on GCP FAQ ### Why would you want to use Teleport with GCP? @@ -95,7 +78,7 @@ GCP relies heavily on [Health Checks](https://cloud.google.com/load-balancing/do this is helpful when adding new instances to an instance group. To enable health checks in Teleport start with `teleport start --diag-addr=0.0.0.0:3000` -see [Admin Guide: Troubleshooting](../admin/troubleshooting.mdx) for more information. +see [Admin Guide: Troubleshooting](../../management/admin/troubleshooting.mdx) for more information. ### Storage: Cloud Firestore @@ -226,14 +209,14 @@ proxy_service: email: example@email.com ``` -**3. Setup Teleport Nodes** +**3. Set up Teleport Nodes** -Save the following configuration file as `/etc/teleport.yaml` on the node: +Save the following configuration file as `/etc/teleport.yaml` on the Node: ```yaml teleport: auth_token: EXAMPLE-NODE-JOIN-TOKEN - # Nodes and other agents can be joined to the cluster via the proxy's public adress. + # Nodes and other agents can be joined to the cluster via the proxy's public address. # This will establish a reverse tunnel between the proxy and the node which is used for all traffic. auth_servers: [ "teleport.example.com:443" ] # enable ssh service and disable auth and proxy @@ -247,6 +230,6 @@ proxy_service: **4. Add Users** -Follow [adding users](../../enterprise/getting-started.mdx#adding-users) or integrate with [Google Workspace](../../enterprise/sso/google-workspace.mdx) to provide SSO access. - - \ No newline at end of file +Follow our [Local Users](../../management/admin/users.mdx) guide or integrate +with [Google Workspace](../../access-controls/sso/google-workspace.mdx) to +provide SSO access. diff --git a/docs/pages/setup/deployments/ibm.mdx b/docs/pages/deploy-a-cluster/deployments/ibm.mdx similarity index 94% rename from docs/pages/setup/deployments/ibm.mdx rename to docs/pages/deploy-a-cluster/deployments/ibm.mdx index d6a4e81d93252..dc529ab683ca8 100644 --- a/docs/pages/setup/deployments/ibm.mdx +++ b/docs/pages/deploy-a-cluster/deployments/ibm.mdx @@ -12,32 +12,15 @@ introduction to setting up and running Teleport in production. This guide shows you how to deploy the Auth Service and Proxy Service, which Teleport Cloud manages for you. -You can view this guide as a user of another Teleport edition: - - - - - - - - - - We have split this guide into: - [Teleport on IBM FAQ](#teleport-on-ibm-cloud-faq) - [IBM Teleport Introduction](#ibm-teleport-introduction) +(!docs/pages/includes/cloud/call-to-action.mdx!) + ## Teleport on IBM Cloud FAQ ### Why would you want to use Teleport with IBM Cloud? @@ -168,8 +151,8 @@ Save these settings to `~/.aws/credentials` ```yaml # Example keys from example service account to be saved into ~/.aws/credentials [default] -access_key_id="e668d66374e141668e3432443bc879e" -secret_access_key="d8762b57f61d5dd524ccd49c7d44861ceafdsfds37d05836" +aws_access_key_id="e668d66374e141668e3432443bc879e" +aws_secret_access_key="d8762b57f61d5dd524ccd49c7d44861ceafdsfds37d05836" ``` Example `/etc/teleport.yaml` @@ -217,4 +200,3 @@ the Teleport Proxy public address. public_addr: proxy.example.com:3080 ``` - \ No newline at end of file diff --git a/docs/pages/deploy-a-cluster/helm-deployments.mdx b/docs/pages/deploy-a-cluster/helm-deployments.mdx new file mode 100644 index 0000000000000..929c9a47cd08b --- /dev/null +++ b/docs/pages/deploy-a-cluster/helm-deployments.mdx @@ -0,0 +1,19 @@ +--- +title: Guides for running Teleport using Helm +description: How to install and configure Teleport in Kubernetes using Helm +layout: tocless-doc +--- + +## Helm deployment guides + +These guides show you how to set up a full self-hosted Teleport deployment using +our `teleport-cluster` Helm chart. + +- [HA AWS Teleport Cluster](./helm-deployments/aws.mdx): Running an HA Teleport cluster in Kubernetes using an AWS EKS Cluster +- [HA GCP Teleport Cluster](./helm-deployments/gcp.mdx): Running an HA Teleport cluster in Kubernetes using a Google Cloud GKE cluster +- [Custom Teleport config](./helm-deployments/custom.mdx): Running a Teleport cluster in Kubernetes with a custom Teleport config + +## Migration Guides + +- [Migrating from the legacy Teleport chart](./helm-deployments/migration.mdx) + diff --git a/docs/pages/kubernetes-access/helm/guides/aws.mdx b/docs/pages/deploy-a-cluster/helm-deployments/aws.mdx similarity index 74% rename from docs/pages/kubernetes-access/helm/guides/aws.mdx rename to docs/pages/deploy-a-cluster/helm-deployments/aws.mdx index a36a073dfe5e8..ee9a27567b147 100644 --- a/docs/pages/kubernetes-access/helm/guides/aws.mdx +++ b/docs/pages/deploy-a-cluster/helm-deployments/aws.mdx @@ -10,26 +10,9 @@ using Teleport Helm charts and AWS products (DynamoDB and S3). (!docs/pages/kubernetes-access/helm/includes/teleport-cluster-cloud-warning.mdx!) -You can also view this guide as a user of another Teleport edition: - - - - - - - - - +(!docs/pages/includes/cloud/call-to-action.mdx!) ## Prerequisites @@ -123,42 +106,11 @@ You'll need to replace these values in the policy example below: ### S3 IAM policy -You'll need to replace these values in the policy example below: +(!docs/pages/includes/s3-iam-policy.mdx!) -| Placeholder value | Replace with | -| - | - | -| `teleport-helm-sessions` | Name to use for the Teleport S3 session recording bucket | - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ClusterSessionsStorage", - "Effect": "Allow", - "Action": [ - "s3:PutEncryptionConfiguration", - "s3:PutObject", - "s3:GetObject", - "s3:GetEncryptionConfiguration", - "s3:GetObjectRetention", - "s3:ListBucketVersions", - "s3:ListBucketMultipartUploads", - "s3:AbortMultipartUpload", - "s3:CreateBucket", - "s3:ListBucket", - "s3:GetBucketVersioning", - "s3:PutBucketVersioning", - "s3:GetObjectVersion" - ], - "Resource": [ - "arn:aws:s3:::teleport-helm-sessions/*", - "arn:aws:s3:::teleport-helm-sessions" - ] - } - ] -} -``` +Note that Teleport will only use S3 buckets with versioning enabled. This +ensures that a session log cannot be permanently altered or deleted, as +Teleport will always look at the oldest version of a recording. ## Step 4/7. Configure TLS certificates for Teleport @@ -325,64 +277,79 @@ Replace `arn:aws:acm:us-east-1:1234567890:certificate/12345678-43c7-4dd1-a2f6-c4 ## Step 5/7. Set values to configure the cluster -There are two different ways to configure the `teleport-cluster` Helm chart to use `aws` mode - using a `values.yaml` file, or using `--set` -on the command line. + -We recommend using a `values.yaml` file as it can be easily kept in source control. +Before you can install Teleport in your Kubernetes cluster, you will need to +create a secret that contains your Teleport license information. -The `--set` CLI method is more appropriate for quick test deployments. +Download your Teleport Enterprise license from the +[Customer Portal](https://dashboard.gravitational.com/web/login) and save it to +a file called `license.pem`. - - - Create an `aws-values.yaml` file and write the values you've chosen above to it: +Create a secret from your license file. Teleport will automatically discover +this secret as long as your file is named `license.pem`. - ```yaml - chartMode: aws - clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below. - aws: - region: us-west-2 # AWS region - backendTable: teleport-helm-backend # DynamoDB table to use for the Teleport backend - auditLogTable: teleport-helm-events # DynamoDB table to use for the Teleport audit log (must be different to the backend table) - auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) - sessionRecordingBucket: teleport-helm-sessions # S3 bucket to use for Teleport session recordings - backups: true # Whether or not to turn on DynamoDB backups - highAvailability: - replicaCount: 2 # Number of replicas to configure - certManager: - enabled: true # Enable cert-manager support to get TLS certificates - issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) - ``` +```code +$ kubectl -n teleport create secret generic license --from-file=license.pem +``` - Install the chart with the values from your `aws-values.yaml` file using this command: + - ```code - $ helm install teleport teleport/teleport-cluster \ - --create-namespace \ - --namespace teleport \ - -f aws-values.yaml - ``` +Next, configure the `teleport-cluster` Helm chart to use the `aws` mode. Create +a file called `aws-values.yaml` and write the values you've chosen above to it: - - - Install the chart using this command, replacing the placeholders with the values you've chosen above: + - ```code - $ helm install teleport teleport/teleport-cluster \ - --create-namespace \ - --namespace teleport \ - --set chartMode=aws \ - --set clusterName=teleport.example.com `# Name of your cluster. Use the FQDN you intend to configure in DNS below.` \ - --set aws.region=us-west-2 `# AWS region` \ - --set aws.backendTable=teleport-helm-backend `# DynamoDB table to use for the Teleport backend` \ - --set aws.backups=true `# Whether or not to turn on DynamoDB backups` \ - --set aws.auditLogTable=teleport-helm-events `# DynamoDB table to use for the Teleport audit log (must be different to the backend table)` \ - --set aws.sessionRecordingBucket=teleport-helm-sessions `# S3 bucket to use for Teleport session recordings` \ - --set highAvailability.replicaCount=2 `# Number of replicas to configure` \ - --set highAvailability.certManager.enabled=true `# Enable cert-manager support to get TLS certificates` \ - --set highAvailability.certManager.issuerName=letsencrypt-production `# Name of the cert-manager Issuer to use` - ``` - - +```yaml +chartMode: aws +clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below. +aws: + region: us-west-2 # AWS region + backendTable: teleport-helm-backend # DynamoDB table to use for the Teleport backend + auditLogTable: teleport-helm-events # DynamoDB table to use for the Teleport audit log (must be different to the backend table) + auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) + sessionRecordingBucket: teleport-helm-sessions # S3 bucket to use for Teleport session recordings + backups: true # Whether or not to turn on DynamoDB backups + dynamoAutoScaling: false # Whether Teleport should configure DynamoDB's autoscaling. +highAvailability: + replicaCount: 2 # Number of replicas to configure + certManager: + enabled: true # Enable cert-manager support to get TLS certificates + issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) +``` + + + + +```yaml +chartMode: aws +clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below. +aws: + region: us-west-2 # AWS region + backendTable: teleport-helm-backend # DynamoDB table to use for the Teleport backend + auditLogTable: teleport-helm-events # DynamoDB table to use for the Teleport audit log (must be different to the backend table) + auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) + sessionRecordingBucket: teleport-helm-sessions # S3 bucket to use for Teleport session recordings + backups: true # Whether or not to turn on DynamoDB backups + dynamoAutoScaling: false # Whether Teleport should configure DynamoDB's autoscaling. +highAvailability: + replicaCount: 2 # Number of replicas to configure + certManager: + enabled: true # Enable cert-manager support to get TLS certificates + issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) +enterprise: true # Indicate that this is a Teleport Enterprise deployment +``` + + + +Install the chart with the values from your `aws-values.yaml` file using this command: + +```code +$ helm install teleport teleport/teleport-cluster \ + --create-namespace \ + --namespace teleport \ + -f aws-values.yaml +``` You cannot change the `clusterName` after the cluster is configured, so make sure you choose wisely. You should use the fully-qualified domain name that you'll use for external access to your Teleport cluster. @@ -532,6 +499,41 @@ Here's an example where we set the chart to use 3 replicas: To change `chartMode`, `clusterName`, or any `aws` settings, you must first uninstall the existing chart and then install a new version with the appropriate values. +### Autoscaling + +In order to reduce DynamoDB costs you might want to enable DynamoDB autoscaling. +This step is usually done after a successful Teleport deployment, once you have gathered some data +about Teleport's DynamoDB usage and know what regular usage looks like and how autoscaling should be tuned. +You must know the desired read/write minimum, maximum and target capacity for your DynamoDB instance in order to enable autoscaling. + +You can delegate your autoscaling configuration to Teleport or manage it by creating an AWS Application Auto Scaling policy. +The following steps will set up Teleport-configured DynamoDB autoscaling. + +You must grant autoscaling configuration rights to Teleport, as documented in +[the DynamoDB autoscaling section](../../reference/backends.mdx#dynamodb-autoscaling). + +Set the following fields in your existing `aws-values.yaml` file and replace the numeric values with yours: + +```yaml +aws: + # [...] already present values under `aws` + dynamoAutoScaling: true + readMinCapacity: 5 # integer + readMaxCapacity: 100 # integer + readTargetValue: 50.0 # float + writeMinCapacity: 5 # integer + writeMaxCapacity: 100 # integer + writeTargetValue: 50.0 # float +``` + +Then perform a cluster upgrade with the new values: + +```code +$ helm upgrade teleport teleport/teleport-cluster \ + --namespace teleport \ + -f aws-values.yaml +``` + ## Uninstalling Teleport To uninstall the `teleport-cluster` chart, use `helm uninstall `. For example: @@ -550,11 +552,10 @@ $ helm --namespace cert-manager uninstall cert-manager ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../../management/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. -See the [high availability section of our Helm chart reference](../reference/teleport-cluster.mdx#highavailability) for more details on high availability. +See the [high availability section of our Helm chart reference](../../reference/helm-reference/teleport-cluster.mdx#highavailability) for more details on high availability. Read the [`cert-manager` documentation](https://cert-manager.io/docs/). - \ No newline at end of file diff --git a/docs/pages/kubernetes-access/helm/guides/custom.mdx b/docs/pages/deploy-a-cluster/helm-deployments/custom.mdx similarity index 84% rename from docs/pages/kubernetes-access/helm/guides/custom.mdx rename to docs/pages/deploy-a-cluster/helm-deployments/custom.mdx index 62920201e1f21..224d8465b9fe6 100644 --- a/docs/pages/kubernetes-access/helm/guides/custom.mdx +++ b/docs/pages/deploy-a-cluster/helm-deployments/custom.mdx @@ -3,47 +3,12 @@ title: Running Teleport with a Custom Configuration using Helm description: Install and configure a Teleport cluster with a custom configuration using Helm --- -In this guide, we'll go through how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../../../setup/reference/config.mdx) +In this guide, we'll explain how to set up a Teleport cluster in Kubernetes using a custom [`teleport.yaml`](../../reference/config.mdx) config file using Teleport Helm charts. This setup can be useful when you already have an existing Teleport cluster and would like to start running it in Kubernetes, or when migrating your setup from a legacy version of the Helm charts. - - -Teleport Cloud users should consult the following guide, which shows -you how to connect a Teleport Kubernetes Service agent to an existing Teleport -cluster: - - - - - - -You can also view this guide as a user of another Teleport edition: - - - - - - - - - - - ## Prerequisites (!docs/pages/kubernetes-access/helm/includes/teleport-cluster-prereqs.mdx!) @@ -61,7 +26,7 @@ icon="building" In `custom` mode, the `teleport-cluster` Helm chart does not create a `ConfigMap` containing a `teleport.yaml` file for you, but expects that you will provide this yourself. -For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../../../setup/admin/adding-nodes.mdx)): +For this example, we'll be using this `teleport.yaml` configuration file with a static join token (for more information on join tokens, see [Adding Nodes to the Cluster](../../management/admin/adding-nodes.mdx)): ```code $ cat << EOF > teleport.yaml @@ -100,7 +65,8 @@ EOF You can skip this step if you already have a `teleport.yaml` file locally that you'd like to use. -You can create the namespace for the config and add the `teleport.yaml` from your local disk like this: +Create the namespace for the config and add the `teleport.yaml` from your local +disk: ```code $ kubectl create namespace teleport @@ -119,15 +85,48 @@ $ kubectl --namespace teleport create configmap teleport --from-file=teleport.ya ``` -After the `ConfigMap` has been created, you can deploy the Helm chart into a Kubernetes cluster with a command like this: + + +Before you can install Teleport in your Kubernetes cluster, you will need to +create a secret that contains your Teleport license information. + +Download your Teleport Enterprise license from the +[Customer Portal](https://dashboard.gravitational.com/web/login) and save it to +a file called `license.pem`. + +Create a secret from your license file. Teleport will automatically discover +this secret as long as your file is named `license.pem`. + +```code +$ kubectl -n teleport create secret generic license --from-file=license.pem +``` + + + +After the `ConfigMap` has been created and you +have deployed the secret containing your license file, you can +deploy the Helm chart into a Kubernetes cluster with a command like this: + + ```code $ helm install teleport teleport/teleport-cluster \ - --create-namespace \ --namespace teleport \ --set chartMode=custom ``` + + + +```code +$ helm install teleport teleport/teleport-cluster \ + --namespace teleport \ + --set chartMode=custom \ + --set enterprise=true +``` + + + Most settings from `values.yaml` will not be applied in `custom` mode. @@ -252,7 +251,7 @@ $ helm upgrade teleport teleport/teleport-cluster \ When using `custom` mode, you **must** use highly-available storage (e.g. etcd, DynamoDB, or Firestore) for multiple replicas to be supported. - [Information on supported Teleport storage backends](../../../architecture/authentication.mdx#storage-back-ends) + [Information on supported Teleport storage backends](../../reference/backends.mdx) Manually configuring NFS-based storage or `ReadWriteMany` volume claims is **NOT** supported for an HA deployment and will result in errors. @@ -271,7 +270,5 @@ $ helm --namespace teleport uninstall teleport ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../../management/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. - - \ No newline at end of file diff --git a/docs/pages/kubernetes-access/helm/guides/digitalocean.mdx b/docs/pages/deploy-a-cluster/helm-deployments/digitalocean.mdx similarity index 84% rename from docs/pages/kubernetes-access/helm/guides/digitalocean.mdx rename to docs/pages/deploy-a-cluster/helm-deployments/digitalocean.mdx index ee0da75a4958f..27b42cc39334b 100644 --- a/docs/pages/kubernetes-access/helm/guides/digitalocean.mdx +++ b/docs/pages/deploy-a-cluster/helm-deployments/digitalocean.mdx @@ -10,56 +10,36 @@ on a DigitalOcean Kubernetes cluster. These services are fully managed in Teleport Cloud. Instead, Teleport Cloud users should consult the following guide, which shows -you how to connect a Teleport Kubernetes Service agent to an existing Teleport +you how to connect a Teleport Kubernetes Service instance to an existing Teleport cluster: - - - - - -You can also view this guide as a user of another Teleport edition: +- [Connect a Kubernetes Cluster to + Teleport](../../kubernetes-access/getting-started.mdx): - - - - - - - This guide will show you how to get started with Teleport on DigitalOcean Kubernetes. +(!docs/pages/includes/cloud/call-to-action.mdx!) + ## Prerequisites - DigitalOcean account. - Your workstation configured with [kubectl](https://kubernetes.io/docs/tasks/tools/), [Helm](https://helm.sh/docs/intro/install/), [doctl](https://docs.digitalocean.com/reference/doctl/how-to/install/), and the Teleport [tsh](https://goteleport.com/docs/installation/) client. ## Step 1/4. Create a DigitalOcean Kubernetes cluster + Create a new [DigitalOcean Kubernetes Cluster](https://cloud.digitalocean.com/kubernetes/clusters/)
- ![Create DigitalOcean Kubernetes cluster](../../../../img/helm/digitalocean/create-k8s.png) + ![Create DigitalOcean Kubernetes cluster](../../../img/helm/digitalocean/create-k8s.png)

While the Kubernetes cluster is being provisioned, follow the "Getting Started" guide as shown below:
- ![Set up DigitalOcean Kubernetes client](../../../../img/helm/digitalocean/setup-k8s.png) + ![Set up DigitalOcean Kubernetes client](../../../img/helm/digitalocean/setup-k8s.png)
@@ -98,7 +78,7 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) ``` Once you get the value for the external IP (it may take a few minutes for this field to be populated), update your DNS record such that the clusterName's A record points to this IP address. For example `192.168.200.200` is the external IP in the above case.
- ![Configure DNS](../../../../img/helm/digitalocean/fqdn.png) + ![Configure DNS](../../../img/helm/digitalocean/fqdn.png)
## Step 3/4. Create and set up Teleport user @@ -114,7 +94,7 @@ $ kubectl --namespace teleport-cluster exec deploy/teleport-cluster -- tctl user Copy the link shown after executing the above command and open the link in a web browser to complete the user registration process (the link is `https://tele.teleporters.dev:443/web/invite/` in the above case).
- ![Setup user](../../../../img/helm/digitalocean/setup-user.png) + ![Setup user](../../../img/helm/digitalocean/setup-user.png)
@@ -154,12 +134,12 @@ $ kubectl --namespace=teleport-cluster exec -i ${POD?} -- tctl create -f < membe Now we will assign Teleport user **tadmin** with this role. The example below shows a process using Teleport Web UI: First, lets select user edit menu:
- ![Edit user](../../../../img/helm/digitalocean/edit-user.png) + ![Edit user](../../../img/helm/digitalocean/edit-user.png)
Second, update the **tadmin** user role to assign the **member** role:
- ![Update role](../../../../img/helm/digitalocean/update-role.png) + ![Update role](../../../img/helm/digitalocean/update-role.png)
We've updated the user **tadmin** to have the **member** role, which is allowed to access a Kubernetes cluster with privilege `system:master`. @@ -172,7 +152,6 @@ The following steps show how to access the Kubernetes cluster using `tsh`. First, authenticate to Teleport using `tsh` as the **tadmin** user we created in the third step. - - ![View audit log](../../../../img/helm/digitalocean/view-activity.png) + ![View audit log](../../../img/helm/digitalocean/view-activity.png) ## Next steps -- [Connect Multiple Kubernetes Clusters](../../guides/multiple-clusters.mdx) -- [Setup CI/CD Access with Teleport](../../guides/cicd.mdx) -- [Federated Access using Trusted Clusters](../../guides/federation.mdx) -- [Single-Sign On and Kubernetes Access Control](../../controls.mdx) +- [Connect Multiple Kubernetes Clusters](../../kubernetes-access/guides/multiple-clusters.mdx) +- [Setup CI/CD Access with Teleport](../../kubernetes-access/guides/cicd.mdx) +- [Federated Access using Trusted Clusters](../../kubernetes-access/guides/federation.mdx) +- [Single-Sign On and Kubernetes Access Control](../../kubernetes-access/controls.mdx) - \ No newline at end of file diff --git a/docs/pages/kubernetes-access/helm/guides/gcp.mdx b/docs/pages/deploy-a-cluster/helm-deployments/gcp.mdx similarity index 73% rename from docs/pages/kubernetes-access/helm/guides/gcp.mdx rename to docs/pages/deploy-a-cluster/helm-deployments/gcp.mdx index d00808545e609..fd16eb2fc0817 100644 --- a/docs/pages/kubernetes-access/helm/guides/gcp.mdx +++ b/docs/pages/deploy-a-cluster/helm-deployments/gcp.mdx @@ -10,26 +10,9 @@ using Teleport Helm charts and Google Cloud Platform products (Firestore and Goo (!docs/pages/kubernetes-access/helm/includes/teleport-cluster-cloud-warning.mdx!) -You can also view this guide as a user of another Teleport edition: - - - - - - - - - +(!docs/pages/includes/cloud/call-to-action.mdx!) ## Prerequisites @@ -62,37 +45,37 @@ Go to the "Roles" section of Google Cloud IAM & Admin. 1. Click the "Create Role" button at the top.
- ![Roles section](../../../../img/helm/gcp/1-roles@1.5x.png) + ![Roles section](../../../img/helm/gcp/1-roles@1.5x.png)
2. Fill in the details of a "Storage Bucket Creator" role (we suggest using the name `storage-bucket-creator-role`)
- ![Create role](../../../../img/helm/gcp/2-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/2-createrole@1.5x.png)
3. Click the "Add Permissions" button.
- ![Storage bucket creator role](../../../../img/helm/gcp/3-addpermissions@1.5x.png) + ![Storage bucket creator role](../../../img/helm/gcp/3-addpermissions@1.5x.png)
4. Use the "Filter" box to enter `storage.buckets.create` and select it in the list.
- ![Filter the list](../../../../img/helm/gcp/4-storagebucketscreate@1.5x.png) + ![Filter the list](../../../img/helm/gcp/4-storagebucketscreate@1.5x.png)
5. Check the `storage.buckets.create` permission in the list and click the "Add" button to add it to the role.
- ![Select storage.buckets.create](../../../../img/helm/gcp/5-select@1.5x.png) + ![Select storage.buckets.create](../../../img/helm/gcp/5-select@1.5x.png)
6. Once all these settings are entered successfully, click the "Create" button.
- ![Create role](../../../../img/helm/gcp/6-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/6-createrole@1.5x.png)
### Create an IAM role granting Cloud DNS permissions @@ -102,19 +85,19 @@ Go to the "Roles" section of Google Cloud IAM & Admin. 1. Click the "Create Role" button at the top.
- ![Roles section](../../../../img/helm/gcp/1-roles@1.5x.png) + ![Roles section](../../../img/helm/gcp/1-roles@1.5x.png)
2. Fill in the details of a "DNS Updater" role (we suggest using the name `dns-updater-role`)
- ![Create role](../../../../img/helm/gcp/13-dns-createrole@1.5x.png) + ![Create role](../../../img/helm/gcp/13-dns-createrole@1.5x.png)
3. Click the "Add Permissions" button.
- ![DNS updater role](../../../../img/helm/gcp/3-addpermissions@1.5x.png) + ![DNS updater role](../../../img/helm/gcp/3-addpermissions@1.5x.png)
4. Use the "Filter" box to find each of the following permissions in the list and add it. @@ -134,7 +117,7 @@ dns.managedZones.list 5. Once all these settings are entered successfully, click the "Create" button.
- ![Add DNS permissions](../../../../img/helm/gcp/14-dns-permissions-create@1.5x.png) + ![Add DNS permissions](../../../img/helm/gcp/14-dns-permissions-create@1.5x.png)
### Create a service account for the Teleport Helm chart @@ -150,13 +133,13 @@ Go to the "Service Accounts" section of Google Cloud IAM & Admin. 1. Click the "Create Service Account" button at the top.
- ![Create service account](../../../../img/helm/gcp/7-serviceaccounts@1.5x.png) + ![Create service account](../../../img/helm/gcp/7-serviceaccounts@1.5x.png)
2. Enter details for the service account (we recommend using the name `teleport-helm`) and click the "Create" button.
- ![Enter service account details](../../../../img/helm/gcp/8-createserviceaccount@1.5x.png) + ![Enter service account details](../../../img/helm/gcp/8-createserviceaccount@1.5x.png)
3. In the "Grant this service account access to project" section, add these four roles: @@ -170,7 +153,7 @@ Go to the "Service Accounts" section of Google Cloud IAM & Admin. | Storage Object Viewer | Allows reading of Google Cloud storage objects |
- ![Add roles](../../../../img/helm/gcp/9-addroles@1.5x.png) + ![Add roles](../../../img/helm/gcp/9-addroles@1.5x.png)
4. Click the "continue" button to save these settings, then click the "create" button to create the service account. @@ -182,20 +165,20 @@ Go back to the "Service Accounts" view in Google Cloud IAM & Admin. 1. Click on the `teleport-helm` service account that you just created.
- ![Click on the service account](../../../../img/helm/gcp/10-serviceaccountdetails@1.5x.png) + ![Click on the service account](../../../img/helm/gcp/10-serviceaccountdetails@1.5x.png)
2. Click the "Keys" tab at the top and click "Add Key". Choose "JSON" and click "Create".
- ![Create JSON key](../../../../img/helm/gcp/11-createkey.png) + ![Create JSON key](../../../img/helm/gcp/11-createkey.png)
3. The JSON private key will be downloaded to your computer. Take note of the filename (`bens-demos-24150b1a0a7f.json` in this example) as you will need it shortly.
- ![Private key saved](../../../../img/helm/gcp/12-privatekey@1.5x.png) + ![Private key saved](../../../img/helm/gcp/12-privatekey@1.5x.png)
@@ -292,6 +275,24 @@ $ kubectl --namespace teleport create -f gcp-issuer.yaml ## Step 5/7. Set values to configure the cluster + + +Before you can install Teleport in your Kubernetes cluster, you will need to +create a secret that contains your Teleport license information. + +Download your Teleport Enterprise license from the +[Customer Portal](https://dashboard.gravitational.com/web/login) and save it to +a file called `license.pem`. + +Create a secret from your license file. Teleport will automatically discover +this secret as long as your file is named `license.pem`. + +```code +$ kubectl -n teleport create secret generic license --from-file=license.pem +``` + + + If you are installing Teleport in a brand new GCP project, make sure you have enabled the [Cloud Firestore API](https://console.cloud.google.com/apis/api/firestore.googleapis.com/overview) @@ -300,62 +301,58 @@ $ kubectl --namespace teleport create -f gcp-issuer.yaml in your project before continuing. -There are two different ways to configure the `teleport-cluster` Helm chart to use `gcp` mode - using a `values.yaml` file or using `--set` -on the command line. +Next, configure the `teleport-cluster` Helm chart to use the `gcp` mode. Create a +file called `gcp-values.yaml` file and write the values you've chosen above to +it: -We recommend using a `values.yaml` file as it can be easily kept in source control. + -The `--set` CLI method is more appropriate for quick test deployments. +```yaml +chartMode: gcp +clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below +gcp: + projectId: gcpproj-123456 # Google Cloud project ID + backendTable: teleport-helm-backend # Firestore collection to use for the Teleport backend + auditLogTable: teleport-helm-events # Firestore collection to use for the Teleport audit log (must be different to the backend collection) + auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) + sessionRecordingBucket: teleport-helm-sessions # Google Cloud Storage bucket to use for Teleport session recordings +highAvailability: + replicaCount: 2 # Number of replicas to configure + certManager: + enabled: true # Enable cert-manager support to get TLS certificates + issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) +``` - - - Create a `gcp-values.yaml` file and write the values you've chosen above to it: - - ```yaml - chartMode: gcp - clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below - gcp: - projectId: gcpproj-123456 # Google Cloud project ID - backendTable: teleport-helm-backend # Firestore collection to use for the Teleport backend - auditLogTable: teleport-helm-events # Firestore collection to use for the Teleport audit log (must be different to the backend collection) - auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) - sessionRecordingBucket: teleport-helm-sessions # Google Cloud Storage bucket to use for Teleport session recordings - highAvailability: - replicaCount: 2 # Number of replicas to configure - certManager: - enabled: true # Enable cert-manager support to get TLS certificates - issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) - ``` + + - Install the chart with the values from your `gcp-values.yaml` file using this command: +```yaml +chartMode: gcp +clusterName: teleport.example.com # Name of your cluster. Use the FQDN you intend to configure in DNS below +gcp: + projectId: gcpproj-123456 # Google Cloud project ID + backendTable: teleport-helm-backend # Firestore collection to use for the Teleport backend + auditLogTable: teleport-helm-events # Firestore collection to use for the Teleport audit log (must be different to the backend collection) + auditLogMirrorOnStdout: false # Whether to mirror audit log entries to stdout in JSON format (useful for external log collectors) + sessionRecordingBucket: teleport-helm-sessions # Google Cloud Storage bucket to use for Teleport session recordings +highAvailability: + replicaCount: 2 # Number of replicas to configure + certManager: + enabled: true # Enable cert-manager support to get TLS certificates + issuerName: letsencrypt-production # Name of the cert-manager Issuer to use (as configured above) +enterprise: true # Indicate that this is a Teleport Enterprise deployment +``` - ```code - $ helm install teleport teleport/teleport-cluster \ - --create-namespace \ - --namespace teleport \ - -f gcp-values.yaml - ``` + - - - Install the chart using this command, replacing the placeholders with the values you've chosen above: +Install the chart with the values from your `gcp-values.yaml` file using this command: - ```code - $ helm install teleport teleport/teleport-cluster \ - --create-namespace \ - --namespace teleport \ - --set chartMode=gcp \ - --set clusterName=teleport.example.com `# Name of your cluster. Use the FQDN you intend to configure in DNS below` \ - --set gcp.projectId=gcpproj-123456 `# GCP project ID` \ - --set gcp.backendTable=teleport-helm-backend `# Firestore collection to use for the Teleport backend` \ - --set gcp.auditLogTable=teleport-helm-events `# Firestore collection to use for the Teleport audit log (must be different to the backend collection)` \ - --set gcp.sessionRecordingBucket=teleport-helm-sessions `# Google Cloud storage bucket to use for Teleport session recordings` \ - --set highAvailability.replicaCount=2 `# Number of replicas to configure` \ - --set highAvailability.certManager.enabled=true `# Enable cert-manager support to get TLS certificates` \ - --set highAvailability.certManager.issuerName=letsencrypt-production `# Name of the cert-manager Issuer to use` - ``` - - +```code +$ helm install teleport teleport/teleport-cluster \ + --create-namespace \ + --namespace teleport \ + -f gcp-values.yaml +``` You cannot change the `clusterName` after the cluster is configured, so make sure you choose wisely. We recommend using the fully-qualified domain name that you'll use for external access to your Teleport cluster. @@ -432,7 +429,7 @@ To make changes to your Teleport cluster after deployment, you can use `helm upg Helm defaults to using the latest version of the chart available in the repo, which will also correspond to the latest version of Teleport. You can make sure that the repo is up to date by running `helm repo update`. -If you want to use a different version of Teleport, set the [`teleportVersionOverride`](../reference/teleport-cluster.mdx#teleportversionoverride) value. +If you want to use a different version of Teleport, set the [`teleportVersionOverride`](../../reference/helm-reference/teleport-cluster.mdx#teleportversionoverride) value. Here's an example where we set the chart to use 3 replicas: @@ -483,9 +480,8 @@ $ helm --namespace cert-manager uninstall cert-manager ## Next steps -You can follow our [Getting Started with Teleport guide](../../../setup/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your +You can follow our [Getting Started with Teleport guide](../../management/guides/docker.mdx#step-34-creating-a-teleport-user) to finish setting up your Teleport cluster. -See the [high availability section of our Helm chart reference](../reference/teleport-cluster.mdx#highavailability) for more details on high availability. +See the [high availability section of our Helm chart reference](../../reference/helm-reference/teleport-cluster.mdx#highavailability) for more details on high availability. - \ No newline at end of file diff --git a/docs/pages/kubernetes-access/getting-started/cluster.mdx b/docs/pages/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx similarity index 89% rename from docs/pages/kubernetes-access/getting-started/cluster.mdx rename to docs/pages/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx index adda48dc127e2..1c2df642b950f 100644 --- a/docs/pages/kubernetes-access/getting-started/cluster.mdx +++ b/docs/pages/deploy-a-cluster/helm-deployments/kubernetes-cluster.mdx @@ -6,37 +6,10 @@ description: Getting started with Teleport. Let's deploy Teleport in a Kubernete This guide shows you how to deploy the Teleport Auth Service and Proxy Service on a Kubernetes cluster. These services are fully managed in Teleport Cloud. -Instead, Teleport Cloud users should consult the following guide, which shows you how to connect a Teleport Kubernetes Service agent to an existing Teleport cluster: +Instead, Teleport Cloud users should consult the following guide, which shows you how to connect a Teleport Kubernetes Service instance to an existing Teleport cluster: - - - - - -You can also view this guide as a user of another Teleport edition: - - - - - - - - - Teleport can provide secure, unified access to your Kubernetes clusters. This guide will show you how to: - Deploy Teleport in a Kubernetes cluster. @@ -45,9 +18,11 @@ Teleport can provide secure, unified access to your Kubernetes clusters. This gu While completing this guide, you will deploy a single Teleport pod running the Auth Service and Proxy Service in your Kubernetes cluster, and a load balancer that allows outside traffic to your Teleport cluster. Users can then access your Kubernetes cluster via the Teleport cluster running within it. -If you are already running Teleport on another platform, you can use your existing Teleport deployment to access your Kubernetes cluster. [Follow our guide](./agent.mdx) to connect your Kubernetes cluster to Teleport. +If you are already running Teleport on another platform, you can use your existing Teleport deployment to access your Kubernetes cluster. [Follow our guide](../../kubernetes-access/getting-started.mdx) to connect your Kubernetes cluster to Teleport. +(!docs/pages/includes/cloud/call-to-action.mdx!) + ## Follow along with our video guide