gravitational · strideynet · Dec 21, 2023 · Dec 6, 2023 · Dec 12, 2023 · Dec 12, 2023
diff --git a/api/client/client.go b/api/client/client.go
@@ -60,6 +60,7 @@ import (
 	integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
 	kubeproto "github.com/gravitational/teleport/api/gen/proto/go/teleport/kube/v1"
 	loginrulepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1"
+	machineidv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1"
 	oktapb "github.com/gravitational/teleport/api/gen/proto/go/teleport/okta/v1"
 	pluginspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/plugins/v1"
 	resourceusagepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/resourceusage/v1"
@@ -849,6 +850,11 @@ func (c *Client) EmbeddingClient() assist.AssistEmbeddingServiceClient {
 	return assist.NewAssistEmbeddingServiceClient(c.conn)
 }
 
+// BotServiceClient returns an unadorned client for the bot service.
+func (c *Client) BotServiceClient() machineidv1pb.BotServiceClient {
+	return machineidv1pb.NewBotServiceClient(c.conn)
+}
+
 // Ping gets basic info about the auth server.
 func (c *Client) Ping(ctx context.Context) (proto.PingResponse, error) {
 	rsp, err := c.grpc.Ping(ctx, &proto.PingRequest{})
@@ -1135,7 +1141,11 @@ func (c *Client) CreateResetPasswordToken(ctx context.Context, req *proto.Create
 }
 
 // CreateBot creates a new bot from the specified descriptor.
+//
+// TODO(noah): DELETE IN 16.0.0
+// Deprecated: use [machineidv1pb.BotServiceClient.CreateBot] instead.
 func (c *Client) CreateBot(ctx context.Context, req *proto.CreateBotRequest) (*proto.CreateBotResponse, error) {
+	//nolint:staticcheck // SA1019. Kept for backward compatibility.
 	response, err := c.grpc.CreateBot(ctx, req)
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -1145,15 +1155,23 @@ func (c *Client) CreateBot(ctx context.Context, req *proto.CreateBotRequest) (*p
 }
 
 // DeleteBot deletes a bot and associated resources.
+//
+// TODO(noah): DELETE IN 16.0.0
+// Deprecated: use [machineidv1pb.BotServiceClient.DeleteBot] instead.
 func (c *Client) DeleteBot(ctx context.Context, botName string) error {
+	//nolint:staticcheck // SA1019. Kept for backward compatibility.
 	_, err := c.grpc.DeleteBot(ctx, &proto.DeleteBotRequest{
 		Name: botName,
 	})
 	return trace.Wrap(err)
 }
 
 // GetBotUsers fetches all bot users.
+//
+// TODO(noah): DELETE IN 16.0.0
+// Deprecated: use [machineidv1pb.BotServiceClient.ListBots] instead.
 func (c *Client) GetBotUsers(ctx context.Context) ([]types.User, error) {
+	//nolint:staticcheck // SA1019. Kept for backward compatibility.
 	stream, err := c.grpc.GetBotUsers(ctx, &proto.GetBotUsersRequest{})
 	if err != nil {
 		return nil, trace.Wrap(err)

diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go
diff --git a/api/gen/proto/go/teleport/machineid/v1/bot.pb.go b/api/gen/proto/go/teleport/machineid/v1/bot.pb.go
diff --git a/api/proto/teleport/legacy/client/proto/authservice.proto b/api/proto/teleport/legacy/client/proto/authservice.proto
@@ -2650,11 +2650,23 @@ service AuthService {
   rpc CreateResetPasswordToken(CreateResetPasswordTokenRequest) returns (types.UserTokenV3);
 
   // CreateBot creates a new bot user.
-  rpc CreateBot(CreateBotRequest) returns (CreateBotResponse);
+  //
+  // Deprecated: Use [teleport.machineid.v1.BotService] instead.
+  rpc CreateBot(CreateBotRequest) returns (CreateBotResponse) {
+    option deprecated = true;
+  }
   // DeleteBot deletes a bot user.
-  rpc DeleteBot(DeleteBotRequest) returns (google.protobuf.Empty);
+  //
+  // Deprecated: Use [teleport.machineid.v1.BotService] instead.
+  rpc DeleteBot(DeleteBotRequest) returns (google.protobuf.Empty) {
+    option deprecated = true;
+  }
   // GetBotUsers gets all users with bot labels.
-  rpc GetBotUsers(GetBotUsersRequest) returns (stream types.UserV2);
+  //
+  // Deprecated: Use [teleport.machineid.v1.BotService] instead.
+  rpc GetBotUsers(GetBotUsersRequest) returns (stream types.UserV2) {
+    option deprecated = true;
+  }
 
   // GetUser gets a user resource by name.
   //

diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
@@ -1959,6 +1959,78 @@ message RoleDelete {
   ];
 }
 
+// BotCreate is emitted when a bot is created/upserted.
+message BotCreate {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata
+  UserMetadata User = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// BotCreate is emitted when a bot is created/updated.
+message BotUpdate {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata
+  UserMetadata User = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// BotDelete is emitted when a bot is deleted.
+message BotDelete {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata
+  UserMetadata User = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
 // TrustedClusterCreate is the event for creating a trusted cluster.
 message TrustedClusterCreate {
   // Metadata is a common event metadata
@@ -3671,6 +3743,9 @@ message OneOf {
     events.UserUpdate UserUpdate = 140;
     events.ExternalAuditStorageEnable ExternalAuditStorageEnable = 141;
     events.ExternalAuditStorageDisable ExternalAuditStorageDisable = 142;
+    events.BotCreate BotCreate = 143;
+    events.BotDelete BotDelete = 144;
+    events.BotUpdate BotUpdate = 145;
   }
 }
 

diff --git a/api/proto/teleport/machineid/v1/bot.proto b/api/proto/teleport/machineid/v1/bot.proto
@@ -63,8 +63,11 @@ message BotSpec {
 // Fields that are set by the server as results of operations. These should not
 // be modified by users.
 message BotStatus {
+  reserved 2;
+  reserved "role_role";
+
   // The name of the user associated with the bot.
   string user_name = 1;
   // The name of the role associated with the bot.
-  string role_role = 2;
+  string role_name = 3;
 }
diff --git a/api/types/constants.go b/api/types/constants.go
@@ -63,6 +63,9 @@ const (
 	// KindUser is a user resource
 	KindUser = "user"
 
+	// KindBot is a Machine ID bot resource
+	KindBot = "bot"
+
 	// KindHostCert is a host certificate
 	KindHostCert = "host_cert"