-
Notifications
You must be signed in to change notification settings - Fork 4.1k
/
types.proto
206 lines (164 loc) · 7.33 KB
/
types.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
syntax = "proto3";
option go_package = "github.com/hashicorp/vault/helper/identity";
package identity;
import "google/protobuf/timestamp.proto";
import "helper/identity/mfa/types.proto";
// Group represents an identity group.
message Group {
// ID is the unique identifier for this group
string id = 1;
// Name is the unique name for this group
string name = 2;
// Policies are the vault policies to be granted to members of this group
repeated string policies = 3;
// ParentGroupIDs are the identifiers of those groups to which this group is a
// member of. These will serve as references to the parent group in the
// hierarchy.
repeated string parent_group_ids = 4;
// MemberEntityIDs are the identifiers of entities which are members of this
// group
repeated string member_entity_ids = 5;
// Metadata represents the custom data tied with this group
map<string, string> metadata = 6;
// CreationTime is the time at which this group was created
google.protobuf.Timestamp creation_time = 7;
// LastUpdateTime is the time at which this group was last modified
google.protobuf.Timestamp last_update_time= 8;
// ModifyIndex tracks the number of updates to the group. It is useful to detect
// updates to the groups.
uint64 modify_index = 9;
// BucketKey is the path of the storage packer key into which this group is
// stored.
string bucket_key = 10;
// Alias is used to mark this group as an internal mapping of a group that
// is external to the identity store. Alias can only be set if the 'type'
// is set to 'external'.
Alias alias = 11;
// Type indicates if this group is an internal group or an external group.
// Memberships of the internal groups can be managed over the API whereas
// the memberships on the external group --for which a corresponding alias
// will be set-- will be managed automatically.
string type = 12;
// NamespaceID is the identifier of the namespace to which this group
// belongs to. Do not return this value over the API when reading the
// group.
string namespace_id = 13;
}
// Entity represents an entity that gets persisted and indexed.
// Entity is fundamentally composed of zero or many aliases.
message Entity {
// Aliases are the identities that this entity is made of. This can be
// empty as well to favor being able to create the entity first and then
// incrementally adding aliases.
repeated Alias aliases = 1;
// ID is the unique identifier of the entity which always be a UUID. This
// should never be allowed to be updated.
string id = 2;
// Name is a unique identifier of the entity which is intended to be
// human-friendly. The default name might not be human friendly since it
// gets suffixed by a UUID, but it can optionally be updated, unlike the ID
// field.
string name = 3;
// Metadata represents the explicit metadata which is set by the
// clients. This is useful to tie any information pertaining to the
// aliases. This is a non-unique field of entity, meaning multiple
// entities can have the same metadata set. Entities will be indexed based
// on this explicit metadata. This enables virtual groupings of entities
// based on its metadata.
map<string, string> metadata = 4;
// CreationTime is the time at which this entity is first created.
google.protobuf.Timestamp creation_time = 5;
// LastUpdateTime is the most recent time at which the properties of this
// entity got modified. This is helpful in filtering out entities based on
// its age and to take action on them, if desired.
google.protobuf.Timestamp last_update_time= 6;
// MergedEntityIDs are the entities which got merged to this one. Entities
// will be indexed based on all the entities that got merged into it. This
// helps to apply the actions on this entity on the tokens that are merged
// to the merged entities. Merged entities will be deleted entirely and
// this is the only trackable trail of its earlier presence.
repeated string merged_entity_ids = 7;
// Policies the entity is entitled to
repeated string policies = 8;
// BucketKey is the path of the storage packer key into which this entity is
// stored.
string bucket_key = 9;
// MFASecrets holds the MFA secrets indexed by the identifier of the MFA
// method configuration.
map<string, mfa.Secret> mfa_secrets = 10;
// Disabled indicates whether tokens associated with the account should not
// be able to be used
bool disabled = 11;
// NamespaceID is the identifier of the namespace to which this entity
// belongs to. Do not return this value over the API when reading the
// entity.
string namespace_id = 12;
}
// Alias represents the alias that gets stored inside of the
// entity object in storage and also represents in an in-memory index of an
// alias object.
message Alias {
// ID is the unique identifier that represents this alias
string id = 1;
// CanonicalID is the entity identifier to which this alias belongs to
string canonical_id = 2;
// MountType is the backend mount's type to which this alias belongs to.
// This enables categorically querying aliases of specific backend types.
string mount_type = 3;
// MountAccessor is the backend mount's accessor to which this alias
// belongs to.
string mount_accessor = 4;
// MountPath is the backend mount's path to which the Maccessor belongs to. This
// field is not used for any operational purposes. This is only returned when
// alias is read, only as a nicety.
string mount_path = 5;
// Metadata is the explicit metadata that clients set against an entity
// which enables virtual grouping of aliases. Aliases will be indexed
// against their metadata.
map<string, string> metadata = 6;
// Name is the identifier of this alias in its authentication source.
// This does not uniquely identify an alias in Vault. This in conjunction
// with MountAccessor form to be the factors that represent an alias in a
// unique way. Aliases will be indexed based on this combined uniqueness
// factor.
string name = 7;
// CreationTime is the time at which this alias was first created
google.protobuf.Timestamp creation_time = 8;
// LastUpdateTime is the most recent time at which the properties of this
// alias got modified. This is helpful in filtering out aliases based
// on its age and to take action on them, if desired.
google.protobuf.Timestamp last_update_time = 9;
// MergedFromCanonicalIDs is the FIFO history of merging activity
repeated string merged_from_canonical_ids = 10;
// NamespaceID is the identifier of the namespace to which this alias
// belongs.
string namespace_id = 11;
// Custom Metadata
map<string, string> customMetadata = 12;
}
// Deprecated. Retained for backwards compatibility.
message EntityStorageEntry {
repeated PersonaIndexEntry personas = 1;
string id = 2;
string name = 3;
map<string, string> metadata = 4;
google.protobuf.Timestamp creation_time = 5;
google.protobuf.Timestamp last_update_time= 6;
repeated string merged_entity_ids = 7;
repeated string policies = 8;
string bucket_key_hash = 9;
map<string, mfa.Secret> mfa_secrets = 10;
}
// Deprecated. Retained for backwards compatibility.
message PersonaIndexEntry {
string id = 1;
string entity_id = 2;
string mount_type = 3;
string mount_accessor = 4;
string mount_path = 5;
map<string, string> metadata = 6;
string name = 7;
google.protobuf.Timestamp creation_time = 8;
google.protobuf.Timestamp last_update_time = 9;
repeated string merged_from_entity_ids = 10;
}