README

Combined Database Engine

This package is how database plugins interact with Vault.

Upgrading to Version 5

Background

In Vault 1.6, a new Database interface was created that solved a number of issues with the previous interface:

  1. It could not use password policies because the database plugins were responsible for generating passwords.
  2. There were significant inconsistencies between functions in the interface.
  3. Several functions (SetCredentials and RotateRootCredentials) were doing the same operation.
  4. It had a function that was no longer being used as it had been deprecated in a previous version but never removed.

Prior to Vault 1.6, the Database interface is version 4 (with other versions in older versions of Vault). The new version introduced in Vault 1.6 is version 5. This distinction was not exposed in previous iterations of the Database interface as the previous versions were additive to the interface. Since version 5 is an overhaul of the interface, this distinction needed to be made.

We highly recommend that you upgrade any version 4 database plugins to version 5 as version 4 is considered deprecated and support for it will be removed in a future release. Version 5 plugins will not function with Vault prior to Vault 1.6.

The new interface is roughly modeled after a gRPC interface. It has improved future compatibility by not requiring changes to the interface definition to add additional data in the requests or responses. It also simplifies the interface by merging several into a single function call.

Upgrading your custom database

Vault 1.6 supports both version 4 and version 5 database plugins. The support for version 4 plugins will be removed in a future release. Version 5 database plugins will not function with Vault prior to version 1.6. If you upgrade your database plugins, ensure that you are only using Vault 1.6 or later. To determine if a plugin is using version 4 or version 5, the following is a list of changes in no particular order that you can check against your plugin to determine the version:

  1. The import path for version 4 is github.com/hashicorp/vault/sdk/database/dbplugin whereas the import path for version 5 is github.com/hashicorp/vault/sdk/database/dbplugin/v5
  2. Version 4 has the following functions: Initialize, Init, CreateUser, RenewUser, RevokeUser, SetCredentials, RotateRootCredentials, Type, and Close. You can see the full function signatures in sdk/database/dbplugin/plugin.go.
  3. Version 5 has the following functions: Initialize, NewUser, UpdateUser, DeleteUser, Type, and Close. You can see the full function signatures in sdk/database/dbplugin/v5/database.go.

If you are using a version 4 custom database plugin, the following are basic instructions for upgrading to version 5.

-> In version 4, password generation was the responsibility of the plugin. This is no longer the case with version 5. Vault is responsible for generating passwords and passing them to the plugin via NewUserRequest.Password and UpdateUserRequest.Password.NewPassword.

  1. Change the import path from github.com/hashicorp/vault/sdk/database/dbplugin to github.com/hashicorp/vault/sdk/database/dbplugin/v5. The package name is the same, so any references to dbplugin can remain as long as those symbols exist within the new package (such as the Serve function).
  2. An easy way to see what functions need to be implemented is to put the following as a global variable within your package: var _ dbplugin.Database = (*MyDatabase)(nil). This will fail to compile if the MyDatabase type does not adhere to the dbplugin.Database interface.
  3. Replace Init and Initialize with the new Initialize function definition. The fields that Init was taking (config and verifyConnection) are now wrapped into InitializeRequest. The returned map[string]interface{} object is now wrapped into InitializeResponse. Only Initialize is needed to adhere to the Database interface.
  4. Update CreateUser to NewUser. The NewUserRequest object contains the username and password of the user to be created. It also includes a list of statements for creating the user as well as several other fields that may or may not be applicable. Your custom plugin should use the password provided in the request, not generate one. If you generate a password instead, Vault will not know about it and will give the caller the wrong password.
  5. SetCredentials, RotateRootCredentials, and RenewUser are combined into UpdateUser. The request object, UpdateUserRequest contains three parts: the username to change, a ChangePassword and a ChangeExpiration object. When one of the objects is not nil, this indicates that particular field (password or expiration) needs to change. For instance, if the ChangePassword field is not-nil, the user's password should be changed. This is equivalent to calling SetCredentials. If the ChangeExpiration field is not-nil, the user's expiration date should be changed. This is equivalent to calling RenewUser. Many databases don't need to do anything with the updated expiration.
  6. Update RevokeUser to DeleteUser. This is the simplest change. The username to be deleted is enclosed in the DeleteUserRequest object.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrPluginShutdown          = errors.New("plugin shutdown")
	ErrPluginStaticUnsupported = errors.New("database plugin does not support Static Accounts")
)
View Source
var File_sdk_database_dbplugin_database_proto protoreflect.FileDescriptor

Functions

func RegisterDatabaseServer

func RegisterDatabaseServer(s *grpc.Server, srv DatabaseServer)

func Serve

func Serve(db Database, tlsProvider func() (*tls.Config, error))

    Serve is called from within a plugin and wraps the provided Database implementation in a databasePluginRPCServer object and starts a RPC server.

    func ServeConfig

    func ServeConfig(db Database, tlsProvider func() (*tls.Config, error)) *plugin.ServeConfig

    Types

    type CreateUserRequest

    type CreateUserRequest struct {
    	Statements     *Statements          `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
    	UsernameConfig *UsernameConfig      `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
    	Expiration     *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
    	// contains filtered or unexported fields
    }

    func (*CreateUserRequest) Descriptor

    func (*CreateUserRequest) Descriptor() ([]byte, []int)

      Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.

      func (*CreateUserRequest) GetExpiration

      func (x *CreateUserRequest) GetExpiration() *timestamp.Timestamp

      func (*CreateUserRequest) GetStatements

      func (x *CreateUserRequest) GetStatements() *Statements

      func (*CreateUserRequest) GetUsernameConfig

      func (x *CreateUserRequest) GetUsernameConfig() *UsernameConfig

      func (*CreateUserRequest) ProtoMessage

      func (*CreateUserRequest) ProtoMessage()

      func (*CreateUserRequest) ProtoReflect

      func (x *CreateUserRequest) ProtoReflect() protoreflect.Message

      func (*CreateUserRequest) Reset

      func (x *CreateUserRequest) Reset()

      func (*CreateUserRequest) String

      func (x *CreateUserRequest) String() string

      type CreateUserResponse

      type CreateUserResponse struct {
      	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
      	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
      	// contains filtered or unexported fields
      }

      func (*CreateUserResponse) Descriptor

      func (*CreateUserResponse) Descriptor() ([]byte, []int)

        Deprecated: Use CreateUserResponse.ProtoReflect.Descriptor instead.

        func (*CreateUserResponse) GetPassword

        func (x *CreateUserResponse) GetPassword() string

        func (*CreateUserResponse) GetUsername

        func (x *CreateUserResponse) GetUsername() string

        func (*CreateUserResponse) ProtoMessage

        func (*CreateUserResponse) ProtoMessage()

        func (*CreateUserResponse) ProtoReflect

        func (x *CreateUserResponse) ProtoReflect() protoreflect.Message

        func (*CreateUserResponse) Reset

        func (x *CreateUserResponse) Reset()

        func (*CreateUserResponse) String

        func (x *CreateUserResponse) String() string

        type Database

        type Database interface {
        	// Type returns the TypeName for the particular database backend
        	// implementation. This type name is usually set as a constant within the
        	// database backend implementation, e.g. "mysql" for the MySQL database
        	// backend.
        	Type() (string, error)
        
        	// CreateUser is called on `$ vault read database/creds/:role-name` and it's
        	// also the first time anything is touched from `$ vault write
        	// database/roles/:role-name`. This is likely to be the highest-throughput
        	// method for most plugins.
        	CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error)
        
        	// RenewUser is triggered by a renewal call to the API. In many database
        	// backends, this triggers a call on the underlying database that extends a
        	// VALID UNTIL clause on a user. However, if no such need exists, setting
        	// this as a NO-OP means that when renewal is called, the lease renewal time
        	// is pushed further out as appropriate, thus pushing out the time until the
        	// RevokeUser method is called.
        	RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) error
        
        	// RevokeUser is triggered either automatically by a lease expiration, or by
        	// a revocation call to the API.
        	RevokeUser(ctx context.Context, statements Statements, username string) error
        
        	// RotateRootCredentials is triggered by a root credential rotation call to
        	// the API.
        	RotateRootCredentials(ctx context.Context, statements []string) (config map[string]interface{}, err error)
        
        	// GenerateCredentials returns a generated password for the plugin. This is
        	// used in combination with SetCredentials to set a specific password for a
        	// database user and preserve the password in WAL entries.
        	GenerateCredentials(ctx context.Context) (string, error)
        
        	// SetCredentials uses provided information to create or set the credentials
        	// for a database user. Unlike CreateUser, this method requires both a
        	// username and a password given instead of generating them. This is used for
        	// creating and setting the password of static accounts, as well as rolling
        	// back passwords in the database in the event an updated database fails to
        	// save in Vault's storage.
        	SetCredentials(ctx context.Context, statements Statements, staticConfig StaticUserConfig) (username string, password string, err error)
        
        	// Init is called on `$ vault write database/config/:db-name`, or when you
        	// do a creds call after Vault's been restarted. The config provided won't
        	// hold all the keys and values provided in the API call, some will be
        	// stripped by the database engine before the config is provided. The config
        	// returned will be stored, which will persist it across shutdowns.
        	Init(ctx context.Context, config map[string]interface{}, verifyConnection bool) (saveConfig map[string]interface{}, err error)
        
        	// Close attempts to close the underlying database connection that was
        	// established by the backend.
        	Close() error
        }

          Database is the interface that all database objects must implement.

          func NewPluginClient

          func NewPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (Database, error)

            NewPluginClient returns a databaseRPCClient with a connection to a running plugin. The client is wrapped in a DatabasePluginClient object to ensure the plugin is killed on call of Close().

            func PluginFactory

            func PluginFactory(ctx context.Context, pluginName string, sys pluginutil.LookRunnerUtil, logger log.Logger) (Database, error)

              PluginFactory is used to build plugin database types. It wraps the database object in a logging and metrics middleware.

              type DatabaseClient

              type DatabaseClient interface {
              	Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error)
              	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error)
              	RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error)
              	RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error)
              	RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error)
              	Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error)
              	Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error)
              	SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error)
              	GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error)
              	// Deprecated: Do not use.
              	Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error)
              }

                DatabaseClient is the client API for Database service.

                For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

                func NewDatabaseClient

                func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient

                type DatabaseErrorSanitizerMiddleware

                type DatabaseErrorSanitizerMiddleware struct {
                	// contains filtered or unexported fields
                }

                  DatabaseErrorSanitizerMiddleware wraps an implementation of Databases and sanitizes returned error messages

                  func NewDatabaseErrorSanitizerMiddleware

                  func NewDatabaseErrorSanitizerMiddleware(next Database, secretsFn func() map[string]interface{}) *DatabaseErrorSanitizerMiddleware

                  func (*DatabaseErrorSanitizerMiddleware) Close

                  func (mw *DatabaseErrorSanitizerMiddleware) Close() (err error)

                  func (*DatabaseErrorSanitizerMiddleware) CreateUser

                  func (mw *DatabaseErrorSanitizerMiddleware) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error)

                  func (*DatabaseErrorSanitizerMiddleware) GenerateCredentials

                  func (mw *DatabaseErrorSanitizerMiddleware) GenerateCredentials(ctx context.Context) (password string, err error)

                  func (*DatabaseErrorSanitizerMiddleware) Init

                  func (mw *DatabaseErrorSanitizerMiddleware) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (saveConf map[string]interface{}, err error)

                  func (*DatabaseErrorSanitizerMiddleware) Initialize

                  func (mw *DatabaseErrorSanitizerMiddleware) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error

                  func (*DatabaseErrorSanitizerMiddleware) RenewUser

                  func (mw *DatabaseErrorSanitizerMiddleware) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) (err error)

                  func (*DatabaseErrorSanitizerMiddleware) RevokeUser

                  func (mw *DatabaseErrorSanitizerMiddleware) RevokeUser(ctx context.Context, statements Statements, username string) (err error)

                  func (*DatabaseErrorSanitizerMiddleware) RotateRootCredentials

                  func (mw *DatabaseErrorSanitizerMiddleware) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error)

                  func (*DatabaseErrorSanitizerMiddleware) SetCredentials

                  func (mw *DatabaseErrorSanitizerMiddleware) SetCredentials(ctx context.Context, statements Statements, staticConfig StaticUserConfig) (username, password string, err error)

                  func (*DatabaseErrorSanitizerMiddleware) Type

                  type DatabasePluginClient

                  type DatabasePluginClient struct {
                  	sync.Mutex
                  
                  	Database
                  	// contains filtered or unexported fields
                  }

                    DatabasePluginClient embeds a databasePluginRPCClient and wraps it's Close method to also call Kill() on the plugin.Client.

                    func (*DatabasePluginClient) Close

                    func (dc *DatabasePluginClient) Close() error

                      This wraps the Close call and ensures we both close the database connection and kill the plugin.

                      type DatabaseServer

                        DatabaseServer is the server API for Database service.

                        type Empty

                        type Empty struct {
                        	// contains filtered or unexported fields
                        }

                        func (*Empty) Descriptor

                        func (*Empty) Descriptor() ([]byte, []int)

                          Deprecated: Use Empty.ProtoReflect.Descriptor instead.

                          func (*Empty) ProtoMessage

                          func (*Empty) ProtoMessage()

                          func (*Empty) ProtoReflect

                          func (x *Empty) ProtoReflect() protoreflect.Message

                          func (*Empty) Reset

                          func (x *Empty) Reset()

                          func (*Empty) String

                          func (x *Empty) String() string

                          type GRPCDatabasePlugin

                          type GRPCDatabasePlugin struct {
                          	Impl Database
                          
                          	// Embeding this will disable the netRPC protocol
                          	plugin.NetRPCUnsupportedPlugin
                          }

                            GRPCDatabasePlugin is the plugin.Plugin implementation that only supports GRPC transport

                            func (GRPCDatabasePlugin) GRPCClient

                            func (GRPCDatabasePlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error)

                            func (GRPCDatabasePlugin) GRPCServer

                            func (d GRPCDatabasePlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error

                            type GenerateCredentialsResponse

                            type GenerateCredentialsResponse struct {
                            	Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
                            	// contains filtered or unexported fields
                            }

                            func (*GenerateCredentialsResponse) Descriptor

                            func (*GenerateCredentialsResponse) Descriptor() ([]byte, []int)

                              Deprecated: Use GenerateCredentialsResponse.ProtoReflect.Descriptor instead.

                              func (*GenerateCredentialsResponse) GetPassword

                              func (x *GenerateCredentialsResponse) GetPassword() string

                              func (*GenerateCredentialsResponse) ProtoMessage

                              func (*GenerateCredentialsResponse) ProtoMessage()

                              func (*GenerateCredentialsResponse) ProtoReflect

                              func (*GenerateCredentialsResponse) Reset

                              func (x *GenerateCredentialsResponse) Reset()

                              func (*GenerateCredentialsResponse) String

                              func (x *GenerateCredentialsResponse) String() string

                              type InitRequest

                              type InitRequest struct {
                              	Config           []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
                              	VerifyConnection bool   `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
                              	// contains filtered or unexported fields
                              }

                              func (*InitRequest) Descriptor

                              func (*InitRequest) Descriptor() ([]byte, []int)

                                Deprecated: Use InitRequest.ProtoReflect.Descriptor instead.

                                func (*InitRequest) GetConfig

                                func (x *InitRequest) GetConfig() []byte

                                func (*InitRequest) GetVerifyConnection

                                func (x *InitRequest) GetVerifyConnection() bool

                                func (*InitRequest) ProtoMessage

                                func (*InitRequest) ProtoMessage()

                                func (*InitRequest) ProtoReflect

                                func (x *InitRequest) ProtoReflect() protoreflect.Message

                                func (*InitRequest) Reset

                                func (x *InitRequest) Reset()

                                func (*InitRequest) String

                                func (x *InitRequest) String() string

                                type InitResponse

                                type InitResponse struct {
                                	Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
                                	// contains filtered or unexported fields
                                }

                                func (*InitResponse) Descriptor

                                func (*InitResponse) Descriptor() ([]byte, []int)

                                  Deprecated: Use InitResponse.ProtoReflect.Descriptor instead.

                                  func (*InitResponse) GetConfig

                                  func (x *InitResponse) GetConfig() []byte

                                  func (*InitResponse) ProtoMessage

                                  func (*InitResponse) ProtoMessage()

                                  func (*InitResponse) ProtoReflect

                                  func (x *InitResponse) ProtoReflect() protoreflect.Message

                                  func (*InitResponse) Reset

                                  func (x *InitResponse) Reset()

                                  func (*InitResponse) String

                                  func (x *InitResponse) String() string

                                  type InitializeRequest

                                  type InitializeRequest struct {
                                  	Config           []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
                                  	VerifyConnection bool   `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
                                  	// contains filtered or unexported fields
                                  }

                                    Deprecated: Do not use.

                                    func (*InitializeRequest) Descriptor

                                    func (*InitializeRequest) Descriptor() ([]byte, []int)

                                      Deprecated: Use InitializeRequest.ProtoReflect.Descriptor instead.

                                      func (*InitializeRequest) GetConfig

                                      func (x *InitializeRequest) GetConfig() []byte

                                      func (*InitializeRequest) GetVerifyConnection

                                      func (x *InitializeRequest) GetVerifyConnection() bool

                                      func (*InitializeRequest) ProtoMessage

                                      func (*InitializeRequest) ProtoMessage()

                                      func (*InitializeRequest) ProtoReflect

                                      func (x *InitializeRequest) ProtoReflect() protoreflect.Message

                                      func (*InitializeRequest) Reset

                                      func (x *InitializeRequest) Reset()

                                      func (*InitializeRequest) String

                                      func (x *InitializeRequest) String() string

                                      type RenewUserRequest

                                      type RenewUserRequest struct {
                                      	Statements *Statements          `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
                                      	Username   string               `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
                                      	Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
                                      	// contains filtered or unexported fields
                                      }

                                      func (*RenewUserRequest) Descriptor

                                      func (*RenewUserRequest) Descriptor() ([]byte, []int)

                                        Deprecated: Use RenewUserRequest.ProtoReflect.Descriptor instead.

                                        func (*RenewUserRequest) GetExpiration

                                        func (x *RenewUserRequest) GetExpiration() *timestamp.Timestamp

                                        func (*RenewUserRequest) GetStatements

                                        func (x *RenewUserRequest) GetStatements() *Statements

                                        func (*RenewUserRequest) GetUsername

                                        func (x *RenewUserRequest) GetUsername() string

                                        func (*RenewUserRequest) ProtoMessage

                                        func (*RenewUserRequest) ProtoMessage()

                                        func (*RenewUserRequest) ProtoReflect

                                        func (x *RenewUserRequest) ProtoReflect() protoreflect.Message

                                        func (*RenewUserRequest) Reset

                                        func (x *RenewUserRequest) Reset()

                                        func (*RenewUserRequest) String

                                        func (x *RenewUserRequest) String() string

                                        type RevokeUserRequest

                                        type RevokeUserRequest struct {
                                        	Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
                                        	Username   string      `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
                                        	// contains filtered or unexported fields
                                        }

                                        func (*RevokeUserRequest) Descriptor

                                        func (*RevokeUserRequest) Descriptor() ([]byte, []int)

                                          Deprecated: Use RevokeUserRequest.ProtoReflect.Descriptor instead.

                                          func (*RevokeUserRequest) GetStatements

                                          func (x *RevokeUserRequest) GetStatements() *Statements

                                          func (*RevokeUserRequest) GetUsername

                                          func (x *RevokeUserRequest) GetUsername() string

                                          func (*RevokeUserRequest) ProtoMessage

                                          func (*RevokeUserRequest) ProtoMessage()

                                          func (*RevokeUserRequest) ProtoReflect

                                          func (x *RevokeUserRequest) ProtoReflect() protoreflect.Message

                                          func (*RevokeUserRequest) Reset

                                          func (x *RevokeUserRequest) Reset()

                                          func (*RevokeUserRequest) String

                                          func (x *RevokeUserRequest) String() string

                                          type RotateRootCredentialsRequest

                                          type RotateRootCredentialsRequest struct {
                                          	Statements []string `protobuf:"bytes,1,rep,name=statements,proto3" json:"statements,omitempty"`
                                          	// contains filtered or unexported fields
                                          }

                                          func (*RotateRootCredentialsRequest) Descriptor

                                          func (*RotateRootCredentialsRequest) Descriptor() ([]byte, []int)

                                            Deprecated: Use RotateRootCredentialsRequest.ProtoReflect.Descriptor instead.

                                            func (*RotateRootCredentialsRequest) GetStatements

                                            func (x *RotateRootCredentialsRequest) GetStatements() []string

                                            func (*RotateRootCredentialsRequest) ProtoMessage

                                            func (*RotateRootCredentialsRequest) ProtoMessage()

                                            func (*RotateRootCredentialsRequest) ProtoReflect

                                            func (*RotateRootCredentialsRequest) Reset

                                            func (x *RotateRootCredentialsRequest) Reset()

                                            func (*RotateRootCredentialsRequest) String

                                            type RotateRootCredentialsResponse

                                            type RotateRootCredentialsResponse struct {
                                            	Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
                                            	// contains filtered or unexported fields
                                            }

                                            func (*RotateRootCredentialsResponse) Descriptor

                                            func (*RotateRootCredentialsResponse) Descriptor() ([]byte, []int)

                                              Deprecated: Use RotateRootCredentialsResponse.ProtoReflect.Descriptor instead.

                                              func (*RotateRootCredentialsResponse) GetConfig

                                              func (x *RotateRootCredentialsResponse) GetConfig() []byte

                                              func (*RotateRootCredentialsResponse) ProtoMessage

                                              func (*RotateRootCredentialsResponse) ProtoMessage()

                                              func (*RotateRootCredentialsResponse) ProtoReflect

                                              func (*RotateRootCredentialsResponse) Reset

                                              func (x *RotateRootCredentialsResponse) Reset()

                                              func (*RotateRootCredentialsResponse) String

                                              type SetCredentialsRequest

                                              type SetCredentialsRequest struct {
                                              	Statements       *Statements       `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
                                              	StaticUserConfig *StaticUserConfig `protobuf:"bytes,2,opt,name=static_user_config,json=staticUserConfig,proto3" json:"static_user_config,omitempty"`
                                              	// contains filtered or unexported fields
                                              }

                                              func (*SetCredentialsRequest) Descriptor

                                              func (*SetCredentialsRequest) Descriptor() ([]byte, []int)

                                                Deprecated: Use SetCredentialsRequest.ProtoReflect.Descriptor instead.

                                                func (*SetCredentialsRequest) GetStatements

                                                func (x *SetCredentialsRequest) GetStatements() *Statements

                                                func (*SetCredentialsRequest) GetStaticUserConfig

                                                func (x *SetCredentialsRequest) GetStaticUserConfig() *StaticUserConfig

                                                func (*SetCredentialsRequest) ProtoMessage

                                                func (*SetCredentialsRequest) ProtoMessage()

                                                func (*SetCredentialsRequest) ProtoReflect

                                                func (x *SetCredentialsRequest) ProtoReflect() protoreflect.Message

                                                func (*SetCredentialsRequest) Reset

                                                func (x *SetCredentialsRequest) Reset()

                                                func (*SetCredentialsRequest) String

                                                func (x *SetCredentialsRequest) String() string

                                                type SetCredentialsResponse

                                                type SetCredentialsResponse struct {
                                                	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
                                                	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
                                                	// contains filtered or unexported fields
                                                }

                                                func (*SetCredentialsResponse) Descriptor

                                                func (*SetCredentialsResponse) Descriptor() ([]byte, []int)

                                                  Deprecated: Use SetCredentialsResponse.ProtoReflect.Descriptor instead.

                                                  func (*SetCredentialsResponse) GetPassword

                                                  func (x *SetCredentialsResponse) GetPassword() string

                                                  func (*SetCredentialsResponse) GetUsername

                                                  func (x *SetCredentialsResponse) GetUsername() string

                                                  func (*SetCredentialsResponse) ProtoMessage

                                                  func (*SetCredentialsResponse) ProtoMessage()

                                                  func (*SetCredentialsResponse) ProtoReflect

                                                  func (x *SetCredentialsResponse) ProtoReflect() protoreflect.Message

                                                  func (*SetCredentialsResponse) Reset

                                                  func (x *SetCredentialsResponse) Reset()

                                                  func (*SetCredentialsResponse) String

                                                  func (x *SetCredentialsResponse) String() string

                                                  type Statements

                                                  type Statements struct {
                                                  
                                                  	// DEPRECATED, will be removed in 0.12
                                                  	//
                                                  	// Deprecated: Do not use.
                                                  	CreationStatements string `protobuf:"bytes,1,opt,name=creation_statements,json=creationStatements,proto3" json:"creation_statements,omitempty"`
                                                  	// DEPRECATED, will be removed in 0.12
                                                  	//
                                                  	// Deprecated: Do not use.
                                                  	RevocationStatements string `protobuf:"bytes,2,opt,name=revocation_statements,json=revocationStatements,proto3" json:"revocation_statements,omitempty"`
                                                  	// DEPRECATED, will be removed in 0.12
                                                  	//
                                                  	// Deprecated: Do not use.
                                                  	RollbackStatements string `protobuf:"bytes,3,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
                                                  	// DEPRECATED, will be removed in 0.12
                                                  	//
                                                  	// Deprecated: Do not use.
                                                  	RenewStatements string   `protobuf:"bytes,4,opt,name=renew_statements,json=renewStatements,proto3" json:"renew_statements,omitempty"`
                                                  	Creation        []string `protobuf:"bytes,5,rep,name=creation,proto3" json:"creation,omitempty"`
                                                  	Revocation      []string `protobuf:"bytes,6,rep,name=revocation,proto3" json:"revocation,omitempty"`
                                                  	Rollback        []string `protobuf:"bytes,7,rep,name=rollback,proto3" json:"rollback,omitempty"`
                                                  	Renewal         []string `protobuf:"bytes,8,rep,name=renewal,proto3" json:"renewal,omitempty"`
                                                  	Rotation        []string `protobuf:"bytes,9,rep,name=rotation,proto3" json:"rotation,omitempty"`
                                                  	// contains filtered or unexported fields
                                                  }

                                                  func (*Statements) Descriptor

                                                  func (*Statements) Descriptor() ([]byte, []int)

                                                    Deprecated: Use Statements.ProtoReflect.Descriptor instead.

                                                    func (*Statements) GetCreation

                                                    func (x *Statements) GetCreation() []string

                                                    func (*Statements) GetCreationStatements

                                                    func (x *Statements) GetCreationStatements() string

                                                      Deprecated: Do not use.

                                                      func (*Statements) GetRenewStatements

                                                      func (x *Statements) GetRenewStatements() string

                                                        Deprecated: Do not use.

                                                        func (*Statements) GetRenewal

                                                        func (x *Statements) GetRenewal() []string

                                                        func (*Statements) GetRevocation

                                                        func (x *Statements) GetRevocation() []string

                                                        func (*Statements) GetRevocationStatements

                                                        func (x *Statements) GetRevocationStatements() string

                                                          Deprecated: Do not use.

                                                          func (*Statements) GetRollback

                                                          func (x *Statements) GetRollback() []string

                                                          func (*Statements) GetRollbackStatements

                                                          func (x *Statements) GetRollbackStatements() string

                                                            Deprecated: Do not use.

                                                            func (*Statements) GetRotation

                                                            func (x *Statements) GetRotation() []string

                                                            func (*Statements) ProtoMessage

                                                            func (*Statements) ProtoMessage()

                                                            func (*Statements) ProtoReflect

                                                            func (x *Statements) ProtoReflect() protoreflect.Message

                                                            func (*Statements) Reset

                                                            func (x *Statements) Reset()

                                                            func (*Statements) String

                                                            func (x *Statements) String() string

                                                            type StaticUserConfig

                                                            type StaticUserConfig struct {
                                                            	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
                                                            	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
                                                            	Create   bool   `protobuf:"varint,3,opt,name=create,proto3" json:"create,omitempty"`
                                                            	// contains filtered or unexported fields
                                                            }

                                                            func (*StaticUserConfig) Descriptor

                                                            func (*StaticUserConfig) Descriptor() ([]byte, []int)

                                                              Deprecated: Use StaticUserConfig.ProtoReflect.Descriptor instead.

                                                              func (*StaticUserConfig) GetCreate

                                                              func (x *StaticUserConfig) GetCreate() bool

                                                              func (*StaticUserConfig) GetPassword

                                                              func (x *StaticUserConfig) GetPassword() string

                                                              func (*StaticUserConfig) GetUsername

                                                              func (x *StaticUserConfig) GetUsername() string

                                                              func (*StaticUserConfig) ProtoMessage

                                                              func (*StaticUserConfig) ProtoMessage()

                                                              func (*StaticUserConfig) ProtoReflect

                                                              func (x *StaticUserConfig) ProtoReflect() protoreflect.Message

                                                              func (*StaticUserConfig) Reset

                                                              func (x *StaticUserConfig) Reset()

                                                              func (*StaticUserConfig) String

                                                              func (x *StaticUserConfig) String() string

                                                              type TypeResponse

                                                              type TypeResponse struct {
                                                              	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
                                                              	// contains filtered or unexported fields
                                                              }

                                                              func (*TypeResponse) Descriptor

                                                              func (*TypeResponse) Descriptor() ([]byte, []int)

                                                                Deprecated: Use TypeResponse.ProtoReflect.Descriptor instead.

                                                                func (*TypeResponse) GetType

                                                                func (x *TypeResponse) GetType() string

                                                                func (*TypeResponse) ProtoMessage

                                                                func (*TypeResponse) ProtoMessage()

                                                                func (*TypeResponse) ProtoReflect

                                                                func (x *TypeResponse) ProtoReflect() protoreflect.Message

                                                                func (*TypeResponse) Reset

                                                                func (x *TypeResponse) Reset()

                                                                func (*TypeResponse) String

                                                                func (x *TypeResponse) String() string

                                                                type UnimplementedDatabaseServer

                                                                type UnimplementedDatabaseServer struct {
                                                                }

                                                                  UnimplementedDatabaseServer can be embedded to have forward compatible implementations.

                                                                  func (*UnimplementedDatabaseServer) Close

                                                                  func (*UnimplementedDatabaseServer) CreateUser

                                                                  func (*UnimplementedDatabaseServer) GenerateCredentials

                                                                  func (*UnimplementedDatabaseServer) Init

                                                                  func (*UnimplementedDatabaseServer) Initialize

                                                                  func (*UnimplementedDatabaseServer) RenewUser

                                                                  func (*UnimplementedDatabaseServer) RevokeUser

                                                                  func (*UnimplementedDatabaseServer) SetCredentials

                                                                  func (*UnimplementedDatabaseServer) Type

                                                                  type UsernameConfig

                                                                  type UsernameConfig struct {
                                                                  	DisplayName string `protobuf:"bytes,1,opt,name=DisplayName,proto3" json:"DisplayName,omitempty"`
                                                                  	RoleName    string `protobuf:"bytes,2,opt,name=RoleName,proto3" json:"RoleName,omitempty"`
                                                                  	// contains filtered or unexported fields
                                                                  }

                                                                  func (*UsernameConfig) Descriptor

                                                                  func (*UsernameConfig) Descriptor() ([]byte, []int)

                                                                    Deprecated: Use UsernameConfig.ProtoReflect.Descriptor instead.

                                                                    func (*UsernameConfig) GetDisplayName

                                                                    func (x *UsernameConfig) GetDisplayName() string

                                                                    func (*UsernameConfig) GetRoleName

                                                                    func (x *UsernameConfig) GetRoleName() string

                                                                    func (*UsernameConfig) ProtoMessage

                                                                    func (*UsernameConfig) ProtoMessage()

                                                                    func (*UsernameConfig) ProtoReflect

                                                                    func (x *UsernameConfig) ProtoReflect() protoreflect.Message

                                                                    func (*UsernameConfig) Reset

                                                                    func (x *UsernameConfig) Reset()

                                                                    func (*UsernameConfig) String

                                                                    func (x *UsernameConfig) String() string

                                                                    Directories

                                                                    Path Synopsis
                                                                    v5