dbplugin

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 26, 2023 License: MPL-2.0 Imports: 23 Imported by: 19

README

Combined Database Engine

This package is how database plugins interact with Vault.

Upgrading to Version 5

Background

In Vault 1.6, a new Database interface was created that solved a number of issues with the previous interface:

  1. It could not use password policies because the database plugins were responsible for generating passwords.
  2. There were significant inconsistencies between functions in the interface.
  3. Several functions (SetCredentials and RotateRootCredentials) were doing the same operation.
  4. It had a function that was no longer being used as it had been deprecated in a previous version but never removed.

Prior to Vault 1.6, the Database interface is version 4 (with other versions in older versions of Vault). The new version introduced in Vault 1.6 is version 5. This distinction was not exposed in previous iterations of the Database interface as the previous versions were additive to the interface. Since version 5 is an overhaul of the interface, this distinction needed to be made.

We highly recommend that you upgrade any version 4 database plugins to version 5 as version 4 is considered deprecated and support for it will be removed in a future release. Version 5 plugins will not function with Vault prior to Vault 1.6.

The new interface is roughly modeled after a gRPC interface. It has improved future compatibility by not requiring changes to the interface definition to add additional data in the requests or responses. It also simplifies the interface by merging several into a single function call.

Upgrading your custom database

Vault 1.6 supports both version 4 and version 5 database plugins. The support for version 4 plugins will be removed in a future release. Version 5 database plugins will not function with Vault prior to version 1.6. If you upgrade your database plugins, ensure that you are only using Vault 1.6 or later. To determine if a plugin is using version 4 or version 5, the following is a list of changes in no particular order that you can check against your plugin to determine the version:

  1. The import path for version 4 is github.com/hashicorp/vault/sdk/database/dbplugin whereas the import path for version 5 is github.com/hashicorp/vault/sdk/database/dbplugin/v5
  2. Version 4 has the following functions: Initialize, Init, CreateUser, RenewUser, RevokeUser, SetCredentials, RotateRootCredentials, Type, and Close. You can see the full function signatures in sdk/database/dbplugin/plugin.go.
  3. Version 5 has the following functions: Initialize, NewUser, UpdateUser, DeleteUser, Type, and Close. You can see the full function signatures in sdk/database/dbplugin/v5/database.go.

If you are using a version 4 custom database plugin, the following are basic instructions for upgrading to version 5.

-> In version 4, password generation was the responsibility of the plugin. This is no longer the case with version 5. Vault is responsible for generating passwords and passing them to the plugin via NewUserRequest.Password and UpdateUserRequest.Password.NewPassword.

  1. Change the import path from github.com/hashicorp/vault/sdk/database/dbplugin to github.com/hashicorp/vault/sdk/database/dbplugin/v5. The package name is the same, so any references to dbplugin can remain as long as those symbols exist within the new package (such as the Serve function).
  2. An easy way to see what functions need to be implemented is to put the following as a global variable within your package: var _ dbplugin.Database = (*MyDatabase)(nil). This will fail to compile if the MyDatabase type does not adhere to the dbplugin.Database interface.
  3. Replace Init and Initialize with the new Initialize function definition. The fields that Init was taking (config and verifyConnection) are now wrapped into InitializeRequest. The returned map[string]interface{} object is now wrapped into InitializeResponse. Only Initialize is needed to adhere to the Database interface.
  4. Update CreateUser to NewUser. The NewUserRequest object contains the username and password of the user to be created. It also includes a list of statements for creating the user as well as several other fields that may or may not be applicable. Your custom plugin should use the password provided in the request, not generate one. If you generate a password instead, Vault will not know about it and will give the caller the wrong password.
  5. SetCredentials, RotateRootCredentials, and RenewUser are combined into UpdateUser. The request object, UpdateUserRequest contains three parts: the username to change, a ChangePassword and a ChangeExpiration object. When one of the objects is not nil, this indicates that particular field (password or expiration) needs to change. For instance, if the ChangePassword field is not-nil, the user's password should be changed. This is equivalent to calling SetCredentials. If the ChangeExpiration field is not-nil, the user's expiration date should be changed. This is equivalent to calling RenewUser. Many databases don't need to do anything with the updated expiration.
  6. Update RevokeUser to DeleteUser. This is the simplest change. The username to be deleted is enclosed in the DeleteUserRequest object.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrPluginShutdown          = errors.New("plugin shutdown")
	ErrPluginStaticUnsupported = errors.New("database plugin does not support Static Accounts")
)
View Source
var Database_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "dbplugin.Database",
	HandlerType: (*DatabaseServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Type",
			Handler:    _Database_Type_Handler,
		},
		{
			MethodName: "CreateUser",
			Handler:    _Database_CreateUser_Handler,
		},
		{
			MethodName: "RenewUser",
			Handler:    _Database_RenewUser_Handler,
		},
		{
			MethodName: "RevokeUser",
			Handler:    _Database_RevokeUser_Handler,
		},
		{
			MethodName: "RotateRootCredentials",
			Handler:    _Database_RotateRootCredentials_Handler,
		},
		{
			MethodName: "Init",
			Handler:    _Database_Init_Handler,
		},
		{
			MethodName: "Close",
			Handler:    _Database_Close_Handler,
		},
		{
			MethodName: "SetCredentials",
			Handler:    _Database_SetCredentials_Handler,
		},
		{
			MethodName: "GenerateCredentials",
			Handler:    _Database_GenerateCredentials_Handler,
		},
		{
			MethodName: "Initialize",
			Handler:    _Database_Initialize_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "sdk/database/dbplugin/database.proto",
}

Database_ServiceDesc is the grpc.ServiceDesc for Database service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source
var File_sdk_database_dbplugin_database_proto protoreflect.FileDescriptor

Functions

func RegisterDatabaseServer

func RegisterDatabaseServer(s grpc.ServiceRegistrar, srv DatabaseServer)

func Serve

func Serve(db Database, tlsProvider func() (*tls.Config, error))

Serve is called from within a plugin and wraps the provided Database implementation in a databasePluginRPCServer object and starts a RPC server.

func ServeConfig

func ServeConfig(db Database, tlsProvider func() (*tls.Config, error)) *plugin.ServeConfig

Types

type CreateUserRequest

type CreateUserRequest struct {
	Statements     *Statements            `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
	UsernameConfig *UsernameConfig        `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"`
	Expiration     *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateUserRequest) Descriptor deprecated

func (*CreateUserRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.

func (*CreateUserRequest) GetExpiration

func (x *CreateUserRequest) GetExpiration() *timestamppb.Timestamp

func (*CreateUserRequest) GetStatements

func (x *CreateUserRequest) GetStatements() *Statements

func (*CreateUserRequest) GetUsernameConfig

func (x *CreateUserRequest) GetUsernameConfig() *UsernameConfig

func (*CreateUserRequest) ProtoMessage

func (*CreateUserRequest) ProtoMessage()

func (*CreateUserRequest) ProtoReflect added in v0.2.0

func (x *CreateUserRequest) ProtoReflect() protoreflect.Message

func (*CreateUserRequest) Reset

func (x *CreateUserRequest) Reset()

func (*CreateUserRequest) String

func (x *CreateUserRequest) String() string

type CreateUserResponse

type CreateUserResponse struct {
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateUserResponse) Descriptor deprecated

func (*CreateUserResponse) Descriptor() ([]byte, []int)

Deprecated: Use CreateUserResponse.ProtoReflect.Descriptor instead.

func (*CreateUserResponse) GetPassword

func (x *CreateUserResponse) GetPassword() string

func (*CreateUserResponse) GetUsername

func (x *CreateUserResponse) GetUsername() string

func (*CreateUserResponse) ProtoMessage

func (*CreateUserResponse) ProtoMessage()

func (*CreateUserResponse) ProtoReflect added in v0.2.0

func (x *CreateUserResponse) ProtoReflect() protoreflect.Message

func (*CreateUserResponse) Reset

func (x *CreateUserResponse) Reset()

func (*CreateUserResponse) String

func (x *CreateUserResponse) String() string

type Database

type Database interface {
	// Type returns the TypeName for the particular database backend
	// implementation. This type name is usually set as a constant within the
	// database backend implementation, e.g. "mysql" for the MySQL database
	// backend.
	Type() (string, error)

	// CreateUser is called on `$ vault read database/creds/:role-name` and it's
	// also the first time anything is touched from `$ vault write
	// database/roles/:role-name`. This is likely to be the highest-throughput
	// method for most plugins.
	CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error)

	// RenewUser is triggered by a renewal call to the API. In many database
	// backends, this triggers a call on the underlying database that extends a
	// VALID UNTIL clause on a user. However, if no such need exists, setting
	// this as a NO-OP means that when renewal is called, the lease renewal time
	// is pushed further out as appropriate, thus pushing out the time until the
	// RevokeUser method is called.
	RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) error

	// RevokeUser is triggered either automatically by a lease expiration, or by
	// a revocation call to the API.
	RevokeUser(ctx context.Context, statements Statements, username string) error

	// RotateRootCredentials is triggered by a root credential rotation call to
	// the API.
	RotateRootCredentials(ctx context.Context, statements []string) (config map[string]interface{}, err error)

	// GenerateCredentials returns a generated password for the plugin. This is
	// used in combination with SetCredentials to set a specific password for a
	// database user and preserve the password in WAL entries.
	GenerateCredentials(ctx context.Context) (string, error)

	// SetCredentials uses provided information to create or set the credentials
	// for a database user. Unlike CreateUser, this method requires both a
	// username and a password given instead of generating them. This is used for
	// creating and setting the password of static accounts, as well as rolling
	// back passwords in the database in the event an updated database fails to
	// save in Vault's storage.
	SetCredentials(ctx context.Context, statements Statements, staticConfig StaticUserConfig) (username string, password string, err error)

	// Init is called on `$ vault write database/config/:db-name`, or when you
	// do a creds call after Vault's been restarted. The config provided won't
	// hold all the keys and values provided in the API call, some will be
	// stripped by the database engine before the config is provided. The config
	// returned will be stored, which will persist it across shutdowns.
	Init(ctx context.Context, config map[string]interface{}, verifyConnection bool) (saveConfig map[string]interface{}, err error)

	// Close attempts to close the underlying database connection that was
	// established by the backend.
	Close() error
}

Database is the interface that all database objects must implement.

func NewPluginClient

func NewPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (Database, error)

NewPluginClient returns a databaseRPCClient with a connection to a running plugin. The client is wrapped in a DatabasePluginClient object to ensure the plugin is killed on call of Close().

func PluginFactory

func PluginFactory(ctx context.Context, pluginName string, pluginVersion string, sys pluginutil.LookRunnerUtil, logger log.Logger) (Database, error)

PluginFactory is used to build plugin database types. It wraps the database object in a logging and metrics middleware.

func PluginFactoryVersion added in v0.6.0

func PluginFactoryVersion(ctx context.Context, pluginName string, pluginVersion string, sys pluginutil.LookRunnerUtil, logger log.Logger) (Database, error)

PluginFactory is used to build plugin database types with a version specified. It wraps the database object in a logging and metrics middleware.

type DatabaseClient

type DatabaseClient interface {
	Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error)
	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error)
	RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error)
	RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error)
	RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error)
	Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error)
	Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error)
	SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error)
	GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error)
	// Deprecated: Do not use.
	Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error)
}

DatabaseClient is the client API for Database service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewDatabaseClient

func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient

type DatabaseErrorSanitizerMiddleware

type DatabaseErrorSanitizerMiddleware struct {
	// contains filtered or unexported fields
}

DatabaseErrorSanitizerMiddleware wraps an implementation of Databases and sanitizes returned error messages

func NewDatabaseErrorSanitizerMiddleware

func NewDatabaseErrorSanitizerMiddleware(next Database, secretsFn func() map[string]interface{}) *DatabaseErrorSanitizerMiddleware

func (*DatabaseErrorSanitizerMiddleware) Close

func (mw *DatabaseErrorSanitizerMiddleware) Close() (err error)

func (*DatabaseErrorSanitizerMiddleware) CreateUser

func (mw *DatabaseErrorSanitizerMiddleware) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error)

func (*DatabaseErrorSanitizerMiddleware) GenerateCredentials added in v0.1.12

func (mw *DatabaseErrorSanitizerMiddleware) GenerateCredentials(ctx context.Context) (password string, err error)

func (*DatabaseErrorSanitizerMiddleware) Init

func (mw *DatabaseErrorSanitizerMiddleware) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (saveConf map[string]interface{}, err error)

func (*DatabaseErrorSanitizerMiddleware) Initialize

func (mw *DatabaseErrorSanitizerMiddleware) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error

func (*DatabaseErrorSanitizerMiddleware) RenewUser

func (mw *DatabaseErrorSanitizerMiddleware) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) (err error)

func (*DatabaseErrorSanitizerMiddleware) RevokeUser

func (mw *DatabaseErrorSanitizerMiddleware) RevokeUser(ctx context.Context, statements Statements, username string) (err error)

func (*DatabaseErrorSanitizerMiddleware) RotateRootCredentials

func (mw *DatabaseErrorSanitizerMiddleware) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error)

func (*DatabaseErrorSanitizerMiddleware) SetCredentials added in v0.1.12

func (mw *DatabaseErrorSanitizerMiddleware) SetCredentials(ctx context.Context, statements Statements, staticConfig StaticUserConfig) (username, password string, err error)

func (*DatabaseErrorSanitizerMiddleware) Type

type DatabasePluginClient

type DatabasePluginClient struct {
	sync.Mutex

	Database
	// contains filtered or unexported fields
}

DatabasePluginClient embeds a databasePluginRPCClient and wraps it's Close method to also call Kill() on the plugin.Client.

func (*DatabasePluginClient) Close

func (dc *DatabasePluginClient) Close() error

This wraps the Close call and ensures we both close the database connection and kill the plugin.

type DatabaseServer

type DatabaseServer interface {
	Type(context.Context, *Empty) (*TypeResponse, error)
	CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error)
	RenewUser(context.Context, *RenewUserRequest) (*Empty, error)
	RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error)
	RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error)
	Init(context.Context, *InitRequest) (*InitResponse, error)
	Close(context.Context, *Empty) (*Empty, error)
	SetCredentials(context.Context, *SetCredentialsRequest) (*SetCredentialsResponse, error)
	GenerateCredentials(context.Context, *Empty) (*GenerateCredentialsResponse, error)
	// Deprecated: Do not use.
	Initialize(context.Context, *InitializeRequest) (*Empty, error)
	// contains filtered or unexported methods
}

DatabaseServer is the server API for Database service. All implementations must embed UnimplementedDatabaseServer for forward compatibility

type Empty

type Empty struct {
	// contains filtered or unexported fields
}

func (*Empty) Descriptor deprecated

func (*Empty) Descriptor() ([]byte, []int)

Deprecated: Use Empty.ProtoReflect.Descriptor instead.

func (*Empty) ProtoMessage

func (*Empty) ProtoMessage()

func (*Empty) ProtoReflect added in v0.2.0

func (x *Empty) ProtoReflect() protoreflect.Message

func (*Empty) Reset

func (x *Empty) Reset()

func (*Empty) String

func (x *Empty) String() string

type GRPCDatabasePlugin

type GRPCDatabasePlugin struct {
	Impl Database

	// Embeding this will disable the netRPC protocol
	plugin.NetRPCUnsupportedPlugin
}

GRPCDatabasePlugin is the plugin.Plugin implementation that only supports GRPC transport

func (GRPCDatabasePlugin) GRPCClient

func (GRPCDatabasePlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error)

func (GRPCDatabasePlugin) GRPCServer

func (d GRPCDatabasePlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error

type GenerateCredentialsResponse added in v0.1.12

type GenerateCredentialsResponse struct {
	Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateCredentialsResponse) Descriptor deprecated added in v0.1.12

func (*GenerateCredentialsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateCredentialsResponse.ProtoReflect.Descriptor instead.

func (*GenerateCredentialsResponse) GetPassword added in v0.1.12

func (x *GenerateCredentialsResponse) GetPassword() string

func (*GenerateCredentialsResponse) ProtoMessage added in v0.1.12

func (*GenerateCredentialsResponse) ProtoMessage()

func (*GenerateCredentialsResponse) ProtoReflect added in v0.2.0

func (*GenerateCredentialsResponse) Reset added in v0.1.12

func (x *GenerateCredentialsResponse) Reset()

func (*GenerateCredentialsResponse) String added in v0.1.12

func (x *GenerateCredentialsResponse) String() string

type InitRequest

type InitRequest struct {
	Config           []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	VerifyConnection bool   `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
	// contains filtered or unexported fields
}

func (*InitRequest) Descriptor deprecated

func (*InitRequest) Descriptor() ([]byte, []int)

Deprecated: Use InitRequest.ProtoReflect.Descriptor instead.

func (*InitRequest) GetConfig

func (x *InitRequest) GetConfig() []byte

func (*InitRequest) GetVerifyConnection

func (x *InitRequest) GetVerifyConnection() bool

func (*InitRequest) ProtoMessage

func (*InitRequest) ProtoMessage()

func (*InitRequest) ProtoReflect added in v0.2.0

func (x *InitRequest) ProtoReflect() protoreflect.Message

func (*InitRequest) Reset

func (x *InitRequest) Reset()

func (*InitRequest) String

func (x *InitRequest) String() string

type InitResponse

type InitResponse struct {
	Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	// contains filtered or unexported fields
}

func (*InitResponse) Descriptor deprecated

func (*InitResponse) Descriptor() ([]byte, []int)

Deprecated: Use InitResponse.ProtoReflect.Descriptor instead.

func (*InitResponse) GetConfig

func (x *InitResponse) GetConfig() []byte

func (*InitResponse) ProtoMessage

func (*InitResponse) ProtoMessage()

func (*InitResponse) ProtoReflect added in v0.2.0

func (x *InitResponse) ProtoReflect() protoreflect.Message

func (*InitResponse) Reset

func (x *InitResponse) Reset()

func (*InitResponse) String

func (x *InitResponse) String() string

type InitializeRequest deprecated

type InitializeRequest struct {
	Config           []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	VerifyConnection bool   `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"`
	// contains filtered or unexported fields
}

Deprecated: Do not use.

func (*InitializeRequest) Descriptor deprecated

func (*InitializeRequest) Descriptor() ([]byte, []int)

Deprecated: Use InitializeRequest.ProtoReflect.Descriptor instead.

func (*InitializeRequest) GetConfig

func (x *InitializeRequest) GetConfig() []byte

func (*InitializeRequest) GetVerifyConnection

func (x *InitializeRequest) GetVerifyConnection() bool

func (*InitializeRequest) ProtoMessage

func (*InitializeRequest) ProtoMessage()

func (*InitializeRequest) ProtoReflect added in v0.2.0

func (x *InitializeRequest) ProtoReflect() protoreflect.Message

func (*InitializeRequest) Reset

func (x *InitializeRequest) Reset()

func (*InitializeRequest) String

func (x *InitializeRequest) String() string

type RenewUserRequest

type RenewUserRequest struct {
	Statements *Statements            `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
	Username   string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
	Expiration *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"`
	// contains filtered or unexported fields
}

func (*RenewUserRequest) Descriptor deprecated

func (*RenewUserRequest) Descriptor() ([]byte, []int)

Deprecated: Use RenewUserRequest.ProtoReflect.Descriptor instead.

func (*RenewUserRequest) GetExpiration

func (x *RenewUserRequest) GetExpiration() *timestamppb.Timestamp

func (*RenewUserRequest) GetStatements

func (x *RenewUserRequest) GetStatements() *Statements

func (*RenewUserRequest) GetUsername

func (x *RenewUserRequest) GetUsername() string

func (*RenewUserRequest) ProtoMessage

func (*RenewUserRequest) ProtoMessage()

func (*RenewUserRequest) ProtoReflect added in v0.2.0

func (x *RenewUserRequest) ProtoReflect() protoreflect.Message

func (*RenewUserRequest) Reset

func (x *RenewUserRequest) Reset()

func (*RenewUserRequest) String

func (x *RenewUserRequest) String() string

type RevokeUserRequest

type RevokeUserRequest struct {
	Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
	Username   string      `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeUserRequest) Descriptor deprecated

func (*RevokeUserRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeUserRequest.ProtoReflect.Descriptor instead.

func (*RevokeUserRequest) GetStatements

func (x *RevokeUserRequest) GetStatements() *Statements

func (*RevokeUserRequest) GetUsername

func (x *RevokeUserRequest) GetUsername() string

func (*RevokeUserRequest) ProtoMessage

func (*RevokeUserRequest) ProtoMessage()

func (*RevokeUserRequest) ProtoReflect added in v0.2.0

func (x *RevokeUserRequest) ProtoReflect() protoreflect.Message

func (*RevokeUserRequest) Reset

func (x *RevokeUserRequest) Reset()

func (*RevokeUserRequest) String

func (x *RevokeUserRequest) String() string

type RotateRootCredentialsRequest

type RotateRootCredentialsRequest struct {
	Statements []string `protobuf:"bytes,1,rep,name=statements,proto3" json:"statements,omitempty"`
	// contains filtered or unexported fields
}

func (*RotateRootCredentialsRequest) Descriptor deprecated

func (*RotateRootCredentialsRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateRootCredentialsRequest.ProtoReflect.Descriptor instead.

func (*RotateRootCredentialsRequest) GetStatements

func (x *RotateRootCredentialsRequest) GetStatements() []string

func (*RotateRootCredentialsRequest) ProtoMessage

func (*RotateRootCredentialsRequest) ProtoMessage()

func (*RotateRootCredentialsRequest) ProtoReflect added in v0.2.0

func (*RotateRootCredentialsRequest) Reset

func (x *RotateRootCredentialsRequest) Reset()

func (*RotateRootCredentialsRequest) String

type RotateRootCredentialsResponse

type RotateRootCredentialsResponse struct {
	Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	// contains filtered or unexported fields
}

func (*RotateRootCredentialsResponse) Descriptor deprecated

func (*RotateRootCredentialsResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateRootCredentialsResponse.ProtoReflect.Descriptor instead.

func (*RotateRootCredentialsResponse) GetConfig

func (x *RotateRootCredentialsResponse) GetConfig() []byte

func (*RotateRootCredentialsResponse) ProtoMessage

func (*RotateRootCredentialsResponse) ProtoMessage()

func (*RotateRootCredentialsResponse) ProtoReflect added in v0.2.0

func (*RotateRootCredentialsResponse) Reset

func (x *RotateRootCredentialsResponse) Reset()

func (*RotateRootCredentialsResponse) String

type SetCredentialsRequest added in v0.1.12

type SetCredentialsRequest struct {
	Statements       *Statements       `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"`
	StaticUserConfig *StaticUserConfig `protobuf:"bytes,2,opt,name=static_user_config,json=staticUserConfig,proto3" json:"static_user_config,omitempty"`
	// contains filtered or unexported fields
}

func (*SetCredentialsRequest) Descriptor deprecated added in v0.1.12

func (*SetCredentialsRequest) Descriptor() ([]byte, []int)

Deprecated: Use SetCredentialsRequest.ProtoReflect.Descriptor instead.

func (*SetCredentialsRequest) GetStatements added in v0.1.12

func (x *SetCredentialsRequest) GetStatements() *Statements

func (*SetCredentialsRequest) GetStaticUserConfig added in v0.1.12

func (x *SetCredentialsRequest) GetStaticUserConfig() *StaticUserConfig

func (*SetCredentialsRequest) ProtoMessage added in v0.1.12

func (*SetCredentialsRequest) ProtoMessage()

func (*SetCredentialsRequest) ProtoReflect added in v0.2.0

func (x *SetCredentialsRequest) ProtoReflect() protoreflect.Message

func (*SetCredentialsRequest) Reset added in v0.1.12

func (x *SetCredentialsRequest) Reset()

func (*SetCredentialsRequest) String added in v0.1.12

func (x *SetCredentialsRequest) String() string

type SetCredentialsResponse added in v0.1.12

type SetCredentialsResponse struct {
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*SetCredentialsResponse) Descriptor deprecated added in v0.1.12

func (*SetCredentialsResponse) Descriptor() ([]byte, []int)

Deprecated: Use SetCredentialsResponse.ProtoReflect.Descriptor instead.

func (*SetCredentialsResponse) GetPassword added in v0.1.12

func (x *SetCredentialsResponse) GetPassword() string

func (*SetCredentialsResponse) GetUsername added in v0.1.12

func (x *SetCredentialsResponse) GetUsername() string

func (*SetCredentialsResponse) ProtoMessage added in v0.1.12

func (*SetCredentialsResponse) ProtoMessage()

func (*SetCredentialsResponse) ProtoReflect added in v0.2.0

func (x *SetCredentialsResponse) ProtoReflect() protoreflect.Message

func (*SetCredentialsResponse) Reset added in v0.1.12

func (x *SetCredentialsResponse) Reset()

func (*SetCredentialsResponse) String added in v0.1.12

func (x *SetCredentialsResponse) String() string

type Statements

type Statements struct {

	// DEPRECATED, will be removed in 0.12
	//
	// Deprecated: Do not use.
	CreationStatements string `protobuf:"bytes,1,opt,name=creation_statements,json=creationStatements,proto3" json:"creation_statements,omitempty"`
	// DEPRECATED, will be removed in 0.12
	//
	// Deprecated: Do not use.
	RevocationStatements string `protobuf:"bytes,2,opt,name=revocation_statements,json=revocationStatements,proto3" json:"revocation_statements,omitempty"`
	// DEPRECATED, will be removed in 0.12
	//
	// Deprecated: Do not use.
	RollbackStatements string `protobuf:"bytes,3,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"`
	// DEPRECATED, will be removed in 0.12
	//
	// Deprecated: Do not use.
	RenewStatements string   `protobuf:"bytes,4,opt,name=renew_statements,json=renewStatements,proto3" json:"renew_statements,omitempty"`
	Creation        []string `protobuf:"bytes,5,rep,name=creation,proto3" json:"creation,omitempty"`
	Revocation      []string `protobuf:"bytes,6,rep,name=revocation,proto3" json:"revocation,omitempty"`
	Rollback        []string `protobuf:"bytes,7,rep,name=rollback,proto3" json:"rollback,omitempty"`
	Renewal         []string `protobuf:"bytes,8,rep,name=renewal,proto3" json:"renewal,omitempty"`
	Rotation        []string `protobuf:"bytes,9,rep,name=rotation,proto3" json:"rotation,omitempty"`
	// contains filtered or unexported fields
}

func (*Statements) Descriptor deprecated

func (*Statements) Descriptor() ([]byte, []int)

Deprecated: Use Statements.ProtoReflect.Descriptor instead.

func (*Statements) GetCreation

func (x *Statements) GetCreation() []string

func (*Statements) GetCreationStatements deprecated

func (x *Statements) GetCreationStatements() string

Deprecated: Do not use.

func (*Statements) GetRenewStatements deprecated

func (x *Statements) GetRenewStatements() string

Deprecated: Do not use.

func (*Statements) GetRenewal

func (x *Statements) GetRenewal() []string

func (*Statements) GetRevocation

func (x *Statements) GetRevocation() []string

func (*Statements) GetRevocationStatements deprecated

func (x *Statements) GetRevocationStatements() string

Deprecated: Do not use.

func (*Statements) GetRollback

func (x *Statements) GetRollback() []string

func (*Statements) GetRollbackStatements deprecated

func (x *Statements) GetRollbackStatements() string

Deprecated: Do not use.

func (*Statements) GetRotation added in v0.1.12

func (x *Statements) GetRotation() []string

func (*Statements) ProtoMessage

func (*Statements) ProtoMessage()

func (*Statements) ProtoReflect added in v0.2.0

func (x *Statements) ProtoReflect() protoreflect.Message

func (*Statements) Reset

func (x *Statements) Reset()

func (*Statements) String

func (x *Statements) String() string

type StaticUserConfig added in v0.1.12

type StaticUserConfig struct {
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
	Create   bool   `protobuf:"varint,3,opt,name=create,proto3" json:"create,omitempty"`
	// contains filtered or unexported fields
}

func (*StaticUserConfig) Descriptor deprecated added in v0.1.12

func (*StaticUserConfig) Descriptor() ([]byte, []int)

Deprecated: Use StaticUserConfig.ProtoReflect.Descriptor instead.

func (*StaticUserConfig) GetCreate added in v0.1.12

func (x *StaticUserConfig) GetCreate() bool

func (*StaticUserConfig) GetPassword added in v0.1.12

func (x *StaticUserConfig) GetPassword() string

func (*StaticUserConfig) GetUsername added in v0.1.12

func (x *StaticUserConfig) GetUsername() string

func (*StaticUserConfig) ProtoMessage added in v0.1.12

func (*StaticUserConfig) ProtoMessage()

func (*StaticUserConfig) ProtoReflect added in v0.2.0

func (x *StaticUserConfig) ProtoReflect() protoreflect.Message

func (*StaticUserConfig) Reset added in v0.1.12

func (x *StaticUserConfig) Reset()

func (*StaticUserConfig) String added in v0.1.12

func (x *StaticUserConfig) String() string

type TypeResponse

type TypeResponse struct {
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// contains filtered or unexported fields
}

func (*TypeResponse) Descriptor deprecated

func (*TypeResponse) Descriptor() ([]byte, []int)

Deprecated: Use TypeResponse.ProtoReflect.Descriptor instead.

func (*TypeResponse) GetType

func (x *TypeResponse) GetType() string

func (*TypeResponse) ProtoMessage

func (*TypeResponse) ProtoMessage()

func (*TypeResponse) ProtoReflect added in v0.2.0

func (x *TypeResponse) ProtoReflect() protoreflect.Message

func (*TypeResponse) Reset

func (x *TypeResponse) Reset()

func (*TypeResponse) String

func (x *TypeResponse) String() string

type UnimplementedDatabaseServer

type UnimplementedDatabaseServer struct {
}

UnimplementedDatabaseServer must be embedded to have forward compatible implementations.

func (UnimplementedDatabaseServer) Close

func (UnimplementedDatabaseServer) CreateUser

func (UnimplementedDatabaseServer) GenerateCredentials added in v0.1.12

func (UnimplementedDatabaseServer) Init

func (UnimplementedDatabaseServer) Initialize

func (UnimplementedDatabaseServer) RenewUser

func (UnimplementedDatabaseServer) RevokeUser

func (UnimplementedDatabaseServer) SetCredentials added in v0.1.12

func (UnimplementedDatabaseServer) Type

type UnsafeDatabaseServer added in v0.3.0

type UnsafeDatabaseServer interface {
	// contains filtered or unexported methods
}

UnsafeDatabaseServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to DatabaseServer will result in compilation errors.

type UsernameConfig

type UsernameConfig struct {
	DisplayName string `protobuf:"bytes,1,opt,name=DisplayName,proto3" json:"DisplayName,omitempty"`
	RoleName    string `protobuf:"bytes,2,opt,name=RoleName,proto3" json:"RoleName,omitempty"`
	// contains filtered or unexported fields
}

func (*UsernameConfig) Descriptor deprecated

func (*UsernameConfig) Descriptor() ([]byte, []int)

Deprecated: Use UsernameConfig.ProtoReflect.Descriptor instead.

func (*UsernameConfig) GetDisplayName

func (x *UsernameConfig) GetDisplayName() string

func (*UsernameConfig) GetRoleName

func (x *UsernameConfig) GetRoleName() string

func (*UsernameConfig) ProtoMessage

func (*UsernameConfig) ProtoMessage()

func (*UsernameConfig) ProtoReflect added in v0.2.0

func (x *UsernameConfig) ProtoReflect() protoreflect.Message

func (*UsernameConfig) Reset

func (x *UsernameConfig) Reset()

func (*UsernameConfig) String

func (x *UsernameConfig) String() string

Directories

Path Synopsis
v5

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL